This commit was generated by cvs2git to track changes on a CVS vendor

branch.
author: ryker <> 1998-10-05 20:13:15 +0000
committer: ryker <> 1998-10-05 20:13:15 +0000
commit: 9e77c62555877f9a64805c49d0dcd7dbfbb40f4e (patch)
tree: 2a6396b738ecede1e1dd3ad84c90e47e21d0bcbd
parent: fe5d0717e2760d02faf23bf5a714f17b33ae4abb (diff)
parent: 536c76cbb863bab152f19842ab88772c01e922c7 (diff)
download: openbsd-9e77c62555877f9a64805c49d0dcd7dbfbb40f4e.tar.gz
openbsd-9e77c62555877f9a64805c49d0dcd7dbfbb40f4e.tar.bz2
openbsd-9e77c62555877f9a64805c49d0dcd7dbfbb40f4e.zip
878 files changed, 164970 insertions, 0 deletions
diff --git a/src/lib/libcrypto/Attic/Makefile b/src/lib/libcrypto/Attic/Makefile
new file mode 100644
index 0000000000..eb49323ad5
--- /dev/null
+++ b/src/lib/libcrypto/Attic/Makefile
@@ -0,0 +1,133 @@
+LIB=    crypto
+CFLAGS+= -DNO_IDEA -DTERMIOS -DL_ENDIAN -DANSI_SOURCE 
+CFLAGS+= -I${.CURDIR}/../include
+SRCS+=  cryptlib.c mem.c cversion.c ex_data.c cpt_err.c                 
+CFLAGS+= -I${.CURDIR}/md2
+SRCS+=  md2_dgst.c md2_one.c                                    
+CFLAGS+= -I${.CURDIR}/md5
+SRCS+=  md5_dgst.c md5_one.c                                    
+CFLAGS+= -I${.CURDIR}/sha
+SRCS+=  sha_dgst.c sha1dgst.c sha_one.c sha1_one.c      
+CFLAGS+= -I${.CURDIR}/mdc2
+SRCS+=  mdc2dgst.c mdc2_one.c                                   
+CFLAGS+= -I${.CURDIR}/hmac
+SRCS+=  hmac.c                                                  
+CFLAGS+= -I${.CURDIR}/ripemd
+SRCS+=  rmd_dgst.c rmd_one.c                            
+CFLAGS+= -I${.CURDIR}/des
+SRCS+=  set_key.c ecb_enc.c cbc_enc.c ecb3_enc.c        
+SRCS+=  cfb64enc.c cfb64ede.c cfb_enc.c ofb64ede.c      
+SRCS+=  enc_read.c enc_writ.c ofb64enc.c ofb_enc.c      
+SRCS+=  str2key.c pcbc_enc.c qud_cksm.c rand_key.c      
+SRCS+=  read2pwd.c fcrypt.c xcbc_enc.c read_pwd.c       
+SRCS+=  rpc_enc.c cbc_cksm.c supp.c                             
+CFLAGS+= -I${.CURDIR}/rc2
+SRCS+=  rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c       
+SRCS+=  rc2ofb64.c                                                      
+CFLAGS+= -I${.CURDIR}/rc4
+SRCS+=  rc4_skey.c                                                      
+CFLAGS+= -I${.CURDIR}/rc5
+SRCS+=  rc5_skey.c rc5_ecb.c rc5cfb64.c rc5cfb64.c      
+SRCS+=  rc5ofb64.c                                                      
+CFLAGS+= -I${.CURDIR}/idea
+SRCS+=  i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c             
+SRCS+=  i_skey.c                                                        
+CFLAGS+= -I${.CURDIR}/bf
+SRCS+=  bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c                
+CFLAGS+= -I${.CURDIR}/cast
+SRCS+=  c_skey.c c_ecb.c c_cfb64.c c_ofb64.c    
+CFLAGS+= -I${.CURDIR}/bn
+SRCS+=  bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c    
+SRCS+=  bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c
+SRCS+=  bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c
+SRCS+=  bn_sqr.c bn_recp.c bn_mont.c bn_mpi.c           
+CFLAGS+= -I${.CURDIR}/rsa
+SRCS+=  rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c        
+SRCS+=  rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c        
+SRCS+=  rsa_none.c                                                      
+CFLAGS+= -I${.CURDIR}/dsa
+SRCS+=  dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c         
+SRCS+=  dsa_sign.c dsa_err.c                                    
+CFLAGS+= -I${.CURDIR}/dh
+SRCS+=  dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c  
+CFLAGS+= -I${.CURDIR}/buffer
+SRCS+=  buffer.c buf_err.c                              
+CFLAGS+= -I${.CURDIR}/bio
+SRCS+=  bio_lib.c bio_cb.c bio_err.c bss_mem.c          
+SRCS+=  bss_null.c bss_fd.c bss_file.c bss_sock.c       
+SRCS+=  bss_conn.c bf_null.c bf_buff.c 
+SRCS+=  b_print.c b_dump.c b_sock.c bss_acpt.c          
+SRCS+=  bf_nbio.c                                                       
+CFLAGS+= -I${.CURDIR}/stack
+SRCS+=  stack.c                                                 
+CFLAGS+= -I${.CURDIR}/lhash
+SRCS+=  lhash.c lh_stats.c                                      
+CFLAGS+= -I${.CURDIR}/rand
+SRCS+=  md_rand.c randfile.c                                    
+CFLAGS+= -I${.CURDIR}/err
+SRCS+=  err.c err_all.c err_prn.c                               
+CFLAGS+= -I${.CURDIR}/objects
+SRCS+=  obj_dat.c obj_lib.c obj_err.c
+CFLAGS+= -I${.CURDIR}/evp
+SRCS+=  encode.c digest.c evp_enc.c evp_key.c           
+SRCS+=  e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c         
+SRCS+=  e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c         
+SRCS+=  e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c           
+SRCS+=  e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c     
+SRCS+=  e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c     
+SRCS+=  e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c      
+SRCS+=  e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c        
+SRCS+=  e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c       
+SRCS+=  m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c        
+SRCS+=  m_dss1.c m_mdc2.c m_ripemd.c p_open.c           
+SRCS+=  p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c
+SRCS+=  p_dec.c bio_md.c bio_b64.c bio_enc.c            
+SRCS+=  evp_err.c e_null.c c_all.c evp_lib.c
+CFLAGS+= -I${.CURDIR}/pem
+SRCS+=  pem_sign.c pem_seal.c pem_info.c pem_lib.c      
+SRCS+=  pem_all.c pem_err.c                                     
+CFLAGS+= -I${.CURDIR}/asn1
+SRCS+=  a_object.c a_bitstr.c a_utctm.c a_int.c 
+SRCS+=  a_octet.c a_print.c a_type.c a_set.c    
+SRCS+=  a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c  
+SRCS+=  a_digest.c a_verify.c x_algor.c x_val.c 
+SRCS+=  x_pubkey.c x_sig.c x_req.c x_attrib.c   
+SRCS+=  x_name.c x_cinf.c x_x509.c x_crl.c              
+SRCS+=  x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c 
+SRCS+=  d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c     
+SRCS+=  d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c         
+SRCS+=  i2d_pu.c i2d_pr.c t_req.c t_x509.c              
+SRCS+=  t_pkey.c p7_i_s.c p7_signi.c p7_signd.c 
+SRCS+=  p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c        
+SRCS+=  p7_s_e.c p7_enc.c p7_lib.c f_int.c              
+SRCS+=  f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c       
+SRCS+=  d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c    
+SRCS+=  a_bool.c x_exten.c asn1_par.c asn1_lib.c        
+SRCS+=  asn1_err.c a_meth.c a_bytes.c evp_asn1.c        
+CFLAGS+= -I${.CURDIR}/x509
+SRCS+=  x509_def.c x509_d2.c x509_r2x.c x509_cmp.c      
+SRCS+=  x509_obj.c x509_req.c x509_vfy.c x509_set.c     
+SRCS+=  x509rset.c x509_err.c x509name.c x509_v3.c      
+SRCS+=  x509_ext.c x509pack.c x509type.c x509_lu.c      
+SRCS+=  x_all.c x509_txt.c by_file.c by_dir.c   
+SRCS+=  v3_net.c v3_x509.c                                      
+CFLAGS+= -I${.CURDIR}/conf
+SRCS+=  conf.c conf_err.c                                       
+CFLAGS+= -I${.CURDIR}/txt_db
+SRCS+=  txt_db.c                                                        
+CFLAGS+= -I${.CURDIR}/pkcs7
+SRCS+=  pk7_lib.c pkcs7err.c pk7_doit.c
+.PATH:  ${.CURDIR}/md2 ${.CURDIR}/md5 ${.CURDIR}/sha ${.CURDIR}/mdc2    \
+        ${.CURDIR}/hmac ${.CURDIR}/ripemd ${.CURDIR}/des  ${.CURDIR}/rc2 \
+        ${.CURDIR}/rc4 ${.CURDIR}/rc5 ${.CURDIR}/idea ${.CURDIR}/bf    \
+        ${.CURDIR}/cast ${.CURDIR}/bn  ${.CURDIR}/rsa ${.CURDIR}/dsa   \
+        ${.CURDIR}/dh ${.CURDIR}/buffer ${.CURDIR}/bio ${.CURDIR}/stack \
+        ${.CURDIR}/lhash ${.CURDIR}/rand ${.CURDIR}/err ${.CURDIR}/objects \
+        ${.CURDIR}/evp ${.CURDIR}/pem ${.CURDIR}/asn1  ${.CURDIR}/asn1 \
+        ${.CURDIR}/x509 ${.CURDIR}/conf txt_db/txt_db.c ${.CURDIR}/pkcs7 \
+        ${.CURDIR}/txt_db
+.include <bsd.lib.mk>
diff --git a/src/lib/libcrypto/asn1/a_hdr.c b/src/lib/libcrypto/asn1/a_hdr.c
new file mode 100644
index 0000000000..4fb7a5fa75
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_hdr.c
@@ -0,0 +1,130 @@
+/* crypto/asn1/a_hdr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "asn1.h"
+/*
+ * ASN1err(ASN1_F_D2I_ASN1_HEADER,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_I2D_ASN1_HEADER,ASN1_R_BAD_GET_OBJECT);
+ * ASN1err(ASN1_F_I2D_ASN1_HEADER,ASN1_R_BAD_GET_OBJECT);
+ * ASN1err(ASN1_F_ASN1_HEADER_NEW,ASN1_R_BAD_GET_OBJECT);
+ */
+int i2d_ASN1_HEADER(a,pp)
+ASN1_HEADER *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->header,       i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(a->data,         a->meth->i2d);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->header,       i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(a->data,         a->meth->i2d);
+        M_ASN1_I2D_finish();
+        }
+ASN1_HEADER *d2i_ASN1_HEADER(a,pp,length)
+ASN1_HEADER **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->header,d2i_ASN1_OCTET_STRING);
+        if (ret->meth != NULL)
+                {
+                M_ASN1_D2I_get(ret->data,ret->meth->d2i);
+                }
+        else
+                {
+                if (a != NULL) (*a)=ret;
+                return(ret);
+                }
+        M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);
+        }
+ASN1_HEADER *ASN1_HEADER_new()
+        {
+        ASN1_HEADER *ret=NULL;
+        M_ASN1_New_Malloc(ret,ASN1_HEADER);
+        M_ASN1_New(ret->header,ASN1_OCTET_STRING_new);
+        ret->meth=NULL;
+        ret->data=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
+        }
+void ASN1_HEADER_free(a)
+ASN1_HEADER *a;
+        {
+        if (a == NULL) return;
+        ASN1_OCTET_STRING_free(a->header);
+        if (a->meth != NULL)
+                a->meth->destroy(a->data);
+        Free((char *)a);
+        }
diff --git a/src/lib/libcrypto/asn1/a_meth.c b/src/lib/libcrypto/asn1/a_meth.c
new file mode 100644
index 0000000000..513625c305
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_meth.c
@@ -0,0 +1,84 @@
+/* crypto/asn1/a_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "x509.h"
+static  ASN1_METHOD ia5string_meth={
+        (int (*)())     i2d_ASN1_IA5STRING,
+        (char *(*)())   d2i_ASN1_IA5STRING,
+        (char *(*)())   ASN1_STRING_new,
+        (void (*)())    ASN1_STRING_free};
+static  ASN1_METHOD bit_string_meth={
+        (int (*)())     i2d_ASN1_BIT_STRING,
+        (char *(*)())   d2i_ASN1_BIT_STRING,
+        (char *(*)())   ASN1_STRING_new,
+        (void (*)())    ASN1_STRING_free};
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth()
+        {
+        return(&ia5string_meth);
+        }
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth()
+        {
+        return(&bit_string_meth);
+        }
diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c
new file mode 100644
index 0000000000..17a7abbb67
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_utctm.c
@@ -0,0 +1,212 @@
+/* crypto/asn1/a_utctm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "asn1.h"
+/* ASN1err(ASN1_F_ASN1_UTCTIME_NEW,ASN1_R_UTCTIME_TOO_LONG);
+ * ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_EXPECTING_A_UTCTIME);
+ */
+int i2d_ASN1_UTCTIME(a,pp)
+ASN1_UTCTIME *a;
+unsigned char **pp;
+        {
+        return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+                V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
+        }
+ASN1_UTCTIME *d2i_ASN1_UTCTIME(a, pp, length)
+ASN1_UTCTIME **a;
+unsigned char **pp;
+long length;
+        {
+        ASN1_UTCTIME *ret=NULL;
+        ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+                V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_ERROR_STACK);
+                return(NULL);
+                }
+        if (!ASN1_UTCTIME_check(ret))
+                {
+                ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
+                goto err;
+                }
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_UTCTIME_free(ret);
+        return(NULL);
+        }
+int ASN1_UTCTIME_check(d)
+ASN1_UTCTIME *d;
+        {
+        static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
+        static int max[8]={99,12,31,23,59,59,12,59};
+        char *a;
+        int n,i,l,o;
+        if (d->type != V_ASN1_UTCTIME) return(0);
+        l=d->length;
+        a=(char *)d->data;
+        o=0;
+        if (l < 11) goto err;
+        for (i=0; i<6; i++)
+                {
+                if ((i == 5) && ((a[o] == 'Z') ||
+                        (a[o] == '+') || (a[o] == '-')))
+                        { i++; break; }
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n= a[o]-'0';
+                if (++o > l) goto err;
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n=(n*10)+ a[o]-'0';
+                if (++o > l) goto err;
+                if ((n < min[i]) || (n > max[i])) goto err;
+                }
+        if (a[o] == 'Z')
+                o++;
+        else if ((a[o] == '+') || (a[o] == '-'))
+                {
+                o++;
+                if (o+4 > l) goto err;
+                for (i=6; i<8; i++)
+                        {
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n= a[o]-'0';
+                        o++;
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n=(n*10)+ a[o]-'0';
+                        if ((n < min[i]) || (n > max[i])) goto err;
+                        o++;
+                        }
+                }
+        return(o == l);
+err:
+        return(0);
+        }
+int ASN1_UTCTIME_set_string(s,str)
+ASN1_UTCTIME *s;
+char *str;
+        {
+        ASN1_UTCTIME t;
+        t.type=V_ASN1_UTCTIME;
+        t.length=strlen(str);
+        t.data=(unsigned char *)str;
+        if (ASN1_UTCTIME_check(&t))
+                {
+                if (s != NULL)
+                        {
+                        ASN1_STRING_set((ASN1_STRING *)s,
+                                (unsigned char *)str,t.length);
+                        }
+                return(1);
+                }
+        else
+                return(0);
+        }
+ASN1_UTCTIME *ASN1_UTCTIME_set(s, t)
+ASN1_UTCTIME *s;
+time_t t;
+        {
+        char *p;
+        struct tm *ts;
+#if defined(THREADS)
+        struct tm data;
+#endif
+        if (s == NULL)
+                s=ASN1_UTCTIME_new();
+        if (s == NULL)
+                return(NULL);
+#if defined(THREADS)
+        ts=(struct tm *)gmtime_r(&t,&data);
+#else
+        ts=(struct tm *)gmtime(&t);
+#endif
+        p=(char *)s->data;
+        if ((p == NULL) || (s->length < 14))
+                {
+                p=Malloc(20);
+                if (p == NULL) return(NULL);
+                if (s->data != NULL)
+                        Free(s->data);
+                s->data=(unsigned char *)p;
+                }
+        sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+                ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+        s->length=strlen(p);
+        s->type=V_ASN1_UTCTIME;
+        return(s);
+        }
diff --git a/src/lib/libcrypto/bf/asm/bf-686.pl b/src/lib/libcrypto/bf/asm/bf-686.pl
new file mode 100644
index 0000000000..bed303d786
--- /dev/null
+++ b/src/lib/libcrypto/bf/asm/bf-686.pl
@@ -0,0 +1,128 @@
+#!/usr/bin/perl
+#!/usr/local/bin/perl
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+&asm_init($ARGV[0],"bf-686.pl");
+$BF_ROUNDS=16;
+$BF_OFF=($BF_ROUNDS+2)*4;
+$L="ecx";
+$R="edx";
+$P="edi";
+$tot="esi";
+$tmp1="eax";
+$tmp2="ebx";
+$tmp3="ebp";
+&des_encrypt("BF_encrypt",1);
+&des_encrypt("BF_decrypt",0);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
+&asm_finish();
+&file_end();
+sub des_encrypt
+        {
+        local($name,$enc)=@_;
+        &function_begin($name,"");
+        &comment("");
+        &comment("Load the 2 words");
+        &mov("eax",&wparam(0));
+        &mov($L,&DWP(0,"eax","",0));
+        &mov($R,&DWP(4,"eax","",0));
+        &comment("");
+        &comment("P pointer, s and enc flag");
+        &mov($P,&wparam(1));
+        &xor(   $tmp1,  $tmp1);
+        &xor(   $tmp2,  $tmp2);
+        # encrypting part
+        if ($enc)
+                {
+                &xor($L,&DWP(0,$P,"",0));
+                for ($i=0; $i<$BF_ROUNDS; $i+=2)
+                        {
+                        &comment("");
+                        &comment("Round $i");
+                        &BF_ENCRYPT($i+1,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        &comment("");
+                        &comment("Round ".sprintf("%d",$i+1));
+                        &BF_ENCRYPT($i+2,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        }
+                &xor($R,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+                &mov("eax",&wparam(0));
+                &mov(&DWP(0,"eax","",0),$R);
+                &mov(&DWP(4,"eax","",0),$L);
+                &function_end_A($name);
+                }
+        else
+                {
+                &xor($L,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+                for ($i=$BF_ROUNDS; $i>0; $i-=2)
+                        {
+                        &comment("");
+                        &comment("Round $i");
+                        &BF_ENCRYPT($i,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        &comment("");
+                        &comment("Round ".sprintf("%d",$i-1));
+                        &BF_ENCRYPT($i-1,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        }
+                &xor($R,&DWP(0,$P,"",0));
+                &mov("eax",&wparam(0));
+                &mov(&DWP(0,"eax","",0),$R);
+                &mov(&DWP(4,"eax","",0),$L);
+                &function_end_A($name);
+                }
+        &function_end_B($name);
+        }
+sub BF_ENCRYPT
+        {
+        local($i,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3)=@_;
+        &rotr(  $R,             16);
+        &mov(   $tot,           &DWP(&n2a($i*4),$P,"",0));
+        &movb(  &LB($tmp1),     &HB($R));
+        &movb(  &LB($tmp2),     &LB($R));
+        &rotr(  $R,             16);
+        &xor(   $L,             $tot);
+        &mov(   $tot,           &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
+        &mov(   $tmp3,          &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
+        &movb(  &LB($tmp1),     &HB($R));
+        &movb(  &LB($tmp2),     &LB($R));
+        &add(   $tot,           $tmp3);
+        &mov(   $tmp1,          &DWP(&n2a($BF_OFF+0x0800),$P,$tmp1,4)); # delay
+        &xor(   $tot,           $tmp1);
+        &mov(   $tmp3,          &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp2,4));
+        &add(   $tot,           $tmp3);
+        &xor(   $tmp1,          $tmp1);
+        &xor(   $L,             $tot);                                  
+        # delay
+        }
+sub n2a
+        {
+        sprintf("%d",$_[0]);
+        }
diff --git a/src/lib/libcrypto/bf/asm/readme b/src/lib/libcrypto/bf/asm/readme
new file mode 100644
index 0000000000..2385fa3812
--- /dev/null
+++ b/src/lib/libcrypto/bf/asm/readme
@@ -0,0 +1,10 @@
+There are blowfish assembler generation scripts.
+bf-586.pl version is for the pentium and
+bf-686.pl is my original version, which is faster on the pentium pro.
+When using a bf-586.pl, the pentium pro/II is %8 slower than using
+bf-686.pl.  When using a bf-686.pl, the pentium is %16 slower
+than bf-586.pl
+So the default is bf-586.pl
diff --git a/src/lib/libcrypto/bf/bf_opts.c b/src/lib/libcrypto/bf/bf_opts.c
new file mode 100644
index 0000000000..5cfa60c537
--- /dev/null
+++ b/src/lib/libcrypto/bf/bf_opts.c
@@ -0,0 +1,347 @@
+/* crypto/bf/bf_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern void exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "blowfish.h"
+#define BF_DEFAULT_OPTIONS
+#undef BF_ENC
+#define BF_encrypt  BF_encrypt_normal
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+#define BF_PTR
+#undef BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt  BF_encrypt_ptr
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+#undef BF_PTR
+#define BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt  BF_encrypt_ptr2
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+        
+#define time_it(func,name,index) \
+        print_name(name); \
+        Time_F(START); \
+        for (count=0,run=1; COND(cb); count+=4) \
+                { \
+                unsigned long d[2]; \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                } \
+        tm[index]=Time_F(STOP); \
+        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+        tm[index]=((double)COUNT(cb))/tm[index];
+#define print_it(name,index) \
+        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+                tm[index]*8,1.0e6/tm[index]);
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static char key[16]={   0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                                0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        BF_KEY sch;
+        double d,tm[16],max=0;
+        int rank[16];
+        char *str[16];
+        int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+        long ca,cb,cc,cd,ce;
+#endif
+        for (i=0; i<12; i++)
+                {
+                tm[i]=0.0;
+                rank[i]=0;
+                }
+#ifndef TIMES
+        fprintf(stderr,"To get the most acurate results, try to run this\n");
+        fprintf(stderr,"program when this computer is idle.\n");
+#endif
+        BF_set_key(&sch,16,key);
+#ifndef SIGALRM
+        fprintf(stderr,"First we calculate the approximate speed ...\n");
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        BF_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+        ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+        time_it(BF_encrypt_normal,      "BF_encrypt_normal ", 0);
+        time_it(BF_encrypt_ptr,         "BF_encrypt_ptr    ", 1);
+        time_it(BF_encrypt_ptr2,        "BF_encrypt_ptr2   ", 2);
+        num+=3;
+        str[0]="<nothing>";
+        print_it("BF_encrypt_normal ",0);
+        max=tm[0];
+        max_idx=0;
+        str[1]="ptr      ";
+        print_it("BF_encrypt_ptr ",1);
+        if (max < tm[1]) { max=tm[1]; max_idx=1; }
+        str[2]="ptr2     ";
+        print_it("BF_encrypt_ptr2 ",2);
+        if (max < tm[2]) { max=tm[2]; max_idx=2; }
+        printf("options    BF ecb/s\n");
+        printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+        d=tm[max_idx];
+        tm[max_idx]= -2.0;
+        max= -1.0;
+        for (;;)
+                {
+                for (i=0; i<3; i++)
+                        {
+                        if (max < tm[i]) { max=tm[i]; j=i; }
+                        }
+                if (max < 0.0) break;
+                printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+                tm[j]= -2.0;
+                max= -1.0;
+                }
+        switch (max_idx)
+                {
+        case 0:
+                printf("-DBF_DEFAULT_OPTIONS\n");
+                break;
+        case 1:
+                printf("-DBF_PTR\n");
+                break;
+        case 2:
+                printf("-DBF_PTR2\n");
+                break;
+                }
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/bf/bfs.cpp b/src/lib/libcrypto/bf/bfs.cpp
new file mode 100644
index 0000000000..272ed2f978
--- /dev/null
+++ b/src/lib/libcrypto/bf/bfs.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "blowfish.h"
+void main(int argc,char *argv[])
+        {
+        BF_KEY key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(s1);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(e2);
+                        BF_encrypt(&data[0],&key);
+                        }
+                printf("blowfish %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libcrypto/bf/bfspeed.c b/src/lib/libcrypto/bf/bfspeed.c
new file mode 100644
index 0000000000..640d820dd3
--- /dev/null
+++ b/src/lib/libcrypto/bf/bfspeed.c
@@ -0,0 +1,293 @@
+/* crypto/bf/bfspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern int exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "blowfish.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#ifndef VMS
+#define HZ      100.0
+#else /* VMS */
+#define HZ      100.0
+#endif
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        BF_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+#ifndef TIMES
+        printf("To get the most acurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        BF_set_key(&sch,16,key);
+        count=10;
+        do      {
+                long i;
+                BF_LONG data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        BF_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing BF_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing BF_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                BF_set_key(&sch,16,key);
+                BF_set_key(&sch,16,key);
+                BF_set_key(&sch,16,key);
+                BF_set_key(&sch,16,key);
+                }
+        d=Time_F(STOP);
+        printf("%ld BF_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing BF_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing BF_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                BF_LONG data[2];
+                BF_encrypt(data,&sch);
+                BF_encrypt(data,&sch);
+                BF_encrypt(data,&sch);
+                BF_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld BF_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+#ifdef SIGALRM
+        printf("Doing BF_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing BF_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                BF_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),BF_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld BF_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+        printf("Blowfish set_key       per sec = %12.3f (%9.3fuS)\n",a,1.0e6/a);
+        printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n",b,8.0e6/b);
+        printf("Blowfish cbc     bytes per sec = %12.3f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/bf/bftest.c b/src/lib/libcrypto/bf/bftest.c
new file mode 100644
index 0000000000..9266cf813a
--- /dev/null
+++ b/src/lib/libcrypto/bf/bftest.c
@@ -0,0 +1,521 @@
+/* crypto/bf/bftest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "blowfish.h"
+char *bf_key[2]={
+        "abcdefghijklmnopqrstuvwxyz",
+        "Who is John Galt?"
+        };
+/* big endian */
+BF_LONG bf_plain[2][2]={
+        {0x424c4f57L,0x46495348L},
+        {0xfedcba98L,0x76543210L}
+        };
+BF_LONG bf_cipher[2][2]={
+        {0x324ed0feL,0xf413a203L},
+        {0xcc91732bL,0x8022f684L}
+        };
+/************/
+/* Lets use the DES test vectors :-) */
+#define NUM_TESTS 34
+static unsigned char ecb_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+        {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+        {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+        {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+        {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+        {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+        {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+        {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+        {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+        {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+        {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+        {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+        {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+        {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+        {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+        {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+        {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+        {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+        {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+        {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+        {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+        {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+        {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+static unsigned char plain_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+        {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+        {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+        {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+        {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+        {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+        {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+        {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+        {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+        {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+        {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+        {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+        {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+        {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+        {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+        {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+        {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+        {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+        {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+static unsigned char cipher_data[NUM_TESTS][8]={
+        {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+        {0x51,0x86,0x6F,0xD5,0xB8,0x5E,0xCB,0x8A},
+        {0x7D,0x85,0x6F,0x9A,0x61,0x30,0x63,0xF2},
+        {0x24,0x66,0xDD,0x87,0x8B,0x96,0x3C,0x9D},
+        {0x61,0xF9,0xC3,0x80,0x22,0x81,0xB0,0x96},
+        {0x7D,0x0C,0xC6,0x30,0xAF,0xDA,0x1E,0xC7},
+        {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+        {0x0A,0xCE,0xAB,0x0F,0xC6,0xA0,0xA2,0x8D},
+        {0x59,0xC6,0x82,0x45,0xEB,0x05,0x28,0x2B},
+        {0xB1,0xB8,0xCC,0x0B,0x25,0x0F,0x09,0xA0},
+        {0x17,0x30,0xE5,0x77,0x8B,0xEA,0x1D,0xA4},
+        {0xA2,0x5E,0x78,0x56,0xCF,0x26,0x51,0xEB},
+        {0x35,0x38,0x82,0xB1,0x09,0xCE,0x8F,0x1A},
+        {0x48,0xF4,0xD0,0x88,0x4C,0x37,0x99,0x18},
+        {0x43,0x21,0x93,0xB7,0x89,0x51,0xFC,0x98},
+        {0x13,0xF0,0x41,0x54,0xD6,0x9D,0x1A,0xE5},
+        {0x2E,0xED,0xDA,0x93,0xFF,0xD3,0x9C,0x79},
+        {0xD8,0x87,0xE0,0x39,0x3C,0x2D,0xA6,0xE3},
+        {0x5F,0x99,0xD0,0x4F,0x5B,0x16,0x39,0x69},
+        {0x4A,0x05,0x7A,0x3B,0x24,0xD3,0x97,0x7B},
+        {0x45,0x20,0x31,0xC1,0xE4,0xFA,0xDA,0x8E},
+        {0x75,0x55,0xAE,0x39,0xF5,0x9B,0x87,0xBD},
+        {0x53,0xC5,0x5F,0x9C,0xB4,0x9F,0xC0,0x19},
+        {0x7A,0x8E,0x7B,0xFA,0x93,0x7E,0x89,0xA3},
+        {0xCF,0x9C,0x5D,0x7A,0x49,0x86,0xAD,0xB5},
+        {0xD1,0xAB,0xB2,0x90,0x65,0x8B,0xC7,0x78},
+        {0x55,0xCB,0x37,0x74,0xD1,0x3E,0xF2,0x01},
+        {0xFA,0x34,0xEC,0x48,0x47,0xB2,0x68,0xB2},
+        {0xA7,0x90,0x79,0x51,0x08,0xEA,0x3C,0xAE},
+        {0xC3,0x9E,0x07,0x2D,0x9F,0xAC,0x63,0x1D},
+        {0x01,0x49,0x33,0xE0,0xCD,0xAF,0xF6,0xE4},
+        {0xF2,0x1E,0x9A,0x77,0xB7,0x1C,0x49,0xBC},
+        {0x24,0x59,0x46,0x88,0x57,0x54,0x36,0x9A},
+        {0x6B,0x5C,0x5A,0x9C,0x5D,0x9E,0x0A,0x5A},
+        };
+static unsigned char cbc_key [16]={
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static char cbc_data[40]="7654321 Now is the time for ";
+static unsigned char cbc_ok[32]={
+        0x6B,0x77,0xB4,0xD6,0x30,0x06,0xDE,0xE6,
+        0x05,0xB1,0x56,0xE2,0x74,0x03,0x97,0x93,
+        0x58,0xDE,0xB9,0xE7,0x15,0x46,0x16,0xD9,
+        0x59,0xF1,0x65,0x2B,0xD5,0xFF,0x92,0xCC};
+static unsigned char cfb64_ok[]={
+        0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+        0xF2,0x6E,0xCF,0x6D,0x2E,0xB9,0xE7,0x6E,
+        0x3D,0xA3,0xDE,0x04,0xD1,0x51,0x72,0x00,
+        0x51,0x9D,0x57,0xA6,0xC3};
+static unsigned char ofb64_ok[]={
+        0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+        0x62,0xB3,0x43,0xCC,0x5B,0x65,0x58,0x73,
+        0x10,0xDD,0x90,0x8D,0x0C,0x24,0x1B,0x22,
+        0x63,0xC2,0xCF,0x80,0xDA};
+#define KEY_TEST_NUM    25
+unsigned char key_test[KEY_TEST_NUM]={
+        0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
+        0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
+        0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
+        0x88};
+unsigned char key_data[8]=
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10};
+unsigned char key_out[KEY_TEST_NUM][8]={
+        {0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E},
+        {0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6},
+        {0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3},
+        {0xBE,0x1E,0x63,0x94,0x08,0x64,0x0F,0x05},
+        {0xB3,0x9E,0x44,0x48,0x1B,0xDB,0x1E,0x6E},
+        {0x94,0x57,0xAA,0x83,0xB1,0x92,0x8C,0x0D},
+        {0x8B,0xB7,0x70,0x32,0xF9,0x60,0x62,0x9D},
+        {0xE8,0x7A,0x24,0x4E,0x2C,0xC8,0x5E,0x82},
+        {0x15,0x75,0x0E,0x7A,0x4F,0x4E,0xC5,0x77},
+        {0x12,0x2B,0xA7,0x0B,0x3A,0xB6,0x4A,0xE0},
+        {0x3A,0x83,0x3C,0x9A,0xFF,0xC5,0x37,0xF6},
+        {0x94,0x09,0xDA,0x87,0xA9,0x0F,0x6B,0xF2},
+        {0x88,0x4F,0x80,0x62,0x50,0x60,0xB8,0xB4},
+        {0x1F,0x85,0x03,0x1C,0x19,0xE1,0x19,0x68},
+        {0x79,0xD9,0x37,0x3A,0x71,0x4C,0xA3,0x4F},
+        {0x93,0x14,0x28,0x87,0xEE,0x3B,0xE1,0x5C},
+        {0x03,0x42,0x9E,0x83,0x8C,0xE2,0xD1,0x4B},
+        {0xA4,0x29,0x9E,0x27,0x46,0x9F,0xF6,0x7B},
+        {0xAF,0xD5,0xAE,0xD1,0xC1,0xBC,0x96,0xA8},
+        {0x10,0x85,0x1C,0x0E,0x38,0x58,0xDA,0x9F},
+        {0xE6,0xF5,0x1E,0xD7,0x9B,0x9D,0xB2,0x1F},
+        {0x64,0xA6,0xE1,0x4A,0xFD,0x36,0xB4,0x6F},
+        {0x80,0xC7,0xD7,0xD4,0x5A,0x54,0x79,0xAD},
+        {0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},
+        };
+#ifndef NOPROTO
+static int test(void );
+static int print_test_data(void );
+#else
+static int test();
+static int print_test_data();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int ret;
+        if (argc > 1)
+                ret=print_test_data();
+        else
+                ret=test();
+        exit(ret);
+        return(0);
+        }
+static int print_test_data()
+        {
+        unsigned int i,j;
+        printf("ecb test data\n");
+        printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
+        for (i=0; i<NUM_TESTS; i++)
+                {
+                for (j=0; j<8; j++)
+                        printf("%02X",ecb_data[i][j]);
+                printf("\t");
+                for (j=0; j<8; j++)
+                        printf("%02X",plain_data[i][j]);
+                printf("\t");
+                for (j=0; j<8; j++)
+                        printf("%02X",cipher_data[i][j]);
+                printf("\n");
+                }
+        printf("set_key test data\n");
+        printf("data[8]= ");
+        for (j=0; j<8; j++)
+                printf("%02X",key_data[j]);
+        printf("\n");
+        for (i=0; i<KEY_TEST_NUM-1; i++)
+                {
+                printf("c=");
+                for (j=0; j<8; j++)
+                        printf("%02X",key_out[i][j]);
+                printf(" k[%2d]=",i+1);
+                for (j=0; j<i+1; j++)
+                        printf("%02X",key_test[j]);
+                printf("\n");
+                }
+        printf("\nchaining mode test data\n");
+        printf("key[16]   = ");
+        for (j=0; j<16; j++)
+                printf("%02X",cbc_key[j]);
+        printf("\niv[8]     = ");
+        for (j=0; j<8; j++)
+                printf("%02X",cbc_iv[j]);
+        printf("\ndata[%d]  = '%s'",(int)strlen(cbc_data)+1,cbc_data);
+        printf("\ndata[%d]  = ",(int)strlen(cbc_data)+1);
+        for (j=0; j<strlen(cbc_data)+1; j++)
+                printf("%02X",cbc_data[j]);
+        printf("\n");
+        printf("cbc cipher text\n");
+        printf("cipher[%d]= ",32);
+        for (j=0; j<32; j++)
+                printf("%02X",cbc_ok[j]);
+        printf("\n");
+        printf("cfb64 cipher text\n");
+        printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
+        for (j=0; j<strlen(cbc_data)+1; j++)
+                printf("%02X",cfb64_ok[j]);
+        printf("\n");
+        printf("ofb64 cipher text\n");
+        printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
+        for (j=0; j<strlen(cbc_data)+1; j++)
+                printf("%02X",ofb64_ok[j]);
+        printf("\n");
+        return(0);
+        }
+static int test()
+        {
+        unsigned char cbc_in[40],cbc_out[40],iv[8];
+        int i,n,err=0;
+        BF_KEY key;
+        BF_LONG data[2]; 
+        unsigned char out[8]; 
+        BF_LONG len;
+        printf("testing blowfish in raw ecb mode\n");
+        for (n=0; n<2; n++)
+                {
+                BF_set_key(&key,strlen(bf_key[n]),(unsigned char *)bf_key[n]);
+                data[0]=bf_plain[n][0];
+                data[1]=bf_plain[n][1];
+                BF_encrypt(data,&key);
+                if (memcmp(&(bf_cipher[n][0]),&(data[0]),8) != 0)
+                        {
+                        printf("BF_encrypt error encrypting\n");
+                        printf("got     :");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",data[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",bf_cipher[n][i]);
+                        err=1;
+                        printf("\n");
+                        }
+                BF_decrypt(&(data[0]),&key);
+                if (memcmp(&(bf_plain[n][0]),&(data[0]),8) != 0)
+                        {
+                        printf("BF_encrypt error decrypting\n");
+                        printf("got     :");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",data[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",bf_plain[n][i]);
+                        printf("\n");
+                        err=1;
+                        }
+                }
+        printf("testing blowfish in ecb mode\n");
+        for (n=0; n<NUM_TESTS; n++)
+                {
+                BF_set_key(&key,8,ecb_data[n]);
+                BF_ecb_encrypt(&(plain_data[n][0]),out,&key,BF_ENCRYPT);
+                if (memcmp(&(cipher_data[n][0]),out,8) != 0)
+                        {
+                        printf("BF_ecb_encrypt blowfish error encrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",out[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",cipher_data[n][i]);
+                        err=1;
+                        printf("\n");
+                        }
+                BF_ecb_encrypt(out,out,&key,BF_DECRYPT);
+                if (memcmp(&(plain_data[n][0]),out,8) != 0)
+                        {
+                        printf("BF_ecb_encrypt error decrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",out[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",plain_data[n][i]);
+                        printf("\n");
+                        err=1;
+                        }
+                }
+        printf("testing blowfish set_key\n");
+        for (n=1; n<KEY_TEST_NUM; n++)
+                {
+                BF_set_key(&key,n,key_test);
+                BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);
+                if (memcmp(out,&(key_out[n-1][0]),8) != 0)
+                        {
+                        printf("blowfish setkey error\n");
+                        err=1;
+                        }
+                }
+        printf("testing blowfish in cbc mode\n");
+        len=strlen(cbc_data)+1;
+        BF_set_key(&key,16,cbc_key);
+        memset(cbc_in,0,40);
+        memset(cbc_out,0,40);
+        memcpy(iv,cbc_iv,8);
+        BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
+                &key,iv,BF_ENCRYPT);
+        if (memcmp(cbc_out,cbc_ok,32) != 0)
+                {
+                err=1;
+                printf("BF_cbc_encrypt encrypt error\n");
+                for (i=0; i<32; i++) printf("0x%02X,",cbc_out[i]);
+                }
+        memcpy(iv,cbc_iv,8);
+        BF_cbc_encrypt(cbc_out,cbc_in,len,
+                &key,iv,BF_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+                {
+                printf("BF_cbc_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("testing blowfish in cfb64 mode\n");
+        BF_set_key(&key,16,cbc_key);
+        memset(cbc_in,0,40);
+        memset(cbc_out,0,40);
+        memcpy(iv,cbc_iv,8);
+        n=0;
+        BF_cfb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,
+                &key,iv,&n,BF_ENCRYPT);
+        BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]),&(cbc_out[13]),len-13,
+                &key,iv,&n,BF_ENCRYPT);
+        if (memcmp(cbc_out,cfb64_ok,(int)len) != 0)
+                {
+                err=1;
+                printf("BF_cfb64_encrypt encrypt error\n");
+                for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
+                }
+        n=0;
+        memcpy(iv,cbc_iv,8);
+        BF_cfb64_encrypt(cbc_out,cbc_in,17,
+                &key,iv,&n,BF_DECRYPT);
+        BF_cfb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,
+                &key,iv,&n,BF_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,(int)len) != 0)
+                {
+                printf("BF_cfb64_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("testing blowfish in ofb64\n");
+        BF_set_key(&key,16,cbc_key);
+        memset(cbc_in,0,40);
+        memset(cbc_out,0,40);
+        memcpy(iv,cbc_iv,8);
+        n=0;
+        BF_ofb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,&key,iv,&n);
+        BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]),
+                &(cbc_out[13]),len-13,&key,iv,&n);
+        if (memcmp(cbc_out,ofb64_ok,(int)len) != 0)
+                {
+                err=1;
+                printf("BF_ofb64_encrypt encrypt error\n");
+                for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
+                }
+        n=0;
+        memcpy(iv,cbc_iv,8);
+        BF_ofb64_encrypt(cbc_out,cbc_in,17,&key,iv,&n);
+        BF_ofb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,&key,iv,&n);
+        if (memcmp(cbc_in,cbc_data,(int)len) != 0)
+                {
+                printf("BF_ofb64_encrypt decrypt error\n");
+                err=1;
+                }
+        return(err);
+        }
diff --git a/src/lib/libcrypto/bio/bss_rtcp.c b/src/lib/libcrypto/bio/bss_rtcp.c
new file mode 100644
index 0000000000..6eb434dee8
--- /dev/null
+++ b/src/lib/libcrypto/bio/bss_rtcp.c
@@ -0,0 +1,297 @@
+/* crypto/bio/bss_rtcp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* Written by David L. Jones <jonesd@kcgl1.eng.ohio-state.edu>
+ * Date:   22-JUL-1996
+ */
+/* VMS */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "bio.h"
+#include <iodef.h>              /* VMS IO$_ definitions */
+extern int SYS$QIOW();
+typedef unsigned short io_channel;
+/*************************************************************************/
+struct io_status { short status, count; long flags; };
+struct rpc_msg {                /* Should have member alignment inhibited */
+   char channel;                /* 'A'-app data. 'R'-remote client 'G'-global */
+   char function;               /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+   unsigned short int length;   /* Amount of data returned or max to return */
+   char data[4092];             /* variable data */
+};
+#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
+struct rpc_ctx {
+    int filled, pos;
+    struct rpc_msg msg;
+};
+static int rtcp_write(BIO *h,char *buf,int num);
+static int rtcp_read(BIO *h,char *buf,int size);
+static int rtcp_puts(BIO *h,char *str);
+static int rtcp_gets(BIO *h,char *str,int size);
+static long rtcp_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int rtcp_new(BIO *h);
+static int rtcp_free(BIO *data);
+static BIO_METHOD rtcp_method=
+        {
+        BIO_TYPE_FD,
+        "RTCP",
+        rtcp_write,
+        rtcp_read,
+        rtcp_puts,
+        rtcp_gets,
+        rtcp_ctrl,
+        rtcp_new,
+        rtcp_free,
+        };
+BIO_METHOD *BIO_s_rtcp()
+        {
+        return(&rtcp_method);
+        }
+/*****************************************************************************/
+/* Decnet I/O routines.
+ */
+static int get ( io_channel chan, char *buffer, int maxlen, int *length )
+{
+    int status;
+    struct io_status iosb;
+    status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
+        buffer, maxlen, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    if ( (status&1) == 1 ) *length = iosb.count;
+    return status;
+}
+static int put ( io_channel chan, char *buffer, int length )
+{
+    int status;
+    struct io_status iosb;
+    status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
+        buffer, length, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    return status;
+}
+/***************************************************************************/
+static int rtcp_new(bi)
+BIO *bi;
+{
+    struct rpc_ctx *ctx;
+        bi->init=1;
+        bi->num=0;
+        bi->flags = 0;
+        bi->ptr=Malloc(sizeof(struct rpc_ctx));
+        ctx = (struct rpc_ctx *) bi->ptr;
+        ctx->filled = 0;
+        ctx->pos = 0;
+        return(1);
+}
+static int rtcp_free(a)
+BIO *a;
+{
+        if (a == NULL) return(0);
+        if ( a->ptr ) Free ( a->ptr );
+        a->ptr = NULL;
+        return(1);
+}
+        
+static int rtcp_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+{
+    int status, length;
+    struct rpc_ctx *ctx;
+    /*
+     * read data, return existing.
+     */
+    ctx = (struct rpc_ctx *) b->ptr;
+    if ( ctx->pos < ctx->filled ) {
+        length = ctx->filled - ctx->pos;
+        if ( length > outl ) length = outl;
+        memmove ( out, &ctx->msg.data[ctx->pos], length );
+        ctx->pos += length;
+        return length;
+    }
+    /*
+     * Requst more data from R channel.
+     */
+    ctx->msg.channel = 'R';
+    ctx->msg.function = 'G';
+    ctx->msg.length = sizeof(ctx->msg.data);
+    status = put ( b->num, (char *) &ctx->msg, RPC_HDR_SIZE );
+    if ( (status&1) == 0 ) {
+        return -1;
+    }
+    /*
+     * Read.
+     */
+    ctx->pos = ctx->filled = 0;
+    status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+    if ( (status&1) == 0 ) length = -1;
+    if ( ctx->msg.channel != 'R' || ctx->msg.function != 'C' ) {
+        length = -1;
+    }
+    ctx->filled = length - RPC_HDR_SIZE;
+    
+    if ( ctx->pos < ctx->filled ) {
+        length = ctx->filled - ctx->pos;
+        if ( length > outl ) length = outl;
+        memmove ( out, ctx->msg.data, length );
+        ctx->pos += length;
+        return length;
+    }
+    return length;
+}
+static int rtcp_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+{
+    int status, i, segment, length;
+    struct rpc_ctx *ctx;
+    /*
+     * Output data, send in chunks no larger that sizeof(ctx->msg.data).
+     */
+    ctx = (struct rpc_ctx *) b->ptr;
+    for ( i = 0; i < inl; i += segment ) {
+        segment = inl - i;
+        if ( segment > sizeof(ctx->msg.data) ) segment = sizeof(ctx->msg.data);
+        ctx->msg.channel = 'R';
+        ctx->msg.function = 'P';
+        ctx->msg.length = segment;
+        memmove ( ctx->msg.data, &in[i], segment );
+        status = put ( b->num, (char *) &ctx->msg, segment + RPC_HDR_SIZE );
+        if ((status&1) == 0 ) { i = -1; break; }
+        status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+        if ( ((status&1) == 0) || (length < RPC_HDR_SIZE) ) { i = -1; break; }
+        if ( (ctx->msg.channel != 'R') || (ctx->msg.function != 'C') ) {
+           printf("unexpected response when confirming put %c %c\n",
+                ctx->msg.channel, ctx->msg.function );
+        }
+    }
+    return(i);
+}
+static long rtcp_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        long ret=1;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+        case BIO_CTRL_EOF:
+                ret = 1;
+                break;
+        case BIO_CTRL_SET:
+                b->num = num;
+                ret = 1;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+        case BIO_CTRL_FLUSH:
+        case BIO_CTRL_DUP:
+                ret=1;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+        case BIO_CTRL_INFO:
+        case BIO_CTRL_GET:
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_WPENDING:
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+static int rtcp_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+        {
+        return(0);
+        }
+static int rtcp_puts(bp,str)
+BIO *bp;
+char *str;
+{
+    int length;
+    if (str == NULL) return(0);
+    length = strlen ( str );
+    if ( length == 0 ) return (0);
+    return rtcp_write ( bp,str, length );
+}
diff --git a/src/lib/libcrypto/bn/asm/README b/src/lib/libcrypto/bn/asm/README
new file mode 100644
index 0000000000..d93fbff77f
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/README
@@ -0,0 +1,30 @@
+All assember in this directory are just version of the file
+crypto/bn/bn_mulw.c.
+Quite a few of these files are just the assember output from gcc since on 
+quite a few machines they are 2 times faster than the system compiler.
+For the x86, I have hand written assember because of the bad job all
+compilers seem to do on it.  This normally gives a 2 time speed up in the RSA
+routines.
+For the DEC alpha, I also hand wrote the assember (except the division which
+is just the output from the C compiler pasted on the end of the file).
+On the 2 alpha C compilers I had access to, it was not possible to do
+64b x 64b -> 128b calculations (both long and the long long data types
+were 64 bits).  So the hand assember gives access to the 128 bit result and
+a 2 times speedup :-).
+The x86xxxx.obj files are the assembled version of x86xxxx.asm files.
+I had such a hard time finding a macro assember for Microsoft, I decided to
+include the object file to save others the hassle :-).
+I have also included uu encoded versions of the .obj incase they get
+trashed.
+There are 2 versions of assember for the HP PA-RISC.
+pa-risc.s is the origional one which works fine.
+pa-risc2.s is a new version that often generates warnings but if the
+tests pass, it gives performance that is over 2 times faster than
+pa-risc.s.
+Both were generated using gcc :-)
diff --git a/src/lib/libcrypto/bn/asm/alpha.s b/src/lib/libcrypto/bn/asm/alpha.s
new file mode 100644
index 0000000000..1d17b1d619
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.s
@@ -0,0 +1,344 @@
+ # DEC Alpha assember
+ # The bn_div64 is actually gcc output but the other parts are hand done.
+ # Thanks to tzeruch@ceddec.com for sending me the gcc output for
+ # bn_div64.
+        .file   1 "bn_mulw.c"
+        .set noat
+gcc2_compiled.:
+__gnu_compiled_c:
+        .text
+        .align 3
+        .globl bn_mul_add_words
+        .ent bn_mul_add_words
+bn_mul_add_words:
+bn_mul_add_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        subq $18,2,$25  # num=-2
+        bis $31,$31,$0
+        blt $25,$42
+        .align 5
+$142:
+        subq $18,2,$18  # num-=2
+        subq $25,2,$25  # num-=2
+        ldq $1,0($17)   # a[0]
+        ldq $2,8($17)   # a[1]
+        mulq $19,$1,$3  # a[0]*w low part       r3
+        umulh $19,$1,$1 # a[0]*w high part      r1
+        mulq $19,$2,$4  # a[1]*w low part       r4
+        umulh $19,$2,$2 # a[1]*w high part      r2
+        ldq $22,0($16)  # r[0]                  r22
+        ldq $23,8($16)  # r[1]                  r23
+        addq $3,$22,$3  # a0 low part + r[0]    
+        addq $4,$23,$4  # a1 low part + r[1]    
+        cmpult $3,$22,$5 # overflow?
+        cmpult $4,$23,$6 # overflow?
+        addq $5,$1,$1   # high part + overflow 
+        addq $6,$2,$2   # high part + overflow 
+        addq $3,$0,$3   # add c
+        cmpult $3,$0,$5 # overflow?
+        stq $3,0($16)
+        addq $5,$1,$0   # c=high part + overflow 
+        addq $4,$0,$4   # add c
+        cmpult $4,$0,$5 # overflow?
+        stq $4,8($16)
+        addq $5,$2,$0   # c=high part + overflow 
+        ble $18,$43
+        addq $16,16,$16
+        addq $17,16,$17
+        blt $25,$42
+        br $31,$142
+$42:
+        ldq $1,0($17)   # a[0]
+        umulh $19,$1,$3 # a[0]*w high part
+        mulq $19,$1,$1  # a[0]*w low part
+        ldq $2,0($16)   # r[0]
+        addq $1,$2,$1   # low part + r[0]
+        cmpult $1,$2,$4 # overflow?
+        addq $4,$3,$3   # high part + overflow 
+        addq $1,$0,$1   # add c
+        cmpult $1,$0,$4 # overflow?
+        addq $4,$3,$0   # c=high part + overflow 
+        stq $1,0($16)
+        .align 4
+$43:
+        ret $31,($26),1
+        .end bn_mul_add_words
+        .align 3
+        .globl bn_mul_words
+        .ent bn_mul_words
+bn_mul_words:
+bn_mul_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        subq $18,2,$25  # num=-2
+        bis $31,$31,$0
+        blt $25,$242
+        .align 5
+$342:
+        subq $18,2,$18  # num-=2
+        subq $25,2,$25  # num-=2
+        ldq $1,0($17)   # a[0]
+        ldq $2,8($17)   # a[1]
+        mulq $19,$1,$3  # a[0]*w low part       r3
+        umulh $19,$1,$1 # a[0]*w high part      r1
+        mulq $19,$2,$4  # a[1]*w low part       r4
+        umulh $19,$2,$2 # a[1]*w high part      r2
+        addq $3,$0,$3   # add c
+        cmpult $3,$0,$5 # overflow?
+        stq $3,0($16)
+        addq $5,$1,$0   # c=high part + overflow 
+        addq $4,$0,$4   # add c
+        cmpult $4,$0,$5 # overflow?
+        stq $4,8($16)
+        addq $5,$2,$0   # c=high part + overflow 
+        ble $18,$243
+        addq $16,16,$16
+        addq $17,16,$17
+        blt $25,$242
+        br $31,$342
+$242:
+        ldq $1,0($17)   # a[0]
+        umulh $19,$1,$3 # a[0]*w high part
+        mulq $19,$1,$1  # a[0]*w low part
+        addq $1,$0,$1   # add c
+        cmpult $1,$0,$4 # overflow?
+        addq $4,$3,$0   # c=high part + overflow 
+        stq $1,0($16)
+$243:
+        ret $31,($26),1
+        .end bn_mul_words
+        .align 3
+        .globl bn_sqr_words
+        .ent bn_sqr_words
+bn_sqr_words:
+bn_sqr_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        
+        subq $18,2,$25  # num=-2
+        blt $25,$442
+        .align 5
+$542:
+        subq $18,2,$18  # num-=2
+        subq $25,2,$25  # num-=2
+        ldq $1,0($17)   # a[0]
+        ldq $4,8($17)   # a[1]
+        mulq $1,$1,$2   # a[0]*w low part       r2
+        umulh $1,$1,$3 # a[0]*w high part       r3
+        mulq $4,$4,$5   # a[1]*w low part       r5
+        umulh $4,$4,$6 # a[1]*w high part       r6
+        stq $2,0($16)   # r[0]
+        stq $3,8($16)   # r[1]
+        stq $5,16($16)  # r[3]
+        stq $6,24($16)  # r[4]
+        ble $18,$443
+        addq $16,32,$16
+        addq $17,16,$17
+        blt $25,$442
+        br $31,$542
+$442:
+        ldq $1,0($17)   # a[0]
+        mulq $1,$1,$2   # a[0]*w low part       r2
+        umulh $1,$1,$3  # a[0]*w high part       r3
+        stq $2,0($16)   # r[0]
+        stq $3,8($16)   # r[1]
+        .align 4
+$443:
+        ret $31,($26),1
+        .end bn_sqr_words
+        .align 3
+        .globl bn_add_words
+        .ent bn_add_words
+bn_add_words:
+bn_add_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        bis     $31,$31,$8      # carry = 0
+        ble     $19,$900
+$901:
+        ldq     $0,0($17)       # a[0]
+        ldq     $1,0($18)       # a[1]
+        addq    $0,$1,$3        # c=a+b;
+         addq   $17,8,$17       # a++
+        cmpult  $3,$1,$7        # did we overflow?
+         addq   $18,8,$18       # b++
+        addq    $8,$3,$3        # c+=carry
+        cmpult  $3,$8,$8        # did we overflow?
+         stq    $3,($16)        # r[0]=c
+        addq    $7,$8,$8        # add into overflow
+         subq   $19,1,$19       # loop--
+        addq    $16,8,$16       # r++
+         bgt    $19,$901
+$900:
+        bis     $8,$8,$0        # return carry
+        ret $31,($26),1
+        .end bn_add_words
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+        .align 3
+        .globl bn_div64
+        .ent bn_div64
+bn_div64:
+        ldgp $29,0($27)
+bn_div64..ng:
+        lda $30,-48($30)
+        .frame $30,48,$26,0
+        stq $26,0($30)
+        stq $9,8($30)
+        stq $10,16($30)
+        stq $11,24($30)
+        stq $12,32($30)
+        stq $13,40($30)
+        .mask 0x4003e00,-48
+        .prologue 1
+        bis $16,$16,$9
+        bis $17,$17,$10
+        bis $18,$18,$11
+        bis $31,$31,$13
+        bis $31,2,$12
+        bne $11,$119
+        lda $0,-1
+        br $31,$136
+        .align 4
+$119:
+        bis $11,$11,$16
+        jsr $26,BN_num_bits_word
+        ldgp $29,0($26)
+        subq $0,64,$1
+        beq $1,$120
+        bis $31,1,$1
+        sll $1,$0,$1
+        cmpule $9,$1,$1
+        bne $1,$120
+ #      lda $16,_IO_stderr_
+ #      lda $17,$C32
+ #      bis $0,$0,$18
+ #      jsr $26,fprintf
+ #      ldgp $29,0($26)
+        jsr $26,abort
+        ldgp $29,0($26)
+        .align 4
+$120:
+        bis $31,64,$3
+        cmpult $9,$11,$2
+        subq $3,$0,$1
+        addl $1,$31,$0
+        subq $9,$11,$1
+        cmoveq $2,$1,$9
+        beq $0,$122
+        zapnot $0,15,$2
+        subq $3,$0,$1
+        sll $11,$2,$11
+        sll $9,$2,$3
+        srl $10,$1,$1
+        sll $10,$2,$10
+        bis $3,$1,$9
+$122:
+        srl $11,32,$5
+        zapnot $11,15,$6
+        lda $7,-1
+        .align 5
+$123:
+        srl $9,32,$1
+        subq $1,$5,$1
+        bne $1,$126
+        zapnot $7,15,$27
+        br $31,$127
+        .align 4
+$126:
+        bis $9,$9,$24
+        bis $5,$5,$25
+        divqu $24,$25,$27
+$127:
+        srl $10,32,$4
+        .align 5
+$128:
+        mulq $27,$5,$1
+        subq $9,$1,$3
+        zapnot $3,240,$1
+        bne $1,$129
+        mulq $6,$27,$2
+        sll $3,32,$1
+        addq $1,$4,$1
+        cmpule $2,$1,$2
+        bne $2,$129
+        subq $27,1,$27
+        br $31,$128
+        .align 4
+$129:
+        mulq $27,$6,$1
+        mulq $27,$5,$4
+        srl $1,32,$3
+        sll $1,32,$1
+        addq $4,$3,$4
+        cmpult $10,$1,$2
+        subq $10,$1,$10
+        addq $2,$4,$2
+        cmpult $9,$2,$1
+        bis $2,$2,$4
+        beq $1,$134
+        addq $9,$11,$9
+        subq $27,1,$27
+$134:
+        subl $12,1,$12
+        subq $9,$4,$9
+        beq $12,$124
+        sll $27,32,$13
+        sll $9,32,$2
+        srl $10,32,$1
+        sll $10,32,$10
+        bis $2,$1,$9
+        br $31,$123
+        .align 4
+$124:
+        bis $13,$27,$0
+$136:
+        ldq $26,0($30)
+        ldq $9,8($30)
+        ldq $10,16($30)
+        ldq $11,24($30)
+        ldq $12,32($30)
+        ldq $13,40($30)
+        addq $30,48,$30
+        ret $31,($26),1
+        .end bn_div64
+        .ident  "GCC: (GNU) 2.7.2.1"
diff --git a/src/lib/libcrypto/bn/asm/pa-risc.s b/src/lib/libcrypto/bn/asm/pa-risc.s
new file mode 100644
index 0000000000..775130a191
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/pa-risc.s
@@ -0,0 +1,710 @@
+        .SPACE $PRIVATE$
+        .SUBSPA $DATA$,QUAD=1,ALIGN=8,ACCESS=31
+        .SUBSPA $BSS$,QUAD=1,ALIGN=8,ACCESS=31,ZERO,SORT=82
+        .SPACE $TEXT$
+        .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=44
+        .SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44,CODE_ONLY
+        .IMPORT $global$,DATA
+        .IMPORT $$dyncall,MILLICODE
+; gcc_compiled.:
+        .SPACE $TEXT$
+        .SUBSPA $CODE$
+        .align 4
+        .EXPORT bn_mul_add_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_add_words
+        .PROC
+        .CALLINFO FRAME=0,CALLS,SAVE_RP
+        .ENTRY
+        stw %r2,-20(0,%r30)
+        ldi 0,%r28
+        extru %r23,31,16,%r2
+        stw %r2,-16(0,%r30)
+        extru %r23,15,16,%r23
+        ldil L'65536,%r31
+        fldws -16(0,%r30),%fr11R
+        stw %r23,-16(0,%r30)
+        ldo 12(%r25),%r29
+        ldo 12(%r26),%r23
+        fldws -16(0,%r30),%fr11L
+L$0002
+        ldw 0(0,%r25),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0005
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi 1,%r19,%r19
+        ldw 0(0,%r26),%r28
+        addl %r20,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0003
+        stw %r20,0(0,%r26)
+        ldw -8(0,%r29),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0010
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi 1,%r19,%r19
+        ldw -8(0,%r23),%r28
+        addl %r20,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0003
+        stw %r20,-8(0,%r23)
+        ldw -4(0,%r29),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0015
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi 1,%r19,%r19
+        ldw -4(0,%r23),%r28
+        addl %r20,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0003
+        stw %r20,-4(0,%r23)
+        ldw 0(0,%r29),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0020
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi 1,%r19,%r19
+        ldw 0(0,%r23),%r28
+        addl %r20,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0003
+        stw %r20,0(0,%r23)
+        ldo 16(%r29),%r29
+        ldo 16(%r25),%r25
+        ldo 16(%r23),%r23
+        bl L$0002,0
+        ldo 16(%r26),%r26
+L$0003
+        ldw -20(0,%r30),%r2
+        bv,n 0(%r2)
+        .EXIT
+        .PROCEND
+        .align 4
+        .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_words
+        .PROC
+        .CALLINFO FRAME=0,CALLS,SAVE_RP
+        .ENTRY
+        stw %r2,-20(0,%r30)
+        ldi 0,%r28
+        extru %r23,31,16,%r2
+        stw %r2,-16(0,%r30)
+        extru %r23,15,16,%r23
+        ldil L'65536,%r31
+        fldws -16(0,%r30),%fr11R
+        stw %r23,-16(0,%r30)
+        ldo 12(%r26),%r29
+        ldo 12(%r25),%r23
+        fldws -16(0,%r30),%fr11L
+L$0026
+        ldw 0(0,%r25),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0029
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0027
+        stw %r20,0(0,%r26)
+        ldw -8(0,%r23),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0033
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0027
+        stw %r20,-8(0,%r29)
+        ldw -4(0,%r23),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0037
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0027
+        stw %r20,-4(0,%r29)
+        ldw 0(0,%r23),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0041
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0027
+        stw %r20,0(0,%r29)
+        ldo 16(%r23),%r23
+        ldo 16(%r25),%r25
+        ldo 16(%r29),%r29
+        bl L$0026,0
+        ldo 16(%r26),%r26
+L$0027
+        ldw -20(0,%r30),%r2
+        bv,n 0(%r2)
+        .EXIT
+        .PROCEND
+        .align 4
+        .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR
+bn_sqr_words
+        .PROC
+        .CALLINFO FRAME=0,NO_CALLS
+        .ENTRY
+        ldo 28(%r26),%r23
+        ldo 12(%r25),%r28
+L$0046
+        ldw 0(0,%r25),%r21
+        extru %r21,31,16,%r22
+        stw %r22,-16(0,%r30)
+        extru %r21,15,16,%r21
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        stw %r22,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r21,-16(0,%r30)
+        copy %r29,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,16,17,%r20
+        zdep %r19,14,15,%r19
+        ldw -16(0,%r30),%r29
+        xmpyu %fr10L,%fr10R,%fr9
+        addl %r29,%r19,%r22
+        stw %r22,0(0,%r26)
+        fstws %fr9R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        addl %r29,%r20,%r21
+        comclr,<<= %r19,%r22,0
+        addi 1,%r21,%r21
+        addib,= -1,%r24,L$0057
+        stw %r21,-24(0,%r23)
+        ldw -8(0,%r28),%r21
+        extru %r21,31,16,%r22
+        stw %r22,-16(0,%r30)
+        extru %r21,15,16,%r21
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        stw %r22,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r21,-16(0,%r30)
+        copy %r29,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,16,17,%r20
+        zdep %r19,14,15,%r19
+        ldw -16(0,%r30),%r29
+        xmpyu %fr10L,%fr10R,%fr9
+        addl %r29,%r19,%r22
+        stw %r22,-20(0,%r23)
+        fstws %fr9R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        addl %r29,%r20,%r21
+        comclr,<<= %r19,%r22,0
+        addi 1,%r21,%r21
+        addib,= -1,%r24,L$0057
+        stw %r21,-16(0,%r23)
+        ldw -4(0,%r28),%r21
+        extru %r21,31,16,%r22
+        stw %r22,-16(0,%r30)
+        extru %r21,15,16,%r21
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        stw %r22,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r21,-16(0,%r30)
+        copy %r29,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,16,17,%r20
+        zdep %r19,14,15,%r19
+        ldw -16(0,%r30),%r29
+        xmpyu %fr10L,%fr10R,%fr9
+        addl %r29,%r19,%r22
+        stw %r22,-12(0,%r23)
+        fstws %fr9R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        addl %r29,%r20,%r21
+        comclr,<<= %r19,%r22,0
+        addi 1,%r21,%r21
+        addib,= -1,%r24,L$0057
+        stw %r21,-8(0,%r23)
+        ldw 0(0,%r28),%r21
+        extru %r21,31,16,%r22
+        stw %r22,-16(0,%r30)
+        extru %r21,15,16,%r21
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        stw %r22,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r21,-16(0,%r30)
+        copy %r29,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,16,17,%r20
+        zdep %r19,14,15,%r19
+        ldw -16(0,%r30),%r29
+        xmpyu %fr10L,%fr10R,%fr9
+        addl %r29,%r19,%r22
+        stw %r22,-4(0,%r23)
+        fstws %fr9R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        addl %r29,%r20,%r21
+        comclr,<<= %r19,%r22,0
+        addi 1,%r21,%r21
+        addib,= -1,%r24,L$0057
+        stw %r21,0(0,%r23)
+        ldo 16(%r28),%r28
+        ldo 16(%r25),%r25
+        ldo 32(%r23),%r23
+        bl L$0046,0
+        ldo 32(%r26),%r26
+L$0057
+        bv,n 0(%r2)
+        .EXIT
+        .PROCEND
+        .IMPORT BN_num_bits_word,CODE
+        .IMPORT fprintf,CODE
+        .IMPORT __iob,DATA
+        .SPACE $TEXT$
+        .SUBSPA $LIT$
+        .align 4
+L$C0000
+        .STRING "Division would overflow\x0a\x00"
+        .IMPORT abort,CODE
+        .SPACE $TEXT$
+        .SUBSPA $CODE$
+        .align 4
+        .EXPORT bn_div64,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR
+bn_div64
+        .PROC
+        .CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=8
+        .ENTRY
+        stw %r2,-20(0,%r30)
+        stwm %r8,128(0,%r30)
+        stw %r7,-124(0,%r30)
+        stw %r4,-112(0,%r30)
+        stw %r3,-108(0,%r30)
+        copy %r26,%r3
+        copy %r25,%r4
+        stw %r6,-120(0,%r30)
+        ldi 0,%r7
+        stw %r5,-116(0,%r30)
+        movb,<> %r24,%r5,L$0059
+        ldi 2,%r6
+        bl L$0076,0
+        ldi -1,%r28
+L$0059
+        .CALL ARGW0=GR
+        bl BN_num_bits_word,%r2
+        copy %r5,%r26
+        ldi 32,%r19
+        comb,= %r19,%r28,L$0060
+        subi 31,%r28,%r19
+        mtsar %r19
+        zvdepi 1,32,%r19
+        comb,>>= %r19,%r3,L$0060
+        addil LR'__iob-$global$+32,%r27
+        ldo RR'__iob-$global$+32(%r1),%r26
+        ldil LR'L$C0000,%r25
+        .CALL ARGW0=GR,ARGW1=GR
+        bl fprintf,%r2
+        ldo RR'L$C0000(%r25),%r25
+        .CALL 
+        bl abort,%r2
+        nop
+L$0060
+        comb,>> %r5,%r3,L$0061
+        subi 32,%r28,%r28
+        sub %r3,%r5,%r3
+L$0061
+        comib,= 0,%r28,L$0062
+        subi 31,%r28,%r19
+        mtsar %r19
+        zvdep %r5,32,%r5
+        zvdep %r3,32,%r21
+        subi 32,%r28,%r20
+        mtsar %r20
+        vshd 0,%r4,%r20
+        or %r21,%r20,%r3
+        mtsar %r19
+        zvdep %r4,32,%r4
+L$0062
+        extru %r5,15,16,%r23
+        extru %r5,31,16,%r28
+L$0063
+        extru %r3,15,16,%r19
+        comb,<> %r23,%r19,L$0066
+        copy %r3,%r26
+        bl L$0067,0
+        zdepi -1,31,16,%r29
+L$0066
+        .IMPORT $$divU,MILLICODE
+        bl $$divU,%r31
+        copy %r23,%r25
+L$0067
+        stw %r29,-16(0,%r30)
+        fldws -16(0,%r30),%fr10L
+        stw %r28,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r23,-16(0,%r30)
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr10L,%fr10R,%fr9
+        ldw -16(0,%r30),%r8
+        fstws %fr9R,-16(0,%r30)
+        copy %r8,%r22
+        ldw -16(0,%r30),%r8
+        extru %r4,15,16,%r24
+        copy %r8,%r21
+L$0068
+        sub %r3,%r21,%r20
+        copy %r20,%r19
+        depi 0,31,16,%r19
+        comib,<> 0,%r19,L$0069
+        zdep %r20,15,16,%r19
+        addl %r19,%r24,%r19
+        comb,>>= %r19,%r22,L$0069
+        sub %r22,%r28,%r22
+        sub %r21,%r23,%r21
+        bl L$0068,0
+        ldo -1(%r29),%r29
+L$0069
+        stw %r29,-16(0,%r30)
+        fldws -16(0,%r30),%fr10L
+        stw %r28,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r8
+        stw %r23,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        copy %r8,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,15,16,%r20
+        ldw -16(0,%r30),%r8
+        zdep %r19,15,16,%r19
+        addl %r8,%r20,%r20
+        comclr,<<= %r19,%r4,0
+        addi 1,%r20,%r20
+        comb,<<= %r20,%r3,L$0074
+        sub %r4,%r19,%r4
+        addl %r3,%r5,%r3
+        ldo -1(%r29),%r29
+L$0074
+        addib,= -1,%r6,L$0064
+        sub %r3,%r20,%r3
+        zdep %r29,15,16,%r7
+        shd %r3,%r4,16,%r3
+        bl L$0063,0
+        zdep %r4,15,16,%r4
+L$0064
+        or %r7,%r29,%r28
+L$0076
+        ldw -148(0,%r30),%r2
+        ldw -124(0,%r30),%r7
+        ldw -120(0,%r30),%r6
+        ldw -116(0,%r30),%r5
+        ldw -112(0,%r30),%r4
+        ldw -108(0,%r30),%r3
+        bv 0(%r2)
+        ldwm -128(0,%r30),%r8
+        .EXIT
+        .PROCEND
diff --git a/src/lib/libcrypto/bn/asm/r3000.s b/src/lib/libcrypto/bn/asm/r3000.s
new file mode 100644
index 0000000000..e95269afa3
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/r3000.s
@@ -0,0 +1,646 @@
+        .file   1 "../bn_mulw.c"
+        .set    nobopt
+        .option pic2
+ # GNU C 2.6.3 [AL 1.1, MM 40] SGI running IRIX 5.0 compiled by GNU C
+ # Cc1 defaults:
+ # -mabicalls
+ # Cc1 arguments (-G value = 0, Cpu = 3000, ISA = 1):
+ # -quiet -dumpbase -O2 -o
+gcc2_compiled.:
+__gnu_compiled_c:
+        .rdata
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x34,0x39,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x33,0x34,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x35,0x20,0x24
+        .byte   0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x38,0x20,0x24
+        .byte   0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x32,0x33,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x37,0x38,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x33,0x2e,0x37,0x30,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x32,0x20,0x24
+        .byte   0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x34,0x20,0x24
+        .byte   0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x38,0x20,0x24
+        .byte   0x0
+        .text
+        .align  2
+        .globl  bn_mul_add_words
+        .ent    bn_mul_add_words
+bn_mul_add_words:
+        .frame  $sp,0,$31               # vars= 0, regs= 0/0, args= 0, extra= 0
+        .mask   0x00000000,0
+        .fmask  0x00000000,0
+        .set    noreorder
+        .cpload $25
+        .set    reorder
+        move    $12,$4
+        move    $14,$5
+        move    $9,$6
+        move    $13,$7
+        move    $8,$0
+        addu    $10,$12,12
+        addu    $11,$14,12
+$L2:
+        lw      $6,0($14)
+        #nop
+        multu   $13,$6
+        mfhi    $6
+        mflo    $7
+        #nop
+        move    $5,$8
+        move    $4,$0
+        lw      $3,0($12)
+        addu    $9,$9,-1
+        move    $2,$0
+        addu    $7,$7,$3
+        sltu    $8,$7,$3
+        addu    $6,$6,$2
+        addu    $6,$6,$8
+        addu    $7,$7,$5
+        sltu    $2,$7,$5
+        addu    $6,$6,$4
+        addu    $6,$6,$2
+        srl     $3,$6,0
+        move    $2,$0
+        move    $8,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $9,$0,$L3
+        sw      $7,0($12)
+        .set    macro
+        .set    reorder
+        lw      $6,-8($11)
+        #nop
+        multu   $13,$6
+        mfhi    $6
+        mflo    $7
+        #nop
+        move    $5,$8
+        move    $4,$0
+        lw      $3,-8($10)
+        addu    $9,$9,-1
+        move    $2,$0
+        addu    $7,$7,$3
+        sltu    $8,$7,$3
+        addu    $6,$6,$2
+        addu    $6,$6,$8
+        addu    $7,$7,$5
+        sltu    $2,$7,$5
+        addu    $6,$6,$4
+        addu    $6,$6,$2
+        srl     $3,$6,0
+        move    $2,$0
+        move    $8,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $9,$0,$L3
+        sw      $7,-8($10)
+        .set    macro
+        .set    reorder
+        lw      $6,-4($11)
+        #nop
+        multu   $13,$6
+        mfhi    $6
+        mflo    $7
+        #nop
+        move    $5,$8
+        move    $4,$0
+        lw      $3,-4($10)
+        addu    $9,$9,-1
+        move    $2,$0
+        addu    $7,$7,$3
+        sltu    $8,$7,$3
+        addu    $6,$6,$2
+        addu    $6,$6,$8
+        addu    $7,$7,$5
+        sltu    $2,$7,$5
+        addu    $6,$6,$4
+        addu    $6,$6,$2
+        srl     $3,$6,0
+        move    $2,$0
+        move    $8,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $9,$0,$L3
+        sw      $7,-4($10)
+        .set    macro
+        .set    reorder
+        lw      $6,0($11)
+        #nop
+        multu   $13,$6
+        mfhi    $6
+        mflo    $7
+        #nop
+        move    $5,$8
+        move    $4,$0
+        lw      $3,0($10)
+        addu    $9,$9,-1
+        move    $2,$0
+        addu    $7,$7,$3
+        sltu    $8,$7,$3
+        addu    $6,$6,$2
+        addu    $6,$6,$8
+        addu    $7,$7,$5
+        sltu    $2,$7,$5
+        addu    $6,$6,$4
+        addu    $6,$6,$2
+        srl     $3,$6,0
+        move    $2,$0
+        move    $8,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $9,$0,$L3
+        sw      $7,0($10)
+        .set    macro
+        .set    reorder
+        addu    $11,$11,16
+        addu    $14,$14,16
+        addu    $10,$10,16
+        .set    noreorder
+        .set    nomacro
+        j       $L2
+        addu    $12,$12,16
+        .set    macro
+        .set    reorder
+$L3:
+        .set    noreorder
+        .set    nomacro
+        j       $31
+        move    $2,$8
+        .set    macro
+        .set    reorder
+        .end    bn_mul_add_words
+        .align  2
+        .globl  bn_mul_words
+        .ent    bn_mul_words
+bn_mul_words:
+        .frame  $sp,0,$31               # vars= 0, regs= 0/0, args= 0, extra= 0
+        .mask   0x00000000,0
+        .fmask  0x00000000,0
+        .set    noreorder
+        .cpload $25
+        .set    reorder
+        move    $11,$4
+        move    $12,$5
+        move    $8,$6
+        move    $6,$0
+        addu    $10,$11,12
+        addu    $9,$12,12
+$L10:
+        lw      $4,0($12)
+        #nop
+        multu   $7,$4
+        mfhi    $4
+        mflo    $5
+        #nop
+        move    $3,$6
+        move    $2,$0
+        addu    $8,$8,-1
+        addu    $5,$5,$3
+        sltu    $6,$5,$3
+        addu    $4,$4,$2
+        addu    $4,$4,$6
+        srl     $3,$4,0
+        move    $2,$0
+        move    $6,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $8,$0,$L11
+        sw      $5,0($11)
+        .set    macro
+        .set    reorder
+        lw      $4,-8($9)
+        #nop
+        multu   $7,$4
+        mfhi    $4
+        mflo    $5
+        #nop
+        move    $3,$6
+        move    $2,$0
+        addu    $8,$8,-1
+        addu    $5,$5,$3
+        sltu    $6,$5,$3
+        addu    $4,$4,$2
+        addu    $4,$4,$6
+        srl     $3,$4,0
+        move    $2,$0
+        move    $6,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $8,$0,$L11
+        sw      $5,-8($10)
+        .set    macro
+        .set    reorder
+        lw      $4,-4($9)
+        #nop
+        multu   $7,$4
+        mfhi    $4
+        mflo    $5
+        #nop
+        move    $3,$6
+        move    $2,$0
+        addu    $8,$8,-1
+        addu    $5,$5,$3
+        sltu    $6,$5,$3
+        addu    $4,$4,$2
+        addu    $4,$4,$6
+        srl     $3,$4,0
+        move    $2,$0
+        move    $6,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $8,$0,$L11
+        sw      $5,-4($10)
+        .set    macro
+        .set    reorder
+        lw      $4,0($9)
+        #nop
+        multu   $7,$4
+        mfhi    $4
+        mflo    $5
+        #nop
+        move    $3,$6
+        move    $2,$0
+        addu    $8,$8,-1
+        addu    $5,$5,$3
+        sltu    $6,$5,$3
+        addu    $4,$4,$2
+        addu    $4,$4,$6
+        srl     $3,$4,0
+        move    $2,$0
+        move    $6,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $8,$0,$L11
+        sw      $5,0($10)
+        .set    macro
+        .set    reorder
+        addu    $9,$9,16
+        addu    $12,$12,16
+        addu    $10,$10,16
+        .set    noreorder
+        .set    nomacro
+        j       $L10
+        addu    $11,$11,16
+        .set    macro
+        .set    reorder
+$L11:
+        .set    noreorder
+        .set    nomacro
+        j       $31
+        move    $2,$6
+        .set    macro
+        .set    reorder
+        .end    bn_mul_words
+        .align  2
+        .globl  bn_sqr_words
+        .ent    bn_sqr_words
+bn_sqr_words:
+        .frame  $sp,0,$31               # vars= 0, regs= 0/0, args= 0, extra= 0
+        .mask   0x00000000,0
+        .fmask  0x00000000,0
+        .set    noreorder
+        .cpload $25
+        .set    reorder
+        move    $9,$4
+        addu    $7,$9,28
+        addu    $8,$5,12
+$L18:
+        lw      $2,0($5)
+        #nop
+        multu   $2,$2
+        mfhi    $2
+        mflo    $3
+        #nop
+        addu    $6,$6,-1
+        sw      $3,0($9)
+        srl     $3,$2,0
+        move    $2,$0
+        .set    noreorder
+        .set    nomacro
+        beq     $6,$0,$L19
+        sw      $3,-24($7)
+        .set    macro
+        .set    reorder
+        lw      $2,-8($8)
+        #nop
+        multu   $2,$2
+        mfhi    $2
+        mflo    $3
+        #nop
+        addu    $6,$6,-1
+        sw      $3,-20($7)
+        srl     $3,$2,0
+        move    $2,$0
+        .set    noreorder
+        .set    nomacro
+        beq     $6,$0,$L19
+        sw      $3,-16($7)
+        .set    macro
+        .set    reorder
+        lw      $2,-4($8)
+        #nop
+        multu   $2,$2
+        mfhi    $2
+        mflo    $3
+        #nop
+        addu    $6,$6,-1
+        sw      $3,-12($7)
+        srl     $3,$2,0
+        move    $2,$0
+        .set    noreorder
+        .set    nomacro
+        beq     $6,$0,$L19
+        sw      $3,-8($7)
+        .set    macro
+        .set    reorder
+        lw      $2,0($8)
+        #nop
+        multu   $2,$2
+        mfhi    $2
+        mflo    $3
+        #nop
+        addu    $6,$6,-1
+        sw      $3,-4($7)
+        srl     $3,$2,0
+        move    $2,$0
+        .set    noreorder
+        .set    nomacro
+        beq     $6,$0,$L19
+        sw      $3,0($7)
+        .set    macro
+        .set    reorder
+        addu    $8,$8,16
+        addu    $5,$5,16
+        addu    $7,$7,32
+        .set    noreorder
+        .set    nomacro
+        j       $L18
+        addu    $9,$9,32
+        .set    macro
+        .set    reorder
+$L19:
+        j       $31
+        .end    bn_sqr_words
+        .rdata
+        .align  2
+$LC0:
+        .byte   0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e
+        .byte   0x20,0x77,0x6f,0x75,0x6c,0x64,0x20,0x6f
+        .byte   0x76,0x65,0x72,0x66,0x6c,0x6f,0x77,0xa
+        .byte   0x0
+        .text
+        .align  2
+        .globl  bn_div64
+        .ent    bn_div64
+bn_div64:
+        .frame  $sp,56,$31              # vars= 0, regs= 7/0, args= 16, extra= 8
+        .mask   0x901f0000,-8
+        .fmask  0x00000000,0
+        .set    noreorder
+        .cpload $25
+        .set    reorder
+        subu    $sp,$sp,56
+        .cprestore 16
+        sw      $16,24($sp)
+        move    $16,$4
+        sw      $17,28($sp)
+        move    $17,$5
+        sw      $18,32($sp)
+        move    $18,$6
+        sw      $20,40($sp)
+        move    $20,$0
+        sw      $19,36($sp)
+        li      $19,0x00000002          # 2
+        sw      $31,48($sp)
+        .set    noreorder
+        .set    nomacro
+        bne     $18,$0,$L26
+        sw      $28,44($sp)
+        .set    macro
+        .set    reorder
+        .set    noreorder
+        .set    nomacro
+        j       $L43
+        li      $2,-1                   # 0xffffffff
+        .set    macro
+        .set    reorder
+$L26:
+        move    $4,$18
+        jal     BN_num_bits_word
+        move    $4,$2
+        li      $2,0x00000020           # 32
+        .set    noreorder
+        .set    nomacro
+        beq     $4,$2,$L27
+        li      $2,0x00000001           # 1
+        .set    macro
+        .set    reorder
+        sll     $2,$2,$4
+        sltu    $2,$2,$16
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$0,$L44
+        li      $5,0x00000020           # 32
+        .set    macro
+        .set    reorder
+        la      $4,__iob+32
+        la      $5,$LC0
+        jal     fprintf
+        jal     abort
+$L27:
+        li      $5,0x00000020           # 32
+$L44:
+        sltu    $2,$16,$18
+        .set    noreorder
+        .set    nomacro
+        bne     $2,$0,$L28
+        subu    $4,$5,$4
+        .set    macro
+        .set    reorder
+        subu    $16,$16,$18
+$L28:
+        .set    noreorder
+        .set    nomacro
+        beq     $4,$0,$L29
+        li      $10,-65536                      # 0xffff0000
+        .set    macro
+        .set    reorder
+        sll     $18,$18,$4
+        sll     $3,$16,$4
+        subu    $2,$5,$4
+        srl     $2,$17,$2
+        or      $16,$3,$2
+        sll     $17,$17,$4
+$L29:
+        srl     $7,$18,16
+        andi    $9,$18,0xffff
+$L30:
+        srl     $2,$16,16
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$7,$L34
+        li      $6,0x0000ffff           # 65535
+        .set    macro
+        .set    reorder
+        divu    $6,$16,$7
+$L34:
+        mult    $6,$9
+        mflo    $5
+        #nop
+        #nop
+        mult    $6,$7
+        and     $2,$17,$10
+        srl     $8,$2,16
+        mflo    $4
+$L35:
+        subu    $3,$16,$4
+        and     $2,$3,$10
+        .set    noreorder
+        .set    nomacro
+        bne     $2,$0,$L36
+        sll     $2,$3,16
+        .set    macro
+        .set    reorder
+        addu    $2,$2,$8
+        sltu    $2,$2,$5
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$0,$L36
+        subu    $5,$5,$9
+        .set    macro
+        .set    reorder
+        subu    $4,$4,$7
+        .set    noreorder
+        .set    nomacro
+        j       $L35
+        addu    $6,$6,-1
+        .set    macro
+        .set    reorder
+$L36:
+        mult    $6,$7
+        mflo    $5
+        #nop
+        #nop
+        mult    $6,$9
+        mflo    $4
+        #nop
+        #nop
+        srl     $3,$4,16
+        sll     $2,$4,16
+        and     $4,$2,$10
+        sltu    $2,$17,$4
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$0,$L40
+        addu    $5,$5,$3
+        .set    macro
+        .set    reorder
+        addu    $5,$5,1
+$L40:
+        sltu    $2,$16,$5
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$0,$L41
+        subu    $17,$17,$4
+        .set    macro
+        .set    reorder
+        addu    $16,$16,$18
+        addu    $6,$6,-1
+$L41:
+        addu    $19,$19,-1
+        .set    noreorder
+        .set    nomacro
+        beq     $19,$0,$L31
+        subu    $16,$16,$5
+        .set    macro
+        .set    reorder
+        sll     $20,$6,16
+        sll     $3,$16,16
+        srl     $2,$17,16
+        or      $16,$3,$2
+        .set    noreorder
+        .set    nomacro
+        j       $L30
+        sll     $17,$17,16
+        .set    macro
+        .set    reorder
+$L31:
+        or      $2,$20,$6
+$L43:
+        lw      $31,48($sp)
+        lw      $20,40($sp)
+        lw      $19,36($sp)
+        lw      $18,32($sp)
+        lw      $17,28($sp)
+        lw      $16,24($sp)
+        addu    $sp,$sp,56
+        j       $31
+        .end    bn_div64
+        .globl abort .text
+        .globl fprintf .text
+        .globl BN_num_bits_word .text
diff --git a/src/lib/libcrypto/bn/bnspeed.c b/src/lib/libcrypto/bn/bnspeed.c
new file mode 100644
index 0000000000..f7c2790fff
--- /dev/null
+++ b/src/lib/libcrypto/bn/bnspeed.c
@@ -0,0 +1,248 @@
+/* crypto/bn/bnspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* most of this code has been pilfered from my libdes speed.c program */
+#define BASENUM 1000000
+#undef PROG
+#define PROG bnspeed_main
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include "crypto.h"
+#include "err.h"
+#ifndef MSDOS
+#define TIMES
+#endif
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "bn.h"
+#include "x509.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8)
+int run=0;
+#ifndef NOPROTO
+static double Time_F(int s);
+#else
+static double Time_F();
+#endif
+#define START   0
+#define STOP    1
+static double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret < 1e-3)?1e-3:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret < 0.001)?0.001:ret);
+                }
+#endif
+        }
+#define NUM_SIZES       5
+static int sizes[NUM_SIZES]={128,256,512,1024,2048};
+/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
+void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx); 
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        BN_CTX *ctx;
+        BIGNUM *a,*b,*c,*r;
+        ctx=BN_CTX_new();
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        r=BN_new();
+        do_mul(a,b,c,ctx);
+        }
+void do_mul(r,a,b,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+BN_CTX *ctx;
+        {
+        int i,j,k;
+        double tm;
+        long num;
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                num=BASENUM;
+                if (i) num/=(i*3);
+                BN_rand(a,sizes[i],1,0);
+                for (j=i; j<NUM_SIZES; j++)
+                        {
+                        BN_rand(b,sizes[j],1,0);
+                        Time_F(START);
+                        for (k=0; k<num; k++)
+                                BN_mul(r,b,a);
+                        tm=Time_F(STOP);
+                        printf("mul %4d x %4d -> %8.3fms\n",sizes[i],sizes[j],tm*1000.0/num);
+                        }
+                }
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                num=BASENUM;
+                if (i) num/=(i*3);
+                BN_rand(a,sizes[i],1,0);
+                Time_F(START);
+                for (k=0; k<num; k++)
+                        BN_sqr(r,a,ctx);
+                tm=Time_F(STOP);
+                printf("sqr %4d x %4d -> %8.3fms\n",sizes[i],sizes[i],tm*1000.0/num);
+                }
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                num=BASENUM/10;
+                if (i) num/=(i*3);
+                BN_rand(a,sizes[i]-1,1,0);
+                for (j=i; j<NUM_SIZES; j++)
+                        {
+                        BN_rand(b,sizes[j],1,0);
+                        Time_F(START);
+                        for (k=0; k<100000; k++)
+                                BN_div(r, NULL, b, a,ctx);
+                        tm=Time_F(STOP);
+                        printf("div %4d / %4d -> %8.3fms\n",sizes[j],sizes[i]-1,tm*1000.0/num);
+                        }
+                }
+        }
diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c
new file mode 100644
index 0000000000..9ebd68b429
--- /dev/null
+++ b/src/lib/libcrypto/bn/bntest.c
@@ -0,0 +1,777 @@
+/* crypto/bn/bntest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "e_os.h"
+#include "bio.h"
+#include "bn.h"
+#include "rand.h"
+#include "x509.h"
+#include "err.h"
+#ifdef WINDOWS
+#include "../bio/bss_file.c"
+#endif
+#ifndef NOPROTO
+int test_add (BIO *bp);
+int test_sub (BIO *bp);
+int test_lshift1 (BIO *bp);
+int test_lshift (BIO *bp);
+int test_rshift1 (BIO *bp);
+int test_rshift (BIO *bp);
+int test_div (BIO *bp,BN_CTX *ctx);
+int test_mul (BIO *bp);
+int test_sqr (BIO *bp,BN_CTX *ctx);
+int test_mont (BIO *bp,BN_CTX *ctx);
+int test_mod (BIO *bp,BN_CTX *ctx);
+int test_mod_mul (BIO *bp,BN_CTX *ctx);
+int test_mod_exp (BIO *bp,BN_CTX *ctx);
+int rand_neg(void);
+#else
+int test_add ();
+int test_sub ();
+int test_lshift1 ();
+int test_lshift ();
+int test_rshift1 ();
+int test_rshift ();
+int test_div ();
+int test_mul ();
+int test_sqr ();
+int test_mont ();
+int test_mod ();
+int test_mod_mul ();
+int test_mod_exp ();
+int rand_neg();
+#endif
+static int results=0;
+#ifdef NO_STDIO
+#define APPS_WIN16
+#include "bss_file.c"
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        BN_CTX *ctx;
+        BIO *out;
+        char *outfile=NULL;
+        srand((unsigned int)time(NULL));
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if (strcmp(*argv,"-results") == 0)
+                        results=1;
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) break;
+                        outfile= *(++argv);
+                        }
+                argc--;
+                argv++;
+                }
+        ctx=BN_CTX_new();
+        if (ctx == NULL) exit(1);
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) exit(1);
+        if (outfile == NULL)
+                {
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+                }
+        else
+                {
+                if (!BIO_write_filename(out,outfile))
+                        {
+                        perror(outfile);
+                        exit(1);
+                        }
+                }
+        if (!results)
+                BIO_puts(out,"obase=16\nibase=16\n");
+        fprintf(stderr,"test BN_add\n");
+        if (!test_add(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_sub\n");
+        if (!test_sub(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_lshift1\n");
+        if (!test_lshift1(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_lshift\n");
+        if (!test_lshift(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_rshift1\n");
+        if (!test_rshift1(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_rshift\n");
+        if (!test_rshift(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_sqr\n");
+        if (!test_sqr(out,ctx)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_mul\n");
+        if (!test_mul(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_div\n");
+        if (!test_div(out,ctx)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_mod\n");
+        if (!test_mod(out,ctx)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_mod_mul\n");
+        if (!test_mod_mul(out,ctx)) goto err;
+        fflush(stdout);
+/*
+        fprintf(stderr,"test BN_mont\n");
+        if (!test_mont(out,ctx)) goto err;
+        fflush(stdout);
+*/
+        fprintf(stderr,"test BN_mod_exp\n");
+        if (!test_mod_exp(out,ctx)) goto err;
+        fflush(stdout);
+/**/
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors(out);
+        exit(1);
+        return(1);
+        }
+int test_add(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        int j;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_rand(a,512,0,0);
+        for (i=0; i<100; i++)
+                {
+                BN_rand(b,450+i,0,0);
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                if (bp == NULL)
+                        for (j=0; j<10000; j++)
+                                BN_add(c,a,b);
+                BN_add(c,a,b);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," + ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_sub(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        int j;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_rand(a,512,0,0);
+        for (i=0; i<100; i++)
+                {
+                BN_rand(b,400+i,0,0);
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                if (bp == NULL)
+                        for (j=0; j<10000; j++)
+                                BN_sub(c,a,b);
+                BN_sub(c,a,b);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," - ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_div(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+        {
+        BIGNUM *a,*b,*c,*d;
+        int i;
+        int j;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        BN_rand(a,400,0,0);
+        for (i=0; i<100; i++)
+                {
+                BN_rand(b,50+i,0,0);
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                if (bp == NULL)
+                        for (j=0; j<100; j++)
+                                BN_div(d,c,a,b,ctx);
+                BN_div(d,c,a,b,ctx);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," / ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,d);
+                        BIO_puts(bp,"\n");
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        return(1);
+        }
+int test_mul(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        int j;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_rand(a,200,0,0);
+        for (i=0; i<100; i++)
+                {
+                BN_rand(b,250+i,0,0);
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                if (bp == NULL)
+                        for (j=0; j<100; j++)
+                                BN_mul(c,a,b);
+                BN_mul(c,a,b);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_sqr(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+        {
+        BIGNUM *a,*c;
+        int i;
+        int j;
+        a=BN_new();
+        c=BN_new();
+        for (i=0; i<40; i++)
+                {
+                BN_rand(a,40+i*10,0,0);
+                a->neg=rand_neg();
+                if (bp == NULL)
+                        for (j=0; j<100; j++)
+                                BN_sqr(c,a,ctx);
+                BN_sqr(c,a,ctx);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,a);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(c);
+        return(1);
+        }
+int test_mont(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+        {
+        BIGNUM *a,*b,*c,*A,*B;
+        BIGNUM *n;
+        int i;
+        int j;
+        BN_MONT_CTX *mont;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        A=BN_new();
+        B=BN_new();
+        n=BN_new();
+        mont=BN_MONT_CTX_new();
+        BN_rand(a,100,0,0); /**/
+        BN_rand(b,100,0,0); /**/
+        for (i=0; i<10; i++)
+                {
+                BN_rand(n,(100%BN_BITS2+1)*BN_BITS2*i*BN_BITS2,0,1); /**/
+                BN_MONT_CTX_set(mont,n,ctx);
+                BN_to_montgomery(A,a,mont,ctx);
+                BN_to_montgomery(B,b,mont,ctx);
+                if (bp == NULL)
+                        for (j=0; j<100; j++)
+                                BN_mod_mul_montgomery(c,A,B,mont,ctx);/**/
+                BN_mod_mul_montgomery(c,A,B,mont,ctx);/**/
+                BN_from_montgomery(A,c,mont,ctx);/**/
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+#ifdef undef
+fprintf(stderr,"%d * %d %% %d\n",
+BN_num_bits(a),
+BN_num_bits(b),
+BN_num_bits(mont->N));
+#endif
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,mont->N);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,A);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_MONT_CTX_free(mont);
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_mod(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        int j;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_rand(a,1024,0,0); /**/
+        for (i=0; i<20; i++)
+                {
+                BN_rand(b,450+i*10,0,0); /**/
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                if (bp == NULL)
+                        for (j=0; j<100; j++)
+                                BN_mod(c,a,b,ctx);/**/
+                BN_mod(c,a,b,ctx);/**/
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_mod_mul(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        BN_rand(c,1024,0,0); /**/
+        for (i=0; i<10; i++)
+                {
+                BN_rand(a,475+i*10,0,0); /**/
+                BN_rand(b,425+i*10,0,0); /**/
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+        /*      if (bp == NULL)
+                        for (j=0; j<100; j++)
+                                BN_mod_mul(d,a,b,c,ctx);*/ /**/
+                if (!BN_mod_mul(e,a,b,c,ctx))
+                        {
+                        unsigned long l;
+                        while ((l=ERR_get_error()))
+                                fprintf(stderr,"ERROR:%s\n",
+                                        ERR_error_string(l,NULL));
+                        exit(1);
+                        }
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,e);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+int test_mod_exp(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        BN_rand(c,30,0,1); /* must be odd for montgomery */
+        for (i=0; i<6; i++)
+                {
+                BN_rand(a,20+i*5,0,0); /**/
+                BN_rand(b,2+i,0,0); /**/
+                if (!BN_mod_exp(d,a,b,c,ctx))
+                        return(00);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," ^ ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,d);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+int test_lshift(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_one(c);
+        BN_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<70; i++)
+                {
+                BN_lshift(b,a,i+1);
+                BN_add(c,c,c);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_lshift1(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        BN_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<70; i++)
+                {
+                BN_lshift1(b,a);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * 2");
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_copy(a,b);
+                }
+        BN_free(a);
+        BN_free(b);
+        return(1);
+        }
+int test_rshift(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_one(c);
+        BN_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<70; i++)
+                {
+                BN_rshift(b,a,i+1);
+                BN_add(c,c,c);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," / ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_rshift1(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        BN_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<70; i++)
+                {
+                BN_rshift1(b,a);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," / 2");
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_copy(a,b);
+                }
+        BN_free(a);
+        BN_free(b);
+        return(1);
+        }
+int rand_neg()
+        {
+        static unsigned int neg=0;
+        static int sign[8]={0,0,0,1,1,0,1,1};
+        return(sign[(neg++)%8]);
+        }
diff --git a/src/lib/libcrypto/bn/expspeed.c b/src/lib/libcrypto/bn/expspeed.c
new file mode 100644
index 0000000000..344f883d35
--- /dev/null
+++ b/src/lib/libcrypto/bn/expspeed.c
@@ -0,0 +1,230 @@
+/* crypto/bn/expspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* most of this code has been pilfered from my libdes speed.c program */
+#define BASENUM 5000
+#undef PROG
+#define PROG bnspeed_main
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include "crypto.h"
+#include "err.h"
+#ifndef MSDOS
+#define TIMES
+#endif
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "bn.h"
+#include "x509.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8)
+int run=0;
+#ifndef NOPROTO
+static double Time_F(int s);
+#else
+static double Time_F();
+#endif
+#define START   0
+#define STOP    1
+static double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret < 1e-3)?1e-3:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret < 0.001)?0.001:ret);
+                }
+#endif
+        }
+#define NUM_SIZES       6
+static int sizes[NUM_SIZES]={256,512,1024,2048,4096,8192};
+static int mul_c[NUM_SIZES]={8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};
+/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
+void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx); 
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        BN_CTX *ctx;
+        BIGNUM *a,*b,*c,*r;
+        ctx=BN_CTX_new();
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        r=BN_new();
+        do_mul_exp(r,a,b,c,ctx);
+        }
+void do_mul_exp(r,a,b,c,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+BIGNUM *c;
+BN_CTX *ctx;
+        {
+        int i,k;
+        double tm;
+        long num;
+        BN_MONT_CTX m;
+        memset(&m,0,sizeof(m));
+        num=BASENUM;
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                BN_rand(a,sizes[i],1,0);
+                BN_rand(b,sizes[i],1,0);
+                BN_rand(c,sizes[i],1,1);
+                BN_mod(a,a,c,ctx);
+                BN_mod(b,b,c,ctx);
+                BN_MONT_CTX_set(&m,c,ctx);
+                Time_F(START);
+                for (k=0; k<num; k++)
+                        BN_mod_exp_mont(r,a,b,c,ctx,&m);
+                tm=Time_F(STOP);
+                printf("mul %4d ^ %4d %% %d -> %8.3fms %5.1f\n",sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num);
+                num/=7;
+                if (num <= 0) num=1;
+                }
+        }
diff --git a/src/lib/libcrypto/bn/exptest.c b/src/lib/libcrypto/bn/exptest.c
new file mode 100644
index 0000000000..67dc95d726
--- /dev/null
+++ b/src/lib/libcrypto/bn/exptest.c
@@ -0,0 +1,148 @@
+/* crypto/bn/exptest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "bio.h"
+#include "bn.h"
+#include "rand.h"
+#include "err.h"
+#ifdef WINDOWS
+#include "../bio/bss_file.c"
+#endif
+#define NUM_BITS        (BN_BITS*2)
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        BN_CTX *ctx;
+        BIO *out=NULL;
+        int i,ret;
+        unsigned char c;
+        BIGNUM *r_mont,*r_recp,*a,*b,*m;
+        ctx=BN_CTX_new();
+        if (ctx == NULL) exit(1);
+        r_mont=BN_new();
+        r_recp=BN_new();
+        a=BN_new();
+        b=BN_new();
+        m=BN_new();
+        if (    (r_mont == NULL) || (r_recp == NULL) ||
+                (a == NULL) || (b == NULL))
+                goto err;
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) exit(1);
+        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        for (i=0; i<200; i++)
+                {
+                RAND_bytes(&c,1);
+                c=(c%BN_BITS)-BN_BITS2;
+                BN_rand(a,NUM_BITS+c,0,0);
+                RAND_bytes(&c,1);
+                c=(c%BN_BITS)-BN_BITS2;
+                BN_rand(b,NUM_BITS+c,0,0);
+                RAND_bytes(&c,1);
+                c=(c%BN_BITS)-BN_BITS2;
+                BN_rand(m,NUM_BITS+c,0,1);
+                BN_mod(a,a,m,ctx);
+                BN_mod(b,b,m,ctx);
+                ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
+                if (ret <= 0)
+                        { printf("BN_mod_exp_mont() problems\n"); exit(1); }
+                ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+                if (ret <= 0)
+                        { printf("BN_mod_exp_recp() problems\n"); exit(1); }
+                
+                if (BN_cmp(r_mont,r_recp) != 0)
+                        {
+                        printf("\nmont and recp results differ\n");
+                        printf("a (%3d) = ",BN_num_bits(a));   BN_print(out,a);
+                        printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
+                        printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
+                        printf("\nrecp     ="); BN_print(out,r_recp);
+                        printf("\nmont     ="); BN_print(out,r_mont);
+                        printf("\n");
+                        exit(1);
+                        }
+                else
+                        {
+                        printf(".");
+                        fflush(stdout);
+                        }
+                }
+        printf(" done\n");
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors(out);
+        exit(1);
+        return(1);
+        }
diff --git a/src/lib/libcrypto/cast/asm/readme b/src/lib/libcrypto/cast/asm/readme
new file mode 100644
index 0000000000..fbcd76289e
--- /dev/null
+++ b/src/lib/libcrypto/cast/asm/readme
@@ -0,0 +1,7 @@
+There is a ppro flag in cast-586 which turns on/off
+generation of pentium pro/II friendly code
+This flag makes the inner loop one cycle longer, but generates 
+code that runs %30 faster on the pentium pro/II, while only %7 slower
+on the pentium.  By default, this flag is on.
diff --git a/src/lib/libcrypto/cast/cast_spd.c b/src/lib/libcrypto/cast/cast_spd.c
new file mode 100644
index 0000000000..ab75e65386
--- /dev/null
+++ b/src/lib/libcrypto/cast/cast_spd.c
@@ -0,0 +1,294 @@
+/* crypto/cast/cast_spd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern int exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "cast.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#ifndef VMS
+#define HZ      100.0
+#else /* VMS */
+#define HZ      100.0
+#endif
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        CAST_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+#ifndef TIMES
+        printf("To get the most acurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        CAST_set_key(&sch,16,key);
+        count=10;
+        do      {
+                long i;
+                CAST_LONG data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        CAST_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing CAST_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing CAST_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                CAST_set_key(&sch,16,key);
+                CAST_set_key(&sch,16,key);
+                CAST_set_key(&sch,16,key);
+                CAST_set_key(&sch,16,key);
+                }
+        d=Time_F(STOP);
+        printf("%ld cast set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing CAST_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing CAST_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                CAST_LONG data[2];
+                CAST_encrypt(data,&sch);
+                CAST_encrypt(data,&sch);
+                CAST_encrypt(data,&sch);
+                CAST_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld CAST_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+#ifdef SIGALRM
+        printf("Doing CAST_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing CAST_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                CAST_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),CAST_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld CAST_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+        printf("CAST set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("CAST raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("CAST cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/cast/castopts.c b/src/lib/libcrypto/cast/castopts.c
new file mode 100644
index 0000000000..68cf5a4a60
--- /dev/null
+++ b/src/lib/libcrypto/cast/castopts.c
@@ -0,0 +1,358 @@
+/* crypto/cast/castopts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern void exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "cast.h"
+#define CAST_DEFAULT_OPTIONS
+#undef E_CAST
+#define CAST_encrypt  CAST_encrypt_normal
+#define CAST_decrypt  CAST_decrypt_normal
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_normal
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+#define CAST_PTR
+#undef CAST_PTR2
+#undef E_CAST
+#undef CAST_encrypt
+#undef CAST_decrypt
+#undef CAST_cbc_encrypt
+#define CAST_encrypt  CAST_encrypt_ptr
+#define CAST_decrypt  CAST_decrypt_ptr
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+#undef CAST_PTR
+#define CAST_PTR2
+#undef E_CAST
+#undef CAST_encrypt
+#undef CAST_decrypt
+#undef CAST_cbc_encrypt
+#define CAST_encrypt  CAST_encrypt_ptr2
+#define CAST_decrypt  CAST_decrypt_ptr2
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr2
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+        
+#define time_it(func,name,index) \
+        print_name(name); \
+        Time_F(START); \
+        for (count=0,run=1; COND(cb); count+=4) \
+                { \
+                unsigned long d[2]; \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                } \
+        tm[index]=Time_F(STOP); \
+        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+        tm[index]=((double)COUNT(cb))/tm[index];
+#define print_it(name,index) \
+        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+                tm[index]*8,1.0e6/tm[index]);
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static char key[16]={   0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                                0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        CAST_KEY sch;
+        double d,tm[16],max=0;
+        int rank[16];
+        char *str[16];
+        int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+        long ca,cb,cc,cd,ce;
+#endif
+        for (i=0; i<12; i++)
+                {
+                tm[i]=0.0;
+                rank[i]=0;
+                }
+#ifndef TIMES
+        fprintf(stderr,"To get the most acurate results, try to run this\n");
+        fprintf(stderr,"program when this computer is idle.\n");
+#endif
+        CAST_set_key(&sch,16,key);
+#ifndef SIGALRM
+        fprintf(stderr,"First we calculate the approximate speed ...\n");
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        CAST_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+        ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+        time_it(CAST_encrypt_normal,    "CAST_encrypt_normal ", 0);
+        time_it(CAST_encrypt_ptr,       "CAST_encrypt_ptr    ", 1);
+        time_it(CAST_encrypt_ptr2,      "CAST_encrypt_ptr2   ", 2);
+        num+=3;
+        str[0]="<nothing>";
+        print_it("CAST_encrypt_normal ",0);
+        max=tm[0];
+        max_idx=0;
+        str[1]="ptr      ";
+        print_it("CAST_encrypt_ptr ",1);
+        if (max < tm[1]) { max=tm[1]; max_idx=1; }
+        str[2]="ptr2     ";
+        print_it("CAST_encrypt_ptr2 ",2);
+        if (max < tm[2]) { max=tm[2]; max_idx=2; }
+        printf("options    CAST ecb/s\n");
+        printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+        d=tm[max_idx];
+        tm[max_idx]= -2.0;
+        max= -1.0;
+        for (;;)
+                {
+                for (i=0; i<3; i++)
+                        {
+                        if (max < tm[i]) { max=tm[i]; j=i; }
+                        }
+                if (max < 0.0) break;
+                printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+                tm[j]= -2.0;
+                max= -1.0;
+                }
+        switch (max_idx)
+                {
+        case 0:
+                printf("-DCAST_DEFAULT_OPTIONS\n");
+                break;
+        case 1:
+                printf("-DCAST_PTR\n");
+                break;
+        case 2:
+                printf("-DCAST_PTR2\n");
+                break;
+                }
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/cast/casts.cpp b/src/lib/libcrypto/cast/casts.cpp
new file mode 100644
index 0000000000..bac7be2c9c
--- /dev/null
+++ b/src/lib/libcrypto/cast/casts.cpp
@@ -0,0 +1,70 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "cast.h"
+void main(int argc,char *argv[])
+        {
+        CAST_KEY key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+        CAST_set_key(&key, 16,d);
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(s1);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(e2);
+                        CAST_encrypt(&data[0],&key);
+                        }
+                printf("cast %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libcrypto/cast/casttest.c b/src/lib/libcrypto/cast/casttest.c
new file mode 100644
index 0000000000..8b009bc249
--- /dev/null
+++ b/src/lib/libcrypto/cast/casttest.c
@@ -0,0 +1,223 @@
+/* crypto/cast/casttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "cast.h"
+/* #define FULL_TEST */
+unsigned char k[16]={
+        0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A
+        };
+unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+int k_len[3]={16,10};
+unsigned char c[3][8]={
+        {0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
+        {0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
+        {0x7A,0xC8,0x16,0xD1,0x6E,0x9B,0x30,0x2E},
+        };
+unsigned char out[80];
+unsigned char in_a[16]={
+        0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
+unsigned char in_b[16]={
+        0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
+unsigned char c_a[16]={
+        0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
+        0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92};
+unsigned char c_b[16]={
+        0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
+        0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E};
+#if 0
+char *text="Hello to all people out there";
+static unsigned char cfb_key[16]={
+        0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+        0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+        };
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+        0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+        0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+        0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+/*      0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+        0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+        0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+        }; 
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+#ifdef FULL_TEST
+        long l;
+        CAST_KEY key_b;
+#endif
+        int i,z,err=0;
+        CAST_KEY key;
+        for (z=0; z<1; z++)
+                {
+        CAST_set_key(&key,k_len[z],k);
+        CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);
+        if (memcmp(out,&(c[z][0]),8) != 0)
+                {
+                printf("ecb cast error encrypting\n");
+                printf("got     :");
+                for (i=0; i<8; i++)
+                        printf("%02X ",out[i]);
+                printf("\n");
+                printf("expected:");
+                for (i=0; i<8; i++)
+                        printf("%02X ",c[z][i]);
+                err=20;
+                printf("\n");
+                }
+        CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);
+        if (memcmp(out,in,8) != 0)
+                {
+                printf("ecb cast error decrypting\n");
+                printf("got     :");
+                for (i=0; i<8; i++)
+                        printf("%02X ",out[i]);
+                printf("\n");
+                printf("expected:");
+                for (i=0; i<8; i++)
+                        printf("%02X ",in[i]);
+                printf("\n");
+                err=3;
+                }
+        }
+        if (err == 0) printf("ecb cast5 ok\n");
+#ifdef FULL_TEST
+        {
+        unsigned char out_a[16],out_b[16];
+        static char *hex="0123456789ABCDEF";
+        printf("This test will take some time....");
+        fflush(stdout);
+        memcpy(out_a,in_a,sizeof(in_a));
+        memcpy(out_b,in_b,sizeof(in_b));
+        i=1;
+        for (l=0; l<1000000L; l++)
+                {
+                CAST_set_key(&key_b,16,out_b);
+                CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
+                CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
+                CAST_set_key(&key,16,out_a);
+                CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
+                CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
+                if ((l & 0xffff) == 0xffff)
+                        {
+                        printf("%c",hex[i&0x0f]);
+                        fflush(stdout);
+                        i++;
+                        }
+                }
+        if (    (memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
+                (memcmp(out_b,c_b,sizeof(c_b)) != 0))
+                {
+                printf("\n");
+                printf("Error\n");
+                printf("A out =");
+                for (i=0; i<16; i++) printf("%02X ",out_a[i]);
+                printf("\nactual=");
+                for (i=0; i<16; i++) printf("%02X ",c_a[i]);
+                printf("\n");
+                printf("B out =");
+                for (i=0; i<16; i++) printf("%02X ",out_b[i]);
+                printf("\nactual=");
+                for (i=0; i<16; i++) printf("%02X ",c_b[i]);
+                printf("\n");
+                }
+        else
+                printf(" ok\n");
+        }
+#endif
+        exit(err);
+        return(err);
+        }
diff --git a/src/lib/libcrypto/conf/cnf_save.c b/src/lib/libcrypto/conf/cnf_save.c
new file mode 100644
index 0000000000..c9018de10e
--- /dev/null
+++ b/src/lib/libcrypto/conf/cnf_save.c
@@ -0,0 +1,106 @@
+/* crypto/conf/cnf_save.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "conf.h"
+void print_conf(CONF_VALUE *cv);
+main()
+        {
+        LHASH *conf;
+        long l;
+        conf=CONF_load(NULL,"../../apps/ssleay.cnf",&l);
+        if (conf == NULL)
+                {
+                fprintf(stderr,"error loading config, line %ld\n",l);
+                exit(1);
+                }
+        lh_doall(conf,print_conf);
+        }
+void print_conf(cv)
+CONF_VALUE *cv;
+        {
+        int i;
+        CONF_VALUE *v;
+        char *section;
+        char *name;
+        char *value;
+        STACK *s;
+        /* If it is a single entry, return */
+        if (cv->name != NULL) return;
+        printf("[ %s ]\n",cv->section);
+        s=(STACK *)cv->value;
+        for (i=0; i<sk_num(s); i++)
+                {
+                v=(CONF_VALUE *)sk_value(s,i);
+                section=(v->section == NULL)?"None":v->section;
+                name=(v->name == NULL)?"None":v->name;
+                value=(v->value == NULL)?"None":v->value;
+                printf("%s=%s\n",name,value);
+                }
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/conf/test.c b/src/lib/libcrypto/conf/test.c
new file mode 100644
index 0000000000..899ee2a067
--- /dev/null
+++ b/src/lib/libcrypto/conf/test.c
@@ -0,0 +1,91 @@
+/* crypto/conf/test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "conf.h"
+main()
+        {
+        LHASH *conf;
+        long eline;
+        char *s,*s2;
+        conf=CONF_load(NULL,"ssleay.conf",&eline);
+        if (conf == NULL)
+                {
+                ERR_load_crypto_strings();
+                printf("unable to load configuration, line %ld\n",eline);
+                ERR_print_errors_fp(stderr);
+                exit(1);
+                }
+        lh_stats(conf,stdout);
+        lh_node_stats(conf,stdout);
+        lh_node_usage_stats(conf,stdout);
+        s=CONF_get_string(conf,NULL,"init2");
+        printf("init2=%s\n",(s == NULL)?"NULL":s);
+        s=CONF_get_string(conf,NULL,"cipher1");
+        printf("cipher1=%s\n",(s == NULL)?"NULL":s);
+        s=CONF_get_string(conf,"s_client","cipher1");
+        printf("s_client:cipher1=%s\n",(s == NULL)?"NULL":s);
+        exit(0);
+        }
diff --git a/src/lib/libcrypto/des/DES.pm b/src/lib/libcrypto/des/DES.pm
new file mode 100644
index 0000000000..6a175b6ca4
--- /dev/null
+++ b/src/lib/libcrypto/des/DES.pm
@@ -0,0 +1,19 @@
+package DES;
+require Exporter;
+require DynaLoader;
+@ISA = qw(Exporter DynaLoader);
+# Items to export into callers namespace by default
+# (move infrequently used names to @EXPORT_OK below)
+@EXPORT = qw(
+);
+# Other items we are prepared to export if requested
+@EXPORT_OK = qw(
+crypt
+);
+# Preloaded methods go here.  Autoload methods go after __END__, and are
+# processed by the autosplit program.
+bootstrap DES;
+1;
+__END__
diff --git a/src/lib/libcrypto/des/DES.xs b/src/lib/libcrypto/des/DES.xs
new file mode 100644
index 0000000000..b8050b9edf
--- /dev/null
+++ b/src/lib/libcrypto/des/DES.xs
@@ -0,0 +1,268 @@
+#include "EXTERN.h"
+#include "perl.h"
+#include "XSUB.h"
+#include "des.h"
+#define deschar char
+static STRLEN len;
+static int
+not_here(s)
+char *s;
+{
+    croak("%s not implemented on this architecture", s);
+    return -1;
+}
+MODULE = DES    PACKAGE = DES   PREFIX = des_
+char *
+des_crypt(buf,salt)
+        char *  buf
+        char *  salt
+void
+des_set_odd_parity(key)
+        des_cblock *    key
+PPCODE:
+        {
+        SV *s;
+        s=sv_newmortal();
+        sv_setpvn(s,(char *)key,8);
+        des_set_odd_parity((des_cblock *)SvPV(s,na));
+        PUSHs(s);
+        }
+int
+des_is_weak_key(key)
+        des_cblock *    key
+des_key_schedule
+des_set_key(key)
+        des_cblock *    key
+CODE:
+        des_set_key(key,RETVAL);
+OUTPUT:
+RETVAL
+des_cblock
+des_ecb_encrypt(input,ks,encrypt)
+        des_cblock *    input
+        des_key_schedule *      ks
+        int     encrypt
+CODE:
+        des_ecb_encrypt(input,&RETVAL,*ks,encrypt);
+OUTPUT:
+RETVAL
+void
+des_cbc_encrypt(input,ks,ivec,encrypt)
+        char *  input
+        des_key_schedule *      ks
+        des_cblock *    ivec
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        char *c;
+        l=SvCUR(ST(0));
+        len=((((unsigned long)l)+7)/8)*8;
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(char *)SvPV(s,na);
+        des_cbc_encrypt((des_cblock *)input,(des_cblock *)c,
+                l,*ks,ivec,encrypt);
+        sv_setpvn(ST(2),(char *)c[len-8],8);
+        PUSHs(s);
+        }
+void
+des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt)
+        char *  input
+        des_key_schedule *      ks1
+        des_key_schedule *      ks2
+        des_cblock *    ivec1
+        des_cblock *    ivec2
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        l=SvCUR(ST(0));
+        len=((((unsigned long)l)+7)/8)*8;
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na),
+                l,*ks1,*ks2,ivec1,ivec2,encrypt);
+        sv_setpvn(ST(3),(char *)ivec1,8);
+        sv_setpvn(ST(4),(char *)ivec2,8);
+        PUSHs(s);
+        }
+void
+des_cbc_cksum(input,ks,ivec)
+        char *  input
+        des_key_schedule *      ks
+        des_cblock *    ivec
+PPCODE:
+        {
+        SV *s1,*s2;
+        STRLEN len,l;
+        des_cblock c;
+        unsigned long i1,i2;
+        s1=sv_newmortal();
+        s2=sv_newmortal();
+        l=SvCUR(ST(0));
+        des_cbc_cksum((des_cblock *)input,(des_cblock *)c,
+                l,*ks,ivec);
+        i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24);
+        i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24);
+        sv_setiv(s1,i1);
+        sv_setiv(s2,i2);
+        sv_setpvn(ST(2),(char *)c,8);
+        PUSHs(s1);
+        PUSHs(s2);
+        }
+void
+des_cfb_encrypt(input,numbits,ks,ivec,encrypt)
+        char *  input
+        int     numbits
+        des_key_schedule *      ks
+        des_cblock *    ivec
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len;
+        char *c;
+        len=SvCUR(ST(0));
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(char *)SvPV(s,na);
+        des_cfb_encrypt((unsigned char *)input,(unsigned char *)c,
+                (int)numbits,(long)len,*ks,ivec,encrypt);
+        sv_setpvn(ST(3),(char *)ivec,8);
+        PUSHs(s);
+        }
+des_cblock *
+des_ecb3_encrypt(input,ks1,ks2,encrypt)
+        des_cblock *    input
+        des_key_schedule *      ks1
+        des_key_schedule *      ks2
+        int     encrypt
+CODE:
+        {
+        des_cblock c;
+        des_ecb3_encrypt((des_cblock *)input,(des_cblock *)&c,
+                *ks1,*ks2,encrypt);
+        RETVAL= &c;
+        }
+OUTPUT:
+RETVAL
+void
+des_ofb_encrypt(input,numbits,ks,ivec)
+        unsigned char * input
+        int     numbits
+        des_key_schedule *      ks
+        des_cblock *    ivec
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        unsigned char *c;
+        len=SvCUR(ST(0));
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(unsigned char *)SvPV(s,na);
+        des_ofb_encrypt((unsigned char *)input,(unsigned char *)c,
+                numbits,len,*ks,ivec);
+        sv_setpvn(ST(3),(char *)ivec,8);
+        PUSHs(s);
+        }
+void
+des_pcbc_encrypt(input,ks,ivec,encrypt)
+        char *  input
+        des_key_schedule *      ks
+        des_cblock *    ivec
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        char *c;
+        l=SvCUR(ST(0));
+        len=((((unsigned long)l)+7)/8)*8;
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(char *)SvPV(s,na);
+        des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c,
+                l,*ks,ivec,encrypt);
+        sv_setpvn(ST(2),(char *)c[len-8],8);
+        PUSHs(s);
+        }
+des_cblock *
+des_random_key()
+CODE:
+        {
+        des_cblock c;
+        des_random_key(c);
+        RETVAL=&c;
+        }
+OUTPUT:
+RETVAL
+des_cblock *
+des_string_to_key(str)
+char *  str
+CODE:
+        {
+        des_cblock c;
+        des_string_to_key(str,&c);
+        RETVAL=&c;
+        }
+OUTPUT:
+RETVAL
+void
+des_string_to_2keys(str)
+char *  str
+PPCODE:
+        {
+        des_cblock c1,c2;
+        SV *s1,*s2;
+        des_string_to_2keys(str,&c1,&c2);
+        EXTEND(sp,2);
+        s1=sv_newmortal();
+        sv_setpvn(s1,(char *)c1,8);
+        s2=sv_newmortal();
+        sv_setpvn(s2,(char *)c2,8);
+        PUSHs(s1);
+        PUSHs(s2);
+        }
diff --git a/src/lib/libcrypto/des/INSTALL b/src/lib/libcrypto/des/INSTALL
new file mode 100644
index 0000000000..32457d775c
--- /dev/null
+++ b/src/lib/libcrypto/des/INSTALL
@@ -0,0 +1,69 @@
+Check the CC and CFLAGS lines in the makefile
+If your C library does not support the times(3) function, change the
+#define TIMES to
+#undef TIMES in speed.c
+If it does, check the HZ value for the times(3) function.
+If your system does not define CLK_TCK it will be assumed to
+be 100.0.
+If possible use gcc v 2.7.?
+Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc)
+In recent times, some system compilers give better performace.
+type 'make'
+run './destest' to check things are ok.
+run './rpw' to check the tty code for reading passwords works.
+run './speed' to see how fast those optimisations make the library run :-)
+run './des_opts' to determin the best compile time options.
+The output from des_opts should be put in the makefile options and des_enc.c
+should be rebuilt.  For 64 bit computers, do not use the DES_PTR option.
+For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int'
+and then you can use the 'DES_PTR' option.
+The file options.txt has the options listed for best speed on quite a
+few systems.  Look and the options (UNROLL, PTR, RISC2 etc) and then
+turn on the relevent option in the Makefile
+There are some special Makefile targets that make life easier.
+make cc         - standard cc build
+make gcc        - standard gcc build
+make x86-elf    - x86 assembler (elf), linux-elf.
+make x86-out    - x86 assembler (a.out), FreeBSD
+make x86-solaris- x86 assembler
+make x86-bsdi   - x86 assembler (a.out with primative assembler).
+If at all possible use the assembler (for Windows NT/95, use
+asm/win32.obj to link with).  The x86 assembler is very very fast.
+A make install will by default install
+libdes.a      in /usr/local/lib/libdes.a
+des           in /usr/local/bin/des
+des_crypt.man in /usr/local/man/man3/des_crypt.3
+des.man       in /usr/local/man/man1/des.1
+des.h         in /usr/include/des.h
+des(1) should be compatible with sunOS's but I have been unable to
+test it.
+These routines should compile on MSDOS, most 32bit and 64bit version
+of Unix (BSD and SYSV) and VMS, without modification.
+The only problems should be #include files that are in the wrong places.
+These routines can be compiled under MSDOS.
+I have successfully encrypted files using des(1) under MSDOS and then
+decrypted the files on a SparcStation.
+I have been able to compile and test the routines with
+Microsoft C v 5.1 and Turbo C v 2.0.
+The code in this library is in no way optimised for the 16bit
+operation of MSDOS.
+When building for glibc, ignore all of the above and just unpack into
+glibc-1.??/des and then gmake as per normal.
+As a final note on performace.  Certain CPUs like sparcs and Alpha often give
+a %10 speed difference depending on the link order.  It is rather anoying
+when one program reports 'x' DES encrypts a second and another reports
+'x*0.9' the speed.
diff --git a/src/lib/libcrypto/des/Imakefile b/src/lib/libcrypto/des/Imakefile
new file mode 100644
index 0000000000..1b9b5629e1
--- /dev/null
+++ b/src/lib/libcrypto/des/Imakefile
@@ -0,0 +1,35 @@
+# This Imakefile has not been tested for a while but it should still
+# work when placed in the correct directory in the kerberos v 4 distribution
+SRCS=   cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \
+        qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \
+        enc_read.c enc_writ.c fcrypt.c cfb_enc.c \
+        ecb3_enc.c ofb_enc.c ofb64enc.c
+OBJS=   cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
+        qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \
+        enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
+        ecb3_enc.o ofb_enc.o ofb64enc.o
+GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \
+        vms.com KERBEROS
+DES=    des.c des.man
+TESTING=destest.c speed.c rpw.c
+LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h
+PERL=   des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+CODE=    $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL)
+SRCDIR=$(SRCTOP)/lib/des
+DBG= -O
+INCLUDE= -I$(SRCDIR)
+CC= cc
+library_obj_rule()
+install_library_target(des,$(OBJS),$(SRCS),)
+test(destest,libdes.a,)
+test(rpw,libdes.a,)
diff --git a/src/lib/libcrypto/des/KERBEROS b/src/lib/libcrypto/des/KERBEROS
new file mode 100644
index 0000000000..f401b10014
--- /dev/null
+++ b/src/lib/libcrypto/des/KERBEROS
@@ -0,0 +1,41 @@
+ [ This is an old file, I don't know if it is true anymore
+   but I will leave the file here - eay 21/11/95 ]
+To use this library with Bones (kerberos without DES):
+1) Get my modified Bones - eBones.  It can be found on
+   gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z
+   and
+   nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z
+2) Unpack this library in src/lib/des, makeing sure it is version
+   3.00 or greater (libdes.tar.93-10-07.Z).  This versions differences
+   from the version in comp.sources.misc volume 29 patchlevel2.
+   The primarily difference is that it should compile under kerberos :-).
+   It can be found at.
+   ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z
+Now do a normal kerberos build and things should work.
+One problem I found when I was build on my local sun.
+---
+For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c
+*** make_commands.c.orig        Fri Jul  3 04:18:35 1987
+--- make_commands.c     Wed May 20 08:47:42 1992
+***************
+*** 98,104 ****
+       if (!rename(o_file, z_file)) {
+          if (!vfork()) {
+               chdir("/tmp");
+!              execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n",
+                     z_file+5, 0);
+               perror("/bin/ld");
+               _exit(1);
+--- 98,104 ----
+       if (!rename(o_file, z_file)) {
+          if (!vfork()) {
+               chdir("/tmp");
+!              execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r",
+                     z_file+5, 0);
+               perror("/bin/ld");
+               _exit(1);
diff --git a/src/lib/libcrypto/des/README b/src/lib/libcrypto/des/README
new file mode 100644
index 0000000000..621a5ab467
--- /dev/null
+++ b/src/lib/libcrypto/des/README
@@ -0,0 +1,54 @@
+                libdes, Version 4.01 10-Jan-97
+                Copyright (c) 1997, Eric Young
+                          All rights reserved.
+    This program is free software; you can redistribute it and/or modify
+    it under the terms specified in COPYRIGHT.
+    
+--
+The primary ftp site for this library is
+ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz
+libdes is now also shipped with SSLeay.  Primary ftp site of
+ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
+The best way to build this library is to build it as part of SSLeay.
+This kit builds a DES encryption library and a DES encryption program.
+It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb,
+triple cfb, desx, and MIT's pcbc encryption modes and also has a fast
+implementation of crypt(3).
+It contains support routines to read keys from a terminal,
+generate a random key, generate a key from an arbitrary length string,
+read/write encrypted data from/to a file descriptor.
+The implementation was written so as to conform with the manual entry
+for the des_crypt(3) library routines from MIT's project Athena.
+destest should be run after compilation to test the des routines.
+rpw should be run after compilation to test the read password routines.
+The des program is a replacement for the sun des command.  I believe it
+conforms to the sun version.
+The Imakefile is setup for use in the kerberos distribution.
+These routines are best compiled with gcc or any other good
+optimising compiler.
+Just turn you optimiser up to the highest settings and run destest
+after the build to make sure everything works.
+I believe these routines are close to the fastest and most portable DES
+routines that use small lookup tables (4.5k) that are publicly available.
+The fcrypt routine is faster than ufc's fcrypt (when compiling with
+gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines
+(on a sun3/260 168 vs 336).  It is a function of CPU on chip cache size.
+[ 10-Jan-97 and a function of an incorrect speed testing program in
+  ufc which gave much better test figures that reality ].
+It is worth noting that on sparc and Alpha CPUs, performance of the DES
+library can vary by upto %10 due to the positioning of files after application
+linkage.
+Eric Young (eay@cryptsoft.com)
diff --git a/src/lib/libcrypto/des/VERSION b/src/lib/libcrypto/des/VERSION
new file mode 100644
index 0000000000..f62d8bdac0
--- /dev/null
+++ b/src/lib/libcrypto/des/VERSION
@@ -0,0 +1,411 @@
+        Defining SIGACTION causes sigaction() to be used instead of signal().
+        SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it
+        can cause problems.  This should hopefully not affect normal
+        applications.
+Version 4.04
+        Fixed a few tests in destest.  Also added x86 assember for
+        des_ncbc_encrypt() which is the standard cbc mode function.
+        This makes a very very large performace difference.
+        Ariel Glenn ariel@columbia.edu reports that the terminal
+        'turn echo off' can return (errno == EINVAL) under solaris
+        when redirection is used.  So I now catch that as well as ENOTTY.
+Version 4.03
+        Left a static out of enc_write.c, which caused to buffer to be
+        continiously malloc()ed.  Does anyone use these functions?  I keep
+        on feeling like removing them since I only had these in there
+        for a version of kerberised login.  Anyway, this was pointed out
+        by Theo de Raadt <deraadt@cvs.openbsd.org>
+        The 'n' bit ofb code was wrong, it was not shifting the shift
+        register. It worked correctly for n == 64.  Thanks to
+        Gigi Ankeny <Gigi.Ankeny@Eng.Sun.COM> for pointing this one out.
+Version 4.02
+        I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)'
+        when checking for weak keys which is wrong :-(, pointed out by
+        Markus F.X.J. Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>.
+Version 4.01
+        Even faster inner loop in the DES assembler for x86 and a modification
+        for IP/FP which is faster on x86.  Both of these changes are
+        from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  His
+        changes make the assembler run %40 faster on a pentium.  This is just
+        a case of getting the instruction sequence 'just right'.
+        All credit to 'Svend' :-)
+        Quite a few special x86 'make' targets.
+        A libdes-l (lite) distribution.
+Version 4.00
+        After a bit of a pause, I'll up the major version number since this
+        is mostly a performace release.  I've added x86 assembler and
+        added more options for performance.  A %28 speedup for gcc 
+        on a pentium and the assembler is a %50 speedup.
+        MIPS CPU's, sparc and Alpha are the main CPU's with speedups.
+        Run des_opts to work out which options should be used.
+        DES_RISC1/DES_RISC2 use alternative inner loops which use
+        more registers but should give speedups on any CPU that does
+        dual issue (pentium).  DES_UNROLL unrolls the inner loop,
+        which costs in code size.
+Version 3.26
+        I've finally removed one of the shifts in D_ENCRYPT.  This
+        meant I've changed the des_SPtrans table (spr.h), the set_key()
+        function and some things in des_enc.c.  This has definitly
+        made things faster :-).  I've known about this one for some
+        time but I've been too lazy to follow it up :-).
+        Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^..
+        instead of L^=((..)|(..)|(..)..  This should save a register at
+        least.
+        Assember for x86.  The file to replace is des_enc.c, which is replaced
+        by one of the assembler files found in asm.  Look at des/asm/readme
+        for more info.
+        /* Modification to fcrypt so it can be compiled to support
+        HPUX 10.x's long password format, define -DLONGCRYPT to use this.
+        Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */
+        SIGWINCH case put in des_read_passwd() so the function does not
+        'exit' if this function is recieved.
+Version 3.25 17/07/96
+        Modified read_pwd.c so that stdin can be read if not a tty.
+        Thanks to Jeff Barber <jeffb@issl.atl.hp.com> for the patches.
+        des_init_random_number_generator() shortened due to VMS linker
+        limits.
+        Added RSA's DESX cbc mode.  It is a form of cbc encryption, with 2
+        8 byte quantites xored before and after encryption.
+        des_xcbc_encryption() - the name is funny to preserve the des_
+        prefix on all functions.
+Version 3.24 20/04/96
+        The DES_PTR macro option checked and used by SSLeay configuration
+Version 3.23 11/04/96
+        Added DES_LONG.  If defined to 'unsigned int' on the DEC Alpha,
+        it gives a %20 speedup :-)
+        Fixed the problem with des.pl under perl5.  The patches were
+        sent by Ed Kubaitis (ejk@uiuc.edu).
+        if fcrypt.c, changed values to handle illegal salt values the way
+        normal crypt() implementations do.  Some programs apparently use
+        them :-(. The patch was sent by Bjorn Gronvall <bg@sics.se>
+Version 3.22 29/11/95
+        Bug in des(1), an error with the uuencoding stuff when the
+        'data' is small, thanks to Geoff Keating <keagchon@mehta.anu.edu.au>
+        for the patch.
+Version 3.21 22/11/95
+        After some emailing back and forth with 
+        Colin Plumb <colin@nyx10.cs.du.edu>, I've tweaked a few things
+        and in a future version I will probably put in some of the
+        optimisation he suggested for use with the DES_USE_PTR option.
+        Extra routines from Mark Murray <mark@grondar.za> for use in
+        freeBSD.  They mostly involve random number generation for use
+        with kerberos.  They involve evil machine specific system calls
+        etc so I would normally suggest pushing this stuff into the
+        application and/or using RAND_seed()/RAND_bytes() if you are
+        using this DES library as part of SSLeay.
+        Redone the read_pw() function so that it is cleaner and
+        supports termios, thanks to Sameer Parekh <sameer@c2.org>
+        for the initial patches for this.
+        Renamed 3ecb_encrypt() to ecb3_encrypt().  This has been
+         done just to make things more consistent.
+        I have also now added triple DES versions of cfb and ofb.
+Version 3.20
+        Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com,
+        my des_random_seed() function was only copying 4 bytes of the
+        passed seed into the init structure.  It is now fixed to copy 8.
+        My own suggestion is to used something like MD5 :-)
+Version 3.19 
+        While looking at my code one day, I though, why do I keep on
+        calling des_encrypt(in,out,ks,enc) when every function that
+        calls it has in and out the same.  So I dropped the 'out'
+        parameter, people should not be using this function.
+Version 3.18 30/08/95
+        Fixed a few bit with the distribution and the filenames.
+        3.17 had been munged via a move to DOS and back again.
+        NO CODE CHANGES
+Version 3.17 14/07/95
+        Fixed ede3 cbc which I had broken in 3.16.  I have also
+        removed some unneeded variables in 7-8 of the routines.
+Version 3.16 26/06/95
+        Added des_encrypt2() which does not use IP/FP, used by triple
+        des routines.  Tweaked things a bit elsewhere. %13 speedup on
+        sparc and %6 on a R4400 for ede3 cbc mode.
+Version 3.15 06/06/95
+        Added des_ncbc_encrypt(), it is des_cbc mode except that it is
+        'normal' and copies the new iv value back over the top of the
+        passed parameter.
+        CHANGED des_ede3_cbc_encrypt() so that it too now overwrites
+        the iv.  THIS WILL BREAK EXISTING CODE, but since this function
+        only new, I feel I can change it, not so with des_cbc_encrypt :-(.
+        I need to update the documentation.
+Version 3.14 31/05/95
+        New release upon the world, as part of my SSL implementation.
+        New copyright and usage stuff.  Basically free for all to use
+        as long as you say it came from me :-)
+Version 3.13 31/05/95
+        A fix in speed.c, if HZ is not defined, I set it to 100.0
+        which is reasonable for most unixes except SunOS 4.x.
+        I now have a #ifdef sun but timing for SunOS 4.x looked very
+        good :-(.  At my last job where I used SunOS 4.x, it was
+        defined to be 60.0 (look at the old INSTALL documentation), at
+        the last release had it changed to 100.0 since I now work with
+        Solaris2 and SVR4 boxes.
+        Thanks to  Rory Chisholm <rchishol@math.ethz.ch> for pointing this
+        one out.
+Version 3.12 08/05/95
+        As pointed out by The Crypt Keeper <tck@bend.UCSD.EDU>,
+        my D_ENCRYPT macro in crypt() had an un-necessary variable.
+        It has been removed.
+Version 3.11 03/05/95
+        Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys
+        and one iv.  It is a standard and I needed it for my SSL code.
+        It makes more sense to use this for triple DES than
+        3cbc_encrypt().  I have also added (or should I say tested :-)
+        cfb64_encrypt() which is cfb64 but it will encrypt a partial
+        number of bytes - 3 bytes in 3 bytes out.  Again this is for
+        my SSL library, as a form of encryption to use with SSL
+        telnet.
+Version 3.10 22/03/95
+        Fixed a bug in 3cbc_encrypt() :-(.  When making repeated calls
+        to cbc3_encrypt, the 2 iv values that were being returned to
+        be used in the next call were reversed :-(.
+        Many thanks to Bill Wade <wade@Stoner.COM> for pointing out
+        this error.
+Version 3.09 01/02/95
+        Fixed des_random_key to far more random, it was rather feeble
+        with regards to picking the initial seed.  The problem was
+        pointed out by Olaf Kirch <okir@monad.swb.de>.
+Version 3.08 14/12/94
+        Added Makefile.PL so libdes can be built into perl5.
+        Changed des_locl.h so RAND is always defined.
+Version 3.07 05/12/94
+        Added GNUmake and stuff so the library can be build with
+        glibc.
+Version 3.06 30/08/94
+        Added rpc_enc.c which contains _des_crypt.  This is for use in
+        secure_rpc v 4.0
+        Finally fixed the cfb_enc problems.
+        Fixed a few parameter parsing bugs in des (-3 and -b), thanks
+        to Rob McMillan <R.McMillan@its.gu.edu.au>
+Version 3.05 21/04/94
+        for unsigned long l; gcc does not produce ((l>>34) == 0)
+        This causes bugs in cfb_enc.
+        Thanks to Hadmut Danisch <danisch@ira.uka.de>
+Version 3.04 20/04/94
+        Added a version number to des.c and libdes.a
+Version 3.03 12/01/94
+        Fixed a bug in non zero iv in 3cbc_enc.
+Version 3.02 29/10/93
+        I now work in a place where there are 6+ architectures and 14+
+        OS versions :-).
+        Fixed TERMIO definition so the most sys V boxes will work :-)
+Release upon comp.sources.misc
+Version 3.01 08/10/93
+        Added des_3cbc_encrypt()
+Version 3.00 07/10/93
+        Fixed up documentation.
+        quad_cksum definitely compatible with MIT's now.
+Version 2.30 24/08/93
+        Triple DES now defaults to triple cbc but can do triple ecb
+         with the -b flag.
+        Fixed some MSDOS uuen/uudecoding problems, thanks to
+        Added prototypes.
+        
+Version 2.22 29/06/93
+        Fixed a bug in des_is_weak_key() which stopped it working :-(
+        thanks to engineering@MorningStar.Com.
+Version 2.21 03/06/93
+        des(1) with no arguments gives quite a bit of help.
+        Added -c (generate ckecksum) flag to des(1).
+        Added -3 (triple DES) flag to des(1).
+        Added cfb and ofb routines to the library.
+Version 2.20 11/03/93
+        Added -u (uuencode) flag to des(1).
+        I have been playing with byte order in quad_cksum to make it
+         compatible with MIT's version.  All I can say is avid this
+         function if possible since MIT's output is endian dependent.
+Version 2.12 14/10/92
+        Added MSDOS specific macro in ecb_encrypt which gives a %70
+         speed up when the code is compiled with turbo C.
+Version 2.11 12/10/92
+        Speedup in set_key (recoding of PC-1)
+         I now do it in 47 simple operations, down from 60.
+         Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+         for motivating me to look for a faster system :-)
+         The speedup is probably less that 1% but it is still 13
+         instructions less :-).
+Version 2.10 06/10/92
+        The code now works on the 64bit ETA10 and CRAY without modifications or
+         #defines.  I believe the code should work on any machine that
+         defines long, int or short to be 8 bytes long.
+        Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu)
+         for helping me fix the code to run on 64bit machines (he had
+         access to an ETA10).
+        Thanks also to John Fletcher <john_fletcher@lccmail.ocf.llnl.gov>
+         for testing the routines on a CRAY.
+        read_password.c has been renamed to read_passwd.c
+        string_to_key.c has been renamed to string2key.c
+Version 2.00 14/09/92
+        Made mods so that the library should work on 64bit CPU's.
+        Removed all my uchar and ulong defs.  To many different
+         versions of unix define them in their header files in too many
+         different combinations :-)
+        IRIX - Sillicon Graphics mods (mostly in read_password.c).
+         Thanks to Andrew Daviel (advax@erich.triumf.ca)
+Version 1.99 26/08/92
+        Fixed a bug or 2 in enc_read.c
+        Fixed a bug in enc_write.c
+        Fixed a pseudo bug in fcrypt.c (very obscure).
+Version 1.98 31/07/92
+        Support for the ETA10.  This is a strange machine that defines
+        longs and ints as 8 bytes and shorts as 4 bytes.
+        Since I do evil things with long * that assume that they are 4
+        bytes.  Look in the Makefile for the option to compile for
+        this machine.  quad_cksum appears to have problems but I
+        will don't have the time to fix it right now, and this is not
+        a function that uses DES and so will not effect the main uses
+        of the library.
+Version 1.97 20/05/92 eay
+        Fixed the Imakefile and made some changes to des.h to fix some
+        problems when building this package with Kerberos v 4.
+Version 1.96 18/05/92 eay
+        Fixed a small bug in string_to_key() where problems could
+        occur if des_check_key was set to true and the string
+        generated a weak key.
+Patch2 posted to comp.sources.misc
+Version 1.95 13/05/92 eay
+        Added an alternative version of the D_ENCRYPT macro in
+        ecb_encrypt and fcrypt.  Depending on the compiler, one version or the
+        other will be faster.  This was inspired by 
+        Dana How <how@isl.stanford.edu>, and her pointers about doing the
+        *(ulong *)((uchar *)ptr+(value&0xfc))
+        vs
+        ptr[value&0x3f]
+        to stop the C compiler doing a <<2 to convert the long array index.
+Version 1.94 05/05/92 eay
+        Fixed an incompatibility between my string_to_key and the MIT
+         version.  When the key is longer than 8 chars, I was wrapping
+         with a different method.  To use the old version, define
+         OLD_STR_TO_KEY in the makefile.  Thanks to
+         viktor@newsu.shearson.com (Viktor Dukhovni).
+Version 1.93 28/04/92 eay
+        Fixed the VMS mods so that echo is now turned off in
+         read_password.  Thanks again to brennan@coco.cchs.su.oz.AU.
+        MSDOS support added.  The routines can be compiled with
+         Turbo C (v2.0) and MSC (v5.1).  Make sure MSDOS is defined.
+Patch1 posted to comp.sources.misc
+Version 1.92 13/04/92 eay
+        Changed D_ENCRYPT so that the rotation of R occurs outside of
+         the loop.  This required rotating all the longs in sp.h (now
+         called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+        speed.c has been changed so it will work without SIGALRM.  If
+         times(3) is not present it will try to use ftime() instead.
+Version 1.91 08/04/92 eay
+        Added -E/-D options to des(1) so it can use string_to_key.
+        Added SVR4 mods suggested by witr@rwwa.COM
+        Added VMS mods suggested by brennan@coco.cchs.su.oz.AU.  If
+        anyone knows how to turn of tty echo in VMS please tell me or
+        implement it yourself :-).
+        Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS
+        does not like IN/OUT being used.
+Libdes posted to comp.sources.misc
+Version 1.9 24/03/92 eay
+        Now contains a fast small crypt replacement.
+        Added des(1) command.
+        Added des_rw_mode so people can use cbc encryption with
+        enc_read and enc_write.
+Version 1.8 15/10/91 eay
+        Bug in cbc_cksum.
+        Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this
+        one out.
+Version 1.7 24/09/91 eay
+        Fixed set_key :-)
+        set_key is 4 times faster and takes less space.
+        There are a few minor changes that could be made.
+Version 1.6 19/09/1991 eay
+        Finally go IP and FP finished.
+        Now I need to fix set_key.
+        This version is quite a bit faster that 1.51
+Version 1.52 15/06/1991 eay
+        20% speedup in ecb_encrypt by changing the E bit selection
+        to use 2 32bit words.  This also required modification of the
+        sp table.  There is still a way to speedup the IP and IP-1
+        (hints from outer@sq.com) still working on this one :-(.
+Version 1.51 07/06/1991 eay
+        Faster des_encrypt by loop unrolling
+        Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu)
+Version 1.50 28/05/1991 eay
+        Optimised the code a bit more for the sparc.  I have improved the
+        speed of the inner des_encrypt by speeding up the initial and
+        final permutations.
+Version 1.40 23/10/1990 eay
+        Fixed des_random_key, it did not produce a random key :-(
+Version 1.30  2/10/1990 eay
+        Have made des_quad_cksum the same as MIT's, the full package
+        should be compatible with MIT's
+        Have tested on a DECstation 3100
+        Still need to fix des_set_key (make it faster).
+        Does des_cbc_encrypts at 70.5k/sec on a 3100.
+Version 1.20 18/09/1990 eay
+        Fixed byte order dependencies.
+        Fixed (I hope) all the word alignment problems.
+        Speedup in des_ecb_encrypt.
+Version 1.10 11/09/1990 eay
+        Added des_enc_read and des_enc_write.
+        Still need to fix des_quad_cksum.
+        Still need to document des_enc_read and des_enc_write.
+Version 1.00 27/08/1990 eay
diff --git a/src/lib/libcrypto/des/asm/des686.pl b/src/lib/libcrypto/des/asm/des686.pl
new file mode 100644
index 0000000000..cf1a82fb5c
--- /dev/null
+++ b/src/lib/libcrypto/des/asm/des686.pl
@@ -0,0 +1,230 @@
+#!/usr/bin/perl
+$prog="des686.pl";
+# base code is in microsft
+# op dest, source
+# format.
+#
+# WILL NOT WORK ANYMORE WITH desboth.pl
+require "desboth.pl";
+if (    ($ARGV[0] eq "elf"))
+        { require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "a.out"))
+        { $aout=1; require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "sol"))
+        { $sol=1; require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "cpp"))
+        { $cpp=1; require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "win32"))
+        { require "x86ms.pl"; }
+else
+        {
+        print STDERR <<"EOF";
+Pick one target type from
+        elf     - linux, FreeBSD etc
+        a.out   - old linux
+        sol     - x86 solaris
+        cpp     - format so x86unix.cpp can be used
+        win32   - Windows 95/Windows NT
+EOF
+        exit(1);
+        }
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
+&comment("eric <eay\@cryptsoft.com>");
+&comment("");
+&file("dx86xxxx");
+$L="edi";
+$R="esi";
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+&file_end();
+sub des_encrypt
+        {
+        local($name,$do_ip)=@_;
+        &function_begin($name,"EXTRN   _des_SPtrans:DWORD");
+        &comment("");
+        &comment("Load the 2 words");
+        &mov("eax",&wparam(0));
+        &mov($L,&DWP(0,"eax","",0));
+        &mov($R,&DWP(4,"eax","",0));
+        $ksp=&wparam(1);
+        if ($do_ip)
+                {
+                &comment("");
+                &comment("IP");
+                &IP_new($L,$R,"eax");
+                }
+        &comment("");
+        &comment("fixup rotate");
+        &rotl($R,3);
+        &rotl($L,3);
+        &exch($L,$R);
+        &comment("");
+        &comment("load counter, key_schedule and enc flag");
+        &mov("eax",&wparam(2)); # get encrypt flag
+        &mov("ebp",&wparam(1)); # get ks
+        &cmp("eax","0");
+        &je(&label("start_decrypt"));
+        # encrypting part
+        for ($i=0; $i<16; $i+=2)
+                {
+                &comment("");
+                &comment("Round $i");
+                &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+                &comment("");
+                &comment("Round ".sprintf("%d",$i+1));
+                &D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+                }
+        &jmp(&label("end"));
+        &set_label("start_decrypt");
+        for ($i=15; $i>0; $i-=2)
+                {
+                &comment("");
+                &comment("Round $i");
+                &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+                &comment("");
+                &comment("Round ".sprintf("%d",$i-1));
+                &D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+                }
+        &set_label("end");
+        &comment("");
+        &comment("Fixup");
+        &rotr($L,3);            # r
+        &rotr($R,3);            # l
+        if ($do_ip)
+                {
+                &comment("");
+                &comment("FP");
+                &FP_new($R,$L,"eax");
+                }
+        &mov("eax",&wparam(0));
+        &mov(&DWP(0,"eax","",0),$L);
+        &mov(&DWP(4,"eax","",0),$R);
+        &function_end($name);
+        }
+# The logic is to load R into 2 registers and operate on both at the same time.
+# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte'
+# while also masking the other copy and doing a lookup.  We then also accumulate the
+# L value in 2 registers then combine them at the end.
+sub D_ENCRYPT
+        {
+        local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_;
+        &mov(   $u,             &DWP(&n2a($S*4),$ks,"",0));
+        &mov(   $t,             &DWP(&n2a(($S+1)*4),$ks,"",0));
+        &xor(   $u,             $R              );
+        &xor(   $t,             $R              );
+        &rotr(  $t,             4               );
+        # the numbers at the end of the line are origional instruction order
+        &mov(   $tmp2,          $u              );                      # 1 2
+        &mov(   $tmp1,          $t              );                      # 1 1
+        &and(   $tmp2,          "0xfc"          );                      # 1 4
+        &and(   $tmp1,          "0xfc"          );                      # 1 3
+        &shr(   $t,             8               );                      # 1 5
+        &xor(   $L,             &DWP("0x100+$desSP",$tmp1,"",0));       # 1 7
+        &shr(   $u,             8               );                      # 1 6
+        &mov(   $tmp1,          &DWP("      $desSP",$tmp2,"",0));       # 1 8
+        &mov(   $tmp2,          $u              );                      # 2 2
+        &xor(   $L,             $tmp1           );                      # 1 9
+        &and(   $tmp2,          "0xfc"          );                      # 2 4
+        &mov(   $tmp1,          $t              );                      # 2 1
+        &and(   $tmp1,          "0xfc"          );                      # 2 3
+        &shr(   $t,             8               );                      # 2 5
+        &xor(   $L,             &DWP("0x300+$desSP",$tmp1,"",0));       # 2 7
+        &shr(   $u,             8               );                      # 2 6
+        &mov(   $tmp1,          &DWP("0x200+$desSP",$tmp2,"",0));       # 2 8
+        &mov(   $tmp2,          $u              );                      # 3 2
+        &xor(   $L,             $tmp1           );                      # 2 9
+        &and(   $tmp2,          "0xfc"          );                      # 3 4
+        &mov(   $tmp1,          $t              );                      # 3 1 
+        &shr(   $u,             8               );                      # 3 6
+        &and(   $tmp1,          "0xfc"          );                      # 3 3
+        &shr(   $t,             8               );                      # 3 5
+        &xor(   $L,             &DWP("0x500+$desSP",$tmp1,"",0));       # 3 7
+        &mov(   $tmp1,          &DWP("0x400+$desSP",$tmp2,"",0));       # 3 8
+        &and(   $t,             "0xfc"          );                      # 4 1
+        &xor(   $L,             $tmp1           );                      # 3 9
+        &and(   $u,             "0xfc"          );                      # 4 2
+        &xor(   $L,             &DWP("0x700+$desSP",$t,"",0));          # 4 3
+        &xor(   $L,             &DWP("0x600+$desSP",$u,"",0));          # 4 4
+        }
+sub PERM_OP
+        {
+        local($a,$b,$tt,$shift,$mask)=@_;
+        &mov(   $tt,            $a              );
+        &shr(   $tt,            $shift          );
+        &xor(   $tt,            $b              );
+        &and(   $tt,            $mask           );
+        &xor(   $b,             $tt             );
+        &shl(   $tt,            $shift          );
+        &xor(   $a,             $tt             );
+        }
+sub IP_new
+        {
+        local($l,$r,$tt)=@_;
+        &PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");
+        &PERM_OP($l,$r,$tt,16,"0x0000ffff");
+        &PERM_OP($r,$l,$tt, 2,"0x33333333");
+        &PERM_OP($l,$r,$tt, 8,"0x00ff00ff");
+        &PERM_OP($r,$l,$tt, 1,"0x55555555");
+        }
+sub FP_new
+        {
+        local($l,$r,$tt)=@_;
+        &PERM_OP($l,$r,$tt, 1,"0x55555555");
+        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");
+        &PERM_OP($l,$r,$tt, 2,"0x33333333");
+        &PERM_OP($r,$l,$tt,16,"0x0000ffff");
+        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");
+        }
+sub n2a
+        {
+        sprintf("%d",$_[0]);
+        }
diff --git a/src/lib/libcrypto/des/asm/readme b/src/lib/libcrypto/des/asm/readme
new file mode 100644
index 0000000000..f8529d9307
--- /dev/null
+++ b/src/lib/libcrypto/des/asm/readme
@@ -0,0 +1,131 @@
+First up, let me say I don't like writing in assembler.  It is not portable,
+dependant on the particular CPU architecture release and is generally a pig
+to debug and get right.  Having said that, the x86 architecture is probably
+the most important for speed due to number of boxes and since
+it appears to be the worst architecture to to get
+good C compilers for.  So due to this, I have lowered myself to do
+assembler for the inner DES routines in libdes :-).
+The file to implement in assembler is des_enc.c.  Replace the following
+4 functions
+des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+They encrypt/decrypt the 64 bits held in 'data' using
+the 'ks' key schedules.   The only difference between the 4 functions is that
+des_encrypt2() does not perform IP() or FP() on the data (this is an
+optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
+perform triple des.  The triple DES routines are in here because it does
+make a big difference to have them located near the des_encrypt2 function
+at link time..
+Now as we all know, there are lots of different operating systems running on
+x86 boxes, and unfortunately they normally try to make sure their assembler
+formating is not the same as the other peoples.
+The 4 main formats I know of are
+Microsoft       Windows 95/Windows NT
+Elf             Includes Linux and FreeBSD(?).
+a.out           The older Linux.
+Solaris         Same as Elf but different comments :-(.
+Now I was not overly keen to write 4 different copies of the same code,
+so I wrote a few perl routines to output the correct assembler, given
+a target assembler type.  This code is ugly and is just a hack.
+The libraries are x86unix.pl and x86ms.pl.
+des586.pl, des686.pl and des-som[23].pl are the programs to actually
+generate the assembler.
+So to generate elf assembler
+perl des-som3.pl elf >dx86-elf.s
+For Windows 95/NT
+perl des-som2.pl win32 >win32.asm
+[ update 4 Jan 1996 ]
+I have added another way to do things.
+perl des-som3.pl cpp >dx86-cpp.s
+generates a file that will be included by dx86unix.cpp when it is compiled.
+To build for elf, a.out, solaris, bsdi etc,
+cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
+cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
+This was done to cut down the number of files in the distribution.
+Now the ugly part.  I acquired my copy of Intels
+"Optimization's For Intel's 32-Bit Processors" and found a few interesting
+things.  First, the aim of the exersize is to 'extract' one byte at a time
+from a word and do an array lookup.  This involves getting the byte from
+the 4 locations in the word and moving it to a new word and doing the lookup.
+The most obvious way to do this is
+xor     eax,    eax                             # clear word
+movb    al,     cl                              # get low byte
+xor     edi     DWORD PTR 0x100+des_SP[eax]     # xor in word
+movb    al,     ch                              # get next byte
+xor     edi     DWORD PTR 0x300+des_SP[eax]     # xor in word
+shr     ecx     16
+which seems ok.  For the pentium, this system appears to be the best.
+One has to do instruction interleaving to keep both functional units
+operating, but it is basically very efficient.
+Now the crunch.  When a full register is used after a partial write, eg.
+mov     al,     cl
+xor     edi,    DWORD PTR 0x100+des_SP[eax]
+386     - 1 cycle stall
+486     - 1 cycle stall
+586     - 0 cycle stall
+686     - at least 7 cycle stall (page 22 of the above mentioned document).
+So the technique that produces the best results on a pentium, according to
+the documentation, will produce hideous results on a pentium pro.
+To get around this, des686.pl will generate code that is not as fast on
+a pentium, should be very good on a pentium pro.
+mov     eax,    ecx                             # copy word 
+shr     ecx,    8                               # line up next byte
+and     eax,    0fch                            # mask byte
+xor     edi     DWORD PTR 0x100+des_SP[eax]     # xor in array lookup
+mov     eax,    ecx                             # get word
+shr     ecx     8                               # line up next byte
+and     eax,    0fch                            # mask byte
+xor     edi     DWORD PTR 0x300+des_SP[eax]     # xor in array lookup
+Due to the execution units in the pentium, this actually works quite well.
+For a pentium pro it should be very good.  This is the type of output
+Visual C++ generates.
+There is a third option.  instead of using
+mov     al,     ch
+which is bad on the pentium pro, one may be able to use
+movzx   eax,    ch
+which may not incur the partial write penalty.  On the pentium,
+this instruction takes 4 cycles so is not worth using but on the
+pentium pro it appears it may be worth while.  I need access to one to
+experiment :-).
+eric (20 Oct 1996)
+22 Nov 1996 - I have asked people to run the 2 different version on pentium
+pros and it appears that the intel documentation is wrong.  The
+mov al,bh is still faster on a pentium pro, so just use the des586.pl
+install des686.pl
+3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
+functions into des_enc.c because it does make a massive performance
+difference on some boxes to have the functions code located close to
+the des_encrypt2() function.
+9 Jan 1997 - des-som2.pl is now the correct perl script to use for
+pentiums.  It contains an inner loop from
+Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> which does raw ecb DES calls at
+273,000 per second.  He had a previous version at 250,000 and the best
+I was able to get was 203,000.  The content has not changed, this is all
+due to instruction sequencing (and actual instructions choice) which is able
+to keep both functional units of the pentium going.
+We may have lost the ugly register usage restrictions when x86 went 32 bit
+but for the pentium it has been replaced by evil instruction ordering tricks.
+13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
+raw DES at 281,000 per second on a pentium 100.
diff --git a/src/lib/libcrypto/des/cbc3_enc.c b/src/lib/libcrypto/des/cbc3_enc.c
new file mode 100644
index 0000000000..92a78b05d6
--- /dev/null
+++ b/src/lib/libcrypto/des/cbc3_enc.c
@@ -0,0 +1,99 @@
+/* crypto/des/cbc3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+/* HAS BUGS? DON'T USE - this is only present for use in des.c */
+void des_3cbc_encrypt(input, output, length, ks1, ks2, iv1, iv2, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_cblock (*iv1);
+des_cblock (*iv2);
+int enc;
+        {
+        int off=((int)length-1)/8;
+        long l8=((length+7)/8)*8;
+        des_cblock niv1,niv2;
+        if (enc == DES_ENCRYPT)
+                {
+                des_cbc_encrypt(input,output,length,ks1,iv1,enc);
+                if (length >= sizeof(des_cblock))
+                        memcpy(niv1,output[off],sizeof(des_cblock));
+                des_cbc_encrypt(output,output,l8,ks2,iv1,!enc);
+                des_cbc_encrypt(output,output,l8,ks1,iv2, enc);
+                if (length >= sizeof(des_cblock))
+                        memcpy(niv2,output[off],sizeof(des_cblock));
+                }
+        else
+                {
+                if (length >= sizeof(des_cblock))
+                        memcpy(niv2,input[off],sizeof(des_cblock));
+                des_cbc_encrypt(input,output,l8,ks1,iv2,enc);
+                des_cbc_encrypt(output,output,l8,ks2,iv1,!enc);
+                if (length >= sizeof(des_cblock))
+                        memcpy(niv1,output[off],sizeof(des_cblock));
+                des_cbc_encrypt(output,output,length,ks1,iv1, enc);
+                }
+        memcpy(*iv1,niv1,sizeof(des_cblock));
+        memcpy(*iv2,niv2,sizeof(des_cblock));
+        }
diff --git a/src/lib/libcrypto/des/des.c b/src/lib/libcrypto/des/des.c
new file mode 100644
index 0000000000..c1e5005474
--- /dev/null
+++ b/src/lib/libcrypto/des/des.c
@@ -0,0 +1,964 @@
+/* crypto/des/des.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+#define RAND
+#endif
+#include <time.h>
+#include "des_ver.h"
+#ifdef VMS
+#include <types.h>
+#include <stat.h>
+#else
+#ifndef _IRIX
+#include <sys/types.h>
+#endif
+#include <sys/stat.h>
+#endif
+#if defined(NOCONST)
+#define const
+#endif
+#include "des.h"
+#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
+#include <string.h>
+#endif
+#ifdef RAND
+#define random rand
+#define srandom(s) srand(s)
+#endif
+#ifndef NOPROTO
+void usage(void);
+void doencryption(void);
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
+void uufwriteEnd(FILE *fp);
+int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);
+int uuencode(unsigned char *in,int num,unsigned char *out);
+int uudecode(unsigned char *in,int num,unsigned char *out);
+void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
+        des_key_schedule sk1,des_key_schedule sk2,
+        des_cblock *ivec1,des_cblock *ivec2,int enc);
+#else
+void usage();
+void doencryption();
+int uufwrite();
+void uufwriteEnd();
+int uufread();
+int uuencode();
+int uudecode();
+void des_3cbc_encrypt();
+#endif
+#ifdef VMS
+#define EXIT(a) exit(a&0x10000000L)
+#else
+#define EXIT(a) exit(a)
+#endif
+#define BUFSIZE (8*1024)
+#define VERIFY  1
+#define KEYSIZ  8
+#define KEYSIZB 1024 /* should hit tty line limit first :-) */
+char key[KEYSIZB+1];
+int do_encrypt,longk=0;
+FILE *DES_IN,*DES_OUT,*CKSUM_OUT;
+char uuname[200];
+unsigned char uubuf[50];
+int uubufnum=0;
+#define INUUBUFN        (45*100)
+#define OUTUUBUF        (65*100)
+unsigned char b[OUTUUBUF];
+unsigned char bb[300];
+des_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+char cksumname[200]="";
+int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;
+int main(argc, argv)
+int argc;
+char **argv;
+        {
+        int i;
+        struct stat ins,outs;
+        char *p;
+        char *in=NULL,*out=NULL;
+        vflag=cflag=eflag=dflag=kflag=hflag=bflag=fflag=sflag=uflag=flag3=0;
+        error=0;
+        memset(key,0,sizeof(key));
+        for (i=1; i<argc; i++)
+                {
+                p=argv[i];
+                if ((p[0] == '-') && (p[1] != '\0'))
+                        {
+                        p++;
+                        while (*p)
+                                {
+                                switch (*(p++))
+                                        {
+                                case '3':
+                                        flag3=1;
+                                        longk=1;
+                                        break;
+                                case 'c':
+                                        cflag=1;
+                                        strncpy(cksumname,p,200);
+                                        p+=strlen(cksumname);
+                                        break;
+                                case 'C':
+                                        cflag=1;
+                                        longk=1;
+                                        strncpy(cksumname,p,200);
+                                        p+=strlen(cksumname);
+                                        break;
+                                case 'e':
+                                        eflag=1;
+                                        break;
+                                case 'v':
+                                        vflag=1;
+                                        break;
+                                case 'E':
+                                        eflag=1;
+                                        longk=1;
+                                        break;
+                                case 'd':
+                                        dflag=1;
+                                        break;
+                                case 'D':
+                                        dflag=1;
+                                        longk=1;
+                                        break;
+                                case 'b':
+                                        bflag=1;
+                                        break;
+                                case 'f':
+                                        fflag=1;
+                                        break;
+                                case 's':
+                                        sflag=1;
+                                        break;
+                                case 'u':
+                                        uflag=1;
+                                        strncpy(uuname,p,200);
+                                        p+=strlen(uuname);
+                                        break;
+                                case 'h':
+                                        hflag=1;
+                                        break;
+                                case 'k':
+                                        kflag=1;
+                                        if ((i+1) == argc)
+                                                {
+                                                fputs("must have a key with the -k option\n",stderr);
+                                                error=1;
+                                                }
+                                        else
+                                                {
+                                                int j;
+                                                i++;
+                                                strncpy(key,argv[i],KEYSIZB);
+                                                for (j=strlen(argv[i])-1; j>=0; j--)
+                                                        argv[i][j]='\0';
+                                                }
+                                        break;
+                                default:
+                                        fprintf(stderr,"'%c' unknown flag\n",p[-1]);
+                                        error=1;
+                                        break;
+                                        }
+                                }
+                        }
+                else
+                        {
+                        if (in == NULL)
+                                in=argv[i];
+                        else if (out == NULL)
+                                out=argv[i];
+                        else
+                                error=1;
+                        }
+                }
+        if (error) usage();
+        /* We either
+         * do checksum or
+         * do encrypt or
+         * do decrypt or
+         * do decrypt then ckecksum or
+         * do checksum then encrypt
+         */
+        if (((eflag+dflag) == 1) || cflag)
+                {
+                if (eflag) do_encrypt=DES_ENCRYPT;
+                if (dflag) do_encrypt=DES_DECRYPT;
+                }
+        else
+                {
+                if (vflag) 
+                        {
+#ifndef _Windows                        
+                        fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif                  
+                        EXIT(1);
+                        }
+                else usage();
+                }
+#ifndef _Windows                        
+        if (vflag) fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif                  
+        if (    (in != NULL) &&
+                (out != NULL) &&
+#ifndef MSDOS
+                (stat(in,&ins) != -1) &&
+                (stat(out,&outs) != -1) &&
+                (ins.st_dev == outs.st_dev) &&
+                (ins.st_ino == outs.st_ino))
+#else /* MSDOS */
+                (strcmp(in,out) == 0))
+#endif
+                        {
+                        fputs("input and output file are the same\n",stderr);
+                        EXIT(3);
+                        }
+        if (!kflag)
+                if (des_read_pw_string(key,KEYSIZB+1,"Enter key:",eflag?VERIFY:0))
+                        {
+                        fputs("password error\n",stderr);
+                        EXIT(2);
+                        }
+        if (in == NULL)
+                DES_IN=stdin;
+        else if ((DES_IN=fopen(in,"r")) == NULL)
+                {
+                perror("opening input file");
+                EXIT(4);
+                }
+        CKSUM_OUT=stdout;
+        if (out == NULL)
+                {
+                DES_OUT=stdout;
+                CKSUM_OUT=stderr;
+                }
+        else if ((DES_OUT=fopen(out,"w")) == NULL)
+                {
+                perror("opening output file");
+                EXIT(5);
+                }
+#ifdef MSDOS
+        /* This should set the file to binary mode. */
+        {
+#include <fcntl.h>
+        if (!(uflag && dflag))
+                setmode(fileno(DES_IN),O_BINARY);
+        if (!(uflag && eflag))
+                setmode(fileno(DES_OUT),O_BINARY);
+        }
+#endif
+        doencryption();
+        fclose(DES_IN);
+        fclose(DES_OUT);
+        EXIT(0);
+        }
+void usage()
+        {
+        char **u;
+        static const char *Usage[]={
+"des <options> [input-file [output-file]]",
+"options:",
+"-v         : des(1) version number",
+"-e         : encrypt using sunOS compatible user key to DES key conversion.",
+"-E         : encrypt ",
+"-d         : decrypt using sunOS compatible user key to DES key conversion.",
+"-D         : decrypt ",
+"-c[ckname] : generate a cbc_cksum using sunOS compatible user key to",
+"             DES key conversion and output to ckname (stdout default,",
+"             stderr if data being output on stdout).  The checksum is",
+"             generated before encryption and after decryption if used",
+"             in conjunction with -[eEdD].",
+"-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
+"-k key     : use key 'key'",
+"-h         : the key that is entered will be a hexidecimal number",
+"             that is used directly as the des key",
+"-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
+"             (uuname is the filename to put in the uuencode header).",
+"-b         : encrypt using DES in ecb encryption mode, the defaut is cbc mode.",
+"-3         : encrypt using tripple DES encryption.  This uses 2 keys",
+"             generated from the input key.  If the input key is less",
+"             than 8 characters long, this is equivelent to normal",
+"             encryption.  Default is tripple cbc, -b makes it tripple ecb.",
+NULL
+};
+        for (u=(char **)Usage; *u; u++)
+                {
+                fputs(*u,stderr);
+                fputc('\n',stderr);
+                }
+        EXIT(1);
+        }
+void doencryption()
+        {
+#ifdef _LIBC
+        extern int srandom();
+        extern int random();
+        extern unsigned long time();
+#endif
+        register int i;
+        des_key_schedule ks,ks2;
+        unsigned char iv[8],iv2[8];
+        char *p;
+        int num=0,j,k,l,rem,ll,len,last,ex=0;
+        des_cblock kk,k2;
+        FILE *O;
+        int Exit=0;
+#ifndef MSDOS
+        static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8];
+#else
+        static unsigned char *buf=NULL,*obuf=NULL;
+        if (buf == NULL)
+                {
+                if (    (( buf=(unsigned char *)Malloc(BUFSIZE+8)) == NULL) ||
+                        ((obuf=(unsigned char *)Malloc(BUFSIZE+8)) == NULL))
+                        {
+                        fputs("Not enough memory\n",stderr);
+                        Exit=10;
+                        goto problems;
+                        }
+                }
+#endif
+        if (hflag)
+                {
+                j=(flag3?16:8);
+                p=key;
+                for (i=0; i<j; i++)
+                        {
+                        k=0;
+                        if ((*p <= '9') && (*p >= '0'))
+                                k=(*p-'0')<<4;
+                        else if ((*p <= 'f') && (*p >= 'a'))
+                                k=(*p-'a'+10)<<4;
+                        else if ((*p <= 'F') && (*p >= 'A'))
+                                k=(*p-'A'+10)<<4;
+                        else
+                                {
+                                fputs("Bad hex key\n",stderr);
+                                Exit=9;
+                                goto problems;
+                                }
+                        p++;
+                        if ((*p <= '9') && (*p >= '0'))
+                                k|=(*p-'0');
+                        else if ((*p <= 'f') && (*p >= 'a'))
+                                k|=(*p-'a'+10);
+                        else if ((*p <= 'F') && (*p >= 'A'))
+                                k|=(*p-'A'+10);
+                        else
+                                {
+                                fputs("Bad hex key\n",stderr);
+                                Exit=9;
+                                goto problems;
+                                }
+                        p++;
+                        if (i < 8)
+                                kk[i]=k;
+                        else
+                                k2[i-8]=k;
+                        }
+                des_set_key((C_Block *)k2,ks2);
+                memset(k2,0,sizeof(k2));
+                }
+        else if (longk || flag3)
+                {
+                if (flag3)
+                        {
+                        des_string_to_2keys(key,(C_Block *)kk,(C_Block *)k2);
+                        des_set_key((C_Block *)k2,ks2);
+                        memset(k2,0,sizeof(k2));
+                        }
+                else
+                        des_string_to_key(key,(C_Block *)kk);
+                }
+        else
+                for (i=0; i<KEYSIZ; i++)
+                        {
+                        l=0;
+                        k=key[i];
+                        for (j=0; j<8; j++)
+                                {
+                                if (k&1) l++;
+                                k>>=1;
+                                }
+                        if (l & 1)
+                                kk[i]=key[i]&0x7f;
+                        else
+                                kk[i]=key[i]|0x80;
+                        }
+        des_set_key((C_Block *)kk,ks);
+        memset(key,0,sizeof(key));
+        memset(kk,0,sizeof(kk));
+        /* woops - A bug that does not showup under unix :-( */
+        memset(iv,0,sizeof(iv));
+        memset(iv2,0,sizeof(iv2));
+        l=1;
+        rem=0;
+        /* first read */
+        if (eflag || (!dflag && cflag))
+                {
+                for (;;)
+                        {
+                        num=l=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+                        l+=rem;
+                        num+=rem;
+                        if (l < 0)
+                                {
+                                perror("read error");
+                                Exit=6;
+                                goto problems;
+                                }
+                        rem=l%8;
+                        len=l-rem;
+                        if (feof(DES_IN))
+                                {
+                                srandom((unsigned int)time(NULL));
+                                for (i=7-rem; i>0; i--)
+                                        buf[l++]=random()&0xff;
+                                buf[l++]=rem;
+                                ex=1;
+                                len+=rem;
+                                }
+                        else
+                                l-=rem;
+                        if (cflag)
+                                {
+                                des_cbc_cksum((C_Block *)buf,(C_Block *)cksum,
+                                        (long)len,ks,(C_Block *)cksum);
+                                if (!eflag)
+                                        {
+                                        if (feof(DES_IN)) break;
+                                        else continue;
+                                        }
+                                }
+                        if (bflag && !flag3)
+                                for (i=0; i<l; i+=8)
+                                        des_ecb_encrypt(
+                                                (des_cblock *)&(buf[i]),
+                                                (des_cblock *)&(obuf[i]),
+                                                ks,do_encrypt);
+                        else if (flag3 && bflag)
+                                for (i=0; i<l; i+=8)
+                                        des_ecb2_encrypt(
+                                                (des_cblock *)&(buf[i]),
+                                                (des_cblock *)&(obuf[i]),
+                                                ks,ks2,do_encrypt);
+                        else if (flag3 && !bflag)
+                                {
+                                char tmpbuf[8];
+                                if (rem) memcpy(tmpbuf,&(buf[l]),
+                                        (unsigned int)rem);
+                                des_3cbc_encrypt(
+                                        (des_cblock *)buf,(des_cblock *)obuf,
+                                        (long)l,ks,ks2,(des_cblock *)iv,
+                                        (des_cblock *)iv2,do_encrypt);
+                                if (rem) memcpy(&(buf[l]),tmpbuf,
+                                        (unsigned int)rem);
+                                }
+                        else
+                                {
+                                des_cbc_encrypt(
+                                        (des_cblock *)buf,(des_cblock *)obuf,
+                                        (long)l,ks,(des_cblock *)iv,do_encrypt);
+                                if (l >= 8) memcpy(iv,&(obuf[l-8]),8);
+                                }
+                        if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);
+                        i=0;
+                        while (i < l)
+                                {
+                                if (uflag)
+                                        j=uufwrite(obuf,1,(unsigned int)l-i,
+                                                DES_OUT);
+                                else
+                                        j=fwrite(obuf,1,(unsigned int)l-i,
+                                                DES_OUT);
+                                if (j == -1)
+                                        {
+                                        perror("Write error");
+                                        Exit=7;
+                                        goto problems;
+                                        }
+                                i+=j;
+                                }
+                        if (feof(DES_IN))
+                                {
+                                if (uflag) uufwriteEnd(DES_OUT);
+                                break;
+                                }
+                        }
+                }
+        else /* decrypt */
+                {
+                ex=1;
+                for (;;)
+                        {
+                        if (ex) {
+                                if (uflag)
+                                        l=uufread(buf,1,BUFSIZE,DES_IN);
+                                else
+                                        l=fread(buf,1,BUFSIZE,DES_IN);
+                                ex=0;
+                                rem=l%8;
+                                l-=rem;
+                                }
+                        if (l < 0)
+                                {
+                                perror("read error");
+                                Exit=6;
+                                goto problems;
+                                }
+                        if (bflag && !flag3)
+                                for (i=0; i<l; i+=8)
+                                        des_ecb_encrypt(
+                                                (des_cblock *)&(buf[i]),
+                                                (des_cblock *)&(obuf[i]),
+                                                ks,do_encrypt);
+                        else if (flag3 && bflag)
+                                for (i=0; i<l; i+=8)
+                                        des_ecb2_encrypt(
+                                                (des_cblock *)&(buf[i]),
+                                                (des_cblock *)&(obuf[i]),
+                                                ks,ks2,do_encrypt);
+                        else if (flag3 && !bflag)
+                                {
+                                des_3cbc_encrypt(
+                                        (des_cblock *)buf,(des_cblock *)obuf,
+                                        (long)l,ks,ks2,(des_cblock *)iv,
+                                        (des_cblock *)iv2,do_encrypt);
+                                }
+                        else
+                                {
+                                des_cbc_encrypt(
+                                        (des_cblock *)buf,(des_cblock *)obuf,
+                                        (long)l,ks,(des_cblock *)iv,do_encrypt);
+                                if (l >= 8) memcpy(iv,&(buf[l-8]),8);
+                                }
+                        if (uflag)
+                                ll=uufread(&(buf[rem]),1,BUFSIZE,DES_IN);
+                        else
+                                ll=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+                        ll+=rem;
+                        rem=ll%8;
+                        ll-=rem;
+                        if (feof(DES_IN) && (ll == 0))
+                                {
+                                last=obuf[l-1];
+                                if ((last > 7) || (last < 0))
+                                        {
+                                        fputs("The file was not decrypted correctly.\n",
+                                                stderr);
+                                        Exit=8;
+                                        last=0;
+                                        }
+                                l=l-8+last;
+                                }
+                        i=0;
+                        if (cflag) des_cbc_cksum((C_Block *)obuf,
+                                (C_Block *)cksum,(long)l/8*8,ks,
+                                (C_Block *)cksum);
+                        while (i != l)
+                                {
+                                j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);
+                                if (j == -1)
+                                        {
+                                        perror("Write error");
+                                        Exit=7;
+                                        goto problems;
+                                        }
+                                i+=j;
+                                }
+                        l=ll;
+                        if ((l == 0) && feof(DES_IN)) break;
+                        }
+                }
+        if (cflag)
+                {
+                l=0;
+                if (cksumname[0] != '\0')
+                        {
+                        if ((O=fopen(cksumname,"w")) != NULL)
+                                {
+                                CKSUM_OUT=O;
+                                l=1;
+                                }
+                        }
+                for (i=0; i<8; i++)
+                        fprintf(CKSUM_OUT,"%02X",cksum[i]);
+                fprintf(CKSUM_OUT,"\n");
+                if (l) fclose(CKSUM_OUT);
+                }
+problems:
+        memset(buf,0,sizeof(buf));
+        memset(obuf,0,sizeof(obuf));
+        memset(ks,0,sizeof(ks));
+        memset(ks2,0,sizeof(ks2));
+        memset(iv,0,sizeof(iv));
+        memset(iv2,0,sizeof(iv2));
+        memset(kk,0,sizeof(kk));
+        memset(k2,0,sizeof(k2));
+        memset(uubuf,0,sizeof(uubuf));
+        memset(b,0,sizeof(b));
+        memset(bb,0,sizeof(bb));
+        memset(cksum,0,sizeof(cksum));
+        if (Exit) EXIT(Exit);
+        }
+int uufwrite(data, size, num, fp)
+unsigned char *data;
+int size;
+unsigned int num;
+FILE *fp;
+      
+     /* We ignore this parameter but it should be > ~50 I believe */
+   
+    
+        {
+        int i,j,left,rem,ret=num;
+        static int start=1;
+        if (start)
+                {
+                fprintf(fp,"begin 600 %s\n",
+                        (uuname[0] == '\0')?"text.d":uuname);
+                start=0;
+                }
+        if (uubufnum)
+                {
+                if (uubufnum+num < 45)
+                        {
+                        memcpy(&(uubuf[uubufnum]),data,(unsigned int)num);
+                        uubufnum+=num;
+                        return(num);
+                        }
+                else
+                        {
+                        i=45-uubufnum;
+                        memcpy(&(uubuf[uubufnum]),data,(unsigned int)i);
+                        j=uuencode((unsigned char *)uubuf,45,b);
+                        fwrite(b,1,(unsigned int)j,fp);
+                        uubufnum=0;
+                        data+=i;
+                        num-=i;
+                        }
+                }
+        for (i=0; i<(((int)num)-INUUBUFN); i+=INUUBUFN)
+                {
+                j=uuencode(&(data[i]),INUUBUFN,b);
+                fwrite(b,1,(unsigned int)j,fp);
+                }
+        rem=(num-i)%45;
+        left=(num-i-rem);
+        if (left)
+                {
+                j=uuencode(&(data[i]),left,b);
+                fwrite(b,1,(unsigned int)j,fp);
+                i+=left;
+                }
+        if (i != num)
+                {
+                memcpy(uubuf,&(data[i]),(unsigned int)rem);
+                uubufnum=rem;
+                }
+        return(ret);
+        }
+void uufwriteEnd(fp)
+FILE *fp;
+        {
+        int j;
+        static const char *end=" \nend\n";
+        if (uubufnum != 0)
+                {
+                uubuf[uubufnum]='\0';
+                uubuf[uubufnum+1]='\0';
+                uubuf[uubufnum+2]='\0';
+                j=uuencode(uubuf,uubufnum,b);
+                fwrite(b,1,(unsigned int)j,fp);
+                }
+        fwrite(end,1,strlen(end),fp);
+        }
+int uufread(out, size, num, fp)
+unsigned char *out;
+int size; /* should always be > ~ 60; I actually ignore this parameter :-) */
+unsigned int num;
+FILE *fp;
+        {
+        int i,j,tot;
+        static int done=0;
+        static int valid=0;
+        static int start=1;
+        if (start)
+                {
+                for (;;)
+                        {
+                        b[0]='\0';
+                        fgets((char *)b,300,fp);
+                        if (b[0] == '\0')
+                                {
+                                fprintf(stderr,"no 'begin' found in uuencoded input\n");
+                                return(-1);
+                                }
+                        if (strncmp((char *)b,"begin ",6) == 0) break;
+                        }
+                start=0;
+                }
+        if (done) return(0);
+        tot=0;
+        if (valid)
+                {
+                memcpy(out,bb,(unsigned int)valid);
+                tot=valid;
+                valid=0;
+                }
+        for (;;)
+                {
+                b[0]='\0';
+                fgets((char *)b,300,fp);
+                if (b[0] == '\0') break;
+                i=strlen((char *)b);
+                if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd'))
+                        {
+                        done=1;
+                        while (!feof(fp))
+                                {
+                                fgets((char *)b,300,fp);
+                                }
+                        break;
+                        }
+                i=uudecode(b,i,bb);
+                if (i < 0) break;
+                if ((i+tot+8) > num)
+                        {
+                        /* num to copy to make it a multiple of 8 */
+                        j=(num/8*8)-tot-8;
+                        memcpy(&(out[tot]),bb,(unsigned int)j);
+                        tot+=j;
+                        memcpy(bb,&(bb[j]),(unsigned int)i-j);
+                        valid=i-j;
+                        break;
+                        }
+                memcpy(&(out[tot]),bb,(unsigned int)i);
+                tot+=i;
+                }
+        return(tot);
+        }
+#define ccc2l(c,l)      (l =((DES_LONG)(*((c)++)))<<16, \
+                         l|=((DES_LONG)(*((c)++)))<< 8, \
+                         l|=((DES_LONG)(*((c)++))))
+#define l2ccc(l,c)      (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                    *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                    *((c)++)=(unsigned char)(((l)    )&0xff))
+int uuencode(in, num, out)
+unsigned char *in;
+int num;
+unsigned char *out;
+        {
+        int j,i,n,tot=0;
+        DES_LONG l;
+        register unsigned char *p;
+        p=out;
+        for (j=0; j<num; j+=45)
+                {
+                if (j+45 > num)
+                        i=(num-j);
+                else    i=45;
+                *(p++)=i+' ';
+                for (n=0; n<i; n+=3)
+                        {
+                        ccc2l(in,l);
+                        *(p++)=((l>>18)&0x3f)+' ';
+                        *(p++)=((l>>12)&0x3f)+' ';
+                        *(p++)=((l>> 6)&0x3f)+' ';
+                        *(p++)=((l    )&0x3f)+' ';
+                        tot+=4;
+                        }
+                *(p++)='\n';
+                tot+=2;
+                }
+        *p='\0';
+        l=0;
+        return(tot);
+        }
+int uudecode(in, num, out)
+unsigned char *in;
+int num;
+unsigned char *out;
+        {
+        int j,i,k;
+        unsigned int n=0,space=0;
+        DES_LONG l;
+        DES_LONG w,x,y,z;
+        unsigned int blank=(unsigned int)'\n'-' ';
+        for (j=0; j<num; )
+                {
+                n= *(in++)-' ';
+                if (n == blank)
+                        {
+                        n=0;
+                        in--;
+                        }
+                if (n > 60)
+                        {
+                        fprintf(stderr,"uuencoded line length too long\n");
+                        return(-1);
+                        }
+                j++;
+                for (i=0; i<n; j+=4,i+=3)
+                        {
+                        /* the following is for cases where spaces are
+                         * removed from lines.
+                         */
+                        if (space)
+                                {
+                                w=x=y=z=0;
+                                }
+                        else
+                                {
+                                w= *(in++)-' ';
+                                x= *(in++)-' ';
+                                y= *(in++)-' ';
+                                z= *(in++)-' ';
+                                }
+                        if ((w > 63) || (x > 63) || (y > 63) || (z > 63))
+                                {
+                                k=0;
+                                if (w == blank) k=1;
+                                if (x == blank) k=2;
+                                if (y == blank) k=3;
+                                if (z == blank) k=4;
+                                space=1;
+                                switch (k) {
+                                case 1: w=0; in--;
+                                case 2: x=0; in--;
+                                case 3: y=0; in--;
+                                case 4: z=0; in--;
+                                        break;
+                                case 0:
+                                        space=0;
+                                        fprintf(stderr,"bad uuencoded data values\n");
+                                        w=x=y=z=0;
+                                        return(-1);
+                                        break;
+                                        }
+                                }
+                        l=(w<<18)|(x<<12)|(y<< 6)|(z    );
+                        l2ccc(l,out);
+                        }
+                if (*(in++) != '\n')
+                        {
+                        fprintf(stderr,"missing nl in uuencoded line\n");
+                        w=x=y=z=0;
+                        return(-1);
+                        }
+                j++;
+                }
+        *out='\0';
+        w=x=y=z=0;
+        return(n);
+        }
diff --git a/src/lib/libcrypto/des/des3s.cpp b/src/lib/libcrypto/des/des3s.cpp
new file mode 100644
index 0000000000..9aff6494d9
--- /dev/null
+++ b/src/lib/libcrypto/des/des3s.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "des.h"
+void main(int argc,char *argv[])
+        {
+        des_key_schedule key1,key2,key3;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(s1);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(e2);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        }
+                printf("des %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libcrypto/des/des_opts.c b/src/lib/libcrypto/des/des_opts.c
new file mode 100644
index 0000000000..fdf0fbf461
--- /dev/null
+++ b/src/lib/libcrypto/des/des_opts.c
@@ -0,0 +1,620 @@
+/* crypto/des/des_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern void exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "des.h"
+#include "spr.h"
+#define DES_DEFAULT_OPTIONS
+#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4)
+#define PART1
+#define PART2
+#define PART3
+#define PART4
+#endif
+#ifdef PART1
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#define des_encrypt  des_encrypt_u4_cisc_idx
+#define des_encrypt2 des_encrypt2_u4_cisc_idx
+#define des_encrypt3 des_encrypt3_u4_cisc_idx
+#define des_decrypt3 des_decrypt3_u4_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_cisc_idx
+#define des_encrypt2 des_encrypt2_u16_cisc_idx
+#define des_encrypt3 des_encrypt3_u16_cisc_idx
+#define des_decrypt3 des_decrypt3_u16_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc1_idx
+#define des_encrypt2 des_encrypt2_u4_risc1_idx
+#define des_encrypt3 des_encrypt3_u4_risc1_idx
+#define des_decrypt3 des_decrypt3_u4_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#endif
+#ifdef PART2
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc2_idx
+#define des_encrypt2 des_encrypt2_u4_risc2_idx
+#define des_encrypt3 des_encrypt3_u4_risc2_idx
+#define des_decrypt3 des_decrypt3_u4_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc1_idx
+#define des_encrypt2 des_encrypt2_u16_risc1_idx
+#define des_encrypt3 des_encrypt3_u16_risc1_idx
+#define des_decrypt3 des_decrypt3_u16_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc2_idx
+#define des_encrypt2 des_encrypt2_u16_risc2_idx
+#define des_encrypt3 des_encrypt3_u16_risc2_idx
+#define des_decrypt3 des_decrypt3_u16_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#endif
+#ifdef PART3
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_cisc_ptr
+#define des_encrypt2 des_encrypt2_u4_cisc_ptr
+#define des_encrypt3 des_encrypt3_u4_cisc_ptr
+#define des_decrypt3 des_decrypt3_u4_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_cisc_ptr
+#define des_encrypt2 des_encrypt2_u16_cisc_ptr
+#define des_encrypt3 des_encrypt3_u16_cisc_ptr
+#define des_decrypt3 des_decrypt3_u16_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc1_ptr
+#define des_encrypt2 des_encrypt2_u4_risc1_ptr
+#define des_encrypt3 des_encrypt3_u4_risc1_ptr
+#define des_decrypt3 des_decrypt3_u4_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#endif
+#ifdef PART4
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc2_ptr
+#define des_encrypt2 des_encrypt2_u4_risc2_ptr
+#define des_encrypt3 des_encrypt3_u4_risc2_ptr
+#define des_decrypt3 des_decrypt3_u4_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc1_ptr
+#define des_encrypt2 des_encrypt2_u16_risc1_ptr
+#define des_encrypt3 des_encrypt3_u16_risc1_ptr
+#define des_decrypt3 des_decrypt3_u16_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc2_ptr
+#define des_encrypt2 des_encrypt2_u16_risc2_ptr
+#define des_encrypt3 des_encrypt3_u16_risc2_ptr
+#define des_decrypt3 des_decrypt3_u16_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#endif
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+        
+#define time_it(func,name,index) \
+        print_name(name); \
+        Time_F(START); \
+        for (count=0,run=1; COND(cb); count++) \
+                { \
+                unsigned long d[2]; \
+                func(d,&(sch[0]),DES_ENCRYPT); \
+                } \
+        tm[index]=Time_F(STOP); \
+        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+        tm[index]=((double)COUNT(cb))/tm[index];
+#define print_it(name,index) \
+        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+                tm[index]*8,1.0e6/tm[index]);
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+        static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+        des_key_schedule sch,sch2,sch3;
+        double d,tm[16],max=0;
+        int rank[16];
+        char *str[16];
+        int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+        long ca,cb,cc,cd,ce;
+#endif
+        for (i=0; i<12; i++)
+                {
+                tm[i]=0.0;
+                rank[i]=0;
+                }
+#ifndef TIMES
+        fprintf(stderr,"To get the most acurate results, try to run this\n");
+        fprintf(stderr,"program when this computer is idle.\n");
+#endif
+        des_set_key((C_Block *)key,sch);
+        des_set_key((C_Block *)key2,sch2);
+        des_set_key((C_Block *)key3,sch3);
+#ifndef SIGALRM
+        fprintf(stderr,"First we calculate the approximate speed ...\n");
+        des_set_key((C_Block *)key,sch);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+        ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+#ifdef PART1
+        time_it(des_encrypt_u4_cisc_idx,  "des_encrypt_u4_cisc_idx  ", 0);
+        time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1);
+        time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2);
+        num+=3;
+#endif
+#ifdef PART2
+        time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3);
+        time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4);
+        time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5);
+        num+=3;
+#endif
+#ifdef PART3
+        time_it(des_encrypt_u4_cisc_ptr,  "des_encrypt_u4_cisc_ptr  ", 6);
+        time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7);
+        time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8);
+        num+=3;
+#endif
+#ifdef PART4
+        time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9);
+        time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10);
+        time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11);
+        num+=3;
+#endif
+#ifdef PART1
+        str[0]=" 4  c i";
+        print_it("des_encrypt_u4_cisc_idx  ",0);
+        max=tm[0];
+        max_idx=0;
+        str[1]="16  c i";
+        print_it("des_encrypt_u16_cisc_idx ",1);
+        if (max < tm[1]) { max=tm[1]; max_idx=1; }
+        str[2]=" 4 r1 i";
+        print_it("des_encrypt_u4_risc1_idx ",2);
+        if (max < tm[2]) { max=tm[2]; max_idx=2; }
+#endif
+#ifdef PART2
+        str[3]="16 r1 i";
+        print_it("des_encrypt_u16_risc1_idx",3);
+        if (max < tm[3]) { max=tm[3]; max_idx=3; }
+        str[4]=" 4 r2 i";
+        print_it("des_encrypt_u4_risc2_idx ",4);
+        if (max < tm[4]) { max=tm[4]; max_idx=4; }
+        str[5]="16 r2 i";
+        print_it("des_encrypt_u16_risc2_idx",5);
+        if (max < tm[5]) { max=tm[5]; max_idx=5; }
+#endif
+#ifdef PART3
+        str[6]=" 4  c p";
+        print_it("des_encrypt_u4_cisc_ptr  ",6);
+        if (max < tm[6]) { max=tm[6]; max_idx=6; }
+        str[7]="16  c p";
+        print_it("des_encrypt_u16_cisc_ptr ",7);
+        if (max < tm[7]) { max=tm[7]; max_idx=7; }
+        str[8]=" 4 r1 p";
+        print_it("des_encrypt_u4_risc1_ptr ",8);
+        if (max < tm[8]) { max=tm[8]; max_idx=8; }
+#endif
+#ifdef PART4
+        str[9]="16 r1 p";
+        print_it("des_encrypt_u16_risc1_ptr",9);
+        if (max < tm[9]) { max=tm[9]; max_idx=9; }
+        str[10]=" 4 r2 p";
+        print_it("des_encrypt_u4_risc2_ptr ",10);
+        if (max < tm[10]) { max=tm[10]; max_idx=10; }
+        str[11]="16 r2 p";
+        print_it("des_encrypt_u16_risc2_ptr",11);
+        if (max < tm[11]) { max=tm[11]; max_idx=11; }
+#endif
+        printf("options    des ecb/s\n");
+        printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+        d=tm[max_idx];
+        tm[max_idx]= -2.0;
+        max= -1.0;
+        for (;;)
+                {
+                for (i=0; i<12; i++)
+                        {
+                        if (max < tm[i]) { max=tm[i]; j=i; }
+                        }
+                if (max < 0.0) break;
+                printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+                tm[j]= -2.0;
+                max= -1.0;
+                }
+        switch (max_idx)
+                {
+        case 0:
+                printf("-DDES_DEFAULT_OPTIONS\n");
+                break;
+        case 1:
+                printf("-DDES_UNROLL\n");
+                break;
+        case 2:
+                printf("-DDES_RISC1\n");
+                break;
+        case 3:
+                printf("-DDES_UNROLL -DDES_RISC1\n");
+                break;
+        case 4:
+                printf("-DDES_RISC2\n");
+                break;
+        case 5:
+                printf("-DDES_UNROLL -DDES_RISC2\n");
+                break;
+        case 6:
+                printf("-DDES_PTR\n");
+                break;
+        case 7:
+                printf("-DDES_UNROLL -DDES_PTR\n");
+                break;
+        case 8:
+                printf("-DDES_RISC1 -DDES_PTR\n");
+                break;
+        case 9:
+                printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n");
+                break;
+        case 10:
+                printf("-DDES_RISC2 -DDES_PTR\n");
+                break;
+        case 11:
+                printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n");
+                break;
+                }
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/des/des_ver.h b/src/lib/libcrypto/des/des_ver.h
new file mode 100644
index 0000000000..7041a9271d
--- /dev/null
+++ b/src/lib/libcrypto/des/des_ver.h
@@ -0,0 +1,60 @@
+/* crypto/des/des_ver.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+extern char *DES_version;       /* SSLeay version string */
+extern char *libdes_version;    /* old libdes version string */
diff --git a/src/lib/libcrypto/des/dess.cpp b/src/lib/libcrypto/des/dess.cpp
new file mode 100644
index 0000000000..7fb5987314
--- /dev/null
+++ b/src/lib/libcrypto/des/dess.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "des.h"
+void main(int argc,char *argv[])
+        {
+        des_key_schedule key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        des_encrypt(&data[0],key,1);
+                        GetTSC(s1);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        GetTSC(e2);
+                        des_encrypt(&data[0],key,1);
+                        }
+                printf("des %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libcrypto/des/destest.c b/src/lib/libcrypto/des/destest.c
new file mode 100644
index 0000000000..620c13ba6f
--- /dev/null
+++ b/src/lib/libcrypto/des/destest.c
@@ -0,0 +1,882 @@
+/* crypto/des/destest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#if defined(WIN32) || defined(WIN16) || defined(WINDOWS)
+#ifndef MSDOS
+#define MSDOS
+#endif
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+#endif
+#include <string.h>
+#include "des.h"
+/* tisk tisk - the test keys don't all have odd parity :-( */
+/* test data */
+#define NUM_TESTS 34
+static unsigned char key_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+        {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+        {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+        {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+        {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+        {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+        {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+        {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+        {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+        {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+        {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+        {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+        {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+        {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+        {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+        {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+        {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+        {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+        {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+        {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+        {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+        {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+        {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+static unsigned char plain_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+        {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+        {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+        {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+        {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+        {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+        {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+        {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+        {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+        {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+        {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+        {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+        {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+        {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+        {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+        {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+        {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+        {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+        {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+static unsigned char cipher_data[NUM_TESTS][8]={
+        {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+        {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
+        {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
+        {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
+        {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
+        {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
+        {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+        {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
+        {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
+        {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
+        {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
+        {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
+        {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
+        {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
+        {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
+        {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
+        {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
+        {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
+        {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
+        {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
+        {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
+        {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
+        {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
+        {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
+        {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
+        {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
+        {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
+        {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
+        {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
+        {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
+        {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
+        {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
+        {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
+        {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
+static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
+        {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
+        {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
+        {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
+        {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
+        {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
+        {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
+        {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
+        {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
+        {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
+        {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
+        {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
+        {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
+        {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
+        {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
+        {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
+        {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
+        {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
+        {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
+        {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
+        {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
+        {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
+        {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
+        {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
+        {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
+        {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
+        {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
+        {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
+        {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
+        {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
+        {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
+        {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
+        {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
+        {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
+static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static unsigned char cbc_iv  [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+/* Changed the following text constant to binary so it will work on ebcdic
+ * machines :-) */
+/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
+static char cbc_data[40]={
+        0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
+        0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
+        0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        };
+static unsigned char cbc_ok[32]={
+        0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+        0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
+        0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
+        0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+static unsigned char xcbc_ok[32]={
+        0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
+        0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
+        0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
+        0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
+        };
+static unsigned char cbc3_ok[32]={
+        0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
+        0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
+        0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
+        0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
+static unsigned char pcbc_ok[32]={
+        0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+        0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
+        0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
+        0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
+static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+static unsigned char plain[24]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher8[24]= {
+        0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
+        0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
+static unsigned char cfb_cipher16[24]={
+        0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
+        0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
+static unsigned char cfb_cipher32[24]={
+        0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
+        0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
+static unsigned char cfb_cipher48[24]={
+        0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
+        0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
+static unsigned char cfb_cipher64[24]={
+        0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
+        0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
+static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
+static unsigned char ofb_cipher[24]=
+        {
+        0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
+        0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
+        0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
+        };
+DES_LONG cbc_cksum_ret=0xB462FEF7L;
+unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+#ifndef NOPROTO
+static char *pt(unsigned char *p);
+static int cfb_test(int bits, unsigned char *cfb_cipher);
+static int cfb64_test(unsigned char *cfb_cipher);
+static int ede_cfb64_test(unsigned char *cfb_cipher);
+#else
+static char *pt();
+static int cfb_test();
+static int cfb64_test();
+static int ede_cfb64_test();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,j,err=0;
+        des_cblock in,out,outin,iv3;
+        des_key_schedule ks,ks2,ks3;
+        unsigned char cbc_in[40];
+        unsigned char cbc_out[40];
+        DES_LONG cs;
+        unsigned char qret[4][4],cret[8];
+        DES_LONG lqret[4];
+        int num;
+        char *str;
+        printf("Doing ecb\n");
+        for (i=0; i<NUM_TESTS; i++)
+                {
+                if ((j=des_key_sched((C_Block *)(key_data[i]),ks)) != 0)
+                        {
+                        printf("Key error %2d:%d\n",i+1,j);
+                        err=1;
+                        }
+                memcpy(in,plain_data[i],8);
+                memset(out,0,8);
+                memset(outin,0,8);
+                des_ecb_encrypt((C_Block *)in,(C_Block *)out,ks,DES_ENCRYPT);
+                des_ecb_encrypt((C_Block *)out,(C_Block *)outin,ks,DES_DECRYPT);
+                if (memcmp(out,cipher_data[i],8) != 0)
+                        {
+                        printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
+                                pt(out));
+                        err=1;
+                        }
+                if (memcmp(in,outin,8) != 0)
+                        {
+                        printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
+                        err=1;
+                        }
+                }
+#ifndef LIBDES_LIT
+        printf("Doing ede ecb\n");
+        for (i=0; i<(NUM_TESTS-1); i++)
+                {
+                if ((j=des_key_sched((C_Block *)(key_data[i]),ks)) != 0)
+                        {
+                        err=1;
+                        printf("Key error %2d:%d\n",i+1,j);
+                        }
+                if ((j=des_key_sched((C_Block *)(key_data[i+1]),ks2)) != 0)
+                        {
+                        printf("Key error %2d:%d\n",i+2,j);
+                        err=1;
+                        }
+                if ((j=des_key_sched((C_Block *)(key_data[i+2]),ks3)) != 0)
+                        {
+                        printf("Key error %2d:%d\n",i+3,j);
+                        err=1;
+                        }
+                memcpy(in,plain_data[i],8);
+                memset(out,0,8);
+                memset(outin,0,8);
+                des_ecb2_encrypt((C_Block *)in,(C_Block *)out,ks,ks2,
+                        DES_ENCRYPT);
+                des_ecb2_encrypt((C_Block *)out,(C_Block *)outin,ks,ks2,
+                        DES_DECRYPT);
+                if (memcmp(out,cipher_ecb2[i],8) != 0)
+                        {
+                        printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
+                                pt(out));
+                        err=1;
+                        }
+                if (memcmp(in,outin,8) != 0)
+                        {
+                        printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
+                        err=1;
+                        }
+                }
+#endif
+        printf("Doing cbc\n");
+        if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ncbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
+                (long)strlen((char *)cbc_data)+1,ks,
+                (C_Block *)iv3,DES_ENCRYPT);
+        if (memcmp(cbc_out,cbc_ok,32) != 0)
+                printf("cbc_encrypt encrypt error\n");
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
+                (long)strlen((char *)cbc_data)+1,ks,
+                (C_Block *)iv3,DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
+                {
+                printf("cbc_encrypt decrypt error\n");
+                err=1;
+                }
+#ifndef LIBDES_LIT
+        printf("Doing desx cbc\n");
+        if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_xcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
+                (long)strlen((char *)cbc_data)+1,ks,
+                (C_Block *)iv3,
+                (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_ENCRYPT);
+        if (memcmp(cbc_out,xcbc_ok,32) != 0)
+                {
+                printf("des_xcbc_encrypt encrypt error\n");
+                }
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_xcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
+                (long)strlen((char *)cbc_data)+1,ks,
+                (C_Block *)iv3,
+                (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+                {
+                printf("des_xcbc_encrypt decrypt error\n");
+                err=1;
+                }
+#endif
+        printf("Doing ede cbc\n");
+        if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        if ((j=des_key_sched((C_Block *)cbc2_key,ks2)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        if ((j=des_key_sched((C_Block *)cbc3_key,ks3)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        i=strlen((char *)cbc_data)+1;
+        /* i=((i+7)/8)*8; */
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ede3_cbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
+                16L,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT);
+        des_ede3_cbc_encrypt((C_Block *)&(cbc_data[16]),
+                (C_Block *)&(cbc_out[16]),
+                (long)i-16,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT);
+        if (memcmp(cbc_out,cbc3_ok,
+                (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+                {
+                printf("des_ede3_cbc_encrypt encrypt error\n");
+                err=1;
+                }
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ede3_cbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
+                (long)i,ks,ks2,ks3,(C_Block *)iv3,DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+                {
+                printf("des_ede3_cbc_encrypt decrypt error\n");
+                err=1;
+                }
+#ifndef LIBDES_LIT
+        printf("Doing pcbc\n");
+        if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        des_pcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
+                (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_ENCRYPT);
+        if (memcmp(cbc_out,pcbc_ok,32) != 0)
+                {
+                printf("pcbc_encrypt encrypt error\n");
+                err=1;
+                }
+        des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
+                (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+                {
+                printf("pcbc_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("Doing ");
+        printf("cfb8 ");
+        err+=cfb_test(8,cfb_cipher8);
+        printf("cfb16 ");
+        err+=cfb_test(16,cfb_cipher16);
+        printf("cfb32 ");
+        err+=cfb_test(32,cfb_cipher32);
+        printf("cfb48 ");
+        err+=cfb_test(48,cfb_cipher48);
+        printf("cfb64 ");
+        err+=cfb_test(64,cfb_cipher64);
+        printf("cfb64() ");
+        err+=cfb64_test(cfb_cipher64);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        for (i=0; i<sizeof(plain); i++)
+                des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
+                        8,(long)1,ks,(C_Block *)cfb_tmp,DES_ENCRYPT);
+        if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
+                {
+                printf("cfb_encrypt small encrypt error\n");
+                err=1;
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        for (i=0; i<sizeof(plain); i++)
+                des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
+                        8,(long)1,ks,(C_Block *)cfb_tmp,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                printf("cfb_encrypt small decrypt error\n");
+                err=1;
+                }
+        printf("ede_cfb64() ");
+        err+=ede_cfb64_test(cfb_cipher64);
+        printf("done\n");
+        printf("Doing ofb\n");
+        des_key_sched((C_Block *)ofb_key,ks);
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        des_ofb_encrypt(plain,ofb_buf1,64,(long)sizeof(plain)/8,ks,
+                (C_Block *)ofb_tmp);
+        if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+                {
+                printf("ofb_encrypt encrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
+ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
+ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
+                err=1;
+                }
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        des_ofb_encrypt(ofb_buf1,ofb_buf2,64,(long)sizeof(ofb_buf1)/8,ks,
+                (C_Block *)ofb_tmp);
+        if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+                {
+                printf("ofb_encrypt decrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
+ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+plain[8+0], plain[8+1], plain[8+2], plain[8+3],
+plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
+                err=1;
+                }
+        printf("Doing ofb64\n");
+        des_key_sched((C_Block *)ofb_key,ks);
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        memset(ofb_buf1,0,sizeof(ofb_buf1));
+        memset(ofb_buf2,0,sizeof(ofb_buf1));
+        num=0;
+        for (i=0; i<sizeof(plain); i++)
+                {
+                des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,
+                        (C_Block *)ofb_tmp,&num);
+                }
+        if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+                {
+                printf("ofb64_encrypt encrypt error\n");
+                err=1;
+                }
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        num=0;
+        des_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
+                (C_Block *)ofb_tmp,&num);
+        if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+                {
+                printf("ofb64_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("Doing ede_ofb64\n");
+        des_key_sched((C_Block *)ofb_key,ks);
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        memset(ofb_buf1,0,sizeof(ofb_buf1));
+        memset(ofb_buf2,0,sizeof(ofb_buf1));
+        num=0;
+        for (i=0; i<sizeof(plain); i++)
+                {
+                des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks,
+                        (C_Block *)ofb_tmp,&num);
+                }
+        if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+                {
+                printf("ede_ofb64_encrypt encrypt error\n");
+                err=1;
+                }
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        num=0;
+        des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
+                ks,ks,(C_Block *)ofb_tmp,&num);
+        if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+                {
+                printf("ede_ofb64_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("Doing cbc_cksum\n");
+        des_key_sched((C_Block *)cbc_key,ks);
+        cs=des_cbc_cksum((C_Block *)cbc_data,(C_Block *)cret,
+                (long)strlen(cbc_data),ks,(C_Block *)cbc_iv);
+        if (cs != cbc_cksum_ret)
+                {
+                printf("bad return value (%08lX), should be %08lX\n",
+                        (unsigned long)cs,(unsigned long)cbc_cksum_ret);
+                err=1;
+                }
+        if (memcmp(cret,cbc_cksum_data,8) != 0)
+                {
+                printf("bad cbc_cksum block returned\n");
+                err=1;
+                }
+        printf("Doing quad_cksum\n");
+        cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret,
+                (long)strlen(cbc_data),2,(C_Block *)cbc_iv);
+        j=sizeof(lqret[0])-4;
+        for (i=0; i<4; i++)
+                {
+                lqret[i]=0;
+                memcpy(&(lqret[i]),&(qret[i][0]),4);
+                if (j > 0) lqret[i]=lqret[i]>>(j*8); /* For Cray */
+                }
+        { /* Big-endian fix */
+        static DES_LONG l=1;
+        static unsigned char *c=(unsigned char *)&l;
+        DES_LONG ll;
+        if (!c[0])
+                {
+                ll=lqret[0]^lqret[3];
+                lqret[0]^=ll;
+                lqret[3]^=ll;
+                ll=lqret[1]^lqret[2];
+                lqret[1]^=ll;
+                lqret[2]^=ll;
+                }
+        }
+        if (cs != 0x70d7a63aL)
+                {
+                printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
+                        (unsigned long)cs);
+                err=1;
+                }
+        if (lqret[0] != 0x327eba8dL)
+                {
+                printf("quad_cksum error, out[0] %08lx is not %08lx\n",
+                        (unsigned long)lqret[0],0x327eba8dL);
+                err=1;
+                }
+        if (lqret[1] != 0x201a49ccL)
+                {
+                printf("quad_cksum error, out[1] %08lx is not %08lx\n",
+                        (unsigned long)lqret[1],0x201a49ccL);
+                err=1;
+                }
+        if (lqret[2] != 0x70d7a63aL)
+                {
+                printf("quad_cksum error, out[2] %08lx is not %08lx\n",
+                        (unsigned long)lqret[2],0x70d7a63aL);
+                err=1;
+                }
+        if (lqret[3] != 0x501c2c26L)
+                {
+                printf("quad_cksum error, out[3] %08lx is not %08lx\n",
+                        (unsigned long)lqret[3],0x501c2c26L);
+                err=1;
+                }
+#endif
+        printf("input word alignment test");
+        for (i=0; i<4; i++)
+                {
+                printf(" %d",i);
+                des_ncbc_encrypt((C_Block *)&(cbc_out[i]),(C_Block *)cbc_in,
+                        (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
+                        DES_ENCRYPT);
+                }
+        printf("\noutput word alignment test");
+        for (i=0; i<4; i++)
+                {
+                printf(" %d",i);
+                des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)&(cbc_in[i]),
+                        (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
+                        DES_ENCRYPT);
+                }
+        printf("\n");
+        printf("fast crypt test ");
+        str=crypt("testing","ef");
+        if (strcmp("efGnQx2725bI2",str) != 0)
+                {
+                printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
+                err=1;
+                }
+        str=crypt("bca76;23","yA");
+        if (strcmp("yA1Rp/1hZXIJk",str) != 0)
+                {
+                printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
+                err=1;
+                }
+        printf("\n");
+        exit(err);
+        return(0);
+        }
+static char *pt(p)
+unsigned char *p;
+        {
+        static char bufs[10][20];
+        static int bnum=0;
+        char *ret;
+        int i;
+        static char *f="0123456789ABCDEF";
+        ret= &(bufs[bnum++][0]);
+        bnum%=10;
+        for (i=0; i<8; i++)
+                {
+                ret[i*2]=f[(p[i]>>4)&0xf];
+                ret[i*2+1]=f[p[i]&0xf];
+                }
+        ret[16]='\0';
+        return(ret);
+        }
+#ifndef LIBDES_LIT
+static int cfb_test(bits, cfb_cipher)
+int bits;
+unsigned char *cfb_cipher;
+        {
+        des_key_schedule ks;
+        int i,err=0;
+        des_key_sched((C_Block *)cfb_key,ks);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        des_cfb_encrypt(plain,cfb_buf1,bits,(long)sizeof(plain),ks,
+                (C_Block *)cfb_tmp,DES_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt encrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,(long)sizeof(plain),ks,
+                (C_Block *)cfb_tmp,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        return(err);
+        }
+static int cfb64_test(cfb_cipher)
+unsigned char *cfb_cipher;
+        {
+        des_key_schedule ks;
+        int err=0,i,n;
+        des_key_sched((C_Block *)cfb_key,ks);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,
+                (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+        des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)sizeof(plain)-12,ks,
+                (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt encrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,
+                (C_Block *)cfb_tmp,&n,DES_DECRYPT);
+        des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                (long)sizeof(plain)-17,ks,
+                (C_Block *)cfb_tmp,&n,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+static int ede_cfb64_test(cfb_cipher)
+unsigned char *cfb_cipher;
+        {
+        des_key_schedule ks;
+        int err=0,i,n;
+        des_key_sched((C_Block *)cfb_key,ks);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_ede3_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,ks,ks,
+                (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+        des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)sizeof(plain)-12,ks,ks,ks,
+                (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("ede_cfb_encrypt encrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
+                (C_Block *)cfb_tmp,&n,DES_DECRYPT);
+        des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                (long)sizeof(plain)-17,ks,ks,ks,
+                (C_Block *)cfb_tmp,&n,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("ede_cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+#endif
diff --git a/src/lib/libcrypto/des/makefile.bc b/src/lib/libcrypto/des/makefile.bc
new file mode 100644
index 0000000000..1fe6d4915a
--- /dev/null
+++ b/src/lib/libcrypto/des/makefile.bc
@@ -0,0 +1,50 @@
+#
+# Origional BC Makefile from Teun <Teun.Nijssen@kub.nl>
+#
+#
+CC      = bcc
+TLIB    = tlib /0 /C
+# note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s
+OPTIMIZE= -3 -O2
+#WINDOWS= -W
+CFLAGS  = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS
+LFLAGS  = -ml $(WINDOWS)
+.c.obj:
+        $(CC) $(CFLAGS) $*.c
+.obj.exe:
+        $(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib  
+all: $(LIB) destest.exe rpw.exe des.exe speed.exe
+# "make clean": use a directory containing only libdes .exe and .obj files...
+clean:
+        del *.exe
+        del *.obj
+        del libdes.lib
+        del libdes.rsp
+OBJS=   cbc_cksm.obj cbc_enc.obj  ecb_enc.obj  pcbc_enc.obj \
+        qud_cksm.obj rand_key.obj set_key.obj  str2key.obj \
+        enc_read.obj enc_writ.obj fcrypt.obj   cfb_enc.obj \
+        ecb3_enc.obj ofb_enc.obj  cbc3_enc.obj read_pwd.obj\
+        cfb64enc.obj ofb64enc.obj ede_enc.obj  cfb64ede.obj\
+        ofb64ede.obj supp.obj
+LIB=    libdes.lib
+$(LIB): $(OBJS)
+        del $(LIB)
+        makersp "+%s &\n" &&|
+        $(OBJS)
+|       >libdes.rsp
+        $(TLIB) libdes.lib @libdes.rsp,nul
+        del libdes.rsp
+destest.exe: destest.obj libdes.lib
+rpw.exe:     rpw.obj libdes.lib
+speed.exe:   speed.obj libdes.lib
+des.exe:     des.obj libdes.lib
diff --git a/src/lib/libcrypto/des/options.txt b/src/lib/libcrypto/des/options.txt
new file mode 100644
index 0000000000..6e2b50f765
--- /dev/null
+++ b/src/lib/libcrypto/des/options.txt
@@ -0,0 +1,39 @@
+Note that the UNROLL option makes the 'inner' des loop unroll all 16 rounds
+instead of the default 4.
+RISC1 and RISC2 are 2 alternatives for the inner loop and
+PTR means to use pointers arithmatic instead of arrays.
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assembler          577,000 4620k/s
+IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR     496,000 3968k/s
+solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1]    459,400 3672k/s
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1       433,000 3468k/s
+solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL              380,000 3041k/s
+linux - pentium 100mhz - gcc 2.7.0 - assembler                  281,000 2250k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - assembler                    281,000 2250k/s
+AIX 4.1? - PPC604 100mhz - cc - UNROLL                          275,000 2200k/s
+IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR          235,300 1882k/s
+IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR                 233,700 1869k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - UNROLL RISC1 PTR             191,000 1528k/s
+DEC Alpha 165mhz??  - cc - RISC2 PTR [2]                        181,000 1448k/s
+linux - pentium 100mhz - gcc 2.7.0 - UNROLL RISC1 PTR           158,500 1268k/s
+HPUX 10 - 9000/887 - cc - UNROLL [3]                            148,000 1190k/s
+solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL             123,600  989k/s
+IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR                 101,000  808k/s
+DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL                       81,000  648k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - assembler                    65,000  522k/s
+HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR      76,000  608k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2                 43,500  344k/s
+AIX - old slow one :-) - cc -                                    39,000  312k/s
+Notes.
+[1] For the ultra sparc, SunC 4.0 
+    cc -xtarget=ultra -xarch=v8plus -Xa -xO5, running 'des_opts'
+    gives a speed of 344,000 des/s while 'speed' gives 459,000 des/s.
+    I'll record the higher since it is coming from the library but it
+    is all rather weird.
+[2] Similar to the ultra sparc ([1]), 181,000 for 'des_opts' vs 175,000.
+[3] I was unable to get access to this machine when it was not heavily loaded.
+    As such, my timing program was never able to get more that %30 of the CPU.
+    This would cause the program to give much lower speed numbers because
+    it would be 'fighting' to stay in the cache with the other CPU burning
+    processes.
diff --git a/src/lib/libcrypto/des/read2pwd.c b/src/lib/libcrypto/des/read2pwd.c
new file mode 100644
index 0000000000..a0d53793e4
--- /dev/null
+++ b/src/lib/libcrypto/des/read2pwd.c
@@ -0,0 +1,90 @@
+/* crypto/des/read2pwd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+int des_read_password(key, prompt, verify)
+des_cblock (*key);
+char *prompt;
+int verify;
+        {
+        int ok;
+        char buf[BUFSIZ],buff[BUFSIZ];
+        if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+                des_string_to_key(buf,key);
+        memset(buf,0,BUFSIZ);
+        memset(buff,0,BUFSIZ);
+        return(ok);
+        }
+int des_read_2passwords(key1, key2, prompt, verify)
+des_cblock (*key1);
+des_cblock (*key2);
+char *prompt;
+int verify;
+        {
+        int ok;
+        char buf[BUFSIZ],buff[BUFSIZ];
+        if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+                des_string_to_2keys(buf,key1,key2);
+        memset(buf,0,BUFSIZ);
+        memset(buff,0,BUFSIZ);
+        return(ok);
+        }
diff --git a/src/lib/libcrypto/des/read_pwd.c b/src/lib/libcrypto/des/read_pwd.c
new file mode 100644
index 0000000000..99920f2f86
--- /dev/null
+++ b/src/lib/libcrypto/des/read_pwd.c
@@ -0,0 +1,459 @@
+/* crypto/des/read_pwd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* #define SIGACTION */ /* Define this if you have sigaction() */
+#ifdef WIN16TTY
+#undef WIN16
+#undef _WINDOWS
+#include <graph.h>
+#endif
+/* 06-Apr-92 Luke Brennan    Support for VMS */
+#include "des_locl.h"
+#include <signal.h>
+#include <string.h>
+#include <setjmp.h>
+#include <errno.h>
+/* There are 5 types of terminal interface supported,
+ * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
+ */
+#if defined(__sgi) && !defined(TERMIOS)
+#define TERMIOS
+#undef  TERMIO
+#undef  SGTTY
+#endif
+#if defined(linux) && !defined(TERMIO)
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+#ifdef _LIBC
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(VMS) && !defined(MSDOS)
+#undef  TERMIOS
+#undef  TERMIO
+#define SGTTY
+#endif
+#ifdef TERMIOS
+#include <termios.h>
+#define TTY_STRUCT              struct termios
+#define TTY_FLAGS               c_lflag
+#define TTY_get(tty,data)       tcgetattr(tty,data)
+#define TTY_set(tty,data)       tcsetattr(tty,TCSANOW,data)
+#endif
+#ifdef TERMIO
+#include <termio.h>
+#define TTY_STRUCT              struct termio
+#define TTY_FLAGS               c_lflag
+#define TTY_get(tty,data)       ioctl(tty,TCGETA,data)
+#define TTY_set(tty,data)       ioctl(tty,TCSETA,data)
+#endif
+#ifdef SGTTY
+#include <sgtty.h>
+#define TTY_STRUCT              struct sgttyb
+#define TTY_FLAGS               sg_flags
+#define TTY_get(tty,data)       ioctl(tty,TIOCGETP,data)
+#define TTY_set(tty,data)       ioctl(tty,TIOCSETP,data)
+#endif
+#if !defined(_LIBC) && !defined(MSDOS) && !defined(VMS)
+#include <sys/ioctl.h>
+#endif
+#ifdef MSDOS
+#include <conio.h>
+#define fgets(a,b,c) noecho_fgets(a,b,c)
+#endif
+#ifdef VMS
+#include <ssdef.h>
+#include <iodef.h>
+#include <ttdef.h>
+#include <descrip.h>
+struct IOSB {
+        short iosb$w_value;
+        short iosb$w_count;
+        long  iosb$l_info;
+        };
+#endif
+#ifndef NX509_SIG
+#define NX509_SIG 32
+#endif
+#ifndef NOPROTO
+static void read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#if defined(MSDOS) && !defined(WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+#else
+static void read_till_nl();
+static void recsig();
+static void pushsig();
+static void popsig();
+#if defined(MSDOS) && !defined(WIN16)
+static int noecho_fgets();
+#endif
+#endif
+#ifdef SIGACTION
+ static struct sigaction savsig[NX509_SIG];
+#else
+# ifndef NOPROTO
+  static void (*savsig[NX509_SIG])(int );
+# else
+  static void (*savsig[NX509_SIG])();
+# endif
+#endif
+static jmp_buf save;
+int des_read_pw_string(buf, length, prompt, verify)
+char *buf;
+int length;
+char *prompt;
+int verify;
+        {
+        char buff[BUFSIZ];
+        int ret;
+        ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+        memset(buff,0,BUFSIZ);
+        return(ret);
+        }
+#ifndef WIN16
+static void read_till_nl(in)
+FILE *in;
+        {
+#define SIZE 4
+        char buf[SIZE+1];
+        do      {
+                fgets(buf,SIZE,in);
+                } while (strchr(buf,'\n') == NULL);
+        }
+/* return 0 if ok, 1 (or -1) otherwise */
+int des_read_pw(buf, buff, size, prompt, verify)
+char *buf;
+char *buff;
+int size;
+char *prompt;
+int verify;
+        {
+#ifdef VMS
+        struct IOSB iosb;
+        $DESCRIPTOR(terminal,"TT");
+        long tty_orig[3], tty_new[3];
+        long status;
+        unsigned short channel = 0;
+#else
+#ifndef MSDOS
+        TTY_STRUCT tty_orig,tty_new;
+#endif
+#endif
+        int number=5;
+        int ok=0;
+        int ps=0;
+        int is_a_tty=1;
+        FILE *tty=NULL;
+        char *p;
+#ifndef MSDOS
+        if ((tty=fopen("/dev/tty","r")) == NULL)
+                tty=stdin;
+#else /* MSDOS */
+        if ((tty=fopen("con","r")) == NULL)
+                tty=stdin;
+#endif /* MSDOS */
+#if defined(TTY_get) && !defined(VMS)
+        if (TTY_get(fileno(tty),&tty_orig) == -1)
+                {
+#ifdef ENOTTY
+                if (errno == ENOTTY)
+                        is_a_tty=0;
+                else
+#endif
+#ifdef EINVAL
+                /* Ariel Glenn ariel@columbia.edu reports that solaris
+                 * can return EINVAL instead.  This should be ok */
+                if (errno == EINVAL)
+                        is_a_tty=0;
+                else
+#endif
+                        return(-1);
+                }
+        memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
+#endif
+#ifdef VMS
+        status = SYS$ASSIGN(&terminal,&channel,0,0);
+        if (status != SS$_NORMAL)
+                return(-1);
+        status=SYS$QIOW(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+                return(-1);
+#endif
+        if (setjmp(save))
+                {
+                ok=0;
+                goto error;
+                }
+        pushsig();
+        ps=1;
+#ifdef TTY_FLAGS
+        tty_new.TTY_FLAGS &= ~ECHO;
+#endif
+#if defined(TTY_set) && !defined(VMS)
+        if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
+                return(-1);
+#endif
+#ifdef VMS
+        tty_new[0] = tty_orig[0];
+        tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+        tty_new[2] = tty_orig[2];
+        status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+                return(-1);
+#endif
+        ps=2;
+        while ((!ok) && (number--))
+                {
+                fputs(prompt,stderr);
+                fflush(stderr);
+                buf[0]='\0';
+                fgets(buf,size,tty);
+                if (feof(tty)) goto error;
+                if (ferror(tty)) goto error;
+                if ((p=(char *)strchr(buf,'\n')) != NULL)
+                        *p='\0';
+                else    read_till_nl(tty);
+                if (verify)
+                        {
+                        fprintf(stderr,"\nVerifying password - %s",prompt);
+                        fflush(stderr);
+                        buff[0]='\0';
+                        fgets(buff,size,tty);
+                        if (feof(tty)) goto error;
+                        if ((p=(char *)strchr(buff,'\n')) != NULL)
+                                *p='\0';
+                        else    read_till_nl(tty);
+                                
+                        if (strcmp(buf,buff) != 0)
+                                {
+                                fprintf(stderr,"\nVerify failure");
+                                fflush(stderr);
+                                break;
+                                /* continue; */
+                                }
+                        }
+                ok=1;
+                }
+error:
+        fprintf(stderr,"\n");
+#ifdef DEBUG
+        perror("fgets(tty)");
+#endif
+        /* What can we do if there is an error? */
+#if defined(TTY_set) && !defined(VMS) 
+        if (ps >= 2) TTY_set(fileno(tty),&tty_orig);
+#endif
+#ifdef VMS
+        if (ps >= 2)
+                status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0
+                        ,tty_orig,12,0,0,0,0);
+#endif
+        
+        if (ps >= 1) popsig();
+        if (stdin != tty) fclose(tty);
+#ifdef VMS
+        status = SYS$DASSGN(channel);
+#endif
+        return(!ok);
+        }
+#else /* WIN16 */
+int des_read_pw(buf, buff, size, prompt, verify)
+char *buf;
+char *buff;
+int size;
+char *prompt;
+int verify;
+        { 
+        memset(buf,0,size);
+        memset(buff,0,size);
+        return(0);
+        }
+#endif
+static void pushsig()
+        {
+        int i;
+        for (i=1; i<NX509_SIG; i++)
+                {
+#ifdef SIGUSR1
+                if (i == SIGUSR1)
+                        continue;
+#endif
+#ifdef SIGUSR2
+                if (i == SIGUSR2)
+                        continue;
+#endif
+#ifdef SIGACTION
+                sigaction(i,NULL,&savsig[i]);
+#else
+                savsig[i]=signal(i,recsig);
+#endif
+                }
+#ifdef SIGWINCH
+        signal(SIGWINCH,SIG_DFL);
+#endif
+        }
+static void popsig()
+        {
+        int i;
+        for (i=1; i<NX509_SIG; i++)
+                {
+#ifdef SIGUSR1
+                if (i == SIGUSR1)
+                        continue;
+#endif
+#ifdef SIGUSR2
+                if (i == SIGUSR2)
+                        continue;
+#endif
+#ifdef SIGACTION
+                sigaction(i,&savsig[i],NULL);
+#else
+                signal(i,savsig[i]);
+#endif
+                }
+        }
+static void recsig(i)
+int i;
+        {
+        longjmp(save,1);
+#ifdef LINT
+        i=i;
+#endif
+        }
+#if defined(MSDOS) && !defined(WIN16)
+static int noecho_fgets(buf,size,tty)
+char *buf;
+int size;
+FILE *tty;
+        {
+        int i;
+        char *p;
+        p=buf;
+        for (;;)
+                {
+                if (size == 0)
+                        {
+                        *p='\0';
+                        break;
+                        }
+                size--;
+#ifdef WIN16TTY
+                i=_inchar();
+#else
+                i=getch();
+#endif
+                if (i == '\r') i='\n';
+                *(p++)=i;
+                if (i == '\n')
+                        {
+                        *p='\0';
+                        break;
+                        }
+                }
+        return(strlen(buf));
+        }
+#endif
diff --git a/src/lib/libcrypto/des/rpc_des.h b/src/lib/libcrypto/des/rpc_des.h
new file mode 100644
index 0000000000..4cbb4d2dcd
--- /dev/null
+++ b/src/lib/libcrypto/des/rpc_des.h
@@ -0,0 +1,131 @@
+/* crypto/des/rpc_des.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/*  @(#)des.h   2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI  */
+/*
+ * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
+ * unrestricted use provided that this legend is included on all tape
+ * media and as a part of the software program in whole or part.  Users
+ * may copy or modify Sun RPC without charge, but are not authorized
+ * to license or distribute it to anyone else except as part of a product or
+ * program developed by the user.
+ * 
+ * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
+ * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
+ * 
+ * Sun RPC is provided with no support and without any obligation on the
+ * part of Sun Microsystems, Inc. to assist in its use, correction,
+ * modification or enhancement.
+ * 
+ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
+ * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
+ * OR ANY PART THEREOF.
+ * 
+ * In no event will Sun Microsystems, Inc. be liable for any lost revenue
+ * or profits or other special, indirect and consequential damages, even if
+ * Sun has been advised of the possibility of such damages.
+ * 
+ * Sun Microsystems, Inc.
+ * 2550 Garcia Avenue
+ * Mountain View, California  94043
+ */
+/*
+ * Generic DES driver interface
+ * Keep this file hardware independent!
+ * Copyright (c) 1986 by Sun Microsystems, Inc.
+ */
+#define DES_MAXLEN      65536   /* maximum # of bytes to encrypt  */
+#define DES_QUICKLEN    16      /* maximum # of bytes to encrypt quickly */
+#ifdef HEADER_DES_H
+#undef ENCRYPT
+#undef DECRYPT
+#endif
+enum desdir { ENCRYPT, DECRYPT };
+enum desmode { CBC, ECB };
+/*
+ * parameters to ioctl call
+ */
+struct desparams {
+        unsigned char des_key[8];       /* key (with low bit parity) */
+        enum desdir des_dir;    /* direction */
+        enum desmode des_mode;  /* mode */
+        unsigned char des_ivec[8];      /* input vector */
+        unsigned des_len;       /* number of bytes to crypt */
+        union {
+                unsigned char UDES_data[DES_QUICKLEN];
+                unsigned char *UDES_buf;
+        } UDES;
+#       define des_data UDES.UDES_data  /* direct data here if quick */
+#       define des_buf  UDES.UDES_buf   /* otherwise, pointer to data */
+};
+/*
+ * Encrypt an arbitrary sized buffer
+ */
+#define DESIOCBLOCK     _IOWR(d, 6, struct desparams)
+/* 
+ * Encrypt of small amount of data, quickly
+ */
+#define DESIOCQUICK     _IOWR(d, 7, struct desparams) 
diff --git a/src/lib/libcrypto/des/rpc_enc.c b/src/lib/libcrypto/des/rpc_enc.c
new file mode 100644
index 0000000000..7c1da1f538
--- /dev/null
+++ b/src/lib/libcrypto/des/rpc_enc.c
@@ -0,0 +1,107 @@
+/* crypto/des/rpc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "rpc_des.h"
+#include "des_locl.h"
+#include "des_ver.h"
+#ifndef NOPROTO
+int _des_crypt(char *buf,int len,struct desparams *desp);
+#else
+int _des_crypt();
+#endif
+int _des_crypt(buf, len, desp)
+char *buf;
+int len;
+struct desparams *desp;
+        {
+        des_key_schedule ks;
+        int enc;
+        des_set_key((des_cblock *)desp->des_key,ks);
+        enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
+        if (desp->des_mode == CBC)
+                des_ecb_encrypt((des_cblock *)desp->UDES.UDES_buf,
+                                (des_cblock *)desp->UDES.UDES_buf,ks,enc);
+        else
+                {
+                des_ncbc_encrypt((des_cblock *)desp->UDES.UDES_buf,
+                                (des_cblock *)desp->UDES.UDES_buf,
+                                (long)len,ks,
+                                (des_cblock *)desp->des_ivec,enc);
+#ifdef undef
+                /* len will always be %8 if called from common_crypt
+                 * in secure_rpc.
+                 * Libdes's cbc encrypt does not copy back the iv,
+                 * so we have to do it here. */
+                /* It does now :-) eay 20/09/95 */
+                a=(char *)&(desp->UDES.UDES_buf[len-8]);
+                b=(char *)&(desp->des_ivec[0]);
+                *(a++)= *(b++); *(a++)= *(b++);
+                *(a++)= *(b++); *(a++)= *(b++);
+                *(a++)= *(b++); *(a++)= *(b++);
+                *(a++)= *(b++); *(a++)= *(b++);
+#endif
+                }
+        return(1);      
+        }
diff --git a/src/lib/libcrypto/des/rpw.c b/src/lib/libcrypto/des/rpw.c
new file mode 100644
index 0000000000..6447ed9cf0
--- /dev/null
+++ b/src/lib/libcrypto/des/rpw.c
@@ -0,0 +1,101 @@
+/* crypto/des/rpw.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "des.h"
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        des_cblock k,k1;
+        int i;
+        printf("read passwd\n");
+        if ((i=des_read_password((C_Block *)k,"Enter password:",0)) == 0)
+                {
+                printf("password = ");
+                for (i=0; i<8; i++)
+                        printf("%02x ",k[i]);
+                }
+        else
+                printf("error %d\n",i);
+        printf("\n");
+        printf("read 2passwds and verify\n");
+        if ((i=des_read_2passwords((C_Block *)k,(C_Block *)k1,
+                "Enter verified password:",1)) == 0)
+                {
+                printf("password1 = ");
+                for (i=0; i<8; i++)
+                        printf("%02x ",k[i]);
+                printf("\n");
+                printf("password2 = ");
+                for (i=0; i<8; i++)
+                        printf("%02x ",k1[i]);
+                printf("\n");
+                exit(1);
+                }
+        else
+                {
+                printf("error %d\n",i);
+                exit(0);
+                }
+#ifdef LINT
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/des/speed.c b/src/lib/libcrypto/des/speed.c
new file mode 100644
index 0000000000..5bbe8b01d6
--- /dev/null
+++ b/src/lib/libcrypto/des/speed.c
@@ -0,0 +1,329 @@
+/* crypto/des/speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern int exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "des.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+        static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+        des_key_schedule sch,sch2,sch3;
+        double a,b,c,d,e;
+#ifndef SIGALRM
+        long ca,cb,cc,cd,ce;
+#endif
+#ifndef TIMES
+        printf("To get the most acurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+        des_set_key((C_Block *)key2,sch2);
+        des_set_key((C_Block *)key3,sch3);
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        des_set_key((C_Block *)key,sch);
+        count=10;
+        do      {
+                long i;
+                DES_LONG data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+        ce=count/20+1;
+        printf("Doing set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count++)
+                des_set_key((C_Block *)key,sch);
+        d=Time_F(STOP);
+        printf("%ld set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing des_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing des_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count++)
+                {
+                DES_LONG data[2];
+                des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+                }
+        d=Time_F(STOP);
+        printf("%ld des_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+#ifdef SIGALRM
+        printf("Doing des_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing des_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                des_ncbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,&(sch[0]),
+                        (C_Block *)&(key[0]),DES_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+#ifdef SIGALRM
+        printf("Doing des_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing des_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cd); count++)
+                des_ede3_cbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,
+                        &(sch[0]),
+                        &(sch2[0]),
+                        &(sch3[0]),
+                        (C_Block *)&(key[0]),
+                        DES_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        d=((double)COUNT(cd)*BUFSIZE)/d;
+#ifdef SIGALRM
+        printf("Doing crypt for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing crypt %ld times\n",ce);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ce); count++)
+                crypt("testing1","ef");
+        e=Time_F(STOP);
+        printf("%ld crypts in %.2f second\n",count,e);
+        e=((double)COUNT(ce))/e;
+        printf("set_key            per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("DES raw ecb bytes  per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("DES cbc bytes      per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        printf("DES ede cbc bytes  per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);
+        printf("crypt              per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/des/t/test b/src/lib/libcrypto/des/t/test
new file mode 100644
index 0000000000..97acd0552e
--- /dev/null
+++ b/src/lib/libcrypto/des/t/test
@@ -0,0 +1,27 @@
+#!./perl
+BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); }
+use DES;
+$key='00000000';
+$ks=DES::set_key($key);
+@a=split(//,$ks);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+$key=DES::random_key();
+print "($_)\n";
+@a=split(//,$key);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+$str="this is and again into the breach";
+($k1,$k2)=DES::string_to_2keys($str);
+@a=split(//,$k1);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+@a=split(//,$k2);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
diff --git a/src/lib/libcrypto/des/times/486-50.sol b/src/lib/libcrypto/des/times/486-50.sol
new file mode 100644
index 0000000000..0de62d6db3
--- /dev/null
+++ b/src/lib/libcrypto/des/times/486-50.sol
@@ -0,0 +1,16 @@
+Solaris 2.4, 486 50mhz, gcc 2.6.3
+options    des ecb/s
+16 r2 i     43552.51 100.0%
+16 r1 i     43487.45  99.9%
+16  c p     43003.23  98.7%
+16 r2 p     42339.00  97.2%
+16  c i     41900.91  96.2%
+16 r1 p     41360.64  95.0%
+ 4  c i     38728.48  88.9%
+ 4  c p     38225.63  87.8%
+ 4 r1 i     38085.79  87.4%
+ 4 r2 i     37825.64  86.9%
+ 4 r2 p     34611.00  79.5%
+ 4 r1 p     31802.00  73.0%
+-DDES_UNROLL -DDES_RISC2
diff --git a/src/lib/libcrypto/des/times/586-100.lnx b/src/lib/libcrypto/des/times/586-100.lnx
new file mode 100644
index 0000000000..4323914a11
--- /dev/null
+++ b/src/lib/libcrypto/des/times/586-100.lnx
@@ -0,0 +1,20 @@
+Pentium 100
+Linux 2 kernel
+gcc 2.7.0 -O3 -fomit-frame-pointer
+No X server running, just a console, it makes the top speed jump from 151,000
+to 158,000 :-).
+options    des ecb/s
+assember   281000.00 177.1%
+16 r1 p    158667.40 100.0%
+16 r1 i    148471.70  93.6%
+16 r2 p    143961.80  90.7%
+16 r2 i    141689.20  89.3%
+ 4 r1 i    140100.00  88.3%
+ 4 r2 i    134049.40  84.5%
+16  c i    124145.20  78.2%
+16  c p    121584.20  76.6%
+ 4  c i    118116.00  74.4%
+ 4 r2 p    117977.90  74.4%
+ 4  c p    114971.40  72.5%
+ 4 r1 p    114578.40  72.2%
+-DDES_UNROLL -DDES_RISC1 -DDES_PTR
diff --git a/src/lib/libcrypto/des/times/686-200.fre b/src/lib/libcrypto/des/times/686-200.fre
new file mode 100644
index 0000000000..7d83f6adee
--- /dev/null
+++ b/src/lib/libcrypto/des/times/686-200.fre
@@ -0,0 +1,18 @@
+Pentium 100
+Free BSD 2.1.5 kernel
+gcc 2.7.2.2 -O3 -fomit-frame-pointer
+options    des ecb/s
+assember   578000.00 133.1%
+16 r2 i    434454.80 100.0%
+16 r1 i    433621.43  99.8%
+16 r2 p    431375.69  99.3%
+ 4 r1 i    423722.30  97.5%
+ 4 r2 i    422399.40  97.2%
+16 r1 p    421739.40  97.1%
+16  c i    399027.94  91.8%
+16  c p    372251.70  85.7%
+ 4  c i    365118.35  84.0%
+ 4  c p    352880.51  81.2%
+ 4 r2 p    255104.90  58.7%
+ 4 r1 p    251289.18  57.8%
+-DDES_UNROLL -DDES_RISC2
diff --git a/src/lib/libcrypto/des/times/aix.cc b/src/lib/libcrypto/des/times/aix.cc
new file mode 100644
index 0000000000..d96b74e2ce
--- /dev/null
+++ b/src/lib/libcrypto/des/times/aix.cc
@@ -0,0 +1,26 @@
+From: Paco Garcia <pgarcia@cam.es>
+This machine is a Bull Estrella  Minitower Model MT604-100
+Processor        : PPC604 
+P.Speed          : 100Mhz 
+Data/Instr Cache :    16 K
+L2 Cache         :   256 K
+PCI BUS Speed    :    33 Mhz
+TransfRate PCI   :   132 MB/s
+Memory           :    96 MB
+options    des ecb/s       
+ 4  c p    275118.61 100.0%
+ 4  c i    273545.07  99.4%
+ 4 r2 p    270441.02  98.3%
+ 4 r1 p    253052.15  92.0%
+ 4 r2 i    240842.97  87.5%
+ 4 r1 i    240556.66  87.4%
+16  c i    224603.99  81.6%
+16  c p    224483.98  81.6%
+16 r2 p    215691.19  78.4%
+16 r1 p    208332.83  75.7%
+16 r1 i    199206.50  72.4%
+16 r2 i    198963.70  72.3%
+-DDES_PTR
diff --git a/src/lib/libcrypto/des/times/alpha.cc b/src/lib/libcrypto/des/times/alpha.cc
new file mode 100644
index 0000000000..95c17efae7
--- /dev/null
+++ b/src/lib/libcrypto/des/times/alpha.cc
@@ -0,0 +1,18 @@
+cc -O2
+DES_LONG is 'unsigned int'
+options    des ecb/s
+ 4 r2 p    181146.14 100.0%
+16 r2 p    172102.94  95.0%
+ 4 r2 i    165424.11  91.3%
+16  c p    160468.64  88.6%
+ 4  c p    156653.59  86.5%
+ 4  c i    155245.18  85.7%
+ 4 r1 p    154729.68  85.4%
+16 r2 i    154137.69  85.1%
+16 r1 p    152357.96  84.1%
+16  c i    148743.91  82.1%
+ 4 r1 i    146695.59  81.0%
+16 r1 i    144961.00  80.0%
+-DDES_RISC2 -DDES_PTR
diff --git a/src/lib/libcrypto/des/times/hpux.cc b/src/lib/libcrypto/des/times/hpux.cc
new file mode 100644
index 0000000000..3de856ddac
--- /dev/null
+++ b/src/lib/libcrypto/des/times/hpux.cc
@@ -0,0 +1,17 @@
+HPUX 10 - 9000/887 - cc -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive
+options    des ecb/s
+16  c i    149448.90 100.0%
+ 4  c i    145861.79  97.6%
+16 r2 i    141710.96  94.8%
+16 r1 i    139455.33  93.3%
+ 4 r2 i    138800.00  92.9%
+ 4 r1 i    136692.65  91.5%
+16 r2 p    110228.17  73.8%
+16 r1 p    109397.07  73.2%
+16  c p    109209.89  73.1%
+ 4  c p    108014.71  72.3%
+ 4 r2 p    107873.88  72.2%
+ 4 r1 p    107685.83  72.1%
+-DDES_UNROLL
diff --git a/src/lib/libcrypto/des/times/sparc.gcc b/src/lib/libcrypto/des/times/sparc.gcc
new file mode 100644
index 0000000000..8eaa042104
--- /dev/null
+++ b/src/lib/libcrypto/des/times/sparc.gcc
@@ -0,0 +1,17 @@
+solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2
+options    des ecb/s
+16  c i    124382.70 100.0%
+ 4  c i    118884.68  95.6%
+16  c p    112261.20  90.3%
+16 r2 i    111777.10  89.9%
+16 r2 p    108896.30  87.5%
+16 r1 p    108791.59  87.5%
+ 4  c p    107290.10  86.3%
+ 4 r1 p    104583.80  84.1%
+16 r1 i    104206.20  83.8%
+ 4 r2 p    103709.80  83.4%
+ 4 r2 i     98306.43  79.0%
+ 4 r1 i     91525.80  73.6%
+-DDES_UNROLL
+      
diff --git a/src/lib/libcrypto/des/times/usparc.cc b/src/lib/libcrypto/des/times/usparc.cc
new file mode 100644
index 0000000000..f6ec8e8831
--- /dev/null
+++ b/src/lib/libcrypto/des/times/usparc.cc
@@ -0,0 +1,31 @@
+solaris 2.5.1 usparc 167mhz?? - SC4.0 cc -fast -Xa -xO5
+For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts'
+gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s.
+I belive the difference is tied up in optimisation that the compiler
+is able to perform when the code is 'inlined'.  For 'speed', the DES
+routines are being linked from a library.  I'll record the higher
+speed since if performance is everything, you can always inline
+'des_enc.c'.
+[ 16-Jan-06 - I've been playing with the
+  '-xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa'
+  and while it makes the des_opts numbers much slower, it makes the
+  actual 'speed' numbers look better which is a realistic version of
+  using the libraries. ]
+options    des ecb/s
+16 r1 p    475516.90 100.0%
+16 r2 p    439388.10  92.4%
+16  c i    427001.40  89.8%
+16  c p    419516.50  88.2%
+ 4 r2 p    409491.70  86.1%
+ 4 r1 p    404266.90  85.0%
+ 4  c p    398121.00  83.7%
+ 4  c i    370588.40  77.9%
+ 4 r1 i    362742.20  76.3%
+16 r2 i    331275.50  69.7%
+16 r1 i    324730.60  68.3%
+ 4 r2 i     63535.10  13.4%     <-- very very weird, must be cache problems.
+-DDES_UNROLL -DDES_RISC1 -DDES_PTR
diff --git a/src/lib/libcrypto/des/typemap b/src/lib/libcrypto/des/typemap
new file mode 100644
index 0000000000..a524f53634
--- /dev/null
+++ b/src/lib/libcrypto/des/typemap
@@ -0,0 +1,34 @@
+#
+# DES SECTION
+#
+deschar *       T_DESCHARP
+des_cblock *    T_CBLOCK
+des_cblock      T_CBLOCK
+des_key_schedule        T_SCHEDULE
+des_key_schedule *      T_SCHEDULE
+INPUT
+T_CBLOCK
+        $var=(des_cblock *)SvPV($arg,len);
+        if (len < DES_KEY_SZ)
+                {
+                croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ);
+                }
+T_SCHEDULE
+        $var=(des_key_schedule *)SvPV($arg,len);
+        if (len < DES_SCHEDULE_SZ)
+                {
+                croak(\"$var needs to be at least %u bytes long\",
+                        DES_SCHEDULE_SZ);
+                }
+OUTPUT
+T_CBLOCK
+        sv_setpvn($arg,(char *)$var,DES_KEY_SZ);
+T_SCHEDULE
+        sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ);
+T_DESCHARP
+        sv_setpvn($arg,(char *)$var,len);
diff --git a/src/lib/libcrypto/dh/dh1024.pem b/src/lib/libcrypto/dh/dh1024.pem
new file mode 100644
index 0000000000..81d43f6a3e
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh192.pem b/src/lib/libcrypto/dh/dh192.pem
new file mode 100644
index 0000000000..521c07271d
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh192.pem
@@ -0,0 +1,3 @@
+-----BEGIN DH PARAMETERS-----
+MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM=
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh2048.pem b/src/lib/libcrypto/dh/dh2048.pem
new file mode 100644
index 0000000000..295460f508
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh2048.pem
@@ -0,0 +1,16 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o
+AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh
+z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo
+pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW
+aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA
+Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==
+-----END DH PARAMETERS-----
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEArtA3w73zP6Lu3EOQtwogiXt3AXXpuS6yD4BhzNS1pZFyPHk0/an5
+8ydEkPhQZHKDW+BZJxxPLANaTudWo2YT8TgtvUdN6KSgMiEi6McwqDw+SADuvW+F
+SKUYFxG6VFIxyEP6xBdf+vhJxEDbRG2EYsHDRRtJ76gp9cSKTHusf2R+4AAVGqnt
+gRAbNqtcOar/7FSj+Pl8G3v0Bty0LcCSpbqgYlnv6z+rErQmmC6PPvSz97TDMCok
+yKpCE9hFA1zkqK3TH4FmFvGeIaXJUIBZf4mArWuBTjWFW3nmhESRUn1VK3K3x42N
+a5k6c2+EhrMFiLjxuH6JZoqL0/E93FF9SwIBAg==
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh4096.pem b/src/lib/libcrypto/dh/dh4096.pem
new file mode 100644
index 0000000000..390943a21d
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh4096.pem
@@ -0,0 +1,14 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7
+vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H
+TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF
+bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1
+rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE
+EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9
+bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3
+W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH
+ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb
+NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR
+jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh512.pem b/src/lib/libcrypto/dh/dh512.pem
new file mode 100644
index 0000000000..0a4d863ebe
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh512.pem
@@ -0,0 +1,4 @@
+-----BEGIN DH PARAMETERS-----
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dhtest.c b/src/lib/libcrypto/dh/dhtest.c
new file mode 100644
index 0000000000..488f10fd41
--- /dev/null
+++ b/src/lib/libcrypto/dh/dhtest.c
@@ -0,0 +1,188 @@
+/* crypto/dh/dhtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef WINDOWS
+#include "../bio/bss_file.c" 
+#endif
+#include "crypto.h"
+#include "bio.h"
+#include "bn.h"
+#include "dh.h"
+#ifdef WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+#ifndef NOPROTO
+static void MS_CALLBACK cb(int p, int n, char *arg);
+#else
+static void MS_CALLBACK cb();
+#endif
+#ifdef NO_STDIO
+#define APPS_WIN16
+#include "bss_file.c"
+#endif
+BIO *out=NULL;
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        DH *a,*b;
+        char buf[12];
+        unsigned char *abuf=NULL,*bbuf=NULL;
+        int i,alen,blen,aout,bout,ret=1;
+#ifdef WIN32
+        CRYPTO_malloc_init();
+#endif
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) exit(1);
+        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        a=DH_generate_parameters(64,DH_GENERATOR_5,cb,(char *)out);
+        if (a == NULL) goto err;
+        BIO_puts(out,"\np    =");
+        BN_print(out,a->p);
+        BIO_puts(out,"\ng    =");
+        BN_print(out,a->g);
+        BIO_puts(out,"\n");
+        b=DH_new();
+        if (b == NULL) goto err;
+        b->p=BN_dup(a->p);
+        b->g=BN_dup(a->g);
+        if ((b->p == NULL) || (b->g == NULL)) goto err;
+        if (!DH_generate_key(a)) goto err;
+        BIO_puts(out,"pri 1=");
+        BN_print(out,a->priv_key);
+        BIO_puts(out,"\npub 1=");
+        BN_print(out,a->pub_key);
+        BIO_puts(out,"\n");
+        if (!DH_generate_key(b)) goto err;
+        BIO_puts(out,"pri 2=");
+        BN_print(out,b->priv_key);
+        BIO_puts(out,"\npub 2=");
+        BN_print(out,b->pub_key);
+        BIO_puts(out,"\n");
+        alen=DH_size(a);
+        abuf=(unsigned char *)Malloc(alen);
+        aout=DH_compute_key(abuf,b->pub_key,a);
+        BIO_puts(out,"key1 =");
+        for (i=0; i<aout; i++)
+                {
+                sprintf(buf,"%02X",abuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+        blen=DH_size(b);
+        bbuf=(unsigned char *)Malloc(blen);
+        bout=DH_compute_key(bbuf,a->pub_key,b);
+        BIO_puts(out,"key2 =");
+        for (i=0; i<bout; i++)
+                {
+                sprintf(buf,"%02X",bbuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+        if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+                {
+                fprintf(stderr,"Error in DH routines\n");
+                ret=1;
+                }
+        else
+                ret=0;
+err:
+        if (abuf != NULL) Free(abuf);
+        if (bbuf != NULL) Free(bbuf);
+        exit(ret);
+        return(ret);
+        }
+static void MS_CALLBACK cb(p, n,arg)
+int p;
+int n;
+char *arg;
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write((BIO *)arg,&c,1);
+#ifdef LINT
+        p=n;
+#endif
+        }
diff --git a/src/lib/libcrypto/dh/example b/src/lib/libcrypto/dh/example
new file mode 100644
index 0000000000..16a33d2910
--- /dev/null
+++ b/src/lib/libcrypto/dh/example
@@ -0,0 +1,50 @@
+From owner-cypherpunks@toad.com Mon Sep 25 10:50:51 1995
+Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562
+  (5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000
+Received: by minbne.mincom.oz.au id AA19958
+  (5.65c/IDA-1.4.4 for eay@orb.mincom.oz.au); Wed, 27 Sep 1995 19:34:59 +1000
+Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP);
+          Wed, 27 Sep 1995 19:13:05 +1000
+Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156;
+          Wed, 27 Sep 1995 04:48:46 -0400
+Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT
+Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT
+Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14]) 
+          by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442 
+          for <cypherpunks@toad.com>; Mon, 25 Sep 1995 17:52:47 -0700
+Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1) 
+          id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700
+Date: Mon, 25 Sep 1995 17:50:51 -0700
+From: Phil Karn <karn@qualcomm.com>
+Message-Id: <199509260050.RAA14732@servo.qualcomm.com>
+To: cypherpunks@toad.com, ipsec-dev@eit.com
+Subject: Primality verification needed
+Sender: owner-cypherpunks@toad.com
+Precedence: bulk
+Status: RO
+X-Status: 
+Hi. I've generated a 2047-bit "strong" prime number that I would like to
+use with Diffie-Hellman key exchange. I assert that not only is this number
+'p' prime, but so is (p-1)/2.
+I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version
+1.3.2 to test this number. This function uses the Miller-Rabin primality test.
+However, to increase my confidence that this number really is a strong prime,
+I'd like to ask others to confirm it with other tests. Here's the number in hex:
+72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e
+fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a
+a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65
+fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2
+3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0
+ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3
+56a05180c3bec7ddd5ef6fe76b1f717b
+The generator, g, for this prime is 2.
+Thanks!
+Phil Karn
diff --git a/src/lib/libcrypto/dh/generate b/src/lib/libcrypto/dh/generate
new file mode 100644
index 0000000000..5d407231df
--- /dev/null
+++ b/src/lib/libcrypto/dh/generate
@@ -0,0 +1,65 @@
+From: stewarts@ix.netcom.com (Bill Stewart)
+Newsgroups: sci.crypt
+Subject: Re: Diffie-Hellman key exchange
+Date: Wed, 11 Oct 1995 23:08:28 GMT
+Organization: Freelance Information Architect
+Lines: 32
+Message-ID: <45hir2$7l8@ixnews7.ix.netcom.com>
+References: <458rhn$76m$1@mhadf.production.compuserve.com>
+NNTP-Posting-Host: ix-pl4-16.ix.netcom.com
+X-NETCOM-Date: Wed Oct 11  4:09:22 PM PDT 1995
+X-Newsreader: Forte Free Agent 1.0.82
+Kent Briggs <72124.3234@CompuServe.COM> wrote:
+>I have a copy of the 1976 IEEE article describing the
+>Diffie-Hellman public key exchange algorithm: y=a^x mod q.  I'm
+>looking for sources that give examples of secure a,q pairs and
+>possible some source code that I could examine.
+q should be prime, and ideally should be a "strong prime",
+which means it's of the form 2n+1 where n is also prime.
+q also needs to be long enough to prevent the attacks LaMacchia and
+Odlyzko described (some variant on a factoring attack which generates
+a large pile of simultaneous equations and then solves them);
+long enough is about the same size as factoring, so 512 bits may not
+be secure enough for most applications.  (The 192 bits used by
+"secure NFS" was certainly not long enough.)
+a should be a generator for q, which means it needs to be
+relatively prime to q-1.   Usually a small prime like 2, 3 or 5 will
+work.  
+....
+Date: Tue, 26 Sep 1995 13:52:36 MST
+From: "Richard Schroeppel" <rcs@cs.arizona.edu>
+To: karn
+Cc: ho@cs.arizona.edu
+Subject: random large primes
+Since your prime is really random, proving it is hard.
+My personal limit on rigorously proved primes is ~350 digits.
+If you really want a proof, we should talk to Francois Morain,
+or the Australian group.
+If you want 2 to be a generator (mod P), then you need it
+to be a non-square.  If (P-1)/2 is also prime, then
+non-square == primitive-root for bases << P.
+In the case at hand, this means 2 is a generator iff P = 11 (mod 24).
+If you want this, you should restrict your sieve accordingly.
+3 is a generator iff P = 5 (mod 12).
+5 is a generator iff P = 3 or 7 (mod 10).
+2 is perfectly usable as a base even if it's a non-generator, since
+it still covers half the space of possible residues.  And an
+eavesdropper can always determine the low-bit of your exponent for
+a generator anyway.
+Rich  rcs@cs.arizona.edu
diff --git a/src/lib/libcrypto/dh/p1024.c b/src/lib/libcrypto/dh/p1024.c
new file mode 100644
index 0000000000..0c50c24cfb
--- /dev/null
+++ b/src/lib/libcrypto/dh/p1024.c
@@ -0,0 +1,92 @@
+/* crypto/dh/p1024.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bn.h"
+#include "asn1.h"
+#include "dh.h"
+#include "pem.h"
+unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,
+        0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,
+        0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8,
+        0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF,
+        0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9,
+        0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78,
+        0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E,
+        0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6,
+        0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B,
+        0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89,
+        0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19,
+        0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03,
+        0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B,
+        0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21,
+        0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE,
+        0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB,
+        };
+main()
+        {
+        DH *dh;
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,2);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libcrypto/dh/p192.c b/src/lib/libcrypto/dh/p192.c
new file mode 100644
index 0000000000..881908169a
--- /dev/null
+++ b/src/lib/libcrypto/dh/p192.c
@@ -0,0 +1,80 @@
+/* crypto/dh/p192.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bn.h"
+#include "asn1.h"
+#include "dh.h"
+#include "pem.h"
+unsigned char data[]={
+0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,
+0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76,
+0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B,
+        };
+main()
+        {
+        DH *dh;
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,3);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libcrypto/dh/p512.c b/src/lib/libcrypto/dh/p512.c
new file mode 100644
index 0000000000..cc84e8e50e
--- /dev/null
+++ b/src/lib/libcrypto/dh/p512.c
@@ -0,0 +1,85 @@
+/* crypto/dh/p512.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bn.h"
+#include "asn1.h"
+#include "dh.h"
+#include "pem.h"
+unsigned char data[]={
+0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,
+0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92,
+0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,
+0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29,
+0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,
+0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33,
+        };
+main()
+        {
+        DH *dh;
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,2);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libcrypto/dsa/README b/src/lib/libcrypto/dsa/README
new file mode 100644
index 0000000000..6a7e9c170a
--- /dev/null
+++ b/src/lib/libcrypto/dsa/README
@@ -0,0 +1,4 @@
+The stuff in here is based on patches supplied to me by
+Steven Schoch <schoch@sheba.arc.nasa.gov> to do DSS.
+I have since modified a them a little but a debt of gratitude
+is due for doing the initial work.
diff --git a/src/lib/libcrypto/dsa/dsagen.c b/src/lib/libcrypto/dsa/dsagen.c
new file mode 100644
index 0000000000..20335de250
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsagen.c
@@ -0,0 +1,112 @@
+/* crypto/dsa/dsagen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "dsa.h"
+#define TEST
+#define GENUINE_DSA
+#ifdef GENUINE_DSA
+#define LAST_VALUE 0xbd
+#else
+#define LAST_VALUE 0xd3
+#endif
+#ifdef TEST
+unsigned char seed[20]={
+        0xd5,0x01,0x4e,0x4b,
+        0x60,0xef,0x2b,0xa8,
+        0xb6,0x21,0x1b,0x40,
+        0x62,0xba,0x32,0x24,
+        0xe0,0x42,0x7d,LAST_VALUE};
+#endif
+int cb(p,n)
+int p,n;
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        printf("%c",c);
+        fflush(stdout);
+        }
+main()
+        {
+        int i;
+        BIGNUM *n;
+        BN_CTX *ctx;
+        unsigned char seed_buf[20];
+        DSA *dsa;
+        int counter,h;
+        BIO *bio_err=NULL;
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        memcpy(seed_buf,seed,20);
+        dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb);
+        if (dsa == NULL)
+                DSA_print(bio_err,dsa,0);
+        }
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
new file mode 100644
index 0000000000..39bb712c4a
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -0,0 +1,214 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "crypto.h"
+#include "rand.h"
+#include "bio.h"
+#include "err.h"
+#include "dsa.h"
+#ifdef WINDOWS
+#include "../bio/bss_file.c"
+#endif
+#ifdef WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+#ifndef NOPROTO
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
+#else
+static void MS_CALLBACK dsa_cb();
+#endif
+static unsigned char seed[20]={
+        0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
+        0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
+        };
+static unsigned char out_p[]={
+        0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
+        0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
+        0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
+        0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
+        0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
+        0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
+        0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
+        0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
+        };
+static unsigned char out_q[]={
+        0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
+        0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
+        0xda,0xce,0x91,0x5f,
+        };
+static unsigned char out_g[]={
+        0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
+        0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
+        0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
+        0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
+        0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
+        0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
+        0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
+        0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
+        };
+static BIO *bio_err=NULL;
+int main(argc, argv)
+int argc;
+char **argv;
+        {
+        DSA *dsa=NULL;
+        int counter,ret=0,i,j;
+        unsigned char buf[256];
+        unsigned long h;
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        BIO_printf(bio_err,"test generation of DSA parameters\n");
+        BIO_printf(bio_err,"expect '.*' followed by 5 lines of '.'s and '+'s\n");
+        dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,
+                (char *)bio_err);
+        BIO_printf(bio_err,"seed\n");
+        for (i=0; i<20; i+=4)
+                {
+                BIO_printf(bio_err,"%02X%02X%02X%02X ",
+                        seed[i],seed[i+1],seed[i+2],seed[i+3]);
+                }
+        BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
+                
+        if (dsa == NULL) goto end;
+        DSA_print(bio_err,dsa,0);
+        if (counter != 105) 
+                {
+                BIO_printf(bio_err,"counter should be 105\n");
+                goto end;
+                }
+        if (h != 2)
+                {
+                BIO_printf(bio_err,"h should be 2\n");
+                goto end;
+                }
+        i=BN_bn2bin(dsa->q,buf);
+        j=sizeof(out_q);
+        if ((i != j) || (memcmp(buf,out_q,i) != 0))
+                {
+                BIO_printf(bio_err,"q value is wrong\n");
+                goto end;
+                }
+        i=BN_bn2bin(dsa->p,buf);
+        j=sizeof(out_p);
+        if ((i != j) || (memcmp(buf,out_p,i) != 0))
+                {
+                BIO_printf(bio_err,"p value is wrong\n");
+                goto end;
+                }
+        i=BN_bn2bin(dsa->g,buf);
+        j=sizeof(out_g);
+        if ((i != j) || (memcmp(buf,out_g,i) != 0))
+                {
+                BIO_printf(bio_err,"g value is wrong\n");
+                goto end;
+                }
+        ret=1;
+end:
+        if (!ret)
+                ERR_print_errors(bio_err);
+        if (bio_err != NULL) BIO_free(bio_err);
+        if (dsa != NULL) DSA_free(dsa);
+        exit(!ret);
+        return(0);
+        }
+static void MS_CALLBACK dsa_cb(p, n, arg)
+int p;
+int n;
+char *arg;
+        {
+        char c='*';
+        static int ok=0,num=0;
+        if (p == 0) { c='.'; num++; };
+        if (p == 1) c='+';
+        if (p == 2) { c='*'; ok++; }
+        if (p == 3) c='\n';
+        BIO_write((BIO *)arg,&c,1);
+        BIO_flush((BIO *)arg);
+        if (!ok && (p == 0) && (num > 1))
+                {
+                BIO_printf((BIO *)arg,"error in dsatest\n");
+                exit(1);
+                }
+        }
diff --git a/src/lib/libcrypto/dsa/fips186a.txt b/src/lib/libcrypto/dsa/fips186a.txt
new file mode 100644
index 0000000000..3a2e0a0d51
--- /dev/null
+++ b/src/lib/libcrypto/dsa/fips186a.txt
@@ -0,0 +1,122 @@
+The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
+examples.  This is an updated version that uses SHA-1 (FIPS 180-1)
+supplied to me by Wei Dai
+--
+                     APPENDIX 5. EXAMPLE OF THE DSA
+This appendix is for informational purposes only and is not required to meet
+the standard.
+Let L = 512 (size of p).  The values in this example are expressed in
+hexadecimal notation.  The p and q given here were generated by the prime
+generation standard described in appendix 2 using the 160-bit SEED:
+          d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
+With this SEED, the algorithm found p and q when the counter was at 105.
+x was generated by the algorithm described in appendix 3, section 3.1, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
+XSEED =   
+        bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
+t =
+        67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
+x = G(t,XSEED) mod q
+k was generated by the algorithm described in appendix 3, section 3.2, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
+KSEED =
+        687a66d9 0648f993 867e121f 4ddf9ddb 01205584
+t =
+        EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
+k = G(t,KSEED) mod q
+Finally:
+h = 2
+p =
+        8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
+        cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
+        49693dfb f83724c2 ec0736ee 31c80291
+q =
+        c773218c 737ec8ee 993b4f2d ed30f48e dace915f
+g =
+        626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
+        3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
+        c42e9f6f 464b088c c572af53 e6d78802
+x =
+        2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
+k =
+        358dad57 1462710f 50e254cf 1a376b2b deaadfbf
+kinv = 
+        0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
+M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
+SHA(M) =  
+        a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
+y =
+        19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85 
+        9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
+        858fba33 f44c0669 9630a76b 030ee333
+r =
+        8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
+s =
+        41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
+w =
+        9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
+u1 =
+        bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
+u2 =
+        821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
+gu1 mod p =
+        51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
+        9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
+        6f96662a 1987a21b e4ec1071 010b6069
+yu2 mod p =
+        8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
+        5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67 
+        c19441f4 22bf3c34 08aeba1f 0a4dbec7
+v =
+        8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
diff --git a/src/lib/libcrypto/evp/e_dsa.c b/src/lib/libcrypto/evp/e_dsa.c
new file mode 100644
index 0000000000..6715c3e95e
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_dsa.c
@@ -0,0 +1,71 @@
+/* crypto/evp/e_dsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static EVP_PKEY_METHOD dss_method=
+        {
+        DSA_sign,
+        DSA_verify,
+        {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,NULL},
+        };
diff --git a/src/lib/libcrypto/evp/m_md2.c b/src/lib/libcrypto/evp/m_md2.c
new file mode 100644
index 0000000000..2209416142
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_md2.c
@@ -0,0 +1,82 @@
+/* crypto/evp/m_md2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static EVP_MD md2_md=
+        {
+        NID_md2,
+        NID_md2WithRSAEncryption,
+        MD2_DIGEST_LENGTH,
+        MD2_Init,
+        MD2_Update,
+        MD2_Final,
+        EVP_PKEY_RSA_method,
+        MD2_BLOCK,
+        sizeof(EVP_MD *)+sizeof(MD2_CTX),
+        };
+EVP_MD *EVP_md2()
+        {
+        return(&md2_md);
+        }
diff --git a/src/lib/libcrypto/evp/m_mdc2.c b/src/lib/libcrypto/evp/m_mdc2.c
new file mode 100644
index 0000000000..64a853eb7f
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_mdc2.c
@@ -0,0 +1,81 @@
+/* crypto/evp/m_mdc2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static EVP_MD mdc2_md=
+        {
+        NID_mdc2,
+        NID_mdc2WithRSA,
+        MDC2_DIGEST_LENGTH,
+        MDC2_Init,
+        MDC2_Update,
+        MDC2_Final,
+        EVP_PKEY_RSA_ASN1_OCTET_STRING_method,
+        MDC2_BLOCK,
+        sizeof(EVP_MD *)+sizeof(MDC2_CTX),
+        };
+EVP_MD *EVP_mdc2()
+        {
+        return(&mdc2_md);
+        }
diff --git a/src/lib/libcrypto/evp/m_sha.c b/src/lib/libcrypto/evp/m_sha.c
new file mode 100644
index 0000000000..af4e434a22
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_sha.c
@@ -0,0 +1,82 @@
+/* crypto/evp/m_sha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static EVP_MD sha_md=
+        {
+        NID_sha,
+        NID_shaWithRSAEncryption,
+        SHA_DIGEST_LENGTH,
+        SHA_Init,
+        SHA_Update,
+        SHA_Final,
+        EVP_PKEY_RSA_method,
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+EVP_MD *EVP_sha()
+        {
+        return(&sha_md);
+        }
diff --git a/src/lib/libcrypto/hmac/hmactest.c b/src/lib/libcrypto/hmac/hmactest.c
new file mode 100644
index 0000000000..5938e375dc
--- /dev/null
+++ b/src/lib/libcrypto/hmac/hmactest.c
@@ -0,0 +1,147 @@
+/* crypto/hmac/hmactest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "hmac.h"
+struct test_st
+        {
+        unsigned char key[16];
+        int key_len;
+        unsigned char data[64];
+        int data_len;
+        unsigned char *digest;
+        } test[4]={
+        {       "",
+                0,
+                "More text test vectors to stuff up EBCDIC machines :-)",
+                54,
+                (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
+        },{     {0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
+                 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,},
+                16,
+                "Hi There",
+                8,
+                (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
+        },{     "Jefe",
+                4,
+                "what do ya want for nothing?",
+                28,
+                (unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
+        },{
+                {0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
+                 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,},
+                16,
+                {0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd},
+                50,
+                (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
+        },
+        };
+#ifndef NOPROTO
+static char *pt(unsigned char *md);
+#else
+static char *pt();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        char *p;
+        for (i=0; i<4; i++)
+                {
+                p=pt(HMAC(EVP_md5(),
+                        test[i].key, test[i].key_len,
+                        test[i].data, test[i].data_len,
+                        NULL,NULL));
+                if (strcmp(p,(char *)test[i].digest) != 0)
+                        {
+                        printf("error calculating HMAC on %d entry'\n",i);
+                        printf("got %s instead of %s\n",p,test[i].digest);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                }
+        exit(err);
+        return(0);
+        }
+static char *pt(md)
+unsigned char *md;
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<MD5_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
diff --git a/src/lib/libcrypto/lhash/lh_test.c b/src/lib/libcrypto/lhash/lh_test.c
new file mode 100644
index 0000000000..294b42bc82
--- /dev/null
+++ b/src/lib/libcrypto/lhash/lh_test.c
@@ -0,0 +1,89 @@
+/* crypto/lhash/lh_test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "lhash.h"
+main()
+        {
+        LHASH *conf;
+        char buf[256];
+        int i;
+        conf=lh_new(lh_strhash,strcmp);
+        for (;;)
+                {
+                char *p;
+                buf[0]='\0';
+                fgets(buf,256,stdin);
+                if (buf[0] == '\0') break;
+                buf[256]='\0';
+                i=strlen(buf);
+                p=Malloc(i+1);
+                memcpy(p,buf,i+1);
+                lh_insert(conf,p);
+                }
+        lh_node_stats(conf,stdout);
+        lh_stats(conf,stdout);
+        lh_node_usage_stats(conf,stdout);
+        exit(0);
+        }
diff --git a/src/lib/libcrypto/lhash/num.pl b/src/lib/libcrypto/lhash/num.pl
new file mode 100644
index 0000000000..4d937c1f90
--- /dev/null
+++ b/src/lib/libcrypto/lhash/num.pl
@@ -0,0 +1,17 @@
+#!/usr/bin/perl
+#node     10 ->   4
+while (<>)
+        {
+        next unless /^node/;
+        chop;
+        @a=split;
+        $num{$a[3]}++;
+        }
+@a=sort {$a <=> $b } keys %num;
+foreach (0 .. $a[$#a])
+        {
+        printf "%4d:%4d\n",$_,$num{$_};
+        }
diff --git a/src/lib/libcrypto/md2/md2.c b/src/lib/libcrypto/md2/md2.c
new file mode 100644
index 0000000000..7f3ab64a43
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2.c
@@ -0,0 +1,136 @@
+/* crypto/md2/md2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "md2.h"
+#define BUFSIZE 1024*16
+#ifndef NOPROTO
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+void exit(int);
+#else
+void do_fp();
+void pt();
+int read();
+void exit();
+#endif
+int main(argc, argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("MD2(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        return(err);
+        }
+void do_fp(f)
+FILE *f;
+        {
+        MD2_CTX c;
+        unsigned char md[MD2_DIGEST_LENGTH];
+        int fd,i;
+        static unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        MD2_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                MD2_Update(&c,buf,(unsigned long)i);
+                }
+        MD2_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(md)
+unsigned char *md;
+        {
+        int i;
+        for (i=0; i<MD2_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/md2/md2_dgst.c b/src/lib/libcrypto/md2/md2_dgst.c
new file mode 100644
index 0000000000..5cbd36f3fe
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2_dgst.c
@@ -0,0 +1,235 @@
+/* crypto/md2/md2_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "md2.h"
+char *MD2_version="MD2 part of SSLeay 0.9.0b 29-Jun-1998";
+/* Implemented from RFC1319 The MD2 Message-Digest Algorithm
+ */
+#define UCHAR   unsigned char
+#ifndef NOPROTO
+static void md2_block(MD2_CTX *c, unsigned char *d);
+#else
+static void md2_block();
+#endif
+/* The magic S table - I have converted it to hex since it is
+ * basicaly just a random byte string. */
+static MD2_INT S[256]={
+        0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
+        0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
+        0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
+        0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
+        0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
+        0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
+        0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
+        0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
+        0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
+        0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
+        0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
+        0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
+        0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
+        0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
+        0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+        0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
+        0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
+        0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
+        0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
+        0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
+        0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
+        0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
+        0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
+        0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
+        0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
+        0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
+        0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
+        0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
+        0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
+        0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+        0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
+        0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
+        };
+char *MD2_options()
+        {
+        if (sizeof(MD2_INT) == 1)
+                return("md2(char)");
+        else
+                return("md2(int)");
+        }
+void MD2_Init(c)
+MD2_CTX *c;
+        {
+        c->num=0;
+        memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT));
+        memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT));
+        memset(c->data,0,MD2_BLOCK);
+        }
+void MD2_Update(c, data, len)
+MD2_CTX *c;
+register unsigned char *data;
+unsigned long len;
+        {
+        register UCHAR *p;
+        if (len == 0) return;
+        p=c->data;
+        if (c->num != 0)
+                {
+                if ((c->num+len) >= MD2_BLOCK)
+                        {
+                        memcpy(&(p[c->num]),data,MD2_BLOCK-c->num);
+                        md2_block(c,c->data);
+                        data+=(MD2_BLOCK - c->num);
+                        len-=(MD2_BLOCK - c->num);
+                        c->num=0;
+                        /* drop through and do the rest */
+                        }
+                else
+                        {
+                        memcpy(&(p[c->num]),data,(int)len);
+                        /* data+=len; */
+                        c->num+=(int)len;
+                        return;
+                        }
+                }
+        /* we now can process the input data in blocks of MD2_BLOCK
+         * chars and save the leftovers to c->data. */
+        while (len >= MD2_BLOCK)
+                {
+                md2_block(c,data);
+                data+=MD2_BLOCK;
+                len-=MD2_BLOCK;
+                }
+        memcpy(p,data,(int)len);
+        c->num=(int)len;
+        }
+static void md2_block(c, d)
+MD2_CTX *c;
+unsigned char *d;
+        {
+        register MD2_INT t,*sp1,*sp2;
+        register int i,j;
+        MD2_INT state[48];
+        sp1=c->state;
+        sp2=c->cksm;
+        j=sp2[MD2_BLOCK-1];
+        for (i=0; i<16; i++)
+                {
+                state[i]=sp1[i];
+                state[i+16]=t=d[i];
+                state[i+32]=(t^sp1[i]);
+                j=sp2[i]^=S[t^j];
+                }
+        t=0;
+        for (i=0; i<18; i++)
+                {
+                for (j=0; j<48; j+=8)
+                        {
+                        t= state[j+ 0]^=S[t];
+                        t= state[j+ 1]^=S[t];
+                        t= state[j+ 2]^=S[t];
+                        t= state[j+ 3]^=S[t];
+                        t= state[j+ 4]^=S[t];
+                        t= state[j+ 5]^=S[t];
+                        t= state[j+ 6]^=S[t];
+                        t= state[j+ 7]^=S[t];
+                        }
+                t=(t+i)&0xff;
+                }
+        memcpy(sp1,state,16*sizeof(MD2_INT));
+        memset(state,0,48*sizeof(MD2_INT));
+        }
+void MD2_Final(md, c)
+unsigned char *md;
+MD2_CTX *c;
+        {
+        int i,v;
+        register UCHAR *cp;
+        register MD2_INT *p1,*p2;
+        cp=c->data;
+        p1=c->state;
+        p2=c->cksm;
+        v=MD2_BLOCK-c->num;
+        for (i=c->num; i<MD2_BLOCK; i++)
+                cp[i]=(UCHAR)v;
+        md2_block(c,cp);
+        for (i=0; i<MD2_BLOCK; i++)
+                cp[i]=(UCHAR)p2[i];
+        md2_block(c,cp);
+        for (i=0; i<16; i++)
+                md[i]=(UCHAR)(p1[i]&0xff);
+        memset((char *)&c,0,sizeof(c));
+        }
diff --git a/src/lib/libcrypto/md2/md2_one.c b/src/lib/libcrypto/md2/md2_one.c
new file mode 100644
index 0000000000..513bf62fdb
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2_one.c
@@ -0,0 +1,80 @@
+/* crypto/md2/md2_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "md2.h"
+/* This is a separate file so that #defines in cryptlib.h can
+ * map my MD functions to different names */
+unsigned char *MD2(d, n, md)
+unsigned char *d;
+unsigned long n;
+unsigned char *md;
+        {
+        MD2_CTX c;
+        static unsigned char m[MD2_DIGEST_LENGTH];
+        if (md == NULL) md=m;
+        MD2_Init(&c);
+        MD2_Update(&c,d,n);
+        MD2_Final(md,&c);
+        memset(&c,0,sizeof(c)); /* Security consideration */
+        return(md);
+        }
diff --git a/src/lib/libcrypto/md2/md2test.c b/src/lib/libcrypto/md2/md2test.c
new file mode 100644
index 0000000000..55924d44cd
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2test.c
@@ -0,0 +1,130 @@
+/* crypto/md2/md2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "md2.h"
+char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+char *ret[]={
+        "8350e5a3e24c153df2275c9f80692773",
+        "32ec01ec4a6dac72c0ab96fb34c0b5d1",
+        "da853b0d3f88d99b30283a69e6ded6bb",
+        "ab4f496bfb2a530b219ff33031fe06b0",
+        "4e8ddff3650292ab5a4108c3aa47940b",
+        "da33def2a42df13975352846c30338cd",
+        "d5976f79d83d3a0dc9806c3c66f3efd8",
+        };
+#ifndef NOPROTO
+static char *pt(unsigned char *md);
+#else
+static char *pt();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        char **P,**R;
+        char *p;
+        P=test;
+        R=ret;
+        i=1;
+        while (*P != NULL)
+                {
+                p=pt(MD2((unsigned char *)*P,(unsigned long)strlen(*P),NULL));
+                if (strcmp(p,*R) != 0)
+                        {
+                        printf("error calculating MD2 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        exit(err);
+        return(0);
+        }
+static char *pt(md)
+unsigned char *md;
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<MD2_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
diff --git a/src/lib/libcrypto/md5/md5.c b/src/lib/libcrypto/md5/md5.c
new file mode 100644
index 0000000000..9d6f5a6003
--- /dev/null
+++ b/src/lib/libcrypto/md5/md5.c
@@ -0,0 +1,135 @@
+/* crypto/md5/md5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "md5.h"
+#define BUFSIZE 1024*16
+#ifndef NOPROTO
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+#else
+void do_fp();
+void pt();
+int read();
+#endif
+int main(argc, argv)
+int argc;
+char **argv;
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("MD5(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+void do_fp(f)
+FILE *f;
+        {
+        MD5_CTX c;
+        unsigned char md[MD5_DIGEST_LENGTH];
+        int fd;
+        int i;
+        static unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        MD5_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                MD5_Update(&c,buf,(unsigned long)i);
+                }
+        MD5_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(md)
+unsigned char *md;
+        {
+        int i;
+        for (i=0; i<MD5_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/md5/md5s.cpp b/src/lib/libcrypto/md5/md5s.cpp
new file mode 100644
index 0000000000..ef8e175df0
--- /dev/null
+++ b/src/lib/libcrypto/md5/md5s.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "md5.h"
+extern "C" {
+void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
+}
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        MD5_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        md5_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        md5_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        md5_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        md5_block_x86(&ctx,buffer,num);
+                        }
+                printf("md5 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
diff --git a/src/lib/libcrypto/md5/md5test.c b/src/lib/libcrypto/md5/md5test.c
new file mode 100644
index 0000000000..74b84bc67f
--- /dev/null
+++ b/src/lib/libcrypto/md5/md5test.c
@@ -0,0 +1,130 @@
+/* crypto/md5/md5test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "md5.h"
+char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+char *ret[]={
+        "d41d8cd98f00b204e9800998ecf8427e",
+        "0cc175b9c0f1b6a831c399e269772661",
+        "900150983cd24fb0d6963f7d28e17f72",
+        "f96b697d7cb7938d525a2f31aaf161d0",
+        "c3fcd3d76192e4007dfb496cca67e13b",
+        "d174ab98d277d9f5a5611c2c9f419d9f",
+        "57edf4a22be3c955ac49da2e2107b67a",
+        };
+#ifndef NOPROTO
+static char *pt(unsigned char *md);
+#else
+static char *pt();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        char *p;
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                p=pt(MD5(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating MD5 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        exit(err);
+        return(0);
+        }
+static char *pt(md)
+unsigned char *md;
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<MD5_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
diff --git a/src/lib/libcrypto/mdc2/mdc2.h b/src/lib/libcrypto/mdc2/mdc2.h
new file mode 100644
index 0000000000..0b104be184
--- /dev/null
+++ b/src/lib/libcrypto/mdc2/mdc2.h
@@ -0,0 +1,100 @@
+/* crypto/mdc2/mdc2.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_MDC2_H
+#define HEADER_MDC2_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "des.h"
+#define MDC2_BLOCK              8
+#define MDC2_DIGEST_LENGTH      16
+ 
+typedef struct mdc2_ctx_st
+        {
+        int num;
+        unsigned char data[MDC2_BLOCK];
+        des_cblock h,hh;
+        int pad_type; /* either 1 or 2, default 1 */
+        } MDC2_CTX;
+#ifndef NOPROTO
+void MDC2_Init(MDC2_CTX *c);
+void MDC2_Update(MDC2_CTX *c, unsigned char *data, unsigned long len);
+void MDC2_Final(unsigned char *md, MDC2_CTX *c);
+unsigned char *MDC2(unsigned char *d, unsigned long n, unsigned char *md);
+#else
+void MDC2_Init();
+void MDC2_Update();
+void MDC2_Final();
+unsigned char *MDC2();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c
new file mode 100644
index 0000000000..72e501ad0f
--- /dev/null
+++ b/src/lib/libcrypto/mem.c
@@ -0,0 +1,353 @@
+/* crypto/mem.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "buffer.h"
+#include "bio.h"
+#include "lhash.h"
+#include "cryptlib.h"
+static int mh_mode=CRYPTO_MEM_CHECK_OFF;
+static unsigned long order=0;
+static LHASH *mh=NULL;
+typedef struct mem_st
+        {
+        char *addr;
+        int num;
+        char *file;
+        int line;
+        unsigned long order;
+        } MEM;
+int CRYPTO_mem_ctrl(mode)
+int mode;
+        {
+        int ret=mh_mode;
+        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+        switch (mode)
+                {
+        case CRYPTO_MEM_CHECK_ON:
+                mh_mode|=CRYPTO_MEM_CHECK_ON;
+                break;
+        case CRYPTO_MEM_CHECK_OFF:
+                mh_mode&= ~CRYPTO_MEM_CHECK_ON;
+                break;
+        default:
+                break;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+        return(ret);
+        }
+static int mem_cmp(a,b)
+MEM *a,*b;
+        {
+        return(a->addr - b->addr);
+        }
+static unsigned long mem_hash(a)
+MEM *a;
+        {
+        unsigned long ret;
+        ret=(unsigned long)a->addr;
+        ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
+        return(ret);
+        }
+static char *(*malloc_func)()=  (char *(*)())malloc;
+static char *(*realloc_func)()= (char *(*)())realloc;
+static void (*free_func)()=     (void (*)())free;
+void CRYPTO_set_mem_functions(m,r,f)
+char *(*m)();
+char *(*r)();
+void (*f)();
+        {
+        if ((m == NULL) || (r == NULL) || (f == NULL)) return;
+        malloc_func=m;
+        realloc_func=r;
+        free_func=f;
+        }
+void CRYPTO_get_mem_functions(m,r,f)
+char *(**m)();
+char *(**r)();
+void (**f)();
+        {
+        if (m != NULL) *m=malloc_func;
+        if (r != NULL) *r=realloc_func;
+        if (f != NULL) *f=free_func;
+        }
+char *CRYPTO_malloc(num)
+int num;
+        {
+        return(malloc_func(num));
+        }
+char *CRYPTO_realloc(str,num)
+char *str;
+int num;
+        {
+        return(realloc_func(str,num));
+        }
+void CRYPTO_free(str)
+char *str;
+        {
+        free_func(str);
+        }
+char *CRYPTO_dbg_malloc(num,file,line)
+int num;
+char *file;
+int line;
+        {
+        char *ret;
+        MEM *m,*mm;
+        if ((ret=malloc_func(num)) == NULL)
+                return(NULL);
+        if (mh_mode & CRYPTO_MEM_CHECK_ON)
+                {
+                if ((m=(MEM *)malloc(sizeof(MEM))) == NULL)
+                        {
+                        free(ret);
+                        return(NULL);
+                        }
+                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+                if (mh == NULL)
+                        {
+                        if ((mh=lh_new(mem_hash,mem_cmp)) == NULL)
+                                {
+                                free(ret);
+                                free(m);
+                                return(NULL);
+                                }
+                        }
+                m->addr=ret;
+                m->file=file;
+                m->line=line;
+                m->num=num;
+                m->order=order++;
+                if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
+                        {
+                        /* Not good, but don't sweat it */
+                        free(mm);
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+                }
+        return(ret);
+        }
+void CRYPTO_dbg_free(addr)
+char *addr;
+        {
+        MEM m,*mp;
+        if ((mh_mode & CRYPTO_MEM_CHECK_ON) && (mh != NULL))
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+                m.addr=addr;
+                mp=(MEM *)lh_delete(mh,(char *)&m);
+                if (mp != NULL)
+                        free(mp);
+                CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+                }
+        free_func(addr);
+        }
+char *CRYPTO_dbg_realloc(addr,num,file,line)
+char *addr;
+int num;
+char *file;
+int line;
+        {
+        char *ret;
+        MEM m,*mp;
+        ret=realloc_func(addr,num);
+        if (ret == addr) return(ret);
+        if (mh_mode & CRYPTO_MEM_CHECK_ON)
+                {
+                if (ret == NULL) return(NULL);
+                m.addr=addr;
+                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+                mp=(MEM *)lh_delete(mh,(char *)&m);
+                if (mp != NULL)
+                        {
+                        mp->addr=ret;
+                        lh_insert(mh,(char *)mp);
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+                }
+        return(ret);
+        }
+char *CRYPTO_remalloc(a,n)
+char *a;
+int n;
+        {
+        if (a != NULL) Free(a);
+        a=(char *)Malloc(n);
+        return(a);
+        }
+char *CRYPTO_dbg_remalloc(a,n,file,line)
+char *a;
+int n;
+char *file;
+int line;
+        {
+        if (a != NULL) CRYPTO_dbg_free(a);
+        a=(char *)CRYPTO_dbg_malloc(n,file,line);
+        return(a);
+        }
+typedef struct mem_leak_st
+        {
+        BIO *bio;
+        int chunks;
+        long bytes;
+        } MEM_LEAK;
+static void print_leak(m,l)
+MEM *m;
+MEM_LEAK *l;
+        {
+        char buf[128];
+        sprintf(buf,"%5ld file=%s, line=%d, number=%d, address=%08lX\n",
+                m->order,m->file,m->line,m->num,(long)m->addr);
+        BIO_puts(l->bio,buf);
+        l->chunks++;
+        l->bytes+=m->num;
+        }
+void CRYPTO_mem_leaks(b)
+BIO *b;
+        {
+        MEM_LEAK ml;
+        char buf[80];
+        if (mh == NULL) return;
+        ml.bio=b;
+        ml.bytes=0;
+        ml.chunks=0;
+        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+        lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml);
+        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+        if (ml.chunks != 0)
+                {
+                sprintf(buf,"%ld bytes leaked in %d chunks\n",
+                        ml.bytes,ml.chunks);
+                BIO_puts(b,buf);
+                }
+        /*
+        lh_stats_bio(mh,b);
+        lh_node_stats_bio(mh,b);
+        lh_node_usage_stats_bio(mh,b);
+        */
+        }
+static void (*mem_cb)()=NULL;
+static void cb_leak(m,cb)
+MEM *m;
+char *cb;
+        {
+        void (*mem_callback)()=(void (*)())cb;
+        mem_callback(m->order,m->file,m->line,m->num,m->addr);
+        }
+void CRYPTO_mem_leaks_cb(cb)
+void (*cb)();
+        {
+        if (mh == NULL) return;
+        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+        mem_cb=cb;
+        lh_doall_arg(mh,(void (*)())cb_leak,(char *)mem_cb);
+        mem_cb=NULL;
+        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+        }
+#ifndef NO_FP_API
+void CRYPTO_mem_leaks_fp(fp)
+FILE *fp;
+        {
+        BIO *b;
+        if (mh == NULL) return;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                return;
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        CRYPTO_mem_leaks(b);
+        BIO_free(b);
+        }
+#endif
diff --git a/src/lib/libcrypto/objects/obj_dat.h b/src/lib/libcrypto/objects/obj_dat.h
new file mode 100644
index 0000000000..48143ae3c7
--- /dev/null
+++ b/src/lib/libcrypto/objects/obj_dat.h
@@ -0,0 +1,656 @@
+/* lib/obj/obj_dat.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
+ * following command:
+ * perl obj_dat.pl < objects.h > obj_dat.h
+ */
+#define NUM_NID 124
+#define NUM_SN 95
+#define NUM_LN 122
+#define NUM_OBJ 95
+static unsigned char lvalues[600]={
+0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,     /* [ 21] OBJ_md5 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,     /* [ 29] OBJ_rc4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 55] OBJ_md5WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 64] OBJ_pbeWithMD2AndDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 73] OBJ_pbeWithMD5AndDES_CBC */
+0x55,                                        /* [ 82] OBJ_X500 */
+0x55,0x04,                                   /* [ 83] OBJ_X509 */
+0x55,0x04,0x03,                              /* [ 85] OBJ_commonName */
+0x55,0x04,0x06,                              /* [ 88] OBJ_countryName */
+0x55,0x04,0x07,                              /* [ 91] OBJ_localityName */
+0x55,0x04,0x08,                              /* [ 94] OBJ_stateOrProvinceName */
+0x55,0x04,0x0A,                              /* [ 97] OBJ_organizationName */
+0x55,0x04,0x0B,                              /* [100] OBJ_organizationalUnitName */
+0x55,0x08,0x01,0x01,                         /* [103] OBJ_rsa */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,     /* [107] OBJ_pkcs7 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [115] OBJ_pkcs7_data */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [124] OBJ_pkcs7_signed */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [133] OBJ_pkcs7_enveloped */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [142] OBJ_pkcs7_signedAndEnveloped */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [151] OBJ_pkcs7_digest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [160] OBJ_pkcs7_encrypted */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,     /* [169] OBJ_pkcs3 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [177] OBJ_dhKeyAgreement */
+0x2B,0x0E,0x03,0x02,0x06,                    /* [186] OBJ_des_ecb */
+0x2B,0x0E,0x03,0x02,0x09,                    /* [191] OBJ_des_cfb64 */
+0x2B,0x0E,0x03,0x02,0x07,                    /* [196] OBJ_des_cbc */
+0x2B,0x0E,0x03,0x02,0x11,                    /* [201] OBJ_des_ede */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [206] OBJ_rc2_cbc */
+0x2B,0x0E,0x03,0x02,0x12,                    /* [214] OBJ_sha */
+0x2B,0x0E,0x03,0x02,0x0F,                    /* [219] OBJ_shaWithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,     /* [224] OBJ_des_ede3_cbc */
+0x2B,0x0E,0x03,0x02,0x08,                    /* [232] OBJ_des_ofb64 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,     /* [237] OBJ_pkcs9 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [245] OBJ_pkcs9_emailAddress */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [254] OBJ_pkcs9_unstructuredName */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [263] OBJ_pkcs9_contentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [272] OBJ_pkcs9_messageDigest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [281] OBJ_pkcs9_signingTime */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [290] OBJ_pkcs9_countersignature */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [299] OBJ_pkcs9_challengePassword */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [308] OBJ_pkcs9_unstructuredAddress */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [317] OBJ_pkcs9_extCertAttributes */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,          /* [326] OBJ_netscape */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,     /* [333] OBJ_netscape_cert_extension */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,     /* [341] OBJ_netscape_data_type */
+0x2B,0x0E,0x03,0x02,0x1A,                    /* [349] OBJ_sha1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [354] OBJ_sha1WithRSAEncryption */
+0x2B,0x0E,0x03,0x02,0x0D,                    /* [363] OBJ_dsaWithSHA */
+0x2B,0x0E,0x03,0x02,0x0C,                    /* [368] OBJ_dsa_2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [373] OBJ_pbeWithSHA1AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [382] OBJ_pbeWithSHA1AndRC4 */
+0x2B,0x0E,0x03,0x02,0x1B,                    /* [391] OBJ_dsaWithSHA1_2 */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [396] OBJ_netscape_cert_type */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [405] OBJ_netscape_base_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [414] OBJ_netscape_revocation_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [423] OBJ_netscape_ca_revocation_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [432] OBJ_netscape_renewal_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [441] OBJ_netscape_ca_policy_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [450] OBJ_netscape_ssl_server_name */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [459] OBJ_netscape_comment */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [468] OBJ_netscape_cert_sequence */
+0x55,0x1D,                                   /* [477] OBJ_ld_ce */
+0x55,0x1D,0x0E,                              /* [479] OBJ_subject_key_identifier */
+0x55,0x1D,0x0F,                              /* [482] OBJ_key_usage */
+0x55,0x1D,0x10,                              /* [485] OBJ_private_key_usage_period */
+0x55,0x1D,0x11,                              /* [488] OBJ_subject_alt_name */
+0x55,0x1D,0x12,                              /* [491] OBJ_issuer_alt_name */
+0x55,0x1D,0x13,                              /* [494] OBJ_basic_constraints */
+0x55,0x1D,0x14,                              /* [497] OBJ_crl_number */
+0x55,0x1D,0x20,                              /* [500] OBJ_certificate_policies */
+0x55,0x1D,0x23,                              /* [503] OBJ_authority_key_identifier */
+0x55,0x08,0x03,0x65,                         /* [506] OBJ_mdc2 */
+0x55,0x08,0x03,0x64,                         /* [510] OBJ_mdc2WithRSA */
+0x55,0x04,0x2A,                              /* [514] OBJ_givenName */
+0x55,0x04,0x04,                              /* [517] OBJ_surname */
+0x55,0x04,0x2B,                              /* [520] OBJ_initials */
+0x55,0x04,0x2D,                              /* [523] OBJ_uniqueIdentifier */
+0x55,0x1D,0x1F,                              /* [526] OBJ_crl_distribution_points */
+0x2B,0x0E,0x03,0x02,0x03,                    /* [529] OBJ_md5WithRSA */
+0x55,0x04,0x05,                              /* [534] OBJ_serialNumber */
+0x55,0x04,0x0C,                              /* [537] OBJ_title */
+0x55,0x04,0x0D,                              /* [540] OBJ_description */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [543] OBJ_cast5_cbc */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [552] OBJ_pbeWithMD5AndCast5_CBC */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [561] OBJ_dsaWithSHA1 */
+0x2B,0x0E,0x03,0x02,0x1D,                    /* [568] OBJ_sha1WithRSA */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [573] OBJ_dsa */
+0x2B,0x24,0x03,0x02,0x01,                    /* [580] OBJ_ripemd160 */
+0x2B,0x24,0x03,0x03,0x01,0x02,               /* [585] OBJ_ripemd160WithRSA */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [591] OBJ_rc5_cbc */
+};
+static ASN1_OBJECT nid_objs[NUM_NID]={
+{"UNDEF","undefined",NID_undef,0,NULL},
+{"rsadsi","rsadsi",NID_rsadsi,6,&(lvalues[0]),0},
+{"pkcs","pkcs",NID_pkcs,7,&(lvalues[6]),0},
+{"MD2","md2",NID_md2,8,&(lvalues[13]),0},
+{"MD5","md5",NID_md5,8,&(lvalues[21]),0},
+{"RC4","rc4",NID_rc4,8,&(lvalues[29]),0},
+{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[37]),0},
+{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9,
+        &(lvalues[46]),0},
+{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9,
+        &(lvalues[55]),0},
+{"pbeWithMD2AndDES-CBC","pbeWithMD2AndDES-CBC",
+        NID_pbeWithMD2AndDES_CBC,9,&(lvalues[64]),0},
+{"pbeWithMD5AndDES-CBC","pbeWithMD5AndDES-CBC",
+        NID_pbeWithMD5AndDES_CBC,9,&(lvalues[73]),0},
+{"X500","X500",NID_X500,1,&(lvalues[82]),0},
+{"X509","X509",NID_X509,2,&(lvalues[83]),0},
+{"CN","commonName",NID_commonName,3,&(lvalues[85]),0},
+{"C","countryName",NID_countryName,3,&(lvalues[88]),0},
+{"L","localityName",NID_localityName,3,&(lvalues[91]),0},
+{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[94]),0},
+{"O","organizationName",NID_organizationName,3,&(lvalues[97]),0},
+{"OU","organizationalUnitName",NID_organizationalUnitName,3,
+        &(lvalues[100]),0},
+{"RSA","rsa",NID_rsa,4,&(lvalues[103]),0},
+{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[107]),0},
+{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[115]),0},
+{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9,
+        &(lvalues[124]),0},
+{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9,
+        &(lvalues[133]),0},
+{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData",
+        NID_pkcs7_signedAndEnveloped,9,&(lvalues[142]),0},
+{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9,
+        &(lvalues[151]),0},
+{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9,
+        &(lvalues[160]),0},
+{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[169]),0},
+{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9,
+        &(lvalues[177]),0},
+{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[186]),0},
+{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[191]),0},
+{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[196]),0},
+{"DES-EDE","des-ede",NID_des_ede,5,&(lvalues[201]),0},
+{"DES-EDE3","des-ede3",NID_des_ede3,0,NULL},
+{"IDEA-CBC","idea-cbc",NID_idea_cbc,0,NULL},
+{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL},
+{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL},
+{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[206]),0},
+{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL},
+{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL},
+{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL},
+{"SHA","sha",NID_sha,5,&(lvalues[214]),0},
+{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5,
+        &(lvalues[219]),0},
+{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL},
+{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[224]),0},
+{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[232]),0},
+{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL},
+{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[237]),0},
+{"Email","emailAddress",NID_pkcs9_emailAddress,9,&(lvalues[245]),0},
+{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9,
+        &(lvalues[254]),0},
+{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[263]),0},
+{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9,
+        &(lvalues[272]),0},
+{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[281]),0},
+{"countersignature","countersignature",NID_pkcs9_countersignature,9,
+        &(lvalues[290]),0},
+{"challengePassword","challengePassword",NID_pkcs9_challengePassword,
+        9,&(lvalues[299]),0},
+{"unstructuredAddress","unstructuredAddress",
+        NID_pkcs9_unstructuredAddress,9,&(lvalues[308]),0},
+{"extendedCertificateAttributes","extendedCertificateAttributes",
+        NID_pkcs9_extCertAttributes,9,&(lvalues[317]),0},
+{"Netscape","Netscape Communications Corp.",NID_netscape,7,
+        &(lvalues[326]),0},
+{"nsCertExt","Netscape Certificate Extension",
+        NID_netscape_cert_extension,8,&(lvalues[333]),0},
+{"nsDataType","Netscape Data Type",NID_netscape_data_type,8,
+        &(lvalues[341]),0},
+{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL},
+{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL},
+{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL},
+{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL},
+{"SHA1","sha1",NID_sha1,5,&(lvalues[349]),0},
+{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,
+        &(lvalues[354]),0},
+{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[363]),0},
+{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[368]),0},
+{"pbeWithSHA1AndRC2-CBC","pbeWithSHA1AndRC2-CBC",
+        NID_pbeWithSHA1AndRC2_CBC,9,&(lvalues[373]),0},
+{"pbeWithSHA1AndRC4","pbeWithSHA1AndRC4",NID_pbeWithSHA1AndRC4,9,
+        &(lvalues[382]),0},
+{"DSA-SHA1-old","dsaWithSHA1",NID_dsaWithSHA1_2,5,&(lvalues[391]),0},
+{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9,
+        &(lvalues[396]),0},
+{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9,
+        &(lvalues[405]),0},
+{"nsRevocationUrl","Netscape Revocation Url",
+        NID_netscape_revocation_url,9,&(lvalues[414]),0},
+{"nsCaRevocationUrl","Netscape CA Revocation Url",
+        NID_netscape_ca_revocation_url,9,&(lvalues[423]),0},
+{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9,
+        &(lvalues[432]),0},
+{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url,
+        9,&(lvalues[441]),0},
+{"nsSslServerName","Netscape SSL Server Name",
+        NID_netscape_ssl_server_name,9,&(lvalues[450]),0},
+{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[459]),0},
+{"nsCertSequence","Netscape Certificate Sequence",
+        NID_netscape_cert_sequence,9,&(lvalues[468]),0},
+{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL},
+{"ld-ce","ld-ce",NID_ld_ce,2,&(lvalues[477]),0},
+{"subjectKeyIdentifier","X509v3 Subject Key Identifier",
+        NID_subject_key_identifier,3,&(lvalues[479]),0},
+{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[482]),0},
+{"privateKeyUsagePeriod","X509v3 Private Key Usage Period",
+        NID_private_key_usage_period,3,&(lvalues[485]),0},
+{"subjectAltName","X509v3 Subject Alternative Name",
+        NID_subject_alt_name,3,&(lvalues[488]),0},
+{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name,
+        3,&(lvalues[491]),0},
+{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints,
+        3,&(lvalues[494]),0},
+{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[497]),0},
+{"certificatePolicies","X509v3 Certificate Policies",
+        NID_certificate_policies,3,&(lvalues[500]),0},
+{"authorityKeyIdentifier","X509v3 Authority Key Identifier",
+        NID_authority_key_identifier,3,&(lvalues[503]),0},
+{"BF-CBC","bf-cbc",NID_bf_cbc,0,NULL},
+{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL},
+{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL},
+{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL},
+{"MDC2","mdc2",NID_mdc2,4,&(lvalues[506]),0},
+{"RSA-MDC2","mdc2withRSA",NID_mdc2WithRSA,4,&(lvalues[510]),0},
+{"RC4-40","rc4-40",NID_rc4_40,0,NULL},
+{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
+{"G","givenName",NID_givenName,3,&(lvalues[514]),0},
+{"S","surname",NID_surname,3,&(lvalues[517]),0},
+{"I","initials",NID_initials,3,&(lvalues[520]),0},
+{"UID","uniqueIdentifier",NID_uniqueIdentifier,3,&(lvalues[523]),0},
+{"crlDistributionPoints","X509v3 CRL Distribution Points",
+        NID_crl_distribution_points,3,&(lvalues[526]),0},
+{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[529]),0},
+{"SN","serialNumber",NID_serialNumber,3,&(lvalues[534]),0},
+{"T","title",NID_title,3,&(lvalues[537]),0},
+{"D","description",NID_description,3,&(lvalues[540]),0},
+{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[543]),0},
+{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL},
+{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL},
+{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL},
+{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
+        NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[552]),0},
+{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[561]),0},
+{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL},
+{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[568]),0},
+{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[573]),0},
+{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[580]),0},
+{NULL,NULL,NID_undef,0,NULL},
+{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
+        &(lvalues[585]),0},
+{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[591]),0},
+{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL},
+{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL},
+{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL},
+};
+static ASN1_OBJECT *sn_objs[NUM_SN]={
+&(nid_objs[91]),/* "BF-CBC" */
+&(nid_objs[93]),/* "BF-CFB" */
+&(nid_objs[92]),/* "BF-ECB" */
+&(nid_objs[94]),/* "BF-OFB" */
+&(nid_objs[14]),/* "C" */
+&(nid_objs[108]),/* "CAST5-CBC" */
+&(nid_objs[110]),/* "CAST5-CFB" */
+&(nid_objs[109]),/* "CAST5-ECB" */
+&(nid_objs[111]),/* "CAST5-OFB" */
+&(nid_objs[13]),/* "CN" */
+&(nid_objs[107]),/* "D" */
+&(nid_objs[31]),/* "DES-CBC" */
+&(nid_objs[30]),/* "DES-CFB" */
+&(nid_objs[29]),/* "DES-ECB" */
+&(nid_objs[32]),/* "DES-EDE" */
+&(nid_objs[43]),/* "DES-EDE-CBC" */
+&(nid_objs[60]),/* "DES-EDE-CFB" */
+&(nid_objs[62]),/* "DES-EDE-OFB" */
+&(nid_objs[33]),/* "DES-EDE3" */
+&(nid_objs[44]),/* "DES-EDE3-CBC" */
+&(nid_objs[61]),/* "DES-EDE3-CFB" */
+&(nid_objs[63]),/* "DES-EDE3-OFB" */
+&(nid_objs[45]),/* "DES-OFB" */
+&(nid_objs[80]),/* "DESX-CBC" */
+&(nid_objs[116]),/* "DSA" */
+&(nid_objs[66]),/* "DSA-SHA" */
+&(nid_objs[113]),/* "DSA-SHA1" */
+&(nid_objs[70]),/* "DSA-SHA1-old" */
+&(nid_objs[67]),/* "DSA-old" */
+&(nid_objs[48]),/* "Email" */
+&(nid_objs[99]),/* "G" */
+&(nid_objs[101]),/* "I" */
+&(nid_objs[34]),/* "IDEA-CBC" */
+&(nid_objs[35]),/* "IDEA-CFB" */
+&(nid_objs[36]),/* "IDEA-ECB" */
+&(nid_objs[46]),/* "IDEA-OFB" */
+&(nid_objs[15]),/* "L" */
+&(nid_objs[ 3]),/* "MD2" */
+&(nid_objs[ 4]),/* "MD5" */
+&(nid_objs[114]),/* "MD5-SHA1" */
+&(nid_objs[95]),/* "MDC2" */
+&(nid_objs[57]),/* "Netscape" */
+&(nid_objs[17]),/* "O" */
+&(nid_objs[18]),/* "OU" */
+&(nid_objs[98]),/* "RC2-40-CBC" */
+&(nid_objs[37]),/* "RC2-CBC" */
+&(nid_objs[39]),/* "RC2-CFB" */
+&(nid_objs[38]),/* "RC2-ECB" */
+&(nid_objs[40]),/* "RC2-OFB" */
+&(nid_objs[ 5]),/* "RC4" */
+&(nid_objs[97]),/* "RC4-40" */
+&(nid_objs[120]),/* "RC5-CBC" */
+&(nid_objs[122]),/* "RC5-CFB" */
+&(nid_objs[121]),/* "RC5-ECB" */
+&(nid_objs[123]),/* "RC5-OFB" */
+&(nid_objs[117]),/* "RIPEMD160" */
+&(nid_objs[19]),/* "RSA" */
+&(nid_objs[ 7]),/* "RSA-MD2" */
+&(nid_objs[ 8]),/* "RSA-MD5" */
+&(nid_objs[96]),/* "RSA-MDC2" */
+&(nid_objs[104]),/* "RSA-NP-MD5" */
+&(nid_objs[119]),/* "RSA-RIPEMD160" */
+&(nid_objs[42]),/* "RSA-SHA" */
+&(nid_objs[65]),/* "RSA-SHA1" */
+&(nid_objs[115]),/* "RSA-SHA1-2" */
+&(nid_objs[100]),/* "S" */
+&(nid_objs[41]),/* "SHA" */
+&(nid_objs[64]),/* "SHA1" */
+&(nid_objs[105]),/* "SN" */
+&(nid_objs[16]),/* "ST" */
+&(nid_objs[106]),/* "T" */
+&(nid_objs[102]),/* "UID" */
+&(nid_objs[ 0]),/* "UNDEF" */
+&(nid_objs[90]),/* "authorityKeyIdentifier" */
+&(nid_objs[87]),/* "basicConstraints" */
+&(nid_objs[89]),/* "certificatePolicies" */
+&(nid_objs[103]),/* "crlDistributionPoints" */
+&(nid_objs[88]),/* "crlNumber" */
+&(nid_objs[86]),/* "issuerAltName" */
+&(nid_objs[83]),/* "keyUsage" */
+&(nid_objs[81]),/* "ld-ce" */
+&(nid_objs[72]),/* "nsBaseUrl" */
+&(nid_objs[76]),/* "nsCaPolicyUrl" */
+&(nid_objs[74]),/* "nsCaRevocationUrl" */
+&(nid_objs[58]),/* "nsCertExt" */
+&(nid_objs[79]),/* "nsCertSequence" */
+&(nid_objs[71]),/* "nsCertType" */
+&(nid_objs[78]),/* "nsComment" */
+&(nid_objs[59]),/* "nsDataType" */
+&(nid_objs[75]),/* "nsRenewalUrl" */
+&(nid_objs[73]),/* "nsRevocationUrl" */
+&(nid_objs[77]),/* "nsSslServerName" */
+&(nid_objs[84]),/* "privateKeyUsagePeriod" */
+&(nid_objs[85]),/* "subjectAltName" */
+&(nid_objs[82]),/* "subjectKeyIdentifier" */
+};
+static ASN1_OBJECT *ln_objs[NUM_LN]={
+&(nid_objs[72]),/* "Netscape Base Url" */
+&(nid_objs[76]),/* "Netscape CA Policy Url" */
+&(nid_objs[74]),/* "Netscape CA Revocation Url" */
+&(nid_objs[71]),/* "Netscape Cert Type" */
+&(nid_objs[58]),/* "Netscape Certificate Extension" */
+&(nid_objs[79]),/* "Netscape Certificate Sequence" */
+&(nid_objs[78]),/* "Netscape Comment" */
+&(nid_objs[57]),/* "Netscape Communications Corp." */
+&(nid_objs[59]),/* "Netscape Data Type" */
+&(nid_objs[75]),/* "Netscape Renewal Url" */
+&(nid_objs[73]),/* "Netscape Revocation Url" */
+&(nid_objs[77]),/* "Netscape SSL Server Name" */
+&(nid_objs[11]),/* "X500" */
+&(nid_objs[12]),/* "X509" */
+&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
+&(nid_objs[87]),/* "X509v3 Basic Constraints" */
+&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
+&(nid_objs[88]),/* "X509v3 CRL Number" */
+&(nid_objs[89]),/* "X509v3 Certificate Policies" */
+&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
+&(nid_objs[83]),/* "X509v3 Key Usage" */
+&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
+&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
+&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
+&(nid_objs[91]),/* "bf-cbc" */
+&(nid_objs[93]),/* "bf-cfb" */
+&(nid_objs[92]),/* "bf-ecb" */
+&(nid_objs[94]),/* "bf-ofb" */
+&(nid_objs[108]),/* "cast5-cbc" */
+&(nid_objs[110]),/* "cast5-cfb" */
+&(nid_objs[109]),/* "cast5-ecb" */
+&(nid_objs[111]),/* "cast5-ofb" */
+&(nid_objs[54]),/* "challengePassword" */
+&(nid_objs[13]),/* "commonName" */
+&(nid_objs[50]),/* "contentType" */
+&(nid_objs[53]),/* "countersignature" */
+&(nid_objs[14]),/* "countryName" */
+&(nid_objs[31]),/* "des-cbc" */
+&(nid_objs[30]),/* "des-cfb" */
+&(nid_objs[29]),/* "des-ecb" */
+&(nid_objs[32]),/* "des-ede" */
+&(nid_objs[43]),/* "des-ede-cbc" */
+&(nid_objs[60]),/* "des-ede-cfb" */
+&(nid_objs[62]),/* "des-ede-ofb" */
+&(nid_objs[33]),/* "des-ede3" */
+&(nid_objs[44]),/* "des-ede3-cbc" */
+&(nid_objs[61]),/* "des-ede3-cfb" */
+&(nid_objs[63]),/* "des-ede3-ofb" */
+&(nid_objs[45]),/* "des-ofb" */
+&(nid_objs[107]),/* "description" */
+&(nid_objs[80]),/* "desx-cbc" */
+&(nid_objs[28]),/* "dhKeyAgreement" */
+&(nid_objs[116]),/* "dsaEncryption" */
+&(nid_objs[67]),/* "dsaEncryption-old" */
+&(nid_objs[66]),/* "dsaWithSHA" */
+&(nid_objs[113]),/* "dsaWithSHA1" */
+&(nid_objs[70]),/* "dsaWithSHA1" */
+&(nid_objs[48]),/* "emailAddress" */
+&(nid_objs[56]),/* "extendedCertificateAttributes" */
+&(nid_objs[99]),/* "givenName" */
+&(nid_objs[34]),/* "idea-cbc" */
+&(nid_objs[35]),/* "idea-cfb" */
+&(nid_objs[36]),/* "idea-ecb" */
+&(nid_objs[46]),/* "idea-ofb" */
+&(nid_objs[101]),/* "initials" */
+&(nid_objs[15]),/* "localityName" */
+&(nid_objs[ 3]),/* "md2" */
+&(nid_objs[ 7]),/* "md2WithRSAEncryption" */
+&(nid_objs[ 4]),/* "md5" */
+&(nid_objs[114]),/* "md5-sha1" */
+&(nid_objs[104]),/* "md5WithRSA" */
+&(nid_objs[ 8]),/* "md5WithRSAEncryption" */
+&(nid_objs[95]),/* "mdc2" */
+&(nid_objs[96]),/* "mdc2withRSA" */
+&(nid_objs[51]),/* "messageDigest" */
+&(nid_objs[17]),/* "organizationName" */
+&(nid_objs[18]),/* "organizationalUnitName" */
+&(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */
+&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
+&(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */
+&(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */
+&(nid_objs[69]),/* "pbeWithSHA1AndRC4" */
+&(nid_objs[ 2]),/* "pkcs" */
+&(nid_objs[27]),/* "pkcs3" */
+&(nid_objs[20]),/* "pkcs7" */
+&(nid_objs[21]),/* "pkcs7-data" */
+&(nid_objs[25]),/* "pkcs7-digestData" */
+&(nid_objs[26]),/* "pkcs7-encryptedData" */
+&(nid_objs[23]),/* "pkcs7-envelopedData" */
+&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
+&(nid_objs[22]),/* "pkcs7-signedData" */
+&(nid_objs[47]),/* "pkcs9" */
+&(nid_objs[98]),/* "rc2-40-cbc" */
+&(nid_objs[37]),/* "rc2-cbc" */
+&(nid_objs[39]),/* "rc2-cfb" */
+&(nid_objs[38]),/* "rc2-ecb" */
+&(nid_objs[40]),/* "rc2-ofb" */
+&(nid_objs[ 5]),/* "rc4" */
+&(nid_objs[97]),/* "rc4-40" */
+&(nid_objs[120]),/* "rc5-cbc" */
+&(nid_objs[122]),/* "rc5-cfb" */
+&(nid_objs[121]),/* "rc5-ecb" */
+&(nid_objs[123]),/* "rc5-ofb" */
+&(nid_objs[117]),/* "ripemd160" */
+&(nid_objs[119]),/* "ripemd160WithRSA" */
+&(nid_objs[19]),/* "rsa" */
+&(nid_objs[ 6]),/* "rsaEncryption" */
+&(nid_objs[ 1]),/* "rsadsi" */
+&(nid_objs[105]),/* "serialNumber" */
+&(nid_objs[41]),/* "sha" */
+&(nid_objs[64]),/* "sha1" */
+&(nid_objs[115]),/* "sha1WithRSA" */
+&(nid_objs[65]),/* "sha1WithRSAEncryption" */
+&(nid_objs[42]),/* "shaWithRSAEncryption" */
+&(nid_objs[52]),/* "signingTime" */
+&(nid_objs[16]),/* "stateOrProvinceName" */
+&(nid_objs[100]),/* "surname" */
+&(nid_objs[106]),/* "title" */
+&(nid_objs[ 0]),/* "undefined" */
+&(nid_objs[102]),/* "uniqueIdentifier" */
+&(nid_objs[55]),/* "unstructuredAddress" */
+&(nid_objs[49]),/* "unstructuredName" */
+};
+static ASN1_OBJECT *obj_objs[NUM_OBJ]={
+&(nid_objs[11]),/* OBJ_X500                         2 5 */
+&(nid_objs[12]),/* OBJ_X509                         2 5 4 */
+&(nid_objs[81]),/* OBJ_ld_ce                        2 5 29 */
+&(nid_objs[13]),/* OBJ_commonName                   2 5 4 3 */
+&(nid_objs[100]),/* OBJ_surname                      2 5 4 4 */
+&(nid_objs[105]),/* OBJ_serialNumber                 2 5 4 5 */
+&(nid_objs[14]),/* OBJ_countryName                  2 5 4 6 */
+&(nid_objs[15]),/* OBJ_localityName                 2 5 4 7 */
+&(nid_objs[16]),/* OBJ_stateOrProvinceName          2 5 4 8 */
+&(nid_objs[17]),/* OBJ_organizationName             2 5 4 10 */
+&(nid_objs[18]),/* OBJ_organizationalUnitName       2 5 4 11 */
+&(nid_objs[106]),/* OBJ_title                        2 5 4 12 */
+&(nid_objs[107]),/* OBJ_description                  2 5 4 13 */
+&(nid_objs[99]),/* OBJ_givenName                    2 5 4 42 */
+&(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */
+&(nid_objs[102]),/* OBJ_uniqueIdentifier             2 5 4 45 */
+&(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
+&(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
+&(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */
+&(nid_objs[85]),/* OBJ_subject_alt_name             2 5 29 17 */
+&(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */
+&(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
+&(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
+&(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
+&(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
+&(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
+&(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
+&(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
+&(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
+&(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
+&(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
+&(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
+&(nid_objs[45]),/* OBJ_des_ofb64                    1 3 14 3 2 8 */
+&(nid_objs[30]),/* OBJ_des_cfb64                    1 3 14 3 2 9 */
+&(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */
+&(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
+&(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
+&(nid_objs[32]),/* OBJ_des_ede                      1 3 14 3 2 17 */
+&(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */
+&(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */
+&(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
+&(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
+&(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
+&(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
+&(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
+&(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
+&(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
+&(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+&(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
+&(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
+&(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */
+&(nid_objs[47]),/* OBJ_pkcs9                        1 2 840 113549 1 9 */
+&(nid_objs[ 3]),/* OBJ_md2                          1 2 840 113549 2 2 */
+&(nid_objs[ 4]),/* OBJ_md5                          1 2 840 113549 2 5 */
+&(nid_objs[37]),/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
+&(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
+&(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
+&(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+&(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
+&(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
+&(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
+&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
+&(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
+&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
+&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
+&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
+&(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
+&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
+&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
+&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11  */
+&(nid_objs[69]),/* OBJ_pbeWithSHA1AndRC4            1 2 840 113549 1 5 12  */
+&(nid_objs[21]),/* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
+&(nid_objs[22]),/* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
+&(nid_objs[23]),/* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
+&(nid_objs[24]),/* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
+&(nid_objs[25]),/* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
+&(nid_objs[26]),/* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
+&(nid_objs[48]),/* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
+&(nid_objs[49]),/* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
+&(nid_objs[50]),/* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
+&(nid_objs[51]),/* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
+&(nid_objs[52]),/* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
+&(nid_objs[53]),/* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
+&(nid_objs[54]),/* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
+&(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
+&(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
+&(nid_objs[71]),/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
+&(nid_objs[72]),/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
+&(nid_objs[73]),/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
+&(nid_objs[74]),/* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
+&(nid_objs[75]),/* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
+&(nid_objs[76]),/* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
+&(nid_objs[77]),/* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
+&(nid_objs[78]),/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
+&(nid_objs[79]),/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
+};
diff --git a/src/lib/libcrypto/perlasm/x86ms.pl b/src/lib/libcrypto/perlasm/x86ms.pl
new file mode 100644
index 0000000000..893b50b1a4
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/x86ms.pl
@@ -0,0 +1,348 @@
+#!/usr/bin/perl
+package x86ms;
+$label="L000";
+%lb=(   'eax',  'al',
+        'ebx',  'bl',
+        'ecx',  'cl',
+        'edx',  'dl',
+        'ax',   'al',
+        'bx',   'bl',
+        'cx',   'cl',
+        'dx',   'dl',
+        );
+%hb=(   'eax',  'ah',
+        'ebx',  'bh',
+        'ecx',  'ch',
+        'edx',  'dh',
+        'ax',   'ah',
+        'bx',   'bh',
+        'cx',   'ch',
+        'dx',   'dh',
+        );
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+sub main'LB
+        {
+        (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+        return($lb{$_[0]});
+        }
+sub main'HB
+        {
+        (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+        return($hb{$_[0]});
+        }
+sub main'BP
+        {
+        &get_mem("BYTE",@_);
+        }
+sub main'DWP
+        {
+        &get_mem("DWORD",@_);
+        }
+sub main'stack_push
+        {
+        local($num)=@_;
+        $stack+=$num*4;
+        &main'sub("esp",$num*4);
+        }
+sub main'stack_pop
+        {
+        local($num)=@_;
+        $stack-=$num*4;
+        &main'add("esp",$num*4);
+        }
+sub get_mem
+        {
+        local($size,$addr,$reg1,$reg2,$idx)=@_;
+        local($t,$post);
+        local($ret)="$size PTR ";
+        $addr =~ s/^\s+//;
+        if ($addr =~ /^(.+)\+(.+)$/)
+                {
+                $reg2=&conv($1);
+                $addr="_$2";
+                }
+        elsif ($addr =~ /^[_a-zA-Z]/)
+                {
+                $addr="_$addr";
+                }
+        $reg1="$regs{$reg1}" if defined($regs{$reg1});
+        $reg2="$regs{$reg2}" if defined($regs{$reg2});
+        if (($addr ne "") && ($addr ne 0))
+                {
+                if ($addr !~ /^-/)
+                        { $ret.=$addr; }
+                else    { $post=$addr; }
+                }
+        if ($reg2 ne "")
+                {
+                $t="";
+                $t="*$idx" if ($idx != 0);
+                $reg1="+".$reg1 if ("$reg1$post" ne "");
+                $ret.="[$reg2$t$reg1$post]";
+                }
+        else
+                {
+                $ret.="[$reg1$post]"
+                }
+        return($ret);
+        }
+sub main'mov    { &out2("mov",@_); }
+sub main'movb   { &out2("mov",@_); }
+sub main'and    { &out2("and",@_); }
+sub main'or     { &out2("or",@_); }
+sub main'shl    { &out2("shl",@_); }
+sub main'shr    { &out2("shr",@_); }
+sub main'xor    { &out2("xor",@_); }
+sub main'xorb   { &out2("xor",@_); }
+sub main'add    { &out2("add",@_); }
+sub main'adc    { &out2("adc",@_); }
+sub main'sub    { &out2("sub",@_); }
+sub main'rotl   { &out2("rol",@_); }
+sub main'rotr   { &out2("ror",@_); }
+sub main'exch   { &out2("xchg",@_); }
+sub main'cmp    { &out2("cmp",@_); }
+sub main'lea    { &out2("lea",@_); }
+sub main'mul    { &out1("mul",@_); }
+sub main'div    { &out1("div",@_); }
+sub main'dec    { &out1("dec",@_); }
+sub main'inc    { &out1("inc",@_); }
+sub main'jmp    { &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+sub main'je     { &out1("je",@_); }
+sub main'jle    { &out1("jle",@_); }
+sub main'jz     { &out1("jz",@_); }
+sub main'jge    { &out1("jge",@_); }
+sub main'jl     { &out1("jl",@_); }
+sub main'jb     { &out1("jb",@_); }
+sub main'jc     { &out1("jc",@_); }
+sub main'jnc    { &out1("jnc",@_); }
+sub main'jnz    { &out1("jnz",@_); }
+sub main'jne    { &out1("jne",@_); }
+sub main'jno    { &out1("jno",@_); }
+sub main'push   { &out1("push",@_); $stack+=4; }
+sub main'pop    { &out1("pop",@_); $stack-=4; }
+sub main'bswap  { &out1("bswap",@_); &using486(); }
+sub main'not    { &out1("not",@_); }
+sub main'call   { &out1("call",'_'.$_[0]); }
+sub main'ret    { &out0("ret"); }
+sub main'nop    { &out0("nop"); }
+sub out2
+        {
+        local($name,$p1,$p2)=@_;
+        local($l,$t);
+        push(@out,"\t$name\t");
+        $t=&conv($p1).",";
+        $l=length($t);
+        push(@out,$t);
+        $l=4-($l+9)/8;
+        push(@out,"\t" x $l);
+        push(@out,&conv($p2));
+        push(@out,"\n");
+        }
+sub out0
+        {
+        local($name)=@_;
+        push(@out,"\t$name\n");
+        }
+sub out1
+        {
+        local($name,$p1)=@_;
+        local($l,$t);
+        push(@out,"\t$name\t".&conv($p1)."\n");
+        }
+sub conv
+        {
+        local($p)=@_;
+        $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+        return $p;
+        }
+sub using486
+        {
+        return if $using486;
+        $using486++;
+        grep(s/\.386/\.486/,@out);
+        }
+sub main'file
+        {
+        local($file)=@_;
+        local($tmp)=<<"EOF";
+        TITLE   $file.asm
+        .386
+.model FLAT
+EOF
+        push(@out,$tmp);
+        }
+sub main'function_begin
+        {
+        local($func,$extra)=@_;
+        push(@labels,$func);
+        local($tmp)=<<"EOF";
+_TEXT   SEGMENT
+PUBLIC  _$func
+$extra
+_$func PROC NEAR
+        push    ebp
+        push    ebx
+        push    esi
+        push    edi
+EOF
+        push(@out,$tmp);
+        $stack=20;
+        }
+sub main'function_begin_B
+        {
+        local($func,$extra)=@_;
+        local($tmp)=<<"EOF";
+_TEXT   SEGMENT
+PUBLIC  _$func
+$extra
+_$func PROC NEAR
+EOF
+        push(@out,$tmp);
+        $stack=4;
+        }
+sub main'function_end
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+        pop     edi
+        pop     esi
+        pop     ebx
+        pop     ebp
+        ret
+_$func ENDP
+_TEXT   ENDS
+EOF
+        push(@out,$tmp);
+        $stack=0;
+        %label=();
+        }
+sub main'function_end_B
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+_$func ENDP
+_TEXT   ENDS
+EOF
+        push(@out,$tmp);
+        $stack=0;
+        %label=();
+        }
+sub main'function_end_A
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+        pop     edi
+        pop     esi
+        pop     ebx
+        pop     ebp
+        ret
+EOF
+        push(@out,$tmp);
+        }
+sub main'file_end
+        {
+        push(@out,"END\n");
+        }
+sub main'wparam
+        {
+        local($num)=@_;
+        return(&main'DWP($stack+$num*4,"esp","",0));
+        }
+sub main'swtmp
+        {
+        return(&main'DWP($_[0]*4,"esp","",0));
+        }
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#       {
+#       local($num)=@_;
+#
+#       return(&main'DWP(-(($num+1)*4),"esp","",0));
+#       }
+sub main'comment
+        {
+        foreach (@_)
+                {
+                push(@out,"\t; $_\n");
+                }
+        }
+sub main'label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}="\$${label}${_[0]}";
+                $label++;
+                }
+        return($label{$_[0]});
+        }
+sub main'set_label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}="${label}${_[0]}";
+                $label++;
+                }
+        push(@out,"$label{$_[0]}:\n");
+        }
+sub main'data_word
+        {
+        push(@out,"\tDD\t$_[0]\n");
+        }
+sub out1p
+        {
+        local($name,$p1)=@_;
+        local($l,$t);
+        push(@out,"\t$name\t ".&conv($p1)."\n");
+        }
diff --git a/src/lib/libcrypto/perlasm/x86unix.pl b/src/lib/libcrypto/perlasm/x86unix.pl
new file mode 100644
index 0000000000..6ee4dd3245
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/x86unix.pl
@@ -0,0 +1,429 @@
+#!/usr/bin/perl
+# Because the bswapl instruction is not supported for old assembers
+# (it was a new instruction for the 486), I've added .byte xxxx code
+# to put it in.
+# eric 24-Apr-1998
+#
+package x86unix;
+$label="L000";
+$align=($main'aout)?"4":"16";
+$under=($main'aout)?"_":"";
+$com_start=($main'sol)?"/":"#";
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+if ($main'cpp)
+        {
+        $align="ALIGN";
+        $under="";
+        $com_start='/*';
+        $com_end='*/';
+        }
+%lb=(   'eax',  '%al',
+        'ebx',  '%bl',
+        'ecx',  '%cl',
+        'edx',  '%dl',
+        'ax',   '%al',
+        'bx',   '%bl',
+        'cx',   '%cl',
+        'dx',   '%dl',
+        );
+%hb=(   'eax',  '%ah',
+        'ebx',  '%bh',
+        'ecx',  '%ch',
+        'edx',  '%dh',
+        'ax',   '%ah',
+        'bx',   '%bh',
+        'cx',   '%ch',
+        'dx',   '%dh',
+        );
+%regs=( 'eax',  '%eax',
+        'ebx',  '%ebx',
+        'ecx',  '%ecx',
+        'edx',  '%edx',
+        'esi',  '%esi',
+        'edi',  '%edi',
+        'ebp',  '%ebp',
+        'esp',  '%esp',
+        );
+%reg_val=(
+        'eax',  0x00,
+        'ebx',  0x03,
+        'ecx',  0x01,
+        'edx',  0x02,
+        'esi',  0x06,
+        'edi',  0x07,
+        'ebp',  0x05,
+        'esp',  0x04,
+        );
+sub main'LB
+        {
+        (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+        return($lb{$_[0]});
+        }
+sub main'HB
+        {
+        (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+        return($hb{$_[0]});
+        }
+sub main'DWP
+        {
+        local($addr,$reg1,$reg2,$idx)=@_;
+        $ret="";
+        $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+        $reg1="$regs{$reg1}" if defined($regs{$reg1});
+        $reg2="$regs{$reg2}" if defined($regs{$reg2});
+        $ret.=$addr if ($addr ne "") && ($addr ne 0);
+        if ($reg2 ne "")
+                { $ret.="($reg1,$reg2,$idx)"; }
+        else
+                { $ret.="($reg1)" }
+        return($ret);
+        }
+sub main'BP
+        {
+        return(&main'DWP(@_));
+        }
+#sub main'BP
+#       {
+#       local($addr,$reg1,$reg2,$idx)=@_;
+#
+#       $ret="";
+#
+#       $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+#       $reg1="$regs{$reg1}" if defined($regs{$reg1});
+#       $reg2="$regs{$reg2}" if defined($regs{$reg2});
+#       $ret.=$addr if ($addr ne "") && ($addr ne 0);
+#       if ($reg2 ne "")
+#               { $ret.="($reg1,$reg2,$idx)"; }
+#       else
+#               { $ret.="($reg1)" }
+#       return($ret);
+#       }
+sub main'mov    { &out2("movl",@_); }
+sub main'movb   { &out2("movb",@_); }
+sub main'and    { &out2("andl",@_); }
+sub main'or     { &out2("orl",@_); }
+sub main'shl    { &out2("sall",@_); }
+sub main'shr    { &out2("shrl",@_); }
+sub main'xor    { &out2("xorl",@_); }
+sub main'xorb   { &out2("xorb",@_); }
+sub main'add    { &out2("addl",@_); }
+sub main'adc    { &out2("adcl",@_); }
+sub main'sub    { &out2("subl",@_); }
+sub main'rotl   { &out2("roll",@_); }
+sub main'rotr   { &out2("rorl",@_); }
+sub main'exch   { &out2("xchg",@_); }
+sub main'cmp    { &out2("cmpl",@_); }
+sub main'lea    { &out2("leal",@_); }
+sub main'mul    { &out1("mull",@_); }
+sub main'div    { &out1("divl",@_); }
+sub main'jmp    { &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+sub main'je     { &out1("je",@_); }
+sub main'jle    { &out1("jle",@_); }
+sub main'jne    { &out1("jne",@_); }
+sub main'jnz    { &out1("jnz",@_); }
+sub main'jz     { &out1("jz",@_); }
+sub main'jge    { &out1("jge",@_); }
+sub main'jl     { &out1("jl",@_); }
+sub main'jb     { &out1("jb",@_); }
+sub main'jc     { &out1("jc",@_); }
+sub main'jnc    { &out1("jnc",@_); }
+sub main'jno    { &out1("jno",@_); }
+sub main'dec    { &out1("decl",@_); }
+sub main'inc    { &out1("incl",@_); }
+sub main'push   { &out1("pushl",@_); $stack+=4; }
+sub main'pop    { &out1("popl",@_); $stack-=4; }
+sub main'bswap  { &out1("bswapl",@_); }
+sub main'not    { &out1("notl",@_); }
+sub main'call   { &out1("call",$under.$_[0]); }
+sub main'ret    { &out0("ret"); }
+sub main'nop    { &out0("nop"); }
+sub out2
+        {
+        local($name,$p1,$p2)=@_;
+        local($l,$ll,$t);
+        local(%special)=(       "roll",0xD1C0,"rorl",0xD1C8,
+                                "rcll",0xD1D0,"rcrl",0xD1D8,
+                                "shll",0xD1E0,"shrl",0xD1E8,
+                                "sarl",0xD1F8);
+        
+        if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1))
+                {
+                $op=$special{$name}|$reg_val{$p1};
+                $tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+                $tmp2=sprintf(".byte %d\t",$op     &0xff);
+                push(@out,$tmp1);
+                push(@out,$tmp2);
+                $p2=&conv($p2);
+                $p1=&conv($p1);
+                &main'comment("$name $p2 $p1");
+                return;
+                }
+        push(@out,"\t$name\t");
+        $t=&conv($p2).",";
+        $l=length($t);
+        push(@out,$t);
+        $ll=4-($l+9)/8;
+        $tmp1=sprintf("\t" x $ll);
+        push(@out,$tmp1);
+        push(@out,&conv($p1)."\n");
+        }
+sub out1
+        {
+        local($name,$p1)=@_;
+        local($l,$t);
+        local(%special)=("bswapl",0x0FC8);
+        if ((defined($special{$name})) && defined($regs{$p1}))
+                {
+                $op=$special{$name}|$reg_val{$p1};
+                $tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+                $tmp2=sprintf(".byte %d\t",$op     &0xff);
+                push(@out,$tmp1);
+                push(@out,$tmp2);
+                $p2=&conv($p2);
+                $p1=&conv($p1);
+                &main'comment("$name $p2 $p1");
+                return;
+                }
+        push(@out,"\t$name\t".&conv($p1)."\n");
+        }
+sub out1p
+        {
+        local($name,$p1)=@_;
+        local($l,$t);
+        push(@out,"\t$name\t*".&conv($p1)."\n");
+        }
+sub out0
+        {
+        push(@out,"\t$_[0]\n");
+        }
+sub conv
+        {
+        local($p)=@_;
+#       $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+        $p=$regs{$p} if (defined($regs{$p}));
+        $p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/;
+        $p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/;
+        return $p;
+        }
+sub main'file
+        {
+        local($file)=@_;
+        local($tmp)=<<"EOF";
+        .file   "$file.s"
+        .version        "01.01"
+gcc2_compiled.:
+EOF
+        push(@out,$tmp);
+        }
+sub main'function_begin
+        {
+        local($func)=@_;
+        &main'external_label($func);
+        $func=$under.$func;
+        local($tmp)=<<"EOF";
+.text
+        .align $align
+.globl $func
+EOF
+        push(@out,$tmp);
+        if ($main'cpp)
+                { $tmp=push(@out,"\tTYPE($func,\@function)\n"); }
+        else    { $tmp=push(@out,"\t.type\t$func,\@function\n"); }
+        push(@out,"$func:\n");
+        $tmp=<<"EOF";
+        pushl   %ebp
+        pushl   %ebx
+        pushl   %esi
+        pushl   %edi
+EOF
+        push(@out,$tmp);
+        $stack=20;
+        }
+sub main'function_begin_B
+        {
+        local($func,$extra)=@_;
+        &main'external_label($func);
+        $func=$under.$func;
+        local($tmp)=<<"EOF";
+.text
+        .align $align
+.globl $func
+EOF
+        push(@out,$tmp);
+        if ($main'cpp)
+                { push(@out,"\tTYPE($func,\@function)\n"); }
+        else    { push(@out,"\t.type    $func,\@function\n"); }
+        push(@out,"$func:\n");
+        $stack=4;
+        }
+sub main'function_end
+        {
+        local($func)=@_;
+        $func=$under.$func;
+        local($tmp)=<<"EOF";
+        popl    %edi
+        popl    %esi
+        popl    %ebx
+        popl    %ebp
+        ret
+.${func}_end:
+EOF
+        push(@out,$tmp);
+        if ($main'cpp)
+                { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
+        else    { push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
+        push(@out,".ident       \"$func\"\n");
+        $stack=0;
+        %label=();
+        }
+sub main'function_end_A
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+        popl    %edi
+        popl    %esi
+        popl    %ebx
+        popl    %ebp
+        ret
+EOF
+        push(@out,$tmp);
+        }
+sub main'function_end_B
+        {
+        local($func)=@_;
+        $func=$under.$func;
+        push(@out,".${func}_end:\n");
+        if ($main'cpp)
+                { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
+        else    { push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
+        push(@out,".ident       \"desasm.pl\"\n");
+        $stack=0;
+        %label=();
+        }
+sub main'wparam
+        {
+        local($num)=@_;
+        return(&main'DWP($stack+$num*4,"esp","",0));
+        }
+sub main'stack_push
+        {
+        local($num)=@_;
+        $stack+=$num*4;
+        &main'sub("esp",$num*4);
+        }
+sub main'stack_pop
+        {
+        local($num)=@_;
+        $stack-=$num*4;
+        &main'add("esp",$num*4);
+        }
+sub main'swtmp
+        {
+        return(&main'DWP($_[0]*4,"esp","",0));
+        }
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#       {
+#       local($num)=@_;
+#
+#       return(&main'DWP(-($num+1)*4,"esp","",0));
+#       }
+sub main'comment
+        {
+        foreach (@_)
+                {
+                if (/^\s*$/)
+                        { push(@out,"\n"); }
+                else
+                        { push(@out,"\t$com_start $_ $com_end\n"); }
+                }
+        }
+sub main'label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}=".${label}${_[0]}";
+                $label++;
+                }
+        return($label{$_[0]});
+        }
+sub main'set_label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}=".${label}${_[0]}";
+                $label++;
+                }
+        push(@out,".align $align\n") if ($_[1] != 0);
+        push(@out,"$label{$_[0]}:\n");
+        }
+sub main'file_end
+        {
+        }
+sub main'data_word
+        {
+        push(@out,"\t.long $_[0]\n");
+        }
diff --git a/src/lib/libcrypto/pkcs7/doc b/src/lib/libcrypto/pkcs7/doc
new file mode 100644
index 0000000000..d2e8b7b2a3
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/doc
@@ -0,0 +1,24 @@
+int PKCS7_set_content_type(PKCS7 *p7, int type);
+Call to set the type of PKCS7 object we are working on
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+        EVP_MD *dgst);
+Use this to setup a signer info
+There will also be functions to add signed and unsigned attributes.
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
+Add a signer info to the content.
+int PKCS7_add_certificae(PKCS7 *p7, X509 *x509);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+----
+p7=PKCS7_new();
+PKCS7_set_content_type(p7,NID_pkcs7_signed);
+signer=PKCS7_SINGNER_INFO_new();
+PKCS7_SIGNER_INFO_set(signer,x509,pkey,EVP_md5());
+PKCS7_add_signer(py,signer);
+we are now setup.
diff --git a/src/lib/libcrypto/pkcs7/enc.c b/src/lib/libcrypto/pkcs7/enc.c
new file mode 100644
index 0000000000..625a7c2285
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/enc.c
@@ -0,0 +1,144 @@
+/* crypto/pkcs7/enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bio.h"
+#include "x509.h"
+#include "pem.h"
+main(argc,argv)
+int argc;
+char *argv[];
+        {
+        X509 *x509;
+        EVP_PKEY *pkey;
+        PKCS7 *p7;
+        PKCS7 *p7_data;
+        PKCS7_SIGNER_INFO *si;
+        BIO *in;
+        BIO *data,*p7bio;
+        char buf[1024*4];
+        int i,j;
+        int nodetach=0;
+        EVP_add_digest(EVP_sha1());
+        EVP_add_cipher(EVP_des_cbc());
+        data=BIO_new(BIO_s_file());
+again:
+        if (argc > 1)
+                {
+                if (strcmp(argv[1],"-nd") == 0)
+                        {
+                        nodetach=1;
+                        argv++; argc--;
+                        goto again;
+                        }
+                if (!BIO_read_filename(data,argv[1]))
+                        goto err;
+                }
+        else
+                BIO_set_fp(data,stdin,BIO_NOCLOSE);
+        if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
+        if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+        BIO_reset(in);
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+        BIO_free(in);
+        p7=PKCS7_new();
+        PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);
+         
+        if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
+        if (!PKCS7_set_cipher(p7,EVP_des_cbc())) goto err;
+        if (PKCS7_add_recipient(p7,x509) == NULL) goto err;
+        /* we may want to add more */
+        PKCS7_add_certificate(p7,x509);
+        /* Set the content of the signed to 'data' */
+        /* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */
+        /* could be used, but not in this version :-)
+        if (!nodetach) PKCS7_set_detached(p7,1);
+        */
+        if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
+        for (;;)
+                {
+                i=BIO_read(data,buf,sizeof(buf));
+                if (i <= 0) break;
+                BIO_write(p7bio,buf,i);
+                }
+        BIO_flush(p7bio);
+        if (!PKCS7_dataSign(p7,p7bio)) goto err;
+        BIO_free(p7bio);
+        PEM_write_PKCS7(stdout,p7);
+        PKCS7_free(p7);
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
diff --git a/src/lib/libcrypto/pkcs7/p7/a1 b/src/lib/libcrypto/pkcs7/p7/a1
new file mode 100644
index 0000000000..56ca943762
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/a1
@@ -0,0 +1,2 @@
+j,H>_��_�D�zE�L� VJ��觬���E3��Y�x%_�k
+3�)DLSc�8%�M
+\ No newline at end of file
diff --git a/src/lib/libcrypto/pkcs7/p7/a2 b/src/lib/libcrypto/pkcs7/p7/a2
new file mode 100644
index 0000000000..23d8fb5e93
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/a2
@@ -0,0 +1 @@
+k~@a�,N�M͹� <O( KP�騠�K�>��U�o_�Bqrm�?٠t?t��ρ�Id2��
+\ No newline at end of file
diff --git a/src/lib/libcrypto/pkcs7/p7/cert.p7c b/src/lib/libcrypto/pkcs7/p7/cert.p7c
new file mode 100644
index 0000000000..2b75ec05f7
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/cert.p7c
Binary files differ
diff --git a/src/lib/libcrypto/pkcs7/p7/smime.p7m b/src/lib/libcrypto/pkcs7/p7/smime.p7m
new file mode 100644
index 0000000000..2b6e6f82ba
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/smime.p7m
Binary files differ
diff --git a/src/lib/libcrypto/pkcs7/p7/smime.p7s b/src/lib/libcrypto/pkcs7/p7/smime.p7s
new file mode 100644
index 0000000000..2b5d4fb0e3
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/smime.p7s
Binary files differ
diff --git a/src/lib/libcrypto/pkcs7/pk7_dgst.c b/src/lib/libcrypto/pkcs7/pk7_dgst.c
new file mode 100644
index 0000000000..7769abeb1e
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_dgst.c
@@ -0,0 +1,66 @@
+/* crypto/pkcs7/pk7_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "rand.h"
+#include "objects.h"
+#include "x509.h"
+#include "pkcs7.h"
diff --git a/src/lib/libcrypto/pkcs7/pk7_enc.c b/src/lib/libcrypto/pkcs7/pk7_enc.c
new file mode 100644
index 0000000000..a5b6dc463f
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_enc.c
@@ -0,0 +1,76 @@
+/* crypto/pkcs7/pk7_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "rand.h"
+#include "objects.h"
+#include "x509.h"
+#include "pkcs7.h"
+PKCS7_in_bio(PKCS7 *p7,BIO *in);
+PKCS7_out_bio(PKCS7 *p7,BIO *out);
+PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key);
+PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher);
+PKCS7_Init(PKCS7 *p7);
+PKCS7_Update(PKCS7 *p7);
+PKCS7_Finish(PKCS7 *p7);
diff --git a/src/lib/libcrypto/pkcs7/server.pem b/src/lib/libcrypto/pkcs7/server.pem
new file mode 100644
index 0000000000..750aac2094
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/server.pem
@@ -0,0 +1,24 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
+MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
+Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
+mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
+xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
+irObpESxAZLySCmPPg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libcrypto/pkcs7/sign.c b/src/lib/libcrypto/pkcs7/sign.c
new file mode 100644
index 0000000000..ead1cb65ca
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/sign.c
@@ -0,0 +1,140 @@
+/* crypto/pkcs7/sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bio.h"
+#include "x509.h"
+#include "pem.h"
+main(argc,argv)
+int argc;
+char *argv[];
+        {
+        X509 *x509;
+        EVP_PKEY *pkey;
+        PKCS7 *p7;
+        PKCS7 *p7_data;
+        PKCS7_SIGNER_INFO *si;
+        BIO *in;
+        BIO *data,*p7bio;
+        char buf[1024*4];
+        int i,j;
+        int nodetach=0;
+        EVP_add_digest(EVP_md2());
+        EVP_add_digest(EVP_md5());
+        EVP_add_digest(EVP_sha1());
+        EVP_add_digest(EVP_mdc2());
+        data=BIO_new(BIO_s_file());
+again:
+        if (argc > 1)
+                {
+                if (strcmp(argv[1],"-nd") == 0)
+                        {
+                        nodetach=1;
+                        argv++; argc--;
+                        goto again;
+                        }
+                if (!BIO_read_filename(data,argv[1]))
+                        goto err;
+                }
+        else
+                BIO_set_fp(data,stdin,BIO_NOCLOSE);
+        if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
+        if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+        BIO_reset(in);
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+        BIO_free(in);
+        p7=PKCS7_new();
+        PKCS7_set_type(p7,NID_pkcs7_signed);
+         
+        if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
+        /* we may want to add more */
+        PKCS7_add_certificate(p7,x509);
+        /* Set the content of the signed to 'data' */
+        PKCS7_content_new(p7,NID_pkcs7_data);
+        if (!nodetach)
+                PKCS7_set_detached(p7,1);
+        if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
+        for (;;)
+                {
+                i=BIO_read(data,buf,sizeof(buf));
+                if (i <= 0) break;
+                BIO_write(p7bio,buf,i);
+                }
+        if (!PKCS7_dataSign(p7,p7bio)) goto err;
+        BIO_free(p7bio);
+        PEM_write_PKCS7(stdout,p7);
+        PKCS7_free(p7);
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
diff --git a/src/lib/libcrypto/pkcs7/verify.c b/src/lib/libcrypto/pkcs7/verify.c
new file mode 100644
index 0000000000..0e1c1b26dc
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/verify.c
@@ -0,0 +1,238 @@
+/* crypto/pkcs7/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "asn1.h"
+#include "bio.h"
+#include "x509.h"
+#include "pem.h"
+int verify_callback(int ok, X509_STORE_CTX *ctx);
+BIO *bio_err=NULL;
+main(argc,argv)
+int argc;
+char *argv[];
+        {
+        X509 *x509,*x;
+        PKCS7 *p7;
+        PKCS7_SIGNED *s;
+        PKCS7_SIGNER_INFO *si;
+        PKCS7_ISSUER_AND_SERIAL *ias;
+        X509_STORE_CTX cert_ctx;
+        X509_STORE *cert_store=NULL;
+        X509_LOOKUP *lookup=NULL;
+        BIO *data,*detached=NULL,*p7bio=NULL;
+        char buf[1024*4];
+        unsigned char *p,*pp;
+        int i,j,printit=0;
+        STACK *sk;
+        bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        EVP_add_digest(EVP_md2());
+        EVP_add_digest(EVP_md5());
+        EVP_add_digest(EVP_sha1());
+        EVP_add_digest(EVP_mdc2());
+        data=BIO_new(BIO_s_file());
+again:
+        pp=NULL;
+        while (argc > 1)
+                {
+                argc--;
+                argv++;
+                if (strcmp(argv[0],"-p") == 0)
+                        {
+                        printit=1;
+                        }
+                else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
+                        {
+                        detached=BIO_new(BIO_s_file());
+                        if (!BIO_read_filename(detached,argv[1]))
+                                goto err;
+                        argc--;
+                        argv++;
+                        }
+                else
+                        {
+                        pp=argv[0];
+                        if (!BIO_read_filename(data,argv[0]))
+                                goto err;
+                        }
+                }
+        if (pp == NULL)
+                BIO_set_fp(data,stdin,BIO_NOCLOSE);
+        /* Load the PKCS7 object from a file */
+        if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) goto err;
+        /* This stuff is being setup for certificate verification.
+         * When using SSL, it could be replaced with a 
+         * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
+        cert_store=X509_STORE_new();
+        X509_STORE_set_default_paths(cert_store);
+        X509_STORE_load_locations(cert_store,NULL,"../../certs");
+        X509_STORE_set_verify_cb_func(cert_store,verify_callback);
+        ERR_clear_errors();
+        /* We need to process the data */
+        if (PKCS7_get_detached(p7))
+                {
+                if (detached == NULL)
+                        {
+                        printf("no data to verify the signature on\n");
+                        exit(1);
+                        }
+                else
+                        p7bio=PKCS7_dataInit(p7,detached);
+                }
+        else
+                {
+                p7bio=PKCS7_dataInit(p7,NULL);
+                }
+        /* We now have to 'read' from p7bio to calculate digests etc. */
+        for (;;)
+                {
+                i=BIO_read(p7bio,buf,sizeof(buf));
+                /* print it? */
+                if (i <= 0) break;
+                }
+        /* We can now verify signatures */
+        sk=PKCS7_get_signer_info(p7);
+        if (sk == NULL)
+                {
+                printf("there are no signatures on this data\n");
+                exit(1);
+                }
+        /* Ok, first we need to, for each subject entry, see if we can verify */
+        for (i=0; i<sk_num(sk); i++)
+                {
+                si=(PKCS7_SIGNER_INFO *)sk_value(sk,i);
+                i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
+                if (i <= 0)
+                        goto err;
+                }
+        X509_STORE_free(cert_store);
+        printf("done\n");
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
+/* should be X509 * but we can just have them as char *. */
+int verify_callback(ok, ctx)
+int ok;
+X509_STORE_CTX *ctx;
+        {
+        char buf[256];
+        X509 *err_cert;
+        int err,depth;
+        err_cert=X509_STORE_CTX_get_current_cert(ctx);
+        err=    X509_STORE_CTX_get_error(ctx);
+        depth=  X509_STORE_CTX_get_error_depth(ctx);
+        X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+        BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
+        if (!ok)
+                {
+                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+                        X509_verify_cert_error_string(err));
+                if (depth < 6)
+                        {
+                        ok=1;
+                        X509_STORE_CTX_set_error(ctx,X509_V_OK);
+                        }
+                else
+                        {
+                        ok=0;
+                        X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
+                        }
+                }
+        switch (ctx->error)
+                {
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+                X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+                BIO_printf(bio_err,"issuer= %s\n",buf);
+                break;
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+                BIO_printf(bio_err,"notBefore=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+                BIO_printf(bio_err,"notAfter=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+                }
+        BIO_printf(bio_err,"verify return:%d\n",ok);
+        return(ok);
+        }
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
new file mode 100644
index 0000000000..f44b36a8b9
--- /dev/null
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -0,0 +1,405 @@
+/* crypto/rand/md_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <sys/types.h>
+#include <time.h>
+#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
+#ifndef NO_MD5
+#define USE_MD5_RAND
+#elif !defined(NO_SHA1)
+#define USE_SHA1_RAND
+#elif !defined(NO_MDC2)
+#define USE_MDC2_RAND
+#elif !defined(NO_MD2)
+#define USE_MD2_RAND
+#else
+We need a message digest of some type 
+#endif
+#endif
+/* Changed how the state buffer used.  I now attempt to 'wrap' such
+ * that I don't run over the same locations the next time  go through
+ * the 1023 bytes - many thanks to
+ * Robert J. LeBlanc <rjl@renaissoft.com> for his comments
+ */
+#if defined(USE_MD5_RAND)
+#include "md5.h"
+#define MD_DIGEST_LENGTH        MD5_DIGEST_LENGTH
+#define MD_CTX                  MD5_CTX
+#define MD_Init(a)              MD5_Init(a)
+#define MD_Update(a,b,c)        MD5_Update(a,b,c)
+#define MD_Final(a,b)           MD5_Final(a,b)
+#elif defined(USE_SHA1_RAND)
+#include "sha.h"
+#define MD_DIGEST_LENGTH        SHA_DIGEST_LENGTH
+#define MD_CTX                  SHA_CTX
+#define MD_Init(a)              SHA1_Init(a)
+#define MD_Update(a,b,c)        SHA1_Update(a,b,c)
+#define MD_Final(a,b)           SHA1_Final(a,b)
+#elif defined(USE_MDC2_RAND)
+#include "mdc2.h"
+#define MD_DIGEST_LENGTH        MDC2_DIGEST_LENGTH
+#define MD_CTX                  MDC2_CTX
+#define MD_Init(a)              MDC2_Init(a)
+#define MD_Update(a,b,c)        MDC2_Update(a,b,c)
+#define MD_Final(a,b)           MDC2_Final(a,b)
+#elif defined(USE_MD2_RAND)
+#include "md2.h"
+#define MD_DIGEST_LENGTH        MD2_DIGEST_LENGTH
+#define MD_CTX                  MD2_CTX
+#define MD_Init(a)              MD2_Init(a)
+#define MD_Update(a,b,c)        MD2_Update(a,b,c)
+#define MD_Final(a,b)           MD2_Final(a,b)
+#endif
+#include "rand.h"
+/*#define NORAND        1 */
+/*#define PREDICT       1 */
+#define STATE_SIZE      1023
+static int state_num=0,state_index=0;
+static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
+static unsigned char md[MD_DIGEST_LENGTH];
+static int md_count=0;
+char *RAND_version="RAND part of SSLeay 0.9.0b 29-Jun-1998";
+void RAND_cleanup()
+        {
+        memset(state,0,sizeof(state));
+        state_num=0;
+        state_index=0;
+        memset(md,0,MD_DIGEST_LENGTH);
+        md_count=0;
+        }
+void RAND_seed(buf,num)
+unsigned char *buf;
+int num;
+        {
+        int i,j,k,st_idx,st_num;
+        MD_CTX m;
+#ifdef NORAND
+        return;
+#endif
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        st_idx=state_index;
+        st_num=state_num;
+        state_index=(state_index+num);
+        if (state_index >= STATE_SIZE)
+                {
+                state_index%=STATE_SIZE;
+                state_num=STATE_SIZE;
+                }
+        else if (state_num < STATE_SIZE)        
+                {
+                if (state_index > state_num)
+                        state_num=state_index;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        for (i=0; i<num; i+=MD_DIGEST_LENGTH)
+                {
+                j=(num-i);
+                j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;
+                MD_Init(&m);
+                MD_Update(&m,md,MD_DIGEST_LENGTH);
+                k=(st_idx+j)-STATE_SIZE;
+                if (k > 0)
+                        {
+                        MD_Update(&m,&(state[st_idx]),j-k);
+                        MD_Update(&m,&(state[0]),k);
+                        }
+                else
+                        MD_Update(&m,&(state[st_idx]),j);
+                        
+                MD_Update(&m,buf,j);
+                MD_Final(md,&m);
+                buf+=j;
+                for (k=0; k<j; k++)
+                        {
+                        state[st_idx++]^=md[k];
+                        if (st_idx >= STATE_SIZE)
+                                {
+                                st_idx=0;
+                                st_num=STATE_SIZE;
+                                }
+                        }
+                }
+        memset((char *)&m,0,sizeof(m));
+        }
+void RAND_bytes(buf,num)
+unsigned char *buf;
+int num;
+        {
+        int i,j,k,st_num,st_idx;
+        MD_CTX m;
+        static int init=1;
+        unsigned long l;
+#ifdef DEVRANDOM
+        FILE *fh;
+#endif
+#ifdef PREDICT
+        {
+        static unsigned char val=0;
+        for (i=0; i<num; i++)
+                buf[i]=val++;
+        return;
+        }
+#endif
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        if (init)
+                {
+                init=0;
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+                /* put in some default random data, we need more than
+                 * just this */
+                RAND_seed((unsigned char *)&m,sizeof(m));
+#ifndef MSDOS
+                l=getpid();
+                RAND_seed((unsigned char *)&l,sizeof(l));
+                l=getuid();
+                RAND_seed((unsigned char *)&l,sizeof(l));
+#endif
+                l=time(NULL);
+                RAND_seed((unsigned char *)&l,sizeof(l));
+/* #ifdef DEVRANDOM */
+                /* 
+                 * Use a random entropy pool device.
+                 * Linux 1.3.x and FreeBSD-Current has 
+                 * this. Use /dev/urandom if you can
+                 * as /dev/random will block if it runs out
+                 * of random entries.
+                 */
+                if ((fh = fopen(DEVRANDOM, "r")) != NULL)
+                        {
+                        unsigned char tmpbuf[32];
+                        fread((unsigned char *)tmpbuf,1,32,fh);
+                        /* we don't care how many bytes we read,
+                         * we will just copy the 'stack' if there is
+                         * nothing else :-) */
+                        fclose(fh);
+                        RAND_seed(tmpbuf,32);
+                        memset(tmpbuf,0,32);
+                        }
+/* #endif */
+#ifdef PURIFY
+                memset(state,0,STATE_SIZE);
+                memset(md,0,MD_DIGEST_LENGTH);
+#endif
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+                }
+        st_idx=state_index;
+        st_num=state_num;
+        state_index+=num;
+        if (state_index > state_num)
+                state_index=(state_index%state_num);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        while (num > 0)
+                {
+                j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
+                num-=j;
+                MD_Init(&m);
+                MD_Update(&m,&(md[MD_DIGEST_LENGTH/2]),MD_DIGEST_LENGTH/2);
+#ifndef PURIFY
+                MD_Update(&m,buf,j); /* purify complains */
+#endif
+                k=(st_idx+j)-st_num;
+                if (k > 0)
+                        {
+                        MD_Update(&m,&(state[st_idx]),j-k);
+                        MD_Update(&m,&(state[0]),k);
+                        }
+                else
+                        MD_Update(&m,&(state[st_idx]),j);
+                MD_Final(md,&m);
+                for (i=0; i<j; i++)
+                        {
+                        if (st_idx >= st_num)
+                                st_idx=0;
+                        state[st_idx++]^=md[i];
+                        *(buf++)=md[i+MD_DIGEST_LENGTH/2];
+                        }
+                }
+        MD_Init(&m);
+        MD_Update(&m,(unsigned char *)&md_count,sizeof(md_count)); md_count++;
+        MD_Update(&m,md,MD_DIGEST_LENGTH);
+        MD_Final(md,&m);
+        memset(&m,0,sizeof(m));
+        }
+#ifdef WINDOWS
+#include <windows.h>
+#include <rand.h>
+/*****************************************************************************
+ * Initialisation function for the SSL random generator.  Takes the contents
+ * of the screen as random seed.
+ *
+ * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
+ *
+ * Code adapted from
+ * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>;
+ * the original copyright message is:
+ *
+//   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
+//
+//   You have a royalty-free right to use, modify, reproduce and
+//   distribute the Sample Files (and/or any modified version) in
+//   any way you find useful, provided that you agree that
+//   Microsoft has no warranty obligations or liability for any
+//   Sample Application Files which are modified.
+ */
+/*
+ * I have modified the loading of bytes via RAND_seed() mechanism since
+ * the origional would have been very very CPU intensive since RAND_seed()
+ * does an MD5 per 16 bytes of input.  The cost to digest 16 bytes is the same
+ * as that to digest 56 bytes.  So under the old system, a screen of
+ * 1024*768*256 would have been CPU cost of approximatly 49,000 56 byte MD5
+ * digests or digesting 2.7 mbytes.  What I have put in place would
+ * be 48 16k MD5 digests, or efectivly 48*16+48 MD5 bytes or 816 kbytes
+ * or about 3.5 times as much.
+ * - eric 
+ */
+void RAND_screen(void)
+{
+  HDC           hScrDC;         /* screen DC */
+  HDC           hMemDC;         /* memory DC */
+  HBITMAP       hBitmap;        /* handle for our bitmap */
+  HBITMAP       hOldBitmap;     /* handle for previous bitmap */
+  BITMAP        bm;             /* bitmap properties */
+  unsigned int  size;           /* size of bitmap */
+  char          *bmbits;        /* contents of bitmap */
+  int           w;              /* screen width */
+  int           h;              /* screen height */
+  int           y;              /* y-coordinate of screen lines to grab */
+  int           n = 16;         /* number of screen lines to grab at a time */
+  /* Create a screen DC and a memory DC compatible to screen DC */
+  hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL);
+  hMemDC = CreateCompatibleDC(hScrDC);
+  /* Get screen resolution */
+  w = GetDeviceCaps(hScrDC, HORZRES);
+  h = GetDeviceCaps(hScrDC, VERTRES);
+  /* Create a bitmap compatible with the screen DC */
+  hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
+  /* Select new bitmap into memory DC */
+  hOldBitmap = SelectObject(hMemDC, hBitmap);
+  /* Get bitmap properties */
+  GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);
+  size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
+  bmbits = Malloc(size);
+  if (bmbits) {
+    /* Now go through the whole screen, repeatedly grabbing n lines */
+    for (y = 0; y < h-n; y += n)
+        {
+        unsigned char md[MD_DIGEST_LENGTH];
+        /* Bitblt screen DC to memory DC */
+        BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
+        /* Copy bitmap bits from memory DC to bmbits */
+        GetBitmapBits(hBitmap, size, bmbits);
+        /* Get the MD5 of the bitmap */
+        MD5(bmbits,size,md);
+        /* Seed the random generator with the MD5 digest */
+        RAND_seed(md, MD_DIGEST_LENGTH);
+        }
+    Free(bmbits);
+  }
+  /* Select old bitmap back into memory DC */
+  hBitmap = SelectObject(hMemDC, hOldBitmap);
+  /* Clean up */
+  DeleteObject(hBitmap);
+  DeleteDC(hMemDC);
+  DeleteDC(hScrDC);
+}
+#endif
diff --git a/src/lib/libcrypto/rand/randtest.c b/src/lib/libcrypto/rand/randtest.c
new file mode 100644
index 0000000000..e0ba61e123
--- /dev/null
+++ b/src/lib/libcrypto/rand/randtest.c
@@ -0,0 +1,207 @@
+/* crypto/rand/randtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "rand.h"
+/* some FIPS 140-1 random number test */
+/* some simple tests */
+int main()
+        {
+        unsigned char buf[2500];
+        int i,j,k,s,sign,nsign,err=0;
+        unsigned long n1;
+        unsigned long n2[16];
+        unsigned long runs[2][34];
+        /*double d; */
+        long d;
+        RAND_bytes(buf,2500);
+        n1=0;
+        for (i=0; i<16; i++) n2[i]=0;
+        for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
+        /* test 1 and 2 */
+        sign=0;
+        nsign=0;
+        for (i=0; i<2500; i++)
+                {
+                j=buf[i];
+                n2[j&0x0f]++;
+                n2[(j>>4)&0x0f]++;
+                for (k=0; k<8; k++)
+                        {
+                        s=(j&0x01);
+                        if (s == sign)
+                                nsign++;
+                        else
+                                {
+                                if (nsign > 34) nsign=34;
+                                if (nsign != 0)
+                                        {
+                                        runs[sign][nsign-1]++;
+                                        if (nsign > 6)
+                                                runs[sign][5]++;
+                                        }
+                                sign=s;
+                                nsign=1;
+                                }
+                        if (s) n1++;
+                        j>>=1;
+                        }
+                }
+                if (nsign > 34) nsign=34;
+                if (nsign != 0) runs[sign][nsign-1]++;
+        /* test 1 */
+        if (!((9654 < n1) && (n1 < 10346)))
+                {
+                printf("test 1 failed, X=%ld\n",n1);
+                err++;
+                }
+        printf("test 1 done\n");
+        /* test 2 */
+#ifdef undef
+        d=0;
+        for (i=0; i<16; i++)
+                d+=n2[i]*n2[i];
+        d=d*16.0/5000.0-5000.0;
+        if (!((1.03 < d) && (d < 57.4)))
+                {
+                printf("test 2 failed, X=%.2f\n",d);
+                err++;
+                }
+#endif
+        d=0;
+        for (i=0; i<16; i++)
+                d+=n2[i]*n2[i];
+        d=(d*8)/25-500000;
+        if (!((103 < d) && (d < 5740)))
+                {
+                printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
+                err++;
+                }
+        printf("test 2 done\n");
+        /* test 3 */
+        for (i=0; i<2; i++)
+                {
+                if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%ld\n",
+                                i,1,runs[i][0]);
+                        err++;
+                        }
+                if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%ld\n",
+                                i,2,runs[i][1]);
+                        err++;
+                        }
+                if (!(( 502 < runs[i][2]) && (runs[i][2] <  748)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%ld\n",
+                                i,3,runs[i][2]);
+                        err++;
+                        }
+                if (!(( 223 < runs[i][3]) && (runs[i][3] <  402)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%ld\n",
+                                i,4,runs[i][3]);
+                        err++;
+                        }
+                if (!((  90 < runs[i][4]) && (runs[i][4] <  223)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%ld\n",
+                                i,5,runs[i][4]);
+                        err++;
+                        }
+                if (!((  90 < runs[i][5]) && (runs[i][5] <  223)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%ld\n",
+                                i,6,runs[i][5]);
+                        err++;
+                        }
+                }
+        printf("test 3 done\n");
+        
+        /* test 4 */
+        if (runs[0][33] != 0)
+                {
+                printf("test 4 failed, bit=%d run=%d num=%ld\n",
+                        0,34,runs[0][33]);
+                err++;
+                }
+        if (runs[1][33] != 0)
+                {
+                printf("test 4 failed, bit=%d run=%d num=%ld\n",
+                        1,34,runs[1][33]);
+                err++;
+                }
+        printf("test 4 done\n");
+        err=((err)?1:0);
+        exit(err);
+        return(err);
+        }
diff --git a/src/lib/libcrypto/rc2/rc2speed.c b/src/lib/libcrypto/rc2/rc2speed.c
new file mode 100644
index 0000000000..6cd8ea8f27
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2speed.c
@@ -0,0 +1,293 @@
+/* crypto/rc2/rc2speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern int exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "rc2.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#ifndef VMS
+#define HZ      100.0
+#else /* VMS */
+#define HZ      100.0
+#endif
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        RC2_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+#ifndef TIMES
+        printf("To get the most acurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        RC2_set_key(&sch,16,key,128);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        RC2_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing RC2_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing RC2_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                RC2_set_key(&sch,16,key,128);
+                RC2_set_key(&sch,16,key,128);
+                RC2_set_key(&sch,16,key,128);
+                RC2_set_key(&sch,16,key,128);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC2_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing RC2_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing RC2_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                unsigned long data[2];
+                RC2_encrypt(data,&sch);
+                RC2_encrypt(data,&sch);
+                RC2_encrypt(data,&sch);
+                RC2_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC2_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+#ifdef SIGALRM
+        printf("Doing RC2_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing RC2_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                RC2_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),RC2_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld RC2_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+        printf("RC2 set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("RC2 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("RC2 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/rc2/rc2test.c b/src/lib/libcrypto/rc2/rc2test.c
new file mode 100644
index 0000000000..9d0f8016ec
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2test.c
@@ -0,0 +1,270 @@
+/* crypto/rc2/rc2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "rc2.h"
+unsigned char RC2key[4][16]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+         0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F},
+        };
+unsigned char RC2plain[4][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        };
+unsigned char RC2cipher[4][8]={
+        {0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7},
+        {0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74},
+        {0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E},
+        {0x50,0xDC,0x01,0x62,0xBD,0x75,0x7F,0x31},
+        };
+/************/
+#ifdef undef
+unsigned char k[16]={
+        0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
+        0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
+unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
+unsigned char  c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
+unsigned char out[80];
+char *text="Hello to all people out there";
+static unsigned char cfb_key[16]={
+        0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+        0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+        };
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+        0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+        0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+        0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+/*      0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+        0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+        0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+        }; 
+#ifndef NOPROTO
+/*static int cfb64_test(unsigned char *cfb_cipher);*/
+static char *pt(unsigned char *p);
+#else
+/*static int cfb64_test(); */
+static char *pt();
+#endif
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,n,err=0;
+        RC2_KEY key; 
+        unsigned char buf[8],buf2[8];
+        for (n=0; n<4; n++)
+                {
+                RC2_set_key(&key,16,&(RC2key[n][0]),0 /* or 1024 */);
+                RC2_ecb_encrypt(&(RC2plain[n][0]),buf,&key,RC2_ENCRYPT);
+                if (memcmp(&(RC2cipher[n][0]),buf,8) != 0)
+                        {
+                        printf("ecb rc2 error encrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",RC2cipher[n][i]);
+                        err=20;
+                        printf("\n");
+                        }
+                RC2_ecb_encrypt(buf,buf2,&key,RC2_DECRYPT);
+                if (memcmp(&(RC2plain[n][0]),buf2,8) != 0)
+                        {
+                        printf("ecb RC2 error decrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",RC2plain[n][i]);
+                        printf("\n");
+                        err=3;
+                        }
+                }
+        if (err == 0) printf("ecb RC2 ok\n");
+#ifdef undef
+        memcpy(iv,k,8);
+        idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
+        memcpy(iv,k,8);
+        idea_cbc_encrypt(out,out,8,&dkey,iv,0);
+        idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
+        if (memcmp(text,out,strlen(text)+1) != 0)
+                {
+                printf("cbc idea bad\n");
+                err=4;
+                }
+        else
+                printf("cbc idea ok\n");
+        printf("cfb64 idea ");
+        if (cfb64_test(cfb_cipher64))
+                {
+                printf("bad\n");
+                err=5;
+                }
+        else
+                printf("ok\n");
+#endif
+        exit(err);
+        return(err);
+        }
+#ifdef undef
+static int cfb64_test(cfb_cipher)
+unsigned char *cfb_cipher;
+        {
+        IDEA_KEY_SCHEDULE eks,dks;
+        int err=0,i,n;
+        idea_set_encrypt_key(cfb_key,&eks);
+        idea_set_decrypt_key(&eks,&dks);
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)CFB_TEST_SIZE-12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb64_encrypt encrypt error\n");
+                for (i=0; i<CFB_TEST_SIZE; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                (long)CFB_TEST_SIZE-17,&dks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+static char *pt(p)
+unsigned char *p;
+        {
+        static char bufs[10][20];
+        static int bnum=0;
+        char *ret;
+        int i;
+        static char *f="0123456789ABCDEF";
+        ret= &(bufs[bnum++][0]);
+        bnum%=10;
+        for (i=0; i<8; i++)
+                {
+                ret[i*2]=f[(p[i]>>4)&0xf];
+                ret[i*2+1]=f[p[i]&0xf];
+                }
+        ret[16]='\0';
+        return(ret);
+        }
+        
+#endif
diff --git a/src/lib/libcrypto/rc4/rc4.c b/src/lib/libcrypto/rc4/rc4.c
new file mode 100644
index 0000000000..127e8a5093
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4.c
@@ -0,0 +1,194 @@
+/* crypto/rc4/rc4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "rc4.h"
+char *usage[]={
+"usage: rc4 args\n",
+"\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -key key        - password\n",
+NULL
+};
+int main(argc, argv)
+int argc;
+char *argv[];
+        {
+        FILE *in=NULL,*out=NULL;
+        char *infile=NULL,*outfile=NULL,*keystr=NULL;
+        RC4_KEY key;
+        char buf[BUFSIZ];
+        int badops=0,i;
+        char **pp;
+        unsigned char md[MD5_DIGEST_LENGTH];
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-key") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        keystr= *(++argv);
+                        }
+                else
+                        {
+                        fprintf(stderr,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+bad:
+                for (pp=usage; (*pp != NULL); pp++)
+                        fprintf(stderr,*pp);
+                exit(1);
+                }
+        if (infile == NULL)
+                in=stdin;
+        else
+                {
+                in=fopen(infile,"r");
+                if (in == NULL)
+                        {
+                        perror("open");
+                        exit(1);
+                        }
+                }
+        if (outfile == NULL)
+                out=stdout;
+        else
+                {
+                out=fopen(outfile,"w");
+                if (out == NULL)
+                        {
+                        perror("open");
+                        exit(1);
+                        }
+                }
+                
+#ifdef MSDOS
+        /* This should set the file to binary mode. */
+        {
+#include <fcntl.h>
+        setmode(fileno(in),O_BINARY);
+        setmode(fileno(out),O_BINARY);
+        }
+#endif
+        if (keystr == NULL)
+                { /* get key */
+                i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
+                if (i != 0)
+                        {
+                        memset(buf,0,BUFSIZ);
+                        fprintf(stderr,"bad password read\n");
+                        exit(1);
+                        }
+                keystr=buf;
+                }
+        MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+        memset(keystr,0,strlen(keystr));
+        RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
+        
+        for(;;)
+                {
+                i=fread(buf,1,BUFSIZ,in);
+                if (i == 0) break;
+                if (i < 0)
+                        {
+                        perror("read");
+                        exit(1);
+                        }
+                RC4(&key,(unsigned int)i,(unsigned char *)buf,
+                        (unsigned char *)buf);
+                i=fwrite(buf,(unsigned int)i,1,out);
+                if (i != 1)
+                        {
+                        perror("write");
+                        exit(1);
+                        }
+                }
+        fclose(out);
+        fclose(in);
+        exit(0);
+        return(1);
+        }
diff --git a/src/lib/libcrypto/rc4/rc4s.cpp b/src/lib/libcrypto/rc4/rc4s.cpp
new file mode 100644
index 0000000000..39f1727dd3
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4s.cpp
@@ -0,0 +1,73 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "rc4.h"
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[1024];
+        RC4_KEY ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=64,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=256;
+        if (num > 1024-16) num=1024-16;
+        numm=num+8;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        RC4(&ctx,numm,buffer,buffer);
+                        GetTSC(s1);
+                        RC4(&ctx,numm,buffer,buffer);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        RC4(&ctx,num,buffer,buffer);
+                        GetTSC(e2);
+                        RC4(&ctx,num,buffer,buffer);
+                        }
+                printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num,
+                        e1-s1,e2-s2,(e1-s1)-(e2-s2));
+                }
+        }
diff --git a/src/lib/libcrypto/rc4/rc4speed.c b/src/lib/libcrypto/rc4/rc4speed.c
new file mode 100644
index 0000000000..5298dad6d0
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4speed.c
@@ -0,0 +1,269 @@
+/* crypto/rc4/rc4speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern int exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "rc4.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#ifndef VMS
+#define HZ      100.0
+#else /* VMS */
+#define HZ      100.0
+#endif
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        RC4_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+#ifndef TIMES
+        printf("To get the most acurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        RC4_set_key(&sch,16,key);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        RC4(&sch,8,buf,buf);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing RC4_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing RC4_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                RC4_set_key(&sch,16,key);
+                RC4_set_key(&sch,16,key);
+                RC4_set_key(&sch,16,key);
+                RC4_set_key(&sch,16,key);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC4_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing RC4 on %ld byte blocks for 10 seconds\n",BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing RC4 %ld times on %ld byte blocks\n",cc,BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                RC4(&sch,BUFSIZE,buf,buf);
+        d=Time_F(STOP);
+        printf("%ld RC4's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+        printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("RC4   bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/rc4/rc4test.c b/src/lib/libcrypto/rc4/rc4test.c
new file mode 100644
index 0000000000..041e1aff95
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4test.c
@@ -0,0 +1,195 @@
+/* crypto/rc4/rc4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "rc4.h"
+unsigned char keys[7][30]={
+        {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+        {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+        {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {4,0xef,0x01,0x23,0x45},
+        {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+        {4,0xef,0x01,0x23,0x45},
+        };
+unsigned char data_len[7]={8,8,8,20,28,10};
+unsigned char data[7][30]={
+        {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+           0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+           0x00,0x00,0x00,0x00,0xff},
+        {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+           0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+           0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+           0x12,0x34,0x56,0x78,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+        {0},
+        };
+unsigned char output[7][30]={
+        {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
+        {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
+        {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
+        {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
+         0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
+         0x36,0xb6,0x78,0x58,0x00},
+        {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
+         0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
+         0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
+         0x40,0x01,0x1e,0xcf,0x00},
+        {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
+        {0},
+        };
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        int j;
+        unsigned char *p;
+        RC4_KEY key;
+        unsigned char buf[512],obuf[512];
+        for (i=0; i<512; i++) buf[i]=0x01;
+        for (i=0; i<6; i++)
+                {
+                RC4_set_key(&key,keys[i][0],&(keys[i][1]));
+                memset(obuf,0x00,sizeof(obuf));
+                RC4(&key,data_len[i],&(data[i][0]),obuf);
+                if (memcmp(obuf,output[i],data_len[i]+1) != 0)
+                        {
+                        printf("error calculating RC4\n");
+                        printf("output:");
+                        for (j=0; j<data_len[i]+1; j++)
+                                printf(" %02x",obuf[j]);
+                        printf("\n");
+                        printf("expect:");
+                        p= &(output[i][0]);
+                        for (j=0; j<data_len[i]+1; j++)
+                                printf(" %02x",*(p++));
+                        printf("\n");
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                }
+        printf("test end processing ");
+        for (i=0; i<data_len[3]; i++)
+                {
+                RC4_set_key(&key,keys[3][0],&(keys[3][1]));
+                memset(obuf,0x00,sizeof(obuf));
+                RC4(&key,i,&(data[3][0]),obuf);
+                if ((memcmp(obuf,output[3],i) != 0) || (obuf[i] != 0))
+                        {
+                        printf("error in RC4 length processing\n");
+                        printf("output:");
+                        for (j=0; j<i+1; j++)
+                                printf(" %02x",obuf[j]);
+                        printf("\n");
+                        printf("expect:");
+                        p= &(output[3][0]);
+                        for (j=0; j<i; j++)
+                                printf(" %02x",*(p++));
+                        printf(" 00\n");
+                        err++;
+                        }
+                else
+                        {
+                        printf(".");
+                        fflush(stdout);
+                        }
+                }
+        printf("done\n");
+        printf("test multi-call ");
+        for (i=0; i<data_len[3]; i++)
+                {
+                RC4_set_key(&key,keys[3][0],&(keys[3][1]));
+                memset(obuf,0x00,sizeof(obuf));
+                RC4(&key,i,&(data[3][0]),obuf);
+                RC4(&key,data_len[3]-i,&(data[3][i]),&(obuf[i]));
+                if (memcmp(obuf,output[3],data_len[3]+1) != 0)
+                        {
+                        printf("error in RC4 multi-call processing\n");
+                        printf("output:");
+                        for (j=0; j<data_len[3]+1; j++)
+                                printf(" %02x",obuf[j]);
+                        printf("\n");
+                        printf("expect:");
+                        p= &(output[3][0]);
+                        for (j=0; j<data_len[3]+1; j++)
+                                printf(" %02x",*(p++));
+                        err++;
+                        }
+                else
+                        {
+                        printf(".");
+                        fflush(stdout);
+                        }
+                }
+        printf("done\n");
+        exit(err);
+        return(0);
+        }
diff --git a/src/lib/libcrypto/rc4/rrc4.doc b/src/lib/libcrypto/rc4/rrc4.doc
new file mode 100644
index 0000000000..2f9a953c12
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rrc4.doc
@@ -0,0 +1,278 @@
+Newsgroups: sci.crypt,alt.security,comp.security.misc,alt.privacy
+Path: ghost.dsi.unimi.it!univ-lyon1.fr!jussieu.fr!zaphod.crihan.fr!warwick!clyde.open.ac.uk!strath-cs!bnr.co.uk!bt!pipex!howland.reston.ans.net!europa.eng.gtefsd.com!MathWorks.Com!yeshua.marcam.com!charnel.ecst.csuchico.edu!csusac!csus.edu!netcom.com!sterndark
+From: sterndark@netcom.com (David Sterndark)
+Subject: RC4 Algorithm revealed.
+Message-ID: <sternCvKL4B.Hyy@netcom.com>
+Sender: sterndark@netcom.com 
+Organization: NETCOM On-line Communication Services (408 261-4700 guest)
+X-Newsreader: TIN [version 1.2 PL1]
+Date: Wed, 14 Sep 1994 06:35:31 GMT
+Lines: 263
+Xref: ghost.dsi.unimi.it sci.crypt:27332 alt.security:14732 comp.security.misc:11701 alt.privacy:16026
+I am shocked,  shocked, I tell you,  shocked, to discover
+that the cypherpunks have illegaly and criminally revealed
+a crucial RSA trade secret and harmed the security of
+America by reverse engineering the RC4 algorithm and
+publishing it to the world.
+ 
+On Saturday morning an anonymous cypherpunk wrote:
+ 
+ 
+   SUBJECT:  RC4 Source Code
+ 
+ 
+   I've tested this.  It is compatible with the RC4 object module
+   that comes in the various RSA toolkits.  
+ 
+   /* rc4.h */
+   typedef struct rc4_key
+   {      
+        unsigned char state[256];       
+        unsigned char x;        
+        unsigned char y;
+   } rc4_key;
+   void prepare_key(unsigned char *key_data_ptr,int key_data_len,
+   rc4_key *key);
+   void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key);
+   
+   
+   /*rc4.c */
+   #include "rc4.h"
+   static void swap_byte(unsigned char *a, unsigned char *b);
+   void prepare_key(unsigned char *key_data_ptr, int key_data_len,
+   rc4_key *key)
+   {
+        unsigned char swapByte;
+        unsigned char index1;
+        unsigned char index2;
+        unsigned char* state;
+        short counter;     
+        
+        state = &key->state[0];         
+        for(counter = 0; counter < 256; counter++)              
+        state[counter] = counter;               
+        key->x = 0;     
+        key->y = 0;     
+        index1 = 0;     
+        index2 = 0;             
+        for(counter = 0; counter < 256; counter++)      
+        {               
+             index2 = (key_data_ptr[index1] + state[counter] +
+                index2) % 256;                
+             swap_byte(&state[counter], &state[index2]);            
+   
+             index1 = (index1 + 1) % key_data_len;  
+        }       
+    }
+    
+    void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key)
+    { 
+        unsigned char x;
+        unsigned char y;
+        unsigned char* state;
+        unsigned char xorIndex;
+        short counter;              
+        
+        x = key->x;     
+        y = key->y;     
+        
+        state = &key->state[0];         
+        for(counter = 0; counter < buffer_len; counter ++)      
+        {               
+             x = (x + 1) % 256;                      
+             y = (state[x] + y) % 256;               
+             swap_byte(&state[x], &state[y]);                        
+                  
+             xorIndex = (state[x] + state[y]) % 256;                 
+                  
+             buffer_ptr[counter] ^= state[xorIndex];         
+         }               
+         key->x = x;     
+         key->y = y;
+    }
+    
+    static void swap_byte(unsigned char *a, unsigned char *b)
+    {
+        unsigned char swapByte; 
+        
+        swapByte = *a; 
+        *a = *b;      
+        *b = swapByte;
+    }
+ 
+ 
+ 
+Another cypherpunk, this one not anonymous, tested the
+output from this algorithm against the output from
+official RC4 object code
+ 
+ 
+   Date: Tue, 13 Sep 94 18:37:56 PDT
+   From: ekr@eit.COM (Eric Rescorla)
+   Message-Id: <9409140137.AA17743@eitech.eit.com>
+   Subject: RC4 compatibility testing
+   Cc: cypherpunks@toad.com
+   
+   One data point:
+   
+   I can't say anything about the internals of RC4 versus the
+   algorithm that Bill Sommerfeld is rightly calling 'Alleged RC4',
+   since I don't know anything about RC4's internals. 
+   
+   However, I do have a (legitimately acquired) copy of BSAFE2 and
+   so I'm able to compare the output of this algorithm to the output
+   of genuine RC4 as found in BSAFE. I chose a set of test vectors
+   and ran them through both algorithms. The algorithms appear to
+   give identical results, at least with these key/plaintext pairs.
+   
+   I note that this is the algorithm _without_ Hal Finney's
+   proposed modification
+   
+   (see <199409130605.XAA24133@jobe.shell.portal.com>).
+   
+   The vectors I used (together with the ciphertext they produce)
+   follow at the end of this message.
+   
+   -Ekr
+   
+   Disclaimer: This posting does not reflect the opinions of EIT.
+   
+   --------------------results follow--------------
+   Test vector 0
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   0 Output: 0x75 0xb7 0x87 0x80 0x99 0xe0 0xc5 0x96 
+   
+   Test vector 1
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0x74 0x94 0xc2 0xe7 0x10 0x4b 0x08 0x79 
+   
+   Test vector 2
+   Key: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0xde 0x18 0x89 0x41 0xa3 0x37 0x5d 0x3a 
+   
+   Test vector 3
+   Key: 0xef 0x01 0x23 0x45 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0xd6 0xa1 0x41 0xa7 0xec 0x3c 0x38 0xdf 0xbd 0x61 
+   
+   Test vector 4
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 
+   0 Output: 0x75 0x95 0xc3 0xe6 0x11 0x4a 0x09 0x78 0x0c 0x4a 0xd4 
+   0x52 0x33 0x8e 0x1f 0xfd 0x9a 0x1b 0xe9 0x49 0x8f 
+   0x81 0x3d 0x76 0x53 0x34 0x49 0xb6 0x77 0x8d 0xca 
+   0xd8 0xc7 0x8a 0x8d 0x2b 0xa9 0xac 0x66 0x08 0x5d 
+   0x0e 0x53 0xd5 0x9c 0x26 0xc2 0xd1 0xc4 0x90 0xc1 
+   0xeb 0xbe 0x0c 0xe6 0x6d 0x1b 0x6b 0x1b 0x13 0xb6 
+   0xb9 0x19 0xb8 0x47 0xc2 0x5a 0x91 0x44 0x7a 0x95 
+   0xe7 0x5e 0x4e 0xf1 0x67 0x79 0xcd 0xe8 0xbf 0x0a 
+   0x95 0x85 0x0e 0x32 0xaf 0x96 0x89 0x44 0x4f 0xd3 
+   0x77 0x10 0x8f 0x98 0xfd 0xcb 0xd4 0xe7 0x26 0x56 
+   0x75 0x00 0x99 0x0b 0xcc 0x7e 0x0c 0xa3 0xc4 0xaa 
+   0xa3 0x04 0xa3 0x87 0xd2 0x0f 0x3b 0x8f 0xbb 0xcd 
+   0x42 0xa1 0xbd 0x31 0x1d 0x7a 0x43 0x03 0xdd 0xa5 
+   0xab 0x07 0x88 0x96 0xae 0x80 0xc1 0x8b 0x0a 0xf6 
+   0x6d 0xff 0x31 0x96 0x16 0xeb 0x78 0x4e 0x49 0x5a 
+   0xd2 0xce 0x90 0xd7 0xf7 0x72 0xa8 0x17 0x47 0xb6 
+   0x5f 0x62 0x09 0x3b 0x1e 0x0d 0xb9 0xe5 0xba 0x53 
+   0x2f 0xaf 0xec 0x47 0x50 0x83 0x23 0xe6 0x71 0x32 
+   0x7d 0xf9 0x44 0x44 0x32 0xcb 0x73 0x67 0xce 0xc8 
+   0x2f 0x5d 0x44 0xc0 0xd0 0x0b 0x67 0xd6 0x50 0xa0 
+   0x75 0xcd 0x4b 0x70 0xde 0xdd 0x77 0xeb 0x9b 0x10 
+   0x23 0x1b 0x6b 0x5b 0x74 0x13 0x47 0x39 0x6d 0x62 
+   0x89 0x74 0x21 0xd4 0x3d 0xf9 0xb4 0x2e 0x44 0x6e 
+   0x35 0x8e 0x9c 0x11 0xa9 0xb2 0x18 0x4e 0xcb 0xef 
+   0x0c 0xd8 0xe7 0xa8 0x77 0xef 0x96 0x8f 0x13 0x90 
+   0xec 0x9b 0x3d 0x35 0xa5 0x58 0x5c 0xb0 0x09 0x29 
+   0x0e 0x2f 0xcd 0xe7 0xb5 0xec 0x66 0xd9 0x08 0x4b 
+   0xe4 0x40 0x55 0xa6 0x19 0xd9 0xdd 0x7f 0xc3 0x16 
+   0x6f 0x94 0x87 0xf7 0xcb 0x27 0x29 0x12 0x42 0x64 
+   0x45 0x99 0x85 0x14 0xc1 0x5d 0x53 0xa1 0x8c 0x86 
+   0x4c 0xe3 0xa2 0xb7 0x55 0x57 0x93 0x98 0x81 0x26 
+   0x52 0x0e 0xac 0xf2 0xe3 0x06 0x6e 0x23 0x0c 0x91 
+   0xbe 0xe4 0xdd 0x53 0x04 0xf5 0xfd 0x04 0x05 0xb3 
+   0x5b 0xd9 0x9c 0x73 0x13 0x5d 0x3d 0x9b 0xc3 0x35 
+   0xee 0x04 0x9e 0xf6 0x9b 0x38 0x67 0xbf 0x2d 0x7b 
+   0xd1 0xea 0xa5 0x95 0xd8 0xbf 0xc0 0x06 0x6f 0xf8 
+   0xd3 0x15 0x09 0xeb 0x0c 0x6c 0xaa 0x00 0x6c 0x80 
+   0x7a 0x62 0x3e 0xf8 0x4c 0x3d 0x33 0xc1 0x95 0xd2 
+   0x3e 0xe3 0x20 0xc4 0x0d 0xe0 0x55 0x81 0x57 0xc8 
+   0x22 0xd4 0xb8 0xc5 0x69 0xd8 0x49 0xae 0xd5 0x9d 
+   0x4e 0x0f 0xd7 0xf3 0x79 0x58 0x6b 0x4b 0x7f 0xf6 
+   0x84 0xed 0x6a 0x18 0x9f 0x74 0x86 0xd4 0x9b 0x9c 
+   0x4b 0xad 0x9b 0xa2 0x4b 0x96 0xab 0xf9 0x24 0x37 
+   0x2c 0x8a 0x8f 0xff 0xb1 0x0d 0x55 0x35 0x49 0x00 
+   0xa7 0x7a 0x3d 0xb5 0xf2 0x05 0xe1 0xb9 0x9f 0xcd 
+   0x86 0x60 0x86 0x3a 0x15 0x9a 0xd4 0xab 0xe4 0x0f 
+   0xa4 0x89 0x34 0x16 0x3d 0xdd 0xe5 0x42 0xa6 0x58 
+   0x55 0x40 0xfd 0x68 0x3c 0xbf 0xd8 0xc0 0x0f 0x12 
+   0x12 0x9a 0x28 0x4d 0xea 0xcc 0x4c 0xde 0xfe 0x58 
+   0xbe 0x71 0x37 0x54 0x1c 0x04 0x71 0x26 0xc8 0xd4 
+   0x9e 0x27 0x55 0xab 0x18 0x1a 0xb7 0xe9 0x40 0xb0 
+   0xc0 
+   
+-- 
+ ---------------------------------------------------------------------
+We have the right to defend ourselves and our
+property, because of the kind of animals that we              James A. Donald
+are.  True law derives from this right, not from
+the arbitrary power of the omnipotent state.                jamesd@netcom.com
diff --git a/src/lib/libcrypto/rc5/rc5.h b/src/lib/libcrypto/rc5/rc5.h
new file mode 100644
index 0000000000..5fd64e3f10
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5.h
@@ -0,0 +1,122 @@
+/* crypto/rc5/rc5.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_RC5_H
+#define HEADER_RC5_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#define RC5_ENCRYPT     1
+#define RC5_DECRYPT     0
+/* 32 bit.  For Alpha, things may get weird */
+#define RC5_32_INT unsigned long
+#define RC5_32_BLOCK            8
+#define RC5_32_KEY_LENGTH       16 /* This is a default, max is 255 */
+/* This are the only values supported.  Tweak the code if you want more
+ * The most supported modes will be
+ * RC5-32/12/16
+ * RC5-32/16/8
+ */
+#define RC5_8_ROUNDS    8
+#define RC5_12_ROUNDS   12
+#define RC5_16_ROUNDS   16
+typedef struct rc5_key_st
+        {
+        /* Number of rounds */
+        int rounds;
+        RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
+        } RC5_32_KEY;
+#ifndef NOPROTO
+ 
+void RC5_32_set_key(RC5_32_KEY *key, int len, unsigned char *data,
+        int rounds);
+void RC5_32_ecb_encrypt(unsigned char *in,unsigned char *out,RC5_32_KEY *key,
+        int enc);
+void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key);
+void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key);
+void RC5_32_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+        RC5_32_KEY *ks, unsigned char *iv, int enc);
+void RC5_32_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        RC5_32_KEY *schedule, unsigned char *ivec, int *num, int enc);
+void RC5_32_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        RC5_32_KEY *schedule, unsigned char *ivec, int *num);
+#else
+void RC5_32_set_key();
+void RC5_32_ecb_encrypt();
+void RC5_32_encrypt();
+void RC5_32_decrypt();
+void RC5_32_cbc_encrypt();
+void RC5_32_cfb64_encrypt();
+void RC5_32_ofb64_encrypt();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/ripemd/asm/rips.cpp b/src/lib/libcrypto/ripemd/asm/rips.cpp
new file mode 100644
index 0000000000..78a933c448
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/asm/rips.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "ripemd.h"
+extern "C" {
+void ripemd160_block_x86(RIPEMD160_CTX *ctx, unsigned char *buffer,int num);
+}
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        RIPEMD160_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        ripemd160_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        ripemd160_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        ripemd160_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        ripemd160_block_x86(&ctx,buffer,num);
+                        }
+                printf("ripemd160 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
diff --git a/src/lib/libcrypto/ripemd/rmd160.c b/src/lib/libcrypto/ripemd/rmd160.c
new file mode 100644
index 0000000000..3fa1b8096e
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/rmd160.c
@@ -0,0 +1,135 @@
+/* crypto/ripemd/rmd160.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "ripemd.h"
+#define BUFSIZE 1024*16
+#ifndef NOPROTO
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+#else
+void do_fp();
+void pt();
+int read();
+#endif
+int main(argc, argv)
+int argc;
+char **argv;
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("RIPEMD160(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+void do_fp(f)
+FILE *f;
+        {
+        RIPEMD160_CTX c;
+        unsigned char md[RIPEMD160_DIGEST_LENGTH];
+        int fd;
+        int i;
+        static unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        RIPEMD160_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                RIPEMD160_Update(&c,buf,(unsigned long)i);
+                }
+        RIPEMD160_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(md)
+unsigned char *md;
+        {
+        int i;
+        for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/ripemd/rmdtest.c b/src/lib/libcrypto/ripemd/rmdtest.c
new file mode 100644
index 0000000000..6a0297f975
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/rmdtest.c
@@ -0,0 +1,133 @@
+/* crypto/ripemd/rmdtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "ripemd.h"
+char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+char *ret[]={
+        "9c1185a5c5e9fc54612808977ee8f548b2258d31",
+        "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
+        "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
+        "5d0689ef49d2fae572b881b123a85ffa21595f36",
+        "f71c27109c692c1b56bbdceb5b9d2865b3708dbc",
+        "12a053384a9c0c88e405a06c27dcf49ada62eb2b",
+        "b0e20b6e3116640286ed3a87a5713079b21f5189",
+        "9b752e45573d4b39f4dbd3323cab82bf63326bfb",
+        };
+#ifndef NOPROTO
+static char *pt(unsigned char *md);
+#else
+static char *pt();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        char *p;
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                p=pt(RIPEMD160(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating RIPEMD160 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        exit(err);
+        return(0);
+        }
+static char *pt(md)
+unsigned char *md;
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
diff --git a/src/lib/libcrypto/sha/asm/README b/src/lib/libcrypto/sha/asm/README
new file mode 100644
index 0000000000..b7e755765f
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/README
@@ -0,0 +1 @@
+C2.pl works
diff --git a/src/lib/libcrypto/sha/sha.c b/src/lib/libcrypto/sha/sha.c
new file mode 100644
index 0000000000..713fec3610
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha.c
@@ -0,0 +1,135 @@
+/* crypto/sha/sha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "sha.h"
+#define BUFSIZE 1024*16
+#ifndef NOPROTO
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+#else
+void do_fp();
+void pt();
+int read();
+#endif
+int main(argc, argv)
+int argc;
+char **argv;
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("SHA(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+void do_fp(f)
+FILE *f;
+        {
+        SHA_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+        int fd;
+        int i;
+        unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        SHA_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                SHA_Update(&c,buf,(unsigned long)i);
+                }
+        SHA_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(md)
+unsigned char *md;
+        {
+        int i;
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c
new file mode 100644
index 0000000000..a4739ac9fd
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1.c
@@ -0,0 +1,135 @@
+/* crypto/sha/sha1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "sha.h"
+#define BUFSIZE 1024*16
+#ifndef NOPROTO
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+#else
+void do_fp();
+void pt();
+int read();
+#endif
+int main(argc, argv)
+int argc;
+char **argv;
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("SHA1(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+void do_fp(f)
+FILE *f;
+        {
+        SHA_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+        int fd;
+        int i;
+        unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        SHA1_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                SHA1_Update(&c,buf,(unsigned long)i);
+                }
+        SHA1_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(md)
+unsigned char *md;
+        {
+        int i;
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/sha/sha1s.cpp b/src/lib/libcrypto/sha/sha1s.cpp
new file mode 100644
index 0000000000..0163377de6
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1s.cpp
@@ -0,0 +1,79 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "sha.h"
+extern "C" {
+void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num);
+}
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        SHA_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        sha1_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        sha1_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        sha1_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        sha1_block_x86(&ctx,buffer,num);
+                        }
+                printf("sha1 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
diff --git a/src/lib/libcrypto/sha/sha1test.c b/src/lib/libcrypto/sha/sha1test.c
new file mode 100644
index 0000000000..3c62a218b4
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1test.c
@@ -0,0 +1,155 @@
+/* crypto/sha/sha1test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "sha.h"
+#undef SHA_0 /* FIPS 180 */
+#define  SHA_1 /* FIPS 180-1 */
+char *test[]={
+        "abc",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        NULL,
+        };
+#ifdef SHA_0
+char *ret[]={
+        "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+        "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+        };
+char *bigret=
+        "3232affa48628a26653b5aaa44541fd90d690603";
+#endif
+#ifdef SHA_1
+char *ret[]={
+        "a9993e364706816aba3e25717850c26c9cd0d89d",
+        "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+        };
+char *bigret=
+        "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+#endif
+#ifndef NOPROTO
+static char *pt(unsigned char *md);
+#else
+static char *pt();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        static unsigned char buf[1000];
+        char *p,*r;
+        SHA_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                p=pt(SHA1(*P,(unsigned long)strlen((char *)*P),NULL));
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating SHA1 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        memset(buf,'a',1000);
+        SHA1_Init(&c);
+        for (i=0; i<1000; i++)
+                SHA1_Update(&c,buf,1000);
+        SHA1_Final(md,&c);
+        p=pt(md);
+        r=bigret;
+        if (strcmp(p,r) != 0)
+                {
+                printf("error calculating SHA1 on 'a' * 1000\n");
+                printf("got %s instead of %s\n",p,r);
+                err++;
+                }
+        else
+                printf("test 3 ok\n");
+        exit(err);
+        return(0);
+        }
+static char *pt(md)
+unsigned char *md;
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
diff --git a/src/lib/libcrypto/sha/sha_dgst.c b/src/lib/libcrypto/sha/sha_dgst.c
new file mode 100644
index 0000000000..8ed533ea26
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha_dgst.c
@@ -0,0 +1,442 @@
+/* crypto/sha/sha_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#define  SHA_0
+#undef SHA_1
+#include "sha.h"
+#include "sha_locl.h"
+char *SHA_version="SHA part of SSLeay 0.9.0b 29-Jun-1998";
+/* Implemented from SHA-0 document - The Secure Hash Algorithm
+ */
+#define INIT_DATA_h0 (unsigned long)0x67452301L
+#define INIT_DATA_h1 (unsigned long)0xefcdab89L
+#define INIT_DATA_h2 (unsigned long)0x98badcfeL
+#define INIT_DATA_h3 (unsigned long)0x10325476L
+#define INIT_DATA_h4 (unsigned long)0xc3d2e1f0L
+#define K_00_19 0x5a827999L
+#define K_20_39 0x6ed9eba1L
+#define K_40_59 0x8f1bbcdcL
+#define K_60_79 0xca62c1d6L
+#ifndef NOPROTO
+   void sha_block(SHA_CTX *c, register unsigned long *p, int num);
+#else
+   void sha_block();
+#endif
+#define M_c2nl          c2nl
+#define M_p_c2nl        p_c2nl
+#define M_c2nl_p        c2nl_p
+#define M_p_c2nl_p      p_c2nl_p
+#define M_nl2c          nl2c
+void SHA_Init(c)
+SHA_CTX *c;
+        {
+        c->h0=INIT_DATA_h0;
+        c->h1=INIT_DATA_h1;
+        c->h2=INIT_DATA_h2;
+        c->h3=INIT_DATA_h3;
+        c->h4=INIT_DATA_h4;
+        c->Nl=0;
+        c->Nh=0;
+        c->num=0;
+        }
+void SHA_Update(c, data, len)
+SHA_CTX *c;
+register unsigned char *data;
+unsigned long len;
+        {
+        register ULONG *p;
+        int ew,ec,sw,sc;
+        ULONG l;
+        if (len == 0) return;
+        l=(c->Nl+(len<<3))&0xffffffffL;
+        if (l < c->Nl) /* overflow */
+                c->Nh++;
+        c->Nh+=(len>>29);
+        c->Nl=l;
+        if (c->num != 0)
+                {
+                p=c->data;
+                sw=c->num>>2;
+                sc=c->num&0x03;
+                if ((c->num+len) >= SHA_CBLOCK)
+                        {
+                        l= p[sw];
+                        M_p_c2nl(data,l,sc);
+                        p[sw++]=l;
+                        for (; sw<SHA_LBLOCK; sw++)
+                                {
+                                M_c2nl(data,l);
+                                p[sw]=l;
+                                }
+                        len-=(SHA_CBLOCK-c->num);
+                        sha_block(c,p,64);
+                        c->num=0;
+                        /* drop through and do the rest */
+                        }
+                else
+                        {
+                        c->num+=(int)len;
+                        if ((sc+len) < 4) /* ugly, add char's to a word */
+                                {
+                                l= p[sw];
+                                M_p_c2nl_p(data,l,sc,len);
+                                p[sw]=l;
+                                }
+                        else
+                                {
+                                ew=(c->num>>2);
+                                ec=(c->num&0x03);
+                                l= p[sw];
+                                M_p_c2nl(data,l,sc);
+                                p[sw++]=l;
+                                for (; sw < ew; sw++)
+                                        { M_c2nl(data,l); p[sw]=l; }
+                                if (ec)
+                                        {
+                                        M_c2nl_p(data,l,ec);
+                                        p[sw]=l;
+                                        }
+                                }
+                        return;
+                        }
+                }
+        /* We can only do the following code for assember, the reason
+         * being that the sha_block 'C' version changes the values
+         * in the 'data' array.  The assember code avoids this and
+         * copies it to a local array.  I should be able to do this for
+         * the C version as well....
+         */
+#if 1
+#if defined(B_ENDIAN) || defined(SHA_ASM)
+        if ((((unsigned int)data)%sizeof(ULONG)) == 0)
+                {
+                sw=len/SHA_CBLOCK;
+                if (sw)
+                        {
+                        sw*=SHA_CBLOCK;
+                        sha_block(c,(ULONG *)data,sw);
+                        data+=sw;
+                        len-=sw;
+                        }
+                }
+#endif
+#endif
+        /* we now can process the input data in blocks of SHA_CBLOCK
+         * chars and save the leftovers to c->data. */
+        p=c->data;
+        while (len >= SHA_CBLOCK)
+                {
+#if defined(B_ENDIAN) || defined(L_ENDIAN)
+                if (p != (unsigned long *)data)
+                        memcpy(p,data,SHA_CBLOCK);
+                data+=SHA_CBLOCK;
+#  ifdef L_ENDIAN
+#    ifndef SHA_ASM /* Will not happen */
+                for (sw=(SHA_LBLOCK/4); sw; sw--)
+                        {
+                        Endian_Reverse32(p[0]);
+                        Endian_Reverse32(p[1]);
+                        Endian_Reverse32(p[2]);
+                        Endian_Reverse32(p[3]);
+                        p+=4;
+                        }
+                p=c->data;
+#    endif
+#  endif
+#else
+                for (sw=(SHA_BLOCK/4); sw; sw--)
+                        {
+                        M_c2nl(data,l); *(p++)=l;
+                        M_c2nl(data,l); *(p++)=l;
+                        M_c2nl(data,l); *(p++)=l;
+                        M_c2nl(data,l); *(p++)=l;
+                        }
+                p=c->data;
+#endif
+                sha_block(c,p,64);
+                len-=SHA_CBLOCK;
+                }
+        ec=(int)len;
+        c->num=ec;
+        ew=(ec>>2);
+        ec&=0x03;
+        for (sw=0; sw < ew; sw++)
+                { M_c2nl(data,l); p[sw]=l; }
+        M_c2nl_p(data,l,ec);
+        p[sw]=l;
+        }
+void SHA_Transform(c,b)
+SHA_CTX *c;
+unsigned char *b;
+        {
+        ULONG p[16];
+#if !defined(B_ENDIAN)
+        ULONG *q;
+        int i;
+#endif
+#if defined(B_ENDIAN) || defined(L_ENDIAN)
+        memcpy(p,b,64);
+#ifdef L_ENDIAN
+        q=p;
+        for (i=(SHA_LBLOCK/4); i; i--)
+                {
+                Endian_Reverse32(q[0]);
+                Endian_Reverse32(q[1]);
+                Endian_Reverse32(q[2]);
+                Endian_Reverse32(q[3]);
+                q+=4;
+                }
+#endif
+#else
+        q=p;
+        for (i=(SHA_LBLOCK/4); i; i--)
+                {
+                ULONG l;
+                c2nl(b,l); *(q++)=l;
+                c2nl(b,l); *(q++)=l;
+                c2nl(b,l); *(q++)=l;
+                c2nl(b,l); *(q++)=l; 
+                } 
+#endif
+        sha_block(c,p,64);
+        }
+void sha_block(c, W, num)
+SHA_CTX *c;
+register unsigned long *W;
+int num;
+        {
+        register ULONG A,B,C,D,E,T;
+        ULONG X[16];
+        A=c->h0;
+        B=c->h1;
+        C=c->h2;
+        D=c->h3;
+        E=c->h4;
+        for (;;)
+                {
+        BODY_00_15( 0,A,B,C,D,E,T,W);
+        BODY_00_15( 1,T,A,B,C,D,E,W);
+        BODY_00_15( 2,E,T,A,B,C,D,W);
+        BODY_00_15( 3,D,E,T,A,B,C,W);
+        BODY_00_15( 4,C,D,E,T,A,B,W);
+        BODY_00_15( 5,B,C,D,E,T,A,W);
+        BODY_00_15( 6,A,B,C,D,E,T,W);
+        BODY_00_15( 7,T,A,B,C,D,E,W);
+        BODY_00_15( 8,E,T,A,B,C,D,W);
+        BODY_00_15( 9,D,E,T,A,B,C,W);
+        BODY_00_15(10,C,D,E,T,A,B,W);
+        BODY_00_15(11,B,C,D,E,T,A,W);
+        BODY_00_15(12,A,B,C,D,E,T,W);
+        BODY_00_15(13,T,A,B,C,D,E,W);
+        BODY_00_15(14,E,T,A,B,C,D,W);
+        BODY_00_15(15,D,E,T,A,B,C,W);
+        BODY_16_19(16,C,D,E,T,A,B,W,W,W,W);
+        BODY_16_19(17,B,C,D,E,T,A,W,W,W,W);
+        BODY_16_19(18,A,B,C,D,E,T,W,W,W,W);
+        BODY_16_19(19,T,A,B,C,D,E,W,W,W,X);
+        BODY_20_31(20,E,T,A,B,C,D,W,W,W,X);
+        BODY_20_31(21,D,E,T,A,B,C,W,W,W,X);
+        BODY_20_31(22,C,D,E,T,A,B,W,W,W,X);
+        BODY_20_31(23,B,C,D,E,T,A,W,W,W,X);
+        BODY_20_31(24,A,B,C,D,E,T,W,W,X,X);
+        BODY_20_31(25,T,A,B,C,D,E,W,W,X,X);
+        BODY_20_31(26,E,T,A,B,C,D,W,W,X,X);
+        BODY_20_31(27,D,E,T,A,B,C,W,W,X,X);
+        BODY_20_31(28,C,D,E,T,A,B,W,W,X,X);
+        BODY_20_31(29,B,C,D,E,T,A,W,W,X,X);
+        BODY_20_31(30,A,B,C,D,E,T,W,X,X,X);
+        BODY_20_31(31,T,A,B,C,D,E,W,X,X,X);
+        BODY_32_39(32,E,T,A,B,C,D,X);
+        BODY_32_39(33,D,E,T,A,B,C,X);
+        BODY_32_39(34,C,D,E,T,A,B,X);
+        BODY_32_39(35,B,C,D,E,T,A,X);
+        BODY_32_39(36,A,B,C,D,E,T,X);
+        BODY_32_39(37,T,A,B,C,D,E,X);
+        BODY_32_39(38,E,T,A,B,C,D,X);
+        BODY_32_39(39,D,E,T,A,B,C,X);
+        BODY_40_59(40,C,D,E,T,A,B,X);
+        BODY_40_59(41,B,C,D,E,T,A,X);
+        BODY_40_59(42,A,B,C,D,E,T,X);
+        BODY_40_59(43,T,A,B,C,D,E,X);
+        BODY_40_59(44,E,T,A,B,C,D,X);
+        BODY_40_59(45,D,E,T,A,B,C,X);
+        BODY_40_59(46,C,D,E,T,A,B,X);
+        BODY_40_59(47,B,C,D,E,T,A,X);
+        BODY_40_59(48,A,B,C,D,E,T,X);
+        BODY_40_59(49,T,A,B,C,D,E,X);
+        BODY_40_59(50,E,T,A,B,C,D,X);
+        BODY_40_59(51,D,E,T,A,B,C,X);
+        BODY_40_59(52,C,D,E,T,A,B,X);
+        BODY_40_59(53,B,C,D,E,T,A,X);
+        BODY_40_59(54,A,B,C,D,E,T,X);
+        BODY_40_59(55,T,A,B,C,D,E,X);
+        BODY_40_59(56,E,T,A,B,C,D,X);
+        BODY_40_59(57,D,E,T,A,B,C,X);
+        BODY_40_59(58,C,D,E,T,A,B,X);
+        BODY_40_59(59,B,C,D,E,T,A,X);
+        BODY_60_79(60,A,B,C,D,E,T,X);
+        BODY_60_79(61,T,A,B,C,D,E,X);
+        BODY_60_79(62,E,T,A,B,C,D,X);
+        BODY_60_79(63,D,E,T,A,B,C,X);
+        BODY_60_79(64,C,D,E,T,A,B,X);
+        BODY_60_79(65,B,C,D,E,T,A,X);
+        BODY_60_79(66,A,B,C,D,E,T,X);
+        BODY_60_79(67,T,A,B,C,D,E,X);
+        BODY_60_79(68,E,T,A,B,C,D,X);
+        BODY_60_79(69,D,E,T,A,B,C,X);
+        BODY_60_79(70,C,D,E,T,A,B,X);
+        BODY_60_79(71,B,C,D,E,T,A,X);
+        BODY_60_79(72,A,B,C,D,E,T,X);
+        BODY_60_79(73,T,A,B,C,D,E,X);
+        BODY_60_79(74,E,T,A,B,C,D,X);
+        BODY_60_79(75,D,E,T,A,B,C,X);
+        BODY_60_79(76,C,D,E,T,A,B,X);
+        BODY_60_79(77,B,C,D,E,T,A,X);
+        BODY_60_79(78,A,B,C,D,E,T,X);
+        BODY_60_79(79,T,A,B,C,D,E,X);
+        
+        c->h0=(c->h0+E)&0xffffffffL; 
+        c->h1=(c->h1+T)&0xffffffffL;
+        c->h2=(c->h2+A)&0xffffffffL;
+        c->h3=(c->h3+B)&0xffffffffL;
+        c->h4=(c->h4+C)&0xffffffffL;
+        num-=64;
+        if (num <= 0) break;
+        A=c->h0;
+        B=c->h1;
+        C=c->h2;
+        D=c->h3;
+        E=c->h4;
+        W+=16;
+                }
+        }
+void SHA_Final(md, c)
+unsigned char *md;
+SHA_CTX *c;
+        {
+        register int i,j;
+        register ULONG l;
+        register ULONG *p;
+        static unsigned char end[4]={0x80,0x00,0x00,0x00};
+        unsigned char *cp=end;
+        /* c->num should definitly have room for at least one more byte. */
+        p=c->data;
+        j=c->num;
+        i=j>>2;
+#ifdef PURIFY
+        if ((j&0x03) == 0) p[i]=0;
+#endif
+        l=p[i];
+        M_p_c2nl(cp,l,j&0x03);
+        p[i]=l;
+        i++;
+        /* i is the next 'undefined word' */
+        if (c->num >= SHA_LAST_BLOCK)
+                {
+                for (; i<SHA_LBLOCK; i++)
+                        p[i]=0;
+                sha_block(c,p,64);
+                i=0;
+                }
+        for (; i<(SHA_LBLOCK-2); i++)
+                p[i]=0;
+        p[SHA_LBLOCK-2]=c->Nh;
+        p[SHA_LBLOCK-1]=c->Nl;
+        sha_block(c,p,64);
+        cp=md;
+        l=c->h0; nl2c(l,cp);
+        l=c->h1; nl2c(l,cp);
+        l=c->h2; nl2c(l,cp);
+        l=c->h3; nl2c(l,cp);
+        l=c->h4; nl2c(l,cp);
+        /* clear stuff, sha_block may be leaving some stuff on the stack
+         * but I'm not worried :-) */
+        c->num=0;
+/*      memset((char *)&c,0,sizeof(c));*/
+        }
diff --git a/src/lib/libcrypto/sha/sha_one.c b/src/lib/libcrypto/sha/sha_one.c
new file mode 100644
index 0000000000..18ab7f61bc
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha_one.c
@@ -0,0 +1,77 @@
+/* crypto/sha/sha_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include "sha.h"
+unsigned char *SHA(d, n, md)
+unsigned char *d;
+unsigned long n;
+unsigned char *md;
+        {
+        SHA_CTX c;
+        static unsigned char m[SHA_DIGEST_LENGTH];
+        if (md == NULL) md=m;
+        SHA_Init(&c);
+        SHA_Update(&c,d,n);
+        SHA_Final(md,&c);
+        memset(&c,0,sizeof(c));
+        return(md);
+        }
diff --git a/src/lib/libcrypto/sha/shatest.c b/src/lib/libcrypto/sha/shatest.c
new file mode 100644
index 0000000000..03816e9b39
--- /dev/null
+++ b/src/lib/libcrypto/sha/shatest.c
@@ -0,0 +1,155 @@
+/* crypto/sha/shatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "sha.h"
+#define SHA_0 /* FIPS 180 */
+#undef  SHA_1 /* FIPS 180-1 */
+char *test[]={
+        "abc",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        NULL,
+        };
+#ifdef SHA_0
+char *ret[]={
+        "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+        "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+        };
+char *bigret=
+        "3232affa48628a26653b5aaa44541fd90d690603";
+#endif
+#ifdef SHA_1
+char *ret[]={
+        "a9993e364706816aba3e25717850c26c9cd0d89d",
+        "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+        };
+char *bigret=
+        "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+#endif
+#ifndef NOPROTO
+static char *pt(unsigned char *md);
+#else
+static char *pt();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        static unsigned char buf[1000];
+        char *p,*r;
+        SHA_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                p=pt(SHA(*P,(unsigned long)strlen((char *)*P),NULL));
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating SHA on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        memset(buf,'a',1000);
+        SHA_Init(&c);
+        for (i=0; i<1000; i++)
+                SHA_Update(&c,buf,1000);
+        SHA_Final(md,&c);
+        p=pt(md);
+        r=bigret;
+        if (strcmp(p,r) != 0)
+                {
+                printf("error calculating SHA on '%s'\n",p);
+                printf("got %s instead of %s\n",p,r);
+                err++;
+                }
+        else
+                printf("test 3 ok\n");
+        exit(err);
+        return(0);
+        }
+static char *pt(md)
+unsigned char *md;
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
diff --git a/src/lib/libcrypto/threads/mttest.c b/src/lib/libcrypto/threads/mttest.c
new file mode 100644
index 0000000000..be395f2bc4
--- /dev/null
+++ b/src/lib/libcrypto/threads/mttest.c
@@ -0,0 +1,1115 @@
+/* crypto/threads/mttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#ifdef LINUX
+#include <typedefs.h>
+#endif
+#ifdef WIN32
+#include <windows.h>
+#endif
+#ifdef SOLARIS
+#include <synch.h>
+#include <thread.h>
+#endif
+#ifdef IRIX
+#include <ulocks.h>
+#include <sys/prctl.h>
+#endif
+#include "lhash.h"
+#include "crypto.h"
+#include "buffer.h"
+#include "../e_os.h"
+#include "x509.h"
+#include "ssl.h"
+#include "err.h"
+#ifdef NO_FP_API
+#define APPS_WIN16
+#include "../crypto/buffer/bss_file.c"
+#endif
+#define TEST_SERVER_CERT "../apps/server.pem"
+#define TEST_CLIENT_CERT "../apps/client.pem"
+#define MAX_THREAD_NUMBER       100
+#ifndef NOPROTO
+int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
+        int error,char *arg);
+void thread_setup(void);
+void thread_cleanup(void);
+void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
+void irix_locking_callback(int mode,int type,char *file,int line);
+void solaris_locking_callback(int mode,int type,char *file,int line);
+void win32_locking_callback(int mode,int type,char *file,int line);
+void pthreads_locking_callback(int mode,int type,char *file,int line);
+unsigned long irix_thread_id(void );
+unsigned long solaris_thread_id(void );
+unsigned long pthreads_thread_id(void );
+#else
+int MS_CALLBACK verify_callback();
+void thread_setup();
+void thread_cleanup();
+void do_threads();
+void irix_locking_callback();
+void solaris_locking_callback();
+void win32_locking_callback();
+void pthreads_locking_callback();
+unsigned long irix_thread_id();
+unsigned long solaris_thread_id();
+unsigned long pthreads_thread_id();
+#endif
+BIO *bio_err=NULL;
+BIO *bio_stdout=NULL;
+static char *cipher=NULL;
+int verbose=0;
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+int thread_number=10;
+int number_of_loops=10;
+int reconnect=0;
+int cache_stats=0;
+#ifndef  NOPROTO
+int doit(char *ctx[4]);
+#else
+int doit();
+#endif
+static void print_stats(fp,ctx)
+FILE *fp;
+SSL_CTX *ctx;
+{
+        fprintf(fp,"%4ld items in the session cache\n",
+                SSL_CTX_sess_number(ctx));
+        fprintf(fp,"%4d client connects (SSL_connect())\n",
+                SSL_CTX_sess_connect(ctx));
+        fprintf(fp,"%4d client connects that finished\n",
+                SSL_CTX_sess_connect_good(ctx));
+        fprintf(fp,"%4d server connects (SSL_accept())\n",
+                SSL_CTX_sess_accept(ctx));
+        fprintf(fp,"%4d server connects that finished\n",
+                SSL_CTX_sess_accept_good(ctx));
+        fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx));
+        fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx));
+        fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
+        }
+static void sv_usage()
+        {
+        fprintf(stderr,"usage: ssltest [args ...]\n");
+        fprintf(stderr,"\n");
+        fprintf(stderr," -server_auth  - check server certificate\n");
+        fprintf(stderr," -client_auth  - do client authentication\n");
+        fprintf(stderr," -v            - more output\n");
+        fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
+        fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
+        fprintf(stderr," -threads arg  - number of threads\n");
+        fprintf(stderr," -loops arg    - number of 'connections', per thread\n");
+        fprintf(stderr," -reconnect    - reuse session-id's\n");
+        fprintf(stderr," -stats        - server session-id cache stats\n");
+        fprintf(stderr," -cert arg     - server certificate/key\n");
+        fprintf(stderr," -ccert arg    - client certificate/key\n");
+        fprintf(stderr," -ssl3         - just SSLv3n\n");
+        }
+int main(argc, argv)
+int argc;
+char *argv[];
+        {
+        char *CApath=NULL,*CAfile=NULL;
+        int badop=0;
+        int ret=1;
+        int client_auth=0;
+        int server_auth=0;
+        SSL_CTX *s_ctx=NULL;
+        SSL_CTX *c_ctx=NULL;
+        char *scert=TEST_SERVER_CERT;
+        char *ccert=TEST_CLIENT_CERT;
+        SSL_METHOD *ssl_method=SSLv23_method();
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        if (bio_stdout == NULL)
+                bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-server_auth") == 0)
+                        server_auth=1;
+                else if (strcmp(*argv,"-client_auth") == 0)
+                        client_auth=1;
+                else if (strcmp(*argv,"-reconnect") == 0)
+                        reconnect=1;
+                else if (strcmp(*argv,"-stats") == 0)
+                        cache_stats=1;
+                else if (strcmp(*argv,"-ssl3") == 0)
+                        ssl_method=SSLv3_method();
+                else if (strcmp(*argv,"-ssl2") == 0)
+                        ssl_method=SSLv2_method();
+                else if (strcmp(*argv,"-CApath") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CApath= *(++argv);
+                        }
+                else if (strcmp(*argv,"-CAfile") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CAfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        scert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-ccert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        ccert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-threads") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        thread_number= atoi(*(++argv));
+                        if (thread_number == 0) thread_number=1;
+                        if (thread_number > MAX_THREAD_NUMBER)
+                                thread_number=MAX_THREAD_NUMBER;
+                        }
+                else if (strcmp(*argv,"-loops") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        number_of_loops= atoi(*(++argv));
+                        if (number_of_loops == 0) number_of_loops=1;
+                        }
+                else
+                        {
+                        fprintf(stderr,"unknown option %s\n",*argv);
+                        badop=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badop)
+                {
+bad:
+                sv_usage();
+                goto end;
+                }
+        if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+        SSL_load_error_strings();
+        SSLeay_add_ssl_algorithms();
+        c_ctx=SSL_CTX_new(ssl_method);
+        s_ctx=SSL_CTX_new(ssl_method);
+        if ((c_ctx == NULL) || (s_ctx == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        SSL_CTX_set_session_cache_mode(s_ctx,
+                SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+        SSL_CTX_set_session_cache_mode(c_ctx,
+                SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+        SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM);
+        SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM);
+        if (client_auth)
+                {
+                SSL_CTX_use_certificate_file(c_ctx,ccert,
+                        SSL_FILETYPE_PEM);
+                SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert,
+                        SSL_FILETYPE_PEM);
+                }
+        if (    (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+                (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(c_ctx)))
+                {
+                fprintf(stderr,"SSL_load_verify_locations\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (client_auth)
+                {
+                fprintf(stderr,"client authentication\n");
+                SSL_CTX_set_verify(s_ctx,
+                        SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+                        verify_callback);
+                }
+        if (server_auth)
+                {
+                fprintf(stderr,"server authentication\n");
+                SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
+                        verify_callback);
+                }
+        thread_setup();
+        do_threads(s_ctx,c_ctx);
+        thread_cleanup();
+end:
+        
+        if (c_ctx != NULL) 
+                {
+                fprintf(stderr,"Client SSL_CTX stats then free it\n");
+                print_stats(stderr,c_ctx);
+                SSL_CTX_free(c_ctx);
+                }
+        if (s_ctx != NULL)
+                {
+                fprintf(stderr,"Server SSL_CTX stats then free it\n");
+                print_stats(stderr,s_ctx);
+                if (cache_stats)
+                        {
+                        fprintf(stderr,"-----\n");
+                        lh_stats(SSL_CTX_sessions(s_ctx),stderr);
+                        fprintf(stderr,"-----\n");
+                /*      lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+                        fprintf(stderr,"-----\n"); */
+                        lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
+                        fprintf(stderr,"-----\n");
+                        }
+                SSL_CTX_free(s_ctx);
+                fprintf(stderr,"done free\n");
+                }
+        exit(ret);
+        return(0);
+        }
+#define W_READ  1
+#define W_WRITE 2
+#define C_DONE  1
+#define S_DONE  2
+int ndoit(ssl_ctx)
+SSL_CTX *ssl_ctx[2];
+        {
+        int i;
+        int ret;
+        char *ctx[4];
+        ctx[0]=(char *)ssl_ctx[0];
+        ctx[1]=(char *)ssl_ctx[1];
+        if (reconnect)
+                {
+                ctx[2]=(char *)SSL_new(ssl_ctx[0]);
+                ctx[3]=(char *)SSL_new(ssl_ctx[1]);
+                }
+        else
+                {
+                ctx[2]=NULL;
+                ctx[3]=NULL;
+                }
+        fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
+        for (i=0; i<number_of_loops; i++)
+                {
+/*              fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
+                        CRYPTO_thread_id(),i,
+                        ssl_ctx[0]->references,
+                        ssl_ctx[1]->references); */
+        /*      pthread_delay_np(&tm);*/
+                ret=doit(ctx);
+                if (ret != 0)
+                        {
+                        fprintf(stdout,"error[%d] %lu - %d\n",
+                                i,CRYPTO_thread_id(),ret);
+                        return(ret);
+                        }
+                }
+        fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id());
+        if (reconnect)
+                {
+                SSL_free((SSL *)ctx[2]);
+                SSL_free((SSL *)ctx[3]);
+                }
+        return(0);
+        }
+int doit(ctx)
+char *ctx[4];
+        {
+        SSL_CTX *s_ctx,*c_ctx;
+        static char cbuf[200],sbuf[200];
+        SSL *c_ssl=NULL;
+        SSL *s_ssl=NULL;
+        BIO *c_to_s=NULL;
+        BIO *s_to_c=NULL;
+        BIO *c_bio=NULL;
+        BIO *s_bio=NULL;
+        int c_r,c_w,s_r,s_w;
+        int c_want,s_want;
+        int i;
+        int done=0;
+        int c_write,s_write;
+        int do_server=0,do_client=0;
+        s_ctx=(SSL_CTX *)ctx[0];
+        c_ctx=(SSL_CTX *)ctx[1];
+        if (ctx[2] != NULL)
+                s_ssl=(SSL *)ctx[2];
+        else
+                s_ssl=SSL_new(s_ctx);
+        if (ctx[3] != NULL)
+                c_ssl=(SSL *)ctx[3];
+        else
+                c_ssl=SSL_new(c_ctx);
+        if ((s_ssl == NULL) || (c_ssl == NULL)) goto err;
+        c_to_s=BIO_new(BIO_s_mem());
+        s_to_c=BIO_new(BIO_s_mem());
+        if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
+        c_bio=BIO_new(BIO_f_ssl());
+        s_bio=BIO_new(BIO_f_ssl());
+        if ((c_bio == NULL) || (s_bio == NULL)) goto err;
+        SSL_set_connect_state(c_ssl);
+        SSL_set_bio(c_ssl,s_to_c,c_to_s);
+        BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+        SSL_set_accept_state(s_ssl);
+        SSL_set_bio(s_ssl,c_to_s,s_to_c);
+        BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+        c_r=0; s_r=1;
+        c_w=1; s_w=0;
+        c_want=W_WRITE;
+        s_want=0;
+        c_write=1,s_write=0;
+        /* We can always do writes */
+        for (;;)
+                {
+                do_server=0;
+                do_client=0;
+                i=(int)BIO_pending(s_bio);
+                if ((i && s_r) || s_w) do_server=1;
+                i=(int)BIO_pending(c_bio);
+                if ((i && c_r) || c_w) do_client=1;
+                if (do_server && verbose)
+                        {
+                        if (SSL_in_init(s_ssl))
+                                printf("server waiting in SSL_accept - %s\n",
+                                        SSL_state_string_long(s_ssl));
+                        else if (s_write)
+                                printf("server:SSL_write()\n");
+                        else 
+                                printf("server:SSL_read()\n");
+                        }
+                if (do_client && verbose)
+                        {
+                        if (SSL_in_init(c_ssl))
+                                printf("client waiting in SSL_connect - %s\n",
+                                        SSL_state_string_long(c_ssl));
+                        else if (c_write)
+                                printf("client:SSL_write()\n");
+                        else
+                                printf("client:SSL_read()\n");
+                        }
+                if (!do_client && !do_server)
+                        {
+                        fprintf(stdout,"ERROR IN STARTUP\n");
+                        break;
+                        }
+                if (do_client && !(done & C_DONE))
+                        {
+                        if (c_write)
+                                {
+                                i=BIO_write(c_bio,"hello from client\n",18);
+                                if (i < 0)
+                                        {
+                                        c_r=0;
+                                        c_w=0;
+                                        if (BIO_should_retry(c_bio))
+                                                {
+                                                if (BIO_should_read(c_bio))
+                                                        c_r=1;
+                                                if (BIO_should_write(c_bio))
+                                                        c_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in CLIENT\n");
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        /* ok */
+                                        c_write=0;
+                                        }
+                                }
+                        else
+                                {
+                                i=BIO_read(c_bio,cbuf,100);
+                                if (i < 0)
+                                        {
+                                        c_r=0;
+                                        c_w=0;
+                                        if (BIO_should_retry(c_bio))
+                                                {
+                                                if (BIO_should_read(c_bio))
+                                                        c_r=1;
+                                                if (BIO_should_write(c_bio))
+                                                        c_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in CLIENT\n");
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        done|=C_DONE;
+#ifdef undef
+                                        fprintf(stdout,"CLIENT:from server:");
+                                        fwrite(cbuf,1,i,stdout);
+                                        fflush(stdout);
+#endif
+                                        }
+                                }
+                        }
+                if (do_server && !(done & S_DONE))
+                        {
+                        if (!s_write)
+                                {
+                                i=BIO_read(s_bio,sbuf,100);
+                                if (i < 0)
+                                        {
+                                        s_r=0;
+                                        s_w=0;
+                                        if (BIO_should_retry(s_bio))
+                                                {
+                                                if (BIO_should_read(s_bio))
+                                                        s_r=1;
+                                                if (BIO_should_write(s_bio))
+                                                        s_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in SERVER\n");
+                                                ERR_print_errors_fp(stderr);
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        s_write=1;
+                                        s_w=1;
+#ifdef undef
+                                        fprintf(stdout,"SERVER:from client:");
+                                        fwrite(sbuf,1,i,stdout);
+                                        fflush(stdout);
+#endif
+                                        }
+                                }
+                        else
+                                {
+                                i=BIO_write(s_bio,"hello from server\n",18);
+                                if (i < 0)
+                                        {
+                                        s_r=0;
+                                        s_w=0;
+                                        if (BIO_should_retry(s_bio))
+                                                {
+                                                if (BIO_should_read(s_bio))
+                                                        s_r=1;
+                                                if (BIO_should_write(s_bio))
+                                                        s_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in SERVER\n");
+                                                ERR_print_errors_fp(stderr);
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        s_write=0;
+                                        s_r=1;
+                                        done|=S_DONE;
+                                        }
+                                }
+                        }
+                if ((done & S_DONE) && (done & C_DONE)) break;
+                }
+        SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+        SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#ifdef undef
+        fprintf(stdout,"DONE\n");
+#endif
+err:
+        /* We have to set the BIO's to NULL otherwise they will be
+         * free()ed twice.  Once when th s_ssl is SSL_free()ed and
+         * again when c_ssl is SSL_free()ed.
+         * This is a hack required because s_ssl and c_ssl are sharing the same
+         * BIO structure and SSL_set_bio() and SSL_free() automatically
+         * BIO_free non NULL entries.
+         * You should not normally do this or be required to do this */
+        if (s_ssl != NULL)
+                {
+                s_ssl->rbio=NULL;
+                s_ssl->wbio=NULL;
+                }
+        if (c_ssl != NULL)
+                {
+                c_ssl->rbio=NULL;
+                c_ssl->wbio=NULL;
+                }
+        /* The SSL's are optionally freed in the following calls */
+        if (c_to_s != NULL) BIO_free(c_to_s);
+        if (s_to_c != NULL) BIO_free(s_to_c);
+        if (c_bio != NULL) BIO_free(c_bio);
+        if (s_bio != NULL) BIO_free(s_bio);
+        return(0);
+        }
+int MS_CALLBACK verify_callback(ok, xs, xi, depth, error, arg)
+int ok;
+X509 *xs;
+X509 *xi;
+int depth;
+int error;
+char *arg;
+        {
+        char buf[256];
+        if (verbose)
+                {
+                X509_NAME_oneline(X509_get_subject_name(xs),buf,256);
+                if (ok)
+                        fprintf(stderr,"depth=%d %s\n",depth,buf);
+                else
+                        fprintf(stderr,"depth=%d error=%d %s\n",depth,error,buf);
+                }
+        return(ok);
+        }
+#define THREAD_STACK_SIZE (16*1024)
+#ifdef WIN32
+static HANDLE lock_cs[CRYPTO_NUM_LOCKS];
+void thread_setup()
+        {
+        int i;
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
+                }
+        CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
+        /* id callback defined */
+        }
+void thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                CloseHandle(lock_cs[i]);
+        }
+void win32_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                WaitForSingleObject(lock_cs[type],INFINITE);
+                }
+        else
+                {
+                ReleaseMutex(lock_cs[type]);
+                }
+        }
+void do_threads(s_ctx,c_ctx)
+SSL_CTX *s_ctx,*c_ctx;
+        {
+        double ret;
+        SSL_CTX *ssl_ctx[2];
+        DWORD thread_id[MAX_THREAD_NUMBER];
+        HANDLE thread_handle[MAX_THREAD_NUMBER];
+        int i;
+        SYSTEMTIME start,end;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        GetSystemTime(&start);
+        for (i=0; i<thread_number; i++)
+                {
+                thread_handle[i]=CreateThread(NULL,
+                        THREAD_STACK_SIZE,
+                        (LPTHREAD_START_ROUTINE)ndoit,
+                        (void *)ssl_ctx,
+                        0L,
+                        &(thread_id[i]));
+                }
+        printf("reaping\n");
+        for (i=0; i<thread_number; i+=50)
+                {
+                int j;
+                j=(thread_number < (i+50))?(thread_number-i):50;
+                if (WaitForMultipleObjects(j,
+                        (CONST HANDLE *)&(thread_handle[i]),TRUE,INFINITE)
+                        == WAIT_FAILED)
+                        {
+                        fprintf(stderr,"WaitForMultipleObjects failed:%d\n",GetLastError());
+                        exit(1);
+                        }
+                }
+        GetSystemTime(&end);
+        if (start.wDayOfWeek > end.wDayOfWeek) end.wDayOfWeek+=7;
+        ret=(end.wDayOfWeek-start.wDayOfWeek)*24;
+        ret=(ret+end.wHour-start.wHour)*60;
+        ret=(ret+end.wMinute-start.wMinute)*60;
+        ret=(ret+end.wSecond-start.wSecond);
+        ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0;
+        printf("win32 threads done - %.3f seconds\n",ret);
+        }
+#endif /* WIN32 */
+#ifdef SOLARIS
+static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+/*static rwlock_t lock_cs[CRYPTO_NUM_LOCKS]; */
+static long lock_count[CRYPTO_NUM_LOCKS];
+void thread_setup()
+        {
+        int i;
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_count[i]=0;
+                /* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */
+                mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+        CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+        }
+void thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+fprintf(stderr,"cleanup\n");
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                /* rwlock_destroy(&(lock_cs[i])); */
+                mutex_destroy(&(lock_cs[i]));
+                fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
+                }
+fprintf(stderr,"done cleanup\n");
+        }
+void solaris_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+        {
+#ifdef undef
+fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+        CRYPTO_thread_id(),
+        (mode&CRYPTO_LOCK)?"l":"u",
+        (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+/*
+if (CRYPTO_LOCK_SSL_CERT == type)
+        fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                CRYPTO_thread_id(),
+                mode,file,line);
+*/
+        if (mode & CRYPTO_LOCK)
+                {
+        /*      if (mode & CRYPTO_READ)
+                        rw_rdlock(&(lock_cs[type]));
+                else
+                        rw_wrlock(&(lock_cs[type])); */
+                mutex_lock(&(lock_cs[type]));
+                lock_count[type]++;
+                }
+        else
+                {
+/*              rw_unlock(&(lock_cs[type]));  */
+                mutex_unlock(&(lock_cs[type]));
+                }
+        }
+void do_threads(s_ctx,c_ctx)
+SSL_CTX *s_ctx,*c_ctx;
+        {
+        SSL_CTX *ssl_ctx[2];
+        thread_t thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        thr_setconcurrency(thread_number);
+        for (i=0; i<thread_number; i++)
+                {
+                thr_create(NULL, THREAD_STACK_SIZE,
+                        (void *(*)())ndoit,
+                        (void *)ssl_ctx,
+                        0L,
+                        &(thread_ctx[i]));
+                }
+        printf("reaping\n");
+        for (i=0; i<thread_number; i++)
+                {
+                thr_join(thread_ctx[i],NULL,NULL);
+                }
+        printf("solaris threads done (%d,%d)\n",
+                s_ctx->references,c_ctx->references);
+        }
+unsigned long solaris_thread_id()
+        {
+        unsigned long ret;
+        ret=(unsigned long)thr_self();
+        return(ret);
+        }
+#endif /* SOLARIS */
+#ifdef IRIX
+static usptr_t *arena;
+static usema_t *lock_cs[CRYPTO_NUM_LOCKS];
+void thread_setup()
+        {
+        int i;
+        char filename[20];
+        strcpy(filename,"/tmp/mttest.XXXXXX");
+        mktemp(filename);
+        usconfig(CONF_STHREADIOOFF);
+        usconfig(CONF_STHREADMALLOCOFF);
+        usconfig(CONF_INITUSERS,100);
+        usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
+        arena=usinit(filename);
+        unlink(filename);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_cs[i]=usnewsema(arena,1);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
+        CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+        }
+void thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                char buf[10];
+                sprintf(buf,"%2d:",i);
+                usdumpsema(lock_cs[i],stdout,buf);
+                usfreesema(lock_cs[i],arena);
+                }
+        }
+void irix_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                printf("lock %d\n",type);
+                uspsema(lock_cs[type]);
+                }
+        else
+                {
+                printf("unlock %d\n",type);
+                usvsema(lock_cs[type]);
+                }
+        }
+void do_threads(s_ctx,c_ctx)
+SSL_CTX *s_ctx,*c_ctx;
+        {
+        SSL_CTX *ssl_ctx[2];
+        int thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        for (i=0; i<thread_number; i++)
+                {
+                thread_ctx[i]=sproc((void (*)())ndoit,
+                        PR_SADDR|PR_SFDS,(void *)ssl_ctx);
+                }
+        printf("reaping\n");
+        for (i=0; i<thread_number; i++)
+                {
+                wait(NULL);
+                }
+        printf("irix threads done (%d,%d)\n",
+                s_ctx->references,c_ctx->references);
+        }
+unsigned long irix_thread_id()
+        {
+        unsigned long ret;
+        ret=(unsigned long)getpid();
+        return(ret);
+        }
+#endif /* IRIX */
+#ifdef PTHREADS
+static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+static long lock_count[CRYPTO_NUM_LOCKS];
+void thread_setup()
+        {
+        int i;
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_count[i]=0;
+                pthread_mutex_init(&(lock_cs[i]),NULL);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+        CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+        }
+void thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        fprintf(stderr,"cleanup\n");
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                pthread_mutex_destroy(&(lock_cs[i]));
+                fprintf(stderr,"%8ld:%s\n",lock_count[i],
+                        CRYPTO_get_lock_name(i));
+                }
+        fprintf(stderr,"done cleanup\n");
+        }
+void pthreads_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+      {
+#ifdef undef
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+/*
+        if (CRYPTO_LOCK_SSL_CERT == type)
+                fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                CRYPTO_thread_id(),
+                mode,file,line);
+*/
+        if (mode & CRYPTO_LOCK)
+                {
+                pthread_mutex_lock(&(lock_cs[type]));
+                lock_count[type]++;
+                }
+        else
+                {
+                pthread_mutex_unlock(&(lock_cs[type]));
+                }
+        }
+void do_threads(s_ctx,c_ctx)
+SSL_CTX *s_ctx,*c_ctx;
+        {
+        SSL_CTX *ssl_ctx[2];
+        pthread_t thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        /*
+        thr_setconcurrency(thread_number);
+        */
+        for (i=0; i<thread_number; i++)
+                {
+                pthread_create(&(thread_ctx[i]), NULL,
+                        (void *(*)())ndoit, (void *)ssl_ctx);
+                }
+        printf("reaping\n");
+        for (i=0; i<thread_number; i++)
+                {
+                pthread_join(thread_ctx[i],NULL);
+                }
+        printf("pthreads threads done (%d,%d)\n",
+        s_ctx->references,c_ctx->references);
+        }
+unsigned long pthreads_thread_id()
+        {
+        unsigned long ret;
+        ret=(unsigned long)pthread_self();
+        return(ret);
+        }
+#endif /* PTHREADS */
diff --git a/src/lib/libcrypto/threads/th-lock.c b/src/lib/libcrypto/threads/th-lock.c
new file mode 100644
index 0000000000..039022446d
--- /dev/null
+++ b/src/lib/libcrypto/threads/th-lock.c
@@ -0,0 +1,399 @@
+/* crypto/threads/th-lock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#ifdef LINUX
+#include <typedefs.h>
+#endif
+#ifdef WIN32
+#include <windows.h>
+#endif
+#ifdef SOLARIS
+#include <synch.h>
+#include <thread.h>
+#endif
+#ifdef IRIX
+#include <ulocks.h>
+#include <sys/prctl.h>
+#endif
+#include "lhash.h"
+#include "crypto.h"
+#include "buffer.h"
+#include "e_os.h"
+#include "x509.h"
+#include "ssl.h"
+#include "err.h"
+#ifndef NOPROTO
+int CRYPTO_thread_setup(void);
+void CRYPTO_thread_cleanup(void);
+static void irix_locking_callback(int mode,int type,char *file,int line);
+static void solaris_locking_callback(int mode,int type,char *file,int line);
+static void win32_locking_callback(int mode,int type,char *file,int line);
+static void pthreads_locking_callback(int mode,int type,char *file,int line);
+static unsigned long irix_thread_id(void );
+static unsigned long solaris_thread_id(void );
+static unsigned long pthreads_thread_id(void );
+#else
+int CRYPOTO_thread_setup();
+void CRYPTO_cleanup();
+static void irix_locking_callback();
+static void solaris_locking_callback();
+static void win32_locking_callback();
+static void pthreads_locking_callback();
+static unsigned long irix_thread_id();
+static unsigned long solaris_thread_id();
+static unsigned long pthreads_thread_id();
+#endif
+/* usage:
+ * CRYPTO_thread_setup();
+ * applicaion code
+ * CRYPTO_thread_cleanup();
+ */
+#define THREAD_STACK_SIZE (16*1024)
+#ifdef WIN32
+static HANDLE lock_cs[CRYPTO_NUM_LOCKS];
+int CRYPTO_thread_setup()
+        {
+        int i;
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
+                }
+        CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
+        /* id callback defined */
+        return(1);
+        }
+static void CRYPTO_thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                CloseHandle(lock_cs[i]);
+        }
+void win32_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                WaitForSingleObject(lock_cs[type],INFINITE);
+                }
+        else
+                {
+                ReleaseMutex(lock_cs[type]);
+                }
+        }
+#endif /* WIN32 */
+#ifdef SOLARIS
+#define USE_MUTEX
+static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+#ifdef USE_MUTEX
+static long lock_count[CRYPTO_NUM_LOCKS];
+#else
+static rwlock_t lock_cs[CRYPTO_NUM_LOCKS];
+#endif
+void CRYPTO_thread_setup()
+        {
+        int i;
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_count[i]=0;
+#ifdef USE_MUTEX
+                mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+#else
+                rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+#endif
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+        CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+        }
+void CRYPTO_thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+#ifdef USE_MUTEX
+                mutex_destroy(&(lock_cs[i]));
+#else
+                rwlock_destroy(&(lock_cs[i]));
+#endif
+                }
+        }
+void solaris_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+        {
+#if 0
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+#if 0
+        if (CRYPTO_LOCK_SSL_CERT == type)
+                fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                        CRYPTO_thread_id(),
+                        mode,file,line);
+#endif
+        if (mode & CRYPTO_LOCK)
+                {
+#ifdef USE_MUTEX
+                mutex_lock(&(lock_cs[type]));
+#else
+                if (mode & CRYPTO_READ)
+                        rw_rdlock(&(lock_cs[type]));
+                else
+                        rw_wrlock(&(lock_cs[type]));
+#endif
+                lock_count[type]++;
+                }
+        else
+                {
+#ifdef USE_MUTEX
+                mutex_unlock(&(lock_cs[type]));
+#else
+                rw_unlock(&(lock_cs[type]));
+#endif
+                }
+        }
+unsigned long solaris_thread_id()
+        {
+        unsigned long ret;
+        ret=(unsigned long)thr_self();
+        return(ret);
+        }
+#endif /* SOLARIS */
+#ifdef IRIX
+/* I don't think this works..... */
+static usptr_t *arena;
+static usema_t *lock_cs[CRYPTO_NUM_LOCKS];
+void CRYPTO_thread_setup()
+        {
+        int i;
+        char filename[20];
+        strcpy(filename,"/tmp/mttest.XXXXXX");
+        mktemp(filename);
+        usconfig(CONF_STHREADIOOFF);
+        usconfig(CONF_STHREADMALLOCOFF);
+        usconfig(CONF_INITUSERS,100);
+        usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
+        arena=usinit(filename);
+        unlink(filename);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_cs[i]=usnewsema(arena,1);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
+        CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+        }
+void CRYPTO_thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                char buf[10];
+                sprintf(buf,"%2d:",i);
+                usdumpsema(lock_cs[i],stdout,buf);
+                usfreesema(lock_cs[i],arena);
+                }
+        }
+void irix_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                uspsema(lock_cs[type]);
+                }
+        else
+                {
+                usvsema(lock_cs[type]);
+                }
+        }
+unsigned long irix_thread_id()
+        {
+        unsigned long ret;
+        ret=(unsigned long)getpid();
+        return(ret);
+        }
+#endif /* IRIX */
+/* Linux and a few others */
+#ifdef PTHREADS
+static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+static long lock_count[CRYPTO_NUM_LOCKS];
+void CRYPTO_thread_setup()
+        {
+        int i;
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_count[i]=0;
+                pthread_mutex_init(&(lock_cs[i]),NULL);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+        CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+        }
+void thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                pthread_mutex_destroy(&(lock_cs[i]));
+                }
+        }
+void pthreads_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+      {
+#if 0
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+#if 0
+        if (CRYPTO_LOCK_SSL_CERT == type)
+                fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                CRYPTO_thread_id(),
+                mode,file,line);
+#endif
+        if (mode & CRYPTO_LOCK)
+                {
+                pthread_mutex_lock(&(lock_cs[type]));
+                lock_count[type]++;
+                }
+        else
+                {
+                pthread_mutex_unlock(&(lock_cs[type]));
+                }
+        }
+unsigned long pthreads_thread_id()
+        {
+        unsigned long ret;
+        ret=(unsigned long)pthread_self();
+        return(ret);
+        }
+#endif /* PTHREADS */
diff --git a/src/lib/libcrypto/tmdiff.c b/src/lib/libcrypto/tmdiff.c
new file mode 100644
index 0000000000..b93799fc03
--- /dev/null
+++ b/src/lib/libcrypto/tmdiff.c
@@ -0,0 +1,217 @@
+/* crypto/tmdiff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#ifndef MSDOS
+#  ifndef WIN32
+#  define TIMES
+#  endif
+#endif
+#ifndef VMS
+#  ifndef _IRIX
+#   include <time.h>
+#  endif
+#  ifdef TIMES
+#    include <sys/types.h>
+#    include <sys/times.h>
+#  endif
+#else /* VMS */
+#  include <types.h>
+        struct tms {
+                time_t tms_utime;
+                time_t tms_stime;
+                time_t tms_uchild;      /* I dunno...  */
+                time_t tms_uchildsys;   /* so these names are a guess :-) */
+                }
+#endif /* VMS */
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef WIN32
+#include <windows.h>
+#endif
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+typedef struct ms_tm
+        {
+#ifdef TIMES
+        struct tms ms_tms;
+#else
+#  ifdef WIN32
+        HANDLE thread_id;
+        FILETIME ms_win32;
+#  else
+        struct timeb ms_timeb;
+#  endif
+#endif
+        } MS_TM;
+char *ms_time_init()
+        {
+        MS_TM *ret;
+        ret=malloc(sizeof(MS_TM));
+        if (ret == NULL)
+                return(NULL);
+        memset(ret,0,sizeof(MS_TM));
+#ifdef WIN32
+        ret->thread_id=GetCurrentThread();
+#endif
+        return((char *)ret);
+        }
+void ms_time_final(a)
+char *a;
+        {
+        if (a != NULL)
+                free(a);
+        }
+void ms_time_get(a)
+char *a;
+        {
+        MS_TM *tm=(MS_TM *)a;
+    FILETIME tmpa,tmpb,tmpc;
+#ifdef TIMES
+    printf("AAA\n");
+        times(&tm->ms_tms);
+#else
+#  ifdef WIN32
+        GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32));
+#  else
+    printf("CCC\n");
+        ftime(tm->ms_timeb);
+#  endif
+#endif
+        }
+double ms_time_diff(ap,bp)
+char *ap,*bp;
+        {
+        MS_TM *a=(MS_TM *)ap;
+        MS_TM *b=(MS_TM *)bp;
+        double ret;
+#ifdef TIMES
+        ret=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ;
+#else
+# ifdef WIN32
+        ret =(double)(b->ms_win32.dwHighDateTime&0x000fffff)*10+
+                b->ms_win32.dwLowDateTime/1e7;
+        ret-=(double)(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;
+# else
+        ret=     (double)(b->time-a->time)+
+                ((double)((unsigned long)b->mullitm-(unsigned long)))/1000.0;
+#  endif
+#endif
+        return((ret < 0.0000001)?0.0000001:ret);
+        }
+int ms_time_cmp(ap,bp)
+char *ap,*bp;
+        {
+        MS_TM *a=(MS_TM *)ap,*b=(MS_TM *)bp;
+        double d;
+        int ret;
+#ifdef TIMES
+        d=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ;
+#else
+# ifdef WIN32
+        d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7;
+        d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;
+# else
+        d=       (double)(b->time-a->time)+
+                ((double)((unsigned long)b->mullitm-(unsigned long)))/1000.0;
+#  endif
+#endif
+        if (d == 0.0)
+                ret=0;
+        else if (d < 0)
+                ret= -1;
+        else
+                ret=1;
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/util/FreeBSD.sh b/src/lib/libcrypto/util/FreeBSD.sh
new file mode 100644
index 0000000000..db8edfc6aa
--- /dev/null
+++ b/src/lib/libcrypto/util/FreeBSD.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+perl util/perlpath.pl /usr/bin
+perl util/ssldir.pl /usr/local  
+perl util/mk1mf.pl FreeBSD >Makefile.FreeBSD
+perl Configure FreeBSD
diff --git a/src/lib/libcrypto/util/add_cr.pl b/src/lib/libcrypto/util/add_cr.pl
new file mode 100644
index 0000000000..ddd6d61e2d
--- /dev/null
+++ b/src/lib/libcrypto/util/add_cr.pl
@@ -0,0 +1,123 @@
+#!/usr/bin/perl
+#
+# This adds a copyright message to a souce code file.
+# It also gets the file name correct.
+#
+# perl util/add_cr.pl *.[ch] */*.[ch] */*/*.[ch]
+#
+foreach (@ARGV)
+        {
+        &dofile($_);
+        }
+sub dofile
+        {
+        local($file)=@_;
+        open(IN,"<$file") || die "unable to open $file:$!\n";
+        print STDERR "doing $file\n";
+        @in=<IN>;
+        return(1) if ($in[0] =~ / NOCW /);
+        @out=();
+        open(OUT,">$file.out") || die "unable to open $file.$$:$!\n";
+        push(@out,"/* $file */\n");
+        if (($in[1] !~ /^\/\* Copyright \(C\) [0-9-]+ Eric Young \(eay\@cryptsoft.com\)/))
+                {
+                push(@out,&Copyright);
+                $i=2;
+                @a=grep(/ Copyright \(C\) /,@in);
+                if ($#a >= 0)
+                        {
+                        while (($i <= $#in) && ($in[$i] ne " */\n"))
+                                { $i++; }
+                        $i++ if ($in[$i] eq " */\n");
+                        while (($i <= $#in) && ($in[$i] =~ /^\s*$/))
+                                { $i++; }
+                        push(@out,"\n");
+                        for ( ; $i <= $#in; $i++)
+                                { push(@out,$in[$i]); }
+                        }
+                else
+                        { push(@out,@in); }
+                }
+        else
+                {
+                shift(@in);
+                push(@out,@in);
+                }
+        print OUT @out;
+        close(IN);
+        close(OUT);
+        rename("$file","$file.orig") || die "unable to rename $file:$!\n";
+        rename("$file.out",$file) || die "unable to rename $file.out:$!\n";
+        }
+sub Copyright
+        {
+        return <<'EOF';
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+EOF
+        }
diff --git a/src/lib/libcrypto/util/bat.sh b/src/lib/libcrypto/util/bat.sh
new file mode 100644
index 0000000000..c6f48e8a7b
--- /dev/null
+++ b/src/lib/libcrypto/util/bat.sh
@@ -0,0 +1,132 @@
+#!/usr/local/bin/perl
+$infile="/home/eay/ssl/SSLeay/MINFO";
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+        {
+        chop;
+        ($key,$val)=/^([^=]+)=(.*)/;
+        if ($key eq "RELATIVE_DIRECTORY")
+                {
+                if ($lib ne "")
+                        {
+                        $uc=$lib;
+                        $uc =~ s/^lib(.*)\.a/$1/;
+                        $uc =~ tr/a-z/A-Z/;
+                        $lib_nam{$uc}=$uc;
+                        $lib_obj{$uc}.=$libobj." ";
+                        }
+                last if ($val eq "FINISHED");
+                $lib="";
+                $libobj="";
+                $dir=$val;
+                }
+        if ($key eq "TEST")
+                { $test.=&var_add($dir,$val); }
+        if (($key eq "PROGS") || ($key eq "E_OBJ"))
+                { $e_exe.=&var_add($dir,$val); }
+        if ($key eq "LIB")
+                {
+                $lib=$val;
+                $lib =~ s/^.*\/([^\/]+)$/$1/;
+                }
+        if ($key eq "EXHEADER")
+                { $exheader.=&var_add($dir,$val); }
+        if ($key eq "HEADER")
+                { $header.=&var_add($dir,$val); }
+        if ($key eq "LIBSRC")
+                { $libsrc.=&var_add($dir,$val); }
+        if (!($_=<IN>))
+                { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+        }
+close(IN);
+@a=split(/\s+/,$libsrc);
+foreach (@a)
+        {
+        print "${_}.c\n";
+        }
+sub var_add
+        {
+        local($dir,$val)=@_;
+        local(@a,$_,$ret);
+        return("") if $no_idea && $dir =~ /\/idea/;
+        return("") if $no_rc2  && $dir =~ /\/rc2/;
+        return("") if $no_rc4  && $dir =~ /\/rc4/;
+        return("") if $no_rsa  && $dir =~ /\/rsa/;
+        return("") if $no_rsa  && $dir =~ /^rsaref/;
+        return("") if $no_dsa  && $dir =~ /\/dsa/;
+        return("") if $no_dh   && $dir =~ /\/dh/;
+        if ($no_des && $dir =~ /\/des/)
+                {
+                if ($val =~ /read_pwd/)
+                        { return("$dir/read_pwd "); }
+                else
+                        { return(""); }
+                }
+        return("") if $no_mdc2 && $dir =~ /\/mdc2/;
+        return("") if $no_sock && $dir =~ /\/proxy/;
+        return("") if $no_bf   && $dir =~ /\/bf/;
+        return("") if $no_cast && $dir =~ /\/cast/;
+        $val =~ s/^\s*(.*)\s*$/$1/;
+        @a=split(/\s+/,$val);
+        grep(s/\.[och]$//,@a);
+        @a=grep(!/^e_.*_3d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_i$/,@a) if $no_idea;
+        @a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
+        @a=grep(!/^e_.*_bf$/,@a) if $no_bf;
+        @a=grep(!/^e_.*_c$/,@a) if $no_cast;
+        @a=grep(!/^e_rc4$/,@a) if $no_rc4;
+        @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+        @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+        @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
+        @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+        @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+        @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+        @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(^pem_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa;
+        @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa;
+        @a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4;
+        @a=grep(!/_dhp$/,@a) if $no_dh;
+        @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha;
+        @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        @a=grep(!/_mdc2$/,@a) if $no_mdc2;
+        @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+        @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+        @a=grep(!/^gendsa$/,@a) if $no_sha1;
+        @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
+        @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        grep($_="$dir/$_",@a);
+        @a=grep(!/(^|\/)s_/,@a) if $no_sock;
+        @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
+        $ret=join(' ',@a)." ";
+        return($ret);
+        }
diff --git a/src/lib/libcrypto/util/ck_errf.pl b/src/lib/libcrypto/util/ck_errf.pl
new file mode 100644
index 0000000000..c5764e40df
--- /dev/null
+++ b/src/lib/libcrypto/util/ck_errf.pl
@@ -0,0 +1,44 @@
+#!/usr/bin/perl
+#
+# This is just a quick script to scan for cases where the 'error'
+# function name in a XXXerr() macro is wrong.
+# 
+# Run in the top level by going
+# perl util/ck_errf.pl */*.c */*/*.c
+#
+foreach $file (@ARGV)
+        {
+        open(IN,"<$file") || die "unable to open $file\n";
+        $func="";
+        while (<IN>)
+                {
+                if (/^[a-zA-Z].+[\s*]([A-Za-z_0-9]+)\(.*\)/)
+                        {
+                        $func=$1;
+                        $func =~ tr/A-Z/a-z/;
+                        }
+                if (/([A-Z0-9]+)err\(([^,]+)/)
+                        {
+                        next if ($func eq "");
+                        $errlib=$1;
+                        $n=$2;
+                        if ($n !~ /([^_]+)_F_(.+)$/)
+                                {
+                #               print "check -$file:$.:$func:$n\n";
+                                next;
+                                }
+                        $lib=$1;
+                        $n=$2;
+                        if ($lib ne $errlib)
+                                { print "$file:$.:$func:$n\n"; next; }
+                        $n =~ tr/A-Z/a-z/;
+                        if (($n ne $func) && ($errlib ne "SYS"))
+                                { print "$file:$.:$func:$n\n"; next; }
+        #               print "$func:$1\n";
+                        }
+                }
+        }
diff --git a/src/lib/libcrypto/util/deleof.pl b/src/lib/libcrypto/util/deleof.pl
new file mode 100644
index 0000000000..04f30f0e47
--- /dev/null
+++ b/src/lib/libcrypto/util/deleof.pl
@@ -0,0 +1,7 @@
+#!/usr/bin/perl
+while (<>)
+        {
+        print
+        last if (/^# DO NOT DELETE THIS LINE/);
+        }
diff --git a/src/lib/libcrypto/util/do_ms.sh b/src/lib/libcrypto/util/do_ms.sh
new file mode 100644
index 0000000000..f498d842b7
--- /dev/null
+++ b/src/lib/libcrypto/util/do_ms.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# generate the Microsoft makefiles and .def files
+#
+PATH=util:../util:$PATH
+# perl util/mk1mf.pl VC-MSDOS no-sock >ms/msdos.mak
+# perl util/mk1mf.pl VC-W31-32 >ms/w31.mak
+perl util/mk1mf.pl VC-WIN16 dll >ms/w31dll.mak
+# perl util/mk1mf.pl VC-WIN32 >ms/nt.mak
+perl util/mk1mf.pl VC-WIN32 dll >ms/ntdll.mak
+perl util/mkdef.pl 16 libeay > ms/libeay16.def
+perl util/mkdef.pl 32 libeay > ms/libeay32.def
+perl util/mkdef.pl 16 ssleay > ms/ssleay16.def
+perl util/mkdef.pl 32 ssleay > ms/ssleay32.def
diff --git a/src/lib/libcrypto/util/err-ins.pl b/src/lib/libcrypto/util/err-ins.pl
new file mode 100644
index 0000000000..db1bb48275
--- /dev/null
+++ b/src/lib/libcrypto/util/err-ins.pl
@@ -0,0 +1,33 @@
+#!/usr/bin/perl
+#
+# tack error codes onto the end of a file
+#
+open(ERR,$ARGV[0]) || die "unable to open error file '$ARGV[0]':$!\n";
+@err=<ERR>;
+close(ERR);
+open(IN,$ARGV[1]) || die "unable to open header file '$ARGV[1]':$!\n";
+@out="";
+while (<IN>)
+        {
+        push(@out,$_);
+        last if /BEGIN ERROR CODES/;
+        }
+close(IN);
+open(OUT,">$ARGV[1]") || die "unable to open header file '$ARGV[1]':$1\n";
+print OUT @out;
+print OUT @err;
+print OUT <<"EOF";
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+EOF
+close(OUT);
diff --git a/src/lib/libcrypto/util/files.pl b/src/lib/libcrypto/util/files.pl
new file mode 100644
index 0000000000..bf3b7effdc
--- /dev/null
+++ b/src/lib/libcrypto/util/files.pl
@@ -0,0 +1,61 @@
+#!/usr/bin/perl
+#
+# used to generate the file MINFO for use by util/mk1mf.pl
+# It is basically a list of all variables from the passed makefile
+#
+$s="";
+while (<>)
+        {
+        chop;
+        s/#.*//;
+        if (/^(\S+)\s*=\s*(.*)$/)
+                {
+                $o="";
+                ($s,$b)=($1,$2);
+                for (;;)
+                        {
+                        if ($b =~ /\\$/)
+                                {
+                                chop($b);
+                                $o.=$b." ";
+                                $b=<>;
+                                chop($b);
+                                }
+                        else
+                                {
+                                $o.=$b." ";
+                                last;
+                                }
+                        }
+                $o =~ s/^\s+//;
+                $o =~ s/\s+$//;
+                $o =~ s/\s+/ /g;
+                $o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
+                $sym{$s}=$o;
+                }
+        }
+$pwd=`pwd`; chop($pwd);
+if ($sym{'TOP'} eq ".")
+        {
+        $n=0;
+        $dir=".";
+        }
+else    {
+        $n=split(/\//,$sym{'TOP'});
+        @_=split(/\//,$pwd);
+        $z=$#_-$n+1;
+        foreach $i ($z .. $#_) { $dir.=$_[$i]."/"; }
+        chop($dir);
+        }
+print "RELATIVE_DIRECTORY=$dir\n";
+foreach (sort keys %sym)
+        {
+        print "$_=$sym{$_}\n";
+        }
+print "RELATIVE_DIRECTORY=\n";
diff --git a/src/lib/libcrypto/util/fixNT.sh b/src/lib/libcrypto/util/fixNT.sh
new file mode 100644
index 0000000000..ce4f19299b
--- /dev/null
+++ b/src/lib/libcrypto/util/fixNT.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# clean up the mess that NT makes of my source tree
+#
+if [ -f makefile.ssl -a ! -f Makefile.ssl ]; then
+        /bin/mv makefile.ssl Makefile.ssl
+fi
+chmod +x Configure util/*
+echo cleaning
+/bin/rm -f `find . -name '*.$$$' -print` 2>/dev/null >/dev/null
+echo 'removing those damn ^M'
+perl -pi -e 's/\015//' `find . -type 'f' -print |grep -v '.obj$' |grep -v '.der$' |grep -v '.gz'`
+make -f Makefile.ssl links
diff --git a/src/lib/libcrypto/util/install.sh b/src/lib/libcrypto/util/install.sh
new file mode 100644
index 0000000000..e1d0c982df
--- /dev/null
+++ b/src/lib/libcrypto/util/install.sh
@@ -0,0 +1,108 @@
+#!/bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5; it is not part of GNU.
+#
+# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+#
+# set DOITPROG to echo to test this script
+doit="${DOITPROG:-}"
+# put in absolute paths if you don't have them in your path; or use env. vars.
+mvprog="${MVPROG:-mv}"
+cpprog="${CPPROG:-cp}"
+chmodprog="${CHMODPROG:-chmod}"
+chownprog="${CHOWNPROG:-chown}"
+chgrpprog="${CHGRPPROG:-chgrp}"
+stripprog="${STRIPPROG:-strip}"
+rmprog="${RMPROG:-rm}"
+instcmd="$mvprog"
+chmodcmd=""
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+src=""
+dst=""
+while [ x"$1" != x ]; do
+    case $1 in
+        -c) instcmd="$cpprog"
+            shift
+            continue;;
+        -m) chmodcmd="$chmodprog $2"
+            shift
+            shift
+            continue;;
+        -o) chowncmd="$chownprog $2"
+            shift
+            shift
+            continue;;
+        -g) chgrpcmd="$chgrpprog $2"
+            shift
+            shift
+            continue;;
+        -s) stripcmd="$stripprog"
+            shift
+            continue;;
+        *)  if [ x"$src" = x ]
+            then
+                src=$1
+            else
+                dst=$1
+            fi
+            shift
+            continue;;
+    esac
+done
+if [ x"$src" = x ]
+then
+        echo "install:  no input file specified"
+        exit 1
+fi
+if [ x"$dst" = x ]
+then
+        echo "install:  no destination specified"
+        exit 1
+fi
+# if destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+if [ -d $dst ]
+then
+        dst="$dst"/`basename $src`
+fi
+# get rid of the old one and mode the new one in
+$doit $rmcmd $dst
+$doit $instcmd $src $dst
+# and set any options; do chmod last to preserve setuid bits
+if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi
+if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi
+if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi
+if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi
+exit 0
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
new file mode 100644
index 0000000000..fcaf254287
--- /dev/null
+++ b/src/lib/libcrypto/util/libeay.num
@@ -0,0 +1,1065 @@
+SSLeay                                  1
+SSLeay_version                          2
+ASN1_BIT_STRING_asn1_meth               3
+ASN1_HEADER_free                        4
+ASN1_HEADER_new                         5
+ASN1_IA5STRING_asn1_meth                6
+ASN1_INTEGER_get                        7
+ASN1_INTEGER_set                        8
+ASN1_INTEGER_to_BN                      9
+ASN1_OBJECT_create                      10
+ASN1_OBJECT_free                        11
+ASN1_OBJECT_new                         12
+ASN1_PRINTABLE_type                     13
+ASN1_STRING_cmp                         14
+ASN1_STRING_dup                         15
+ASN1_STRING_free                        16
+ASN1_STRING_new                         17
+ASN1_STRING_print                       18
+ASN1_STRING_set                         19
+ASN1_STRING_type_new                    20
+ASN1_TYPE_free                          21
+ASN1_TYPE_new                           22
+ASN1_UNIVERSALSTRING_to_string          23
+ASN1_UTCTIME_check                      24
+ASN1_UTCTIME_print                      25
+ASN1_UTCTIME_set                        26
+ASN1_check_infinite_end                 27
+ASN1_d2i_bio                            28
+ASN1_d2i_fp                             29
+ASN1_digest                             30
+ASN1_dup                                31
+ASN1_get_object                         32
+ASN1_i2d_bio                            33
+ASN1_i2d_fp                             34
+ASN1_object_size                        35
+ASN1_parse                              36
+ASN1_put_object                         37
+ASN1_sign                               38
+ASN1_verify                             39
+BF_cbc_encrypt                          40
+BF_cfb64_encrypt                        41
+BF_ecb_encrypt                          42
+BF_encrypt                              43
+BF_ofb64_encrypt                        44
+BF_options                              45
+BF_set_key                              46
+BIO_CONNECT_free                        47
+BIO_CONNECT_new                         48
+BIO_accept                              51
+BIO_ctrl                                52
+BIO_int_ctrl                            53
+BIO_debug_callback                      54
+BIO_dump                                55
+BIO_dup_chain                           56
+BIO_f_base64                            57
+BIO_f_buffer                            58
+BIO_f_cipher                            59
+BIO_f_md                                60
+BIO_f_null                              61
+BIO_f_proxy_server                      62
+BIO_fd_non_fatal_error                  63
+BIO_fd_should_retry                     64
+BIO_find_type                           65
+BIO_free                                66
+BIO_free_all                            67
+BIO_get_accept_socket                   69
+BIO_get_filter_bio                      70
+BIO_get_host_ip                         71
+BIO_get_port                            72
+BIO_get_retry_BIO                       73
+BIO_get_retry_reason                    74
+BIO_gethostbyname                       75
+BIO_gets                                76
+BIO_new                                 78
+BIO_new_accept                          79
+BIO_new_connect                         80
+BIO_new_fd                              81
+BIO_new_file                            82
+BIO_new_fp                              83
+BIO_new_socket                          84
+BIO_pop                                 85
+BIO_printf                              86
+BIO_push                                87
+BIO_puts                                88
+BIO_read                                89
+BIO_s_accept                            90
+BIO_s_connect                           91
+BIO_s_fd                                92
+BIO_s_file                              93
+BIO_s_mem                               95
+BIO_s_null                              96
+BIO_s_proxy_client                      97
+BIO_s_socket                            98
+BIO_set                                 100
+BIO_set_cipher                          101
+BIO_set_tcp_ndelay                      102
+BIO_sock_cleanup                        103
+BIO_sock_error                          104
+BIO_sock_init                           105
+BIO_sock_non_fatal_error                106
+BIO_sock_should_retry                   107
+BIO_socket_ioctl                        108
+BIO_write                               109
+BN_CTX_free                             110
+BN_CTX_new                              111
+BN_MONT_CTX_free                        112
+BN_MONT_CTX_new                         113
+BN_MONT_CTX_set                         114
+BN_add                                  115
+BN_add_word                             116
+BN_hex2bn                               117
+BN_bin2bn                               118
+BN_bn2hex                               119
+BN_bn2bin                               120
+BN_clear                                121
+BN_clear_bit                            122
+BN_clear_free                           123
+BN_cmp                                  124
+BN_copy                                 125
+BN_div                                  126
+BN_div_word                             127
+BN_dup                                  128
+BN_free                                 129
+BN_from_montgomery                      130
+BN_gcd                                  131
+BN_generate_prime                       132
+BN_get_word                             133
+BN_is_bit_set                           134
+BN_is_prime                             135
+BN_lshift                               136
+BN_lshift1                              137
+BN_mask_bits                            138
+BN_mod                                  139
+BN_mod_exp                              140
+BN_mod_exp_mont                         141
+BN_mod_exp_recp                         142
+BN_mod_exp_simple                       143
+BN_mod_inverse                          144
+BN_mod_mul                              145
+BN_mod_mul_montgomery                   146
+BN_mod_mul_reciprocal                   147
+BN_mod_word                             148
+BN_mul                                  149
+BN_new                                  150
+BN_num_bits                             151
+BN_num_bits_word                        152
+BN_options                              153
+BN_print                                154
+BN_print_fp                             155
+BN_rand                                 156
+BN_reciprocal                           157
+BN_rshift                               158
+BN_rshift1                              159
+BN_set_bit                              160
+BN_set_word                             161
+BN_sqr                                  162
+BN_sub                                  163
+BN_to_ASN1_INTEGER                      164
+BN_ucmp                                 165
+BN_value_one                            166
+BUF_MEM_free                            167
+BUF_MEM_grow                            168
+BUF_MEM_new                             169
+BUF_strdup                              170
+CONF_free                               171
+CONF_get_number                         172
+CONF_get_section                        173
+CONF_get_string                         174
+CONF_load                               175
+CRYPTO_add_lock                         176
+CRYPTO_dbg_free                         177
+CRYPTO_dbg_malloc                       178
+CRYPTO_dbg_realloc                      179
+CRYPTO_dbg_remalloc                     180
+CRYPTO_free                             181
+CRYPTO_get_add_lock_callback            182
+CRYPTO_get_id_callback                  183
+CRYPTO_get_lock_name                    184
+CRYPTO_get_locking_callback             185
+CRYPTO_get_mem_functions                186
+CRYPTO_lock                             187
+CRYPTO_malloc                           188
+CRYPTO_mem_ctrl                         189
+CRYPTO_mem_leaks                        190
+CRYPTO_mem_leaks_cb                     191
+CRYPTO_mem_leaks_fp                     192
+CRYPTO_realloc                          193
+CRYPTO_remalloc                         194
+CRYPTO_set_add_lock_callback            195
+CRYPTO_set_id_callback                  196
+CRYPTO_set_locking_callback             197
+CRYPTO_set_mem_functions                198
+CRYPTO_thread_id                        199
+DH_check                                200
+DH_compute_key                          201
+DH_free                                 202
+DH_generate_key                         203
+DH_generate_parameters                  204
+DH_new                                  205
+DH_size                                 206
+DHparams_print                          207
+DHparams_print_fp                       208
+DSA_free                                209
+DSA_generate_key                        210
+DSA_generate_parameters                 211
+DSA_is_prime                            212
+DSA_new                                 213
+DSA_print                               214
+DSA_print_fp                            215
+DSA_sign                                216
+DSA_sign_setup                          217
+DSA_size                                218
+DSA_verify                              219
+DSAparams_print                         220
+DSAparams_print_fp                      221
+ERR_clear_error                         222
+ERR_error_string                        223
+ERR_free_strings                        224
+ERR_func_error_string                   225
+ERR_get_err_state_table                 226
+ERR_get_error                           227
+ERR_get_error_line                      228
+ERR_get_state                           229
+ERR_get_string_table                    230
+ERR_lib_error_string                    231
+ERR_load_ASN1_strings                   232
+ERR_load_BIO_strings                    233
+ERR_load_BN_strings                     234
+ERR_load_BUF_strings                    235
+ERR_load_CONF_strings                   236
+ERR_load_DH_strings                     237
+ERR_load_DSA_strings                    238
+ERR_load_ERR_strings                    239
+ERR_load_EVP_strings                    240
+ERR_load_OBJ_strings                    241
+ERR_load_PEM_strings                    242
+ERR_load_PROXY_strings                  243
+ERR_load_RSA_strings                    244
+ERR_load_X509_strings                   245
+ERR_load_crypto_strings                 246
+ERR_load_strings                        247
+ERR_peek_error                          248
+ERR_peek_error_line                     249
+ERR_print_errors                        250
+ERR_print_errors_fp                     251
+ERR_put_error                           252
+ERR_reason_error_string                 253
+ERR_remove_state                        254
+EVP_BytesToKey                          255
+EVP_CIPHER_CTX_cleanup                  256
+EVP_CipherFinal                         257
+EVP_CipherInit                          258
+EVP_CipherUpdate                        259
+EVP_DecodeBlock                         260
+EVP_DecodeFinal                         261
+EVP_DecodeInit                          262
+EVP_DecodeUpdate                        263
+EVP_DecryptFinal                        264
+EVP_DecryptInit                         265
+EVP_DecryptUpdate                       266
+EVP_DigestFinal                         267
+EVP_DigestInit                          268
+EVP_DigestUpdate                        269
+EVP_EncodeBlock                         270
+EVP_EncodeFinal                         271
+EVP_EncodeInit                          272
+EVP_EncodeUpdate                        273
+EVP_EncryptFinal                        274
+EVP_EncryptInit                         275
+EVP_EncryptUpdate                       276
+EVP_OpenFinal                           277
+EVP_OpenInit                            278
+EVP_PKEY_assign                         279
+EVP_PKEY_copy_parameters                280
+EVP_PKEY_free                           281
+EVP_PKEY_missing_parameters             282
+EVP_PKEY_new                            283
+EVP_PKEY_save_parameters                284
+EVP_PKEY_size                           285
+EVP_PKEY_type                           286
+EVP_SealFinal                           287
+EVP_SealInit                            288
+EVP_SignFinal                           289
+EVP_VerifyFinal                         290
+EVP_add_alias                           291
+EVP_add_cipher                          292
+EVP_add_digest                          293
+EVP_bf_cbc                              294
+EVP_bf_cfb                              295
+EVP_bf_ecb                              296
+EVP_bf_ofb                              297
+EVP_cleanup                             298
+EVP_des_cbc                             299
+EVP_des_cfb                             300
+EVP_des_ecb                             301
+EVP_des_ede                             302
+EVP_des_ede3                            303
+EVP_des_ede3_cbc                        304
+EVP_des_ede3_cfb                        305
+EVP_des_ede3_ofb                        306
+EVP_des_ede_cbc                         307
+EVP_des_ede_cfb                         308
+EVP_des_ede_ofb                         309
+EVP_des_ofb                             310
+EVP_desx_cbc                            311
+EVP_dss                                 312
+EVP_dss1                                313
+EVP_enc_null                            314
+EVP_get_cipherbyname                    315
+EVP_get_digestbyname                    316
+EVP_get_pw_prompt                       317
+EVP_idea_cbc                            318
+EVP_idea_cfb                            319
+EVP_idea_ecb                            320
+EVP_idea_ofb                            321
+EVP_md2                                 322
+EVP_md5                                 323
+EVP_md_null                             324
+EVP_rc2_cbc                             325
+EVP_rc2_cfb                             326
+EVP_rc2_ecb                             327
+EVP_rc2_ofb                             328
+EVP_rc4                                 329
+EVP_read_pw_string                      330
+EVP_set_pw_prompt                       331
+EVP_sha                                 332
+EVP_sha1                                333
+MD2                                     334
+MD2_Final                               335
+MD2_Init                                336
+MD2_Update                              337
+MD2_options                             338
+MD5                                     339
+MD5_Final                               340
+MD5_Init                                341
+MD5_Update                              342
+MDC2                                    343
+MDC2_Final                              344
+MDC2_Init                               345
+MDC2_Update                             346
+NETSCAPE_SPKAC_free                     347
+NETSCAPE_SPKAC_new                      348
+NETSCAPE_SPKI_free                      349
+NETSCAPE_SPKI_new                       350
+NETSCAPE_SPKI_sign                      351
+NETSCAPE_SPKI_verify                    352
+OBJ_add_object                          353
+OBJ_bsearch                             354
+OBJ_cleanup                             355
+OBJ_cmp                                 356
+OBJ_create                              357
+OBJ_dup                                 358
+OBJ_ln2nid                              359
+OBJ_new_nid                             360
+OBJ_nid2ln                              361
+OBJ_nid2obj                             362
+OBJ_nid2sn                              363
+OBJ_obj2nid                             364
+OBJ_sn2nid                              365
+OBJ_txt2nid                             366
+PEM_ASN1_read                           367
+PEM_ASN1_read_bio                       368
+PEM_ASN1_write                          369
+PEM_ASN1_write_bio                      370
+PEM_SealFinal                           371
+PEM_SealInit                            372
+PEM_SealUpdate                          373
+PEM_SignFinal                           374
+PEM_SignInit                            375
+PEM_SignUpdate                          376
+PEM_X509_INFO_read                      377
+PEM_X509_INFO_read_bio                  378
+PEM_X509_INFO_write_bio                 379
+PEM_dek_info                            380
+PEM_do_header                           381
+PEM_get_EVP_CIPHER_INFO                 382
+PEM_proc_type                           383
+PEM_read                                384
+PEM_read_DHparams                       385
+PEM_read_DSAPrivateKey                  386
+PEM_read_DSAparams                      387
+PEM_read_PKCS7                          388
+PEM_read_PrivateKey                     389
+PEM_read_RSAPrivateKey                  390
+PEM_read_X509                           391
+PEM_read_X509_CRL                       392
+PEM_read_X509_REQ                       393
+PEM_read_bio                            394
+PEM_read_bio_DHparams                   395
+PEM_read_bio_DSAPrivateKey              396
+PEM_read_bio_DSAparams                  397
+PEM_read_bio_PKCS7                      398
+PEM_read_bio_PrivateKey                 399
+PEM_read_bio_RSAPrivateKey              400
+PEM_read_bio_X509                       401
+PEM_read_bio_X509_CRL                   402
+PEM_read_bio_X509_REQ                   403
+PEM_write                               404
+PEM_write_DHparams                      405
+PEM_write_DSAPrivateKey                 406
+PEM_write_DSAparams                     407
+PEM_write_PKCS7                         408
+PEM_write_PrivateKey                    409
+PEM_write_RSAPrivateKey                 410
+PEM_write_X509                          411
+PEM_write_X509_CRL                      412
+PEM_write_X509_REQ                      413
+PEM_write_bio                           414
+PEM_write_bio_DHparams                  415
+PEM_write_bio_DSAPrivateKey             416
+PEM_write_bio_DSAparams                 417
+PEM_write_bio_PKCS7                     418
+PEM_write_bio_PrivateKey                419
+PEM_write_bio_RSAPrivateKey             420
+PEM_write_bio_X509                      421
+PEM_write_bio_X509_CRL                  422
+PEM_write_bio_X509_REQ                  423
+PKCS7_DIGEST_free                       424
+PKCS7_DIGEST_new                        425
+PKCS7_ENCRYPT_free                      426
+PKCS7_ENCRYPT_new                       427
+PKCS7_ENC_CONTENT_free                  428
+PKCS7_ENC_CONTENT_new                   429
+PKCS7_ENVELOPE_free                     430
+PKCS7_ENVELOPE_new                      431
+PKCS7_ISSUER_AND_SERIAL_digest          432
+PKCS7_ISSUER_AND_SERIAL_free            433
+PKCS7_ISSUER_AND_SERIAL_new             434
+PKCS7_RECIP_INFO_free                   435
+PKCS7_RECIP_INFO_new                    436
+PKCS7_SIGNED_free                       437
+PKCS7_SIGNED_new                        438
+PKCS7_SIGNER_INFO_free                  439
+PKCS7_SIGNER_INFO_new                   440
+PKCS7_SIGN_ENVELOPE_free                441
+PKCS7_SIGN_ENVELOPE_new                 442
+PKCS7_dup                               443
+PKCS7_free                              444
+PKCS7_new                               445
+PROXY_ENTRY_add_noproxy                 446
+PROXY_ENTRY_clear_noproxy               447
+PROXY_ENTRY_free                        448
+PROXY_ENTRY_get_noproxy                 449
+PROXY_ENTRY_new                         450
+PROXY_ENTRY_set_server                  451
+PROXY_add_noproxy                       452
+PROXY_add_server                        453
+PROXY_check_by_host                     454
+PROXY_check_url                         455
+PROXY_clear_noproxy                     456
+PROXY_free                              457
+PROXY_get_noproxy                       458
+PROXY_get_proxies                       459
+PROXY_get_proxy_entry                   460
+PROXY_load_conf                         461
+PROXY_new                               462
+PROXY_print                             463
+RAND_bytes                              464
+RAND_cleanup                            465
+RAND_file_name                          466
+RAND_load_file                          467
+RAND_screen                             468
+RAND_seed                               469
+RAND_write_file                         470
+RC2_cbc_encrypt                         471
+RC2_cfb64_encrypt                       472
+RC2_ecb_encrypt                         473
+RC2_encrypt                             474
+RC2_ofb64_encrypt                       475
+RC2_set_key                             476
+RC4                                     477
+RC4_options                             478
+RC4_set_key                             479
+RSAPrivateKey_asn1_meth                 480
+RSAPrivateKey_dup                       481
+RSAPublicKey_dup                        482
+RSA_PKCS1_SSLeay                        483
+RSA_free                                484
+RSA_generate_key                        485
+RSA_new                                 486
+RSA_new_method                          487
+RSA_print                               488
+RSA_print_fp                            489
+RSA_private_decrypt                     490
+RSA_private_encrypt                     491
+RSA_public_decrypt                      492
+RSA_public_encrypt                      493
+RSA_set_default_method                  494
+RSA_sign                                495
+RSA_sign_ASN1_OCTET_STRING              496
+RSA_size                                497
+RSA_verify                              498
+RSA_verify_ASN1_OCTET_STRING            499
+SHA                                     500
+SHA1                                    501
+SHA1_Final                              502
+SHA1_Init                               503
+SHA1_Update                             504
+SHA_Final                               505
+SHA_Init                                506
+SHA_Update                              507
+SSLeay_add_all_algorithms               508
+SSLeay_add_all_ciphers                  509
+SSLeay_add_all_digests                  510
+TXT_DB_create_index                     511
+TXT_DB_free                             512
+TXT_DB_get_by_index                     513
+TXT_DB_insert                           514
+TXT_DB_read                             515
+TXT_DB_write                            516
+X509_ALGOR_free                         517
+X509_ALGOR_new                          518
+X509_ATTRIBUTE_free                     519
+X509_ATTRIBUTE_new                      520
+X509_CINF_free                          521
+X509_CINF_new                           522
+X509_CRL_INFO_free                      523
+X509_CRL_INFO_new                       524
+X509_CRL_add_ext                        525
+X509_CRL_cmp                            526
+X509_CRL_delete_ext                     527
+X509_CRL_dup                            528
+X509_CRL_free                           529
+X509_CRL_get_ext                        530
+X509_CRL_get_ext_by_NID                 531
+X509_CRL_get_ext_by_OBJ                 532
+X509_CRL_get_ext_by_critical            533
+X509_CRL_get_ext_count                  534
+X509_CRL_new                            535
+X509_CRL_sign                           536
+X509_CRL_verify                         537
+X509_EXTENSION_create_by_NID            538
+X509_EXTENSION_create_by_OBJ            539
+X509_EXTENSION_dup                      540
+X509_EXTENSION_free                     541
+X509_EXTENSION_get_critical             542
+X509_EXTENSION_get_data                 543
+X509_EXTENSION_get_object               544
+X509_EXTENSION_new                      545
+X509_EXTENSION_set_critical             546
+X509_EXTENSION_set_data                 547
+X509_EXTENSION_set_object               548
+X509_INFO_free                          549
+X509_INFO_new                           550
+X509_LOOKUP_by_alias                    551
+X509_LOOKUP_by_fingerprint              552
+X509_LOOKUP_by_issuer_serial            553
+X509_LOOKUP_by_subject                  554
+X509_LOOKUP_ctrl                        555
+X509_LOOKUP_file                        556
+X509_LOOKUP_free                        557
+X509_LOOKUP_hash_dir                    558
+X509_LOOKUP_init                        559
+X509_LOOKUP_new                         560
+X509_LOOKUP_shutdown                    561
+X509_NAME_ENTRY_create_by_NID           562
+X509_NAME_ENTRY_create_by_OBJ           563
+X509_NAME_ENTRY_dup                     564
+X509_NAME_ENTRY_free                    565
+X509_NAME_ENTRY_get_data                566
+X509_NAME_ENTRY_get_object              567
+X509_NAME_ENTRY_new                     568
+X509_NAME_ENTRY_set_data                569
+X509_NAME_ENTRY_set_object              570
+X509_NAME_add_entry                     571
+X509_NAME_cmp                           572
+X509_NAME_delete_entry                  573
+X509_NAME_digest                        574
+X509_NAME_dup                           575
+X509_NAME_entry_count                   576
+X509_NAME_free                          577
+X509_NAME_get_entry                     578
+X509_NAME_get_index_by_NID              579
+X509_NAME_get_index_by_OBJ              580
+X509_NAME_get_text_by_NID               581
+X509_NAME_get_text_by_OBJ               582
+X509_NAME_hash                          583
+X509_NAME_new                           584
+X509_NAME_oneline                       585
+X509_NAME_print                         586
+X509_NAME_set                           587
+X509_OBJECT_free_contents               588
+X509_OBJECT_retrive_by_subject          589
+X509_OBJECT_up_ref_count                590
+X509_PKEY_free                          591
+X509_PKEY_new                           592
+X509_PUBKEY_free                        593
+X509_PUBKEY_get                         594
+X509_PUBKEY_new                         595
+X509_PUBKEY_set                         596
+X509_REQ_INFO_free                      597
+X509_REQ_INFO_new                       598
+X509_REQ_dup                            599
+X509_REQ_free                           600
+X509_REQ_get_pubkey                     601
+X509_REQ_new                            602
+X509_REQ_print                          603
+X509_REQ_print_fp                       604
+X509_REQ_set_pubkey                     605
+X509_REQ_set_subject_name               606
+X509_REQ_set_version                    607
+X509_REQ_sign                           608
+X509_REQ_to_X509                        609
+X509_REQ_verify                         610
+X509_REVOKED_add_ext                    611
+X509_REVOKED_delete_ext                 612
+X509_REVOKED_free                       613
+X509_REVOKED_get_ext                    614
+X509_REVOKED_get_ext_by_NID             615
+X509_REVOKED_get_ext_by_OBJ             616
+X509_REVOKED_get_ext_by_critical        617
+X509_REVOKED_get_ext_count              618
+X509_REVOKED_new                        619
+X509_SIG_free                           620
+X509_SIG_new                            621
+X509_STORE_CTX_cleanup                  622
+X509_STORE_CTX_init                     623
+X509_STORE_add_cert                     624
+X509_STORE_add_lookup                   625
+X509_STORE_free                         626
+X509_STORE_get_by_subject               627
+X509_STORE_load_locations               628
+X509_STORE_new                          629
+X509_STORE_set_default_paths            630
+X509_VAL_free                           631
+X509_VAL_new                            632
+X509_add_ext                            633
+X509_asn1_meth                          634
+X509_certificate_type                   635
+X509_check_private_key                  636
+X509_cmp_current_time                   637
+X509_delete_ext                         638
+X509_digest                             639
+X509_dup                                640
+X509_free                               641
+X509_get_default_cert_area              642
+X509_get_default_cert_dir               643
+X509_get_default_cert_dir_env           644
+X509_get_default_cert_file              645
+X509_get_default_cert_file_env          646
+X509_get_default_private_dir            647
+X509_get_ext                            648
+X509_get_ext_by_NID                     649
+X509_get_ext_by_OBJ                     650
+X509_get_ext_by_critical                651
+X509_get_ext_count                      652
+X509_get_issuer_name                    653
+X509_get_pubkey                         654
+X509_get_pubkey_parameters              655
+X509_get_serialNumber                   656
+X509_get_subject_name                   657
+X509_gmtime_adj                         658
+X509_issuer_and_serial_cmp              659
+X509_issuer_and_serial_hash             660
+X509_issuer_name_cmp                    661
+X509_issuer_name_hash                   662
+X509_load_cert_file                     663
+X509_new                                664
+X509_print                              665
+X509_print_fp                           666
+X509_set_issuer_name                    667
+X509_set_notAfter                       668
+X509_set_notBefore                      669
+X509_set_pubkey                         670
+X509_set_serialNumber                   671
+X509_set_subject_name                   672
+X509_set_version                        673
+X509_sign                               674
+X509_subject_name_cmp                   675
+X509_subject_name_hash                  676
+X509_to_X509_REQ                        677
+X509_verify                             678
+X509_verify_cert                        679
+X509_verify_cert_error_string           680
+X509v3_add_ext                          681
+X509v3_add_extension                    682
+X509v3_add_netscape_extensions          683
+X509v3_add_standard_extensions          684
+X509v3_cleanup_extensions               685
+X509v3_data_type_by_NID                 686
+X509v3_data_type_by_OBJ                 687
+X509v3_delete_ext                       688
+X509v3_get_ext                          689
+X509v3_get_ext_by_NID                   690
+X509v3_get_ext_by_OBJ                   691
+X509v3_get_ext_by_critical              692
+X509v3_get_ext_count                    693
+X509v3_pack_string                      694
+X509v3_pack_type_by_NID                 695
+X509v3_pack_type_by_OBJ                 696
+X509v3_unpack_string                    697
+_des_crypt                              698
+a2d_ASN1_OBJECT                         699
+a2i_ASN1_INTEGER                        700
+a2i_ASN1_STRING                         701
+asn1_Finish                             702
+asn1_GetSequence                        703
+bn_div64                                704
+bn_expand2                              705
+bn_mul_add_words                        706
+bn_mul_words                            707
+bn_qadd                                 708
+bn_qsub                                 709
+bn_sqr_words                            710
+crypt                                   711
+d2i_ASN1_BIT_STRING                     712
+d2i_ASN1_BOOLEAN                        713
+d2i_ASN1_HEADER                         714
+d2i_ASN1_IA5STRING                      715
+d2i_ASN1_INTEGER                        716
+d2i_ASN1_OBJECT                         717
+d2i_ASN1_OCTET_STRING                   718
+d2i_ASN1_PRINTABLE                      719
+d2i_ASN1_PRINTABLESTRING                720
+d2i_ASN1_SET                            721
+d2i_ASN1_T61STRING                      722
+d2i_ASN1_TYPE                           723
+d2i_ASN1_UTCTIME                        724
+d2i_ASN1_bytes                          725
+d2i_ASN1_type_bytes                     726
+d2i_DHparams                            727
+d2i_DSAPrivateKey                       728
+d2i_DSAPrivateKey_bio                   729
+d2i_DSAPrivateKey_fp                    730
+d2i_DSAPublicKey                        731
+d2i_DSAparams                           732
+d2i_NETSCAPE_SPKAC                      733
+d2i_NETSCAPE_SPKI                       734
+d2i_Netscape_RSA                        735
+d2i_PKCS7                               736
+d2i_PKCS7_DIGEST                        737
+d2i_PKCS7_ENCRYPT                       738
+d2i_PKCS7_ENC_CONTENT                   739
+d2i_PKCS7_ENVELOPE                      740
+d2i_PKCS7_ISSUER_AND_SERIAL             741
+d2i_PKCS7_RECIP_INFO                    742
+d2i_PKCS7_SIGNED                        743
+d2i_PKCS7_SIGNER_INFO                   744
+d2i_PKCS7_SIGN_ENVELOPE                 745
+d2i_PKCS7_bio                           746
+d2i_PKCS7_fp                            747
+d2i_PrivateKey                          748
+d2i_PublicKey                           749
+d2i_RSAPrivateKey                       750
+d2i_RSAPrivateKey_bio                   751
+d2i_RSAPrivateKey_fp                    752
+d2i_RSAPublicKey                        753
+d2i_X509                                754
+d2i_X509_ALGOR                          755
+d2i_X509_ATTRIBUTE                      756
+d2i_X509_CINF                           757
+d2i_X509_CRL                            758
+d2i_X509_CRL_INFO                       759
+d2i_X509_CRL_bio                        760
+d2i_X509_CRL_fp                         761
+d2i_X509_EXTENSION                      762
+d2i_X509_NAME                           763
+d2i_X509_NAME_ENTRY                     764
+d2i_X509_PKEY                           765
+d2i_X509_PUBKEY                         766
+d2i_X509_REQ                            767
+d2i_X509_REQ_INFO                       768
+d2i_X509_REQ_bio                        769
+d2i_X509_REQ_fp                         770
+d2i_X509_REVOKED                        771
+d2i_X509_SIG                            772
+d2i_X509_VAL                            773
+d2i_X509_bio                            774
+d2i_X509_fp                             775
+des_cbc_cksum                           777
+des_cbc_encrypt                         778
+des_cblock_print_file                   779
+des_cfb64_encrypt                       780
+des_cfb_encrypt                         781
+des_decrypt3                            782
+des_ecb3_encrypt                        783
+des_ecb_encrypt                         784
+des_ede3_cbc_encrypt                    785
+des_ede3_cfb64_encrypt                  786
+des_ede3_ofb64_encrypt                  787
+des_enc_read                            788
+des_enc_write                           789
+des_encrypt                             790
+des_encrypt2                            791
+des_encrypt3                            792
+des_fcrypt                              793
+des_is_weak_key                         794
+des_key_sched                           795
+des_ncbc_encrypt                        796
+des_ofb64_encrypt                       797
+des_ofb_encrypt                         798
+des_options                             799
+des_pcbc_encrypt                        800
+des_quad_cksum                          801
+des_random_key                          802
+des_random_seed                         803
+des_read_2passwords                     804
+des_read_password                       805
+des_read_pw                             806
+des_read_pw_string                      807
+des_set_key                             808
+des_set_odd_parity                      809
+des_string_to_2keys                     810
+des_string_to_key                       811
+des_xcbc_encrypt                        812
+des_xwhite_in2out                       813
+fcrypt_body                             814
+i2a_ASN1_INTEGER                        815
+i2a_ASN1_OBJECT                         816
+i2a_ASN1_STRING                         817
+i2d_ASN1_BIT_STRING                     818
+i2d_ASN1_BOOLEAN                        819
+i2d_ASN1_HEADER                         820
+i2d_ASN1_IA5STRING                      821
+i2d_ASN1_INTEGER                        822
+i2d_ASN1_OBJECT                         823
+i2d_ASN1_OCTET_STRING                   824
+i2d_ASN1_PRINTABLE                      825
+i2d_ASN1_SET                            826
+i2d_ASN1_TYPE                           827
+i2d_ASN1_UTCTIME                        828
+i2d_ASN1_bytes                          829
+i2d_DHparams                            830
+i2d_DSAPrivateKey                       831
+i2d_DSAPrivateKey_bio                   832
+i2d_DSAPrivateKey_fp                    833
+i2d_DSAPublicKey                        834
+i2d_DSAparams                           835
+i2d_NETSCAPE_SPKAC                      836
+i2d_NETSCAPE_SPKI                       837
+i2d_Netscape_RSA                        838
+i2d_PKCS7                               839
+i2d_PKCS7_DIGEST                        840
+i2d_PKCS7_ENCRYPT                       841
+i2d_PKCS7_ENC_CONTENT                   842
+i2d_PKCS7_ENVELOPE                      843
+i2d_PKCS7_ISSUER_AND_SERIAL             844
+i2d_PKCS7_RECIP_INFO                    845
+i2d_PKCS7_SIGNED                        846
+i2d_PKCS7_SIGNER_INFO                   847
+i2d_PKCS7_SIGN_ENVELOPE                 848
+i2d_PKCS7_bio                           849
+i2d_PKCS7_fp                            850
+i2d_PrivateKey                          851
+i2d_PublicKey                           852
+i2d_RSAPrivateKey                       853
+i2d_RSAPrivateKey_bio                   854
+i2d_RSAPrivateKey_fp                    855
+i2d_RSAPublicKey                        856
+i2d_X509                                857
+i2d_X509_ALGOR                          858
+i2d_X509_ATTRIBUTE                      859
+i2d_X509_CINF                           860
+i2d_X509_CRL                            861
+i2d_X509_CRL_INFO                       862
+i2d_X509_CRL_bio                        863
+i2d_X509_CRL_fp                         864
+i2d_X509_EXTENSION                      865
+i2d_X509_NAME                           866
+i2d_X509_NAME_ENTRY                     867
+i2d_X509_PKEY                           868
+i2d_X509_PUBKEY                         869
+i2d_X509_REQ                            870
+i2d_X509_REQ_INFO                       871
+i2d_X509_REQ_bio                        872
+i2d_X509_REQ_fp                         873
+i2d_X509_REVOKED                        874
+i2d_X509_SIG                            875
+i2d_X509_VAL                            876
+i2d_X509_bio                            877
+i2d_X509_fp                             878
+idea_cbc_encrypt                        879
+idea_cfb64_encrypt                      880
+idea_ecb_encrypt                        881
+idea_encrypt                            882
+idea_ofb64_encrypt                      883
+idea_options                            884
+idea_set_decrypt_key                    885
+idea_set_encrypt_key                    886
+lh_delete                               887
+lh_doall                                888
+lh_doall_arg                            889
+lh_free                                 890
+lh_insert                               891
+lh_new                                  892
+lh_node_stats                           893
+lh_node_stats_bio                       894
+lh_node_usage_stats                     895
+lh_node_usage_stats_bio                 896
+lh_retrieve                             897
+lh_stats                                898
+lh_stats_bio                            899
+lh_strhash                              900
+sk_delete                               901
+sk_delete_ptr                           902
+sk_dup                                  903
+sk_find                                 904
+sk_free                                 905
+sk_insert                               906
+sk_new                                  907
+sk_pop                                  908
+sk_pop_free                             909
+sk_push                                 910
+sk_set_cmp_func                         911
+sk_shift                                912
+sk_unshift                              913
+sk_zero                                 914
+BIO_f_nbio_test                         915
+ASN1_TYPE_get                           916
+ASN1_TYPE_set                           917
+PKCS7_content_free                      918
+ERR_load_PKCS7_strings                  919
+X509_find_by_issuer_and_serial          920
+X509_find_by_subject                    921
+PKCS7_ctrl                              927
+PKCS7_set_type                          928
+PKCS7_set_content                       929
+PKCS7_SIGNER_INFO_set                   930
+PKCS7_add_signer                        931
+PKCS7_add_certificate                   932
+PKCS7_add_crl                           933
+PKCS7_content_new                       934
+PKCS7_dataSign                          935
+PKCS7_dataVerify                        936
+PKCS7_dataInit                          937
+PKCS7_add_signature                     938
+PKCS7_cert_from_signer_info             939
+PKCS7_get_signer_info                   940
+EVP_delete_alias                        941
+EVP_mdc2                                942
+PEM_read_bio_RSAPublicKey               943
+PEM_write_bio_RSAPublicKey              944
+d2i_RSAPublicKey_bio                    945
+i2d_RSAPublicKey_bio                    946
+PEM_read_RSAPublicKey                   947
+PEM_write_RSAPublicKey                  949
+d2i_RSAPublicKey_fp                     952
+i2d_RSAPublicKey_fp                     954
+BIO_copy_next_retry                     955
+RSA_flags                               956
+X509_STORE_add_crl                      957
+X509_load_crl_file                      958
+EVP_rc2_40_cbc                          959
+EVP_rc4_40                              960
+EVP_CIPHER_CTX_init                     961
+HMAC                                    962
+HMAC_Init                               963
+HMAC_Update                             964
+HMAC_Final                              965
+ERR_get_next_error_library              966
+EVP_PKEY_cmp_parameters                 967
+HMAC_cleanup                            968
+BIO_ptr_ctrl                            969
+BIO_new_file_internal                   970
+BIO_new_fp_internal                     971
+BIO_s_file_internal                     972
+BN_BLINDING_convert                     973
+BN_BLINDING_invert                      974
+BN_BLINDING_update                      975
+RSA_blinding_on                         977
+RSA_blinding_off                        978
+i2t_ASN1_OBJECT                         979
+BN_BLINDING_new                         980
+BN_BLINDING_free                        981
+EVP_cast5_cbc                           983
+EVP_cast5_cfb                           984
+EVP_cast5_ecb                           985
+EVP_cast5_ofb                           986
+BF_decrypt                              987
+CAST_set_key                            988
+CAST_encrypt                            989
+CAST_decrypt                            990
+CAST_ecb_encrypt                        991
+CAST_cbc_encrypt                        992
+CAST_cfb64_encrypt                      993
+CAST_ofb64_encrypt                      994
+RC2_decrypt                             995
+OBJ_create_objects                      997
+BN_exp                                  998
+BN_mul_word                             999
+BN_sub_word                             1000
+BN_dec2bn                               1001
+BN_bn2dec                               1002
+BIO_ghbn_ctrl                           1003
+CRYPTO_free_ex_data                     1004
+CRYPTO_get_ex_data                      1005
+CRYPTO_set_ex_data                      1007
+ERR_load_CRYPTO_strings                 1009
+ERR_load_CRYPTOlib_strings              1009
+EVP_PKEY_bits                           1010
+MD5_Transform                           1011
+SHA1_Transform                          1012
+SHA_Transform                           1013
+X509_STORE_CTX_get_chain                1014
+X509_STORE_CTX_get_current_cert         1015
+X509_STORE_CTX_get_error                1016
+X509_STORE_CTX_get_error_depth          1017
+X509_STORE_CTX_get_ex_data              1018
+X509_STORE_CTX_set_cert                 1020
+X509_STORE_CTX_set_chain                1021
+X509_STORE_CTX_set_error                1022
+X509_STORE_CTX_set_ex_data              1023
+CRYPTO_dup_ex_data                      1025
+CRYPTO_get_new_lockid                   1026
+CRYPTO_new_ex_data                      1027
+RSA_set_ex_data                         1028
+RSA_get_ex_data                         1029
+RSA_get_ex_new_index                    1030
+RSA_padding_add_PKCS1_type_1            1031
+RSA_padding_add_PKCS1_type_2            1032
+RSA_padding_add_SSLv23                  1033
+RSA_padding_add_none                    1034
+RSA_padding_check_PKCS1_type_1          1035
+RSA_padding_check_PKCS1_type_2          1036
+RSA_padding_check_SSLv23                1037
+RSA_padding_check_none                  1038
+bn_add_words                            1039
+d2i_Netscape_RSA_2                      1040
+CRYPTO_get_ex_new_index                 1041
+RIPEMD160_Init                          1042
+RIPEMD160_Update                        1043
+RIPEMD160_Final                         1044
+RIPEMD160                               1045
+RIPEMD160_Transform                     1046
+RC5_32_set_key                          1047
+RC5_32_ecb_encrypt                      1048
+RC5_32_encrypt                          1049
+RC5_32_decrypt                          1050
+RC5_32_cbc_encrypt                      1051
+RC5_32_cfb64_encrypt                    1052
+RC5_32_ofb64_encrypt                    1053
+BN_bn2mpi                               1058
+BN_mpi2bn                               1059
+ASN1_BIT_STRING_get_bit                 1060
+ASN1_BIT_STRING_set_bit                 1061
+BIO_get_ex_data                         1062
+BIO_get_ex_new_index                    1063
+BIO_set_ex_data                         1064
+X509_STORE_CTX_get_ex_new_index         1065
+X509v3_get_key_usage                    1066
+X509v3_set_key_usage                    1067
+a2i_X509v3_key_usage                    1068
+i2a_X509v3_key_usage                    1069
+EVP_PKEY_decrypt                        1070
+EVP_PKEY_encrypt                        1071
+PKCS7_RECIP_INFO_set                    1072
+PKCS7_add_recipient                     1073
+PKCS7_add_recipient_info                1074
+PKCS7_set_cipher                        1075
+ASN1_TYPE_get_int_octetstring           1076
+ASN1_TYPE_get_octetstring               1077
+ASN1_TYPE_set_int_octetstring           1078
+ASN1_TYPE_set_octetstring               1079
+ASN1_UTCTIME_set_string                 1080
+ERR_add_error_data                      1081
+ERR_set_error_data                      1082
+EVP_CIPHER_asn1_to_param                1083
+EVP_CIPHER_param_to_asn1                1084
+EVP_CIPHER_get_asn1_iv                  1085
+EVP_CIPHER_set_asn1_iv                  1086
+EVP_rc5_32_12_16_cbc                    1087
+EVP_rc5_32_12_16_cfb                    1088
+EVP_rc5_32_12_16_ecb                    1089
+EVP_rc5_32_12_16_ofb                    1090
+asn1_add_error                          1091
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl
new file mode 100644
index 0000000000..149a0f4f80
--- /dev/null
+++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -0,0 +1,793 @@
+#!/usr/bin/perl
+# A bit of an evil hack but it post processes the file ../MINFO which
+# is generated by `make files` in the top directory.
+# This script outputs one mega makefile that has no shell stuff or any
+# funny stuff
+#
+$INSTALLTOP="/usr/local/ssl";
+$ssl_version="0.8.2";
+$infile="MINFO";
+%ops=(
+        "VC-WIN32",   "Microsoft Visual C++ 4.[01] - Windows NT [34].x",
+        "VC-W31-16",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",
+        "VC-WIN16",   "Alias for VC-W31-32",
+        "VC-W31-32",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 386+",
+        "VC-MSDOS","Microsoft Visual C++ 1.52 - MSDOS",
+        "BC-NT",   "Borland C++ 4.5 - Windows NT  - PROBABLY NOT WORKING",
+        "BC-W31",  "Borland C++ 4.5 - Windows 3.1 - PROBABLY NOT WORKING",
+        "BC-MSDOS","Borland C++ 4.5 - MSDOS",
+        "linux-elf","Linux elf",
+        "FreeBSD","FreeBSD distribution",
+        "default","cc under unix",
+        );
+$type="";
+foreach (@ARGV)
+        {
+        if    (/^no-rc2$/)      { $no_rc2=1; }
+        elsif (/^no-rc4$/)      { $no_rc4=1; }
+        elsif (/^no-rc5$/)      { $no_rc5=1; }
+        elsif (/^no-idea$/)     { $no_idea=1; }
+        elsif (/^no-des$/)      { $no_des=1; }
+        elsif (/^no-bf$/)       { $no_bf=1; }
+        elsif (/^no-cast$/)     { $no_cast=1; }
+        elsif (/^no-md2$/)      { $no_md2=1; }
+        elsif (/^no-md5$/)      { $no_md5=1; }
+        elsif (/^no-sha$/)      { $no_sha=1; }
+        elsif (/^no-sha1$/)     { $no_sha1=1; }
+        elsif (/^no-rmd160$/)   { $no_rmd160=1; }
+        elsif (/^no-mdc2$/)     { $no_mdc2=1; }
+        elsif (/^no-patents$/)  { $no_rc2=$no_rc4=$no_rc5=$no_idea=$no_rsa=1; }
+        elsif (/^no-rsa$/)      { $no_rsa=1; }
+        elsif (/^no-dsa$/)      { $no_dsa=1; }
+        elsif (/^no-dh$/)       { $no_dh=1; }
+        elsif (/^no-asm$/)      { $no_asm=1; }
+        elsif (/^no-ssl2$/)     { $no_ssl2=1; }
+        elsif (/^no-ssl3$/)     { $no_ssl3=1; }
+        elsif (/^no-err$/)      { $no_err=1; }
+        elsif (/^no-sock$/)     { $no_sock=1; }
+        elsif (/^just-ssl$/)    { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+                                  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+                                  $no_ssl2=$no_err=1; }
+        elsif (/^rsaref$/)      { $rsaref=1; }
+        elsif (/^gcc$/)         { $gcc=1; }
+        elsif (/^debug$/)       { $debug=1; }
+        elsif (/^shlib$/)       { $shlib=1; }
+        elsif (/^dll$/)         { $shlib=1; }
+        elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
+        elsif (/^-[lL].*$/)     { $l_flags.="$_ "; }
+        elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
+                { $c_flags.="$_ "; }
+        else
+                {
+                if (!defined($ops{$_}))
+                        {
+                        print STDERR "unknown option - $_\n";
+                        print STDERR "usage: perl mk1mf.pl [system] [options]\n";
+                        print STDERR "\nwhere [system] can be one of the following\n";
+                        foreach $i (sort keys %ops)
+                                { printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
+                        print STDERR <<"EOF";
+and [options] can be one of
+        no-md2 no-md5 no-sha no-sha1 no-mdc2 no-rmd160 - Skip this digest
+        no-rc2 no-rc4 no-idea no-des no-bf no-cast - Skip this symetric cipher
+        no-rc5
+        no-rsa no-dsa no-dh                     - Skip this public key cipher
+        no-ssl2 no-ssl3                         - Skip this version of SSL
+        just-ssl                                - remove all non-ssl keys/digest
+        no-asm                                  - No x86 asm
+        no-socks                                - No socket code
+        no-err                                  - No error strings
+        dll/shlib                               - Build shared libraries (MS)
+        debug                                   - Debug build
+        gcc                                     - Use Gcc (unix)
+        rsaref                                  - Build to require RSAref
+Values that can be set
+TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
+-L<ex_lib_path> -l<ex_lib>                      - extra library flags (unix)
+-<ex_cc_flags>                                  - extra 'cc' flags,
+                                                  added (MS), or replace (unix)
+EOF
+                        exit(1);
+                        }
+                $type=$_;
+                }
+        }
+$no_mdc2=1 if ($no_des);
+$no_ssl3=1 if ($no_md5 || $no_sha1);
+$no_ssl3=1 if ($no_rsa && $no_dh);
+$no_ssl2=1 if ($no_md5 || $no_rsa);
+$no_ssl2=1 if ($no_rsa);
+$out_def="out";
+$inc_def="outinc";
+$tmp_def="tmp";
+($ssl,$crypto)=("ssl","crypto");
+$RSAglue="RSAglue";
+$ranlib="echo ranlib";
+$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
+$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.';
+$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
+# $bin_dir.=$o causes a core dump on my sparc :-(
+push(@INC,"util/pl","pl");
+if ($type eq "VC-MSDOS")
+        {
+        $asmbits=16;
+        $msdos=1;
+        require 'VC-16.pl';
+        }
+elsif ($type eq "VC-W31-16")
+        {
+        $asmbits=16;
+        $msdos=1; $win16=1;
+        require 'VC-16.pl';
+        }
+elsif (($type eq "VC-W31-32") || ($type eq "VC-WIN16"))
+        {
+        $asmbits=32;
+        $msdos=1; $win16=1;
+        require 'VC-16.pl';
+        }
+elsif (($type eq "VC-WIN32") || ($type eq "VC-NT"))
+        {
+        require 'VC-32.pl';
+        }
+elsif ($type eq "BC-NT")
+        {
+        $bc=1;
+        require 'BC-32.pl';
+        }
+elsif ($type eq "BC-W31")
+        {
+        $bc=1;
+        $msdos=1; $w16=1;
+        require 'BC-16.pl';
+        }
+elsif ($type eq "BC-Q16")
+        {
+        $msdos=1; $w16=1; $shlib=0; $qw=1;
+        require 'BC-16.pl';
+        }
+elsif ($type eq "BC-MSDOS")
+        {
+        $asmbits=16;
+        $msdos=1;
+        require 'BC-16.pl';
+        }
+elsif ($type eq "FreeBSD")
+        {
+        require 'unix.pl';
+        $cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer';
+        }
+elsif ($type eq "linux-elf")
+        {
+        require "unix.pl";
+        require "linux.pl";
+        $unix=1;
+        }
+else
+        {
+        require "unix.pl";
+        $unix=1;
+        $cflags.=' -DTERMIO';
+        }
+$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
+$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
+$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
+$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
+$cflags.=" -DNO_IDEA" if $no_idea;
+$cflags.=" -DNO_RC2"  if $no_rc2;
+$cflags.=" -DNO_RC4"  if $no_rc4;
+$cflags.=" -DNO_RC5"  if $no_rc5;
+$cflags.=" -DNO_MD2"  if $no_md2;
+$cflags.=" -DNO_MD5"  if $no_md5;
+$cflags.=" -DNO_SHA"  if $no_sha;
+$cflags.=" -DNO_SHA1" if $no_sha1;
+$cflags.=" -DNO_RMD160" if $no_rmd160;
+$cflags.=" -DNO_MDC2" if $no_mdc2;
+$cflags.=" -DNO_BLOWFISH"  if $no_bf;
+$cflags.=" -DNO_CAST" if $no_cast;
+$cflags.=" -DNO_DES"  if $no_des;
+$cflags.=" -DNO_RSA"  if $no_rsa;
+$cflags.=" -DNO_DSA"  if $no_dsa;
+$cflags.=" -DNO_DH"   if $no_dh;
+$cflags.=" -DNO_SOCK" if $no_sock;
+$cflags.=" -DNO_SSL2" if $no_ssl2;
+$cflags.=" -DNO_SSL3" if $no_ssl3;
+$cflags.=" -DNO_ERR"  if $no_err;
+$cflags.=" -DRSAref"  if $rsaref ne "";
+if ($unix)
+        { $cflags="$c_flags" if ($c_flags ne ""); }
+else    { $cflags="$c_flags$cflags" if ($c_flags ne ""); }
+$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
+if ($ranlib ne "")
+        {
+        $ranlib="\$(SRC_D)$o$ranlib";
+        }
+if ($msdos)
+        {
+        $banner ="\t\@echo Make sure you have run 'perl Configure $type' in the\n";
+        $banner.="\t\@echo top level directory, if you don't have perl, you will\n";
+        $banner.="\t\@echo need to probably edit crypto/bn/bn.h, check the\n";
+        $banner.="\t\@echo documentation for details.\n";
+        }
+# have to do this to allow $(CC) under unix
+$link="$bin_dir$link" if ($link !~ /^\$/);
+$INSTALLTOP =~ s|/|$o|g;
+$defs= <<"EOF";
+# This makefile has been automatically generated from the SSLeay distribution.
+# This single makefile will build the complete SSLeay distribution and
+# by default leave the 'intertesting' output files in .${o}out and the stuff
+# that needs deleting in .${o}tmp.
+# The file was generated by running 'make makefile.one', which
+# does a 'make files', which writes all the environment variables from all
+# the makefiles to the file call MINFO.  This file is used by
+# util${o}mk1mf.pl to generate makefile.one.
+# The 'makefile per directory' system suites me when developing this
+# library and also so I can 'distribute' indervidual library sections.
+# The one monster makefile better suits building in non-unix
+# environments.
+INSTALLTOP=$INSTALLTOP
+# Set your compiler options
+CC=$bin_dir${cc}
+CFLAG=$cflags
+APP_CFLAG=$app_cflag
+LIB_CFLAG=$lib_cflag
+SHLIB_CFLAG=$shl_cflag
+APP_EX_OBJ=$app_ex_obj
+SHLIB_EX_OBJ=$shlib_ex_obj
+# add extra libraries to this define, for solaris -lsocket -lnsl would
+# be added
+EX_LIBS=$ex_libs
+# The SSLeay directory
+SRC_D=$src_dir
+LINK=$link
+LFLAGS=$lflags
+BN_MULW_OBJ=$bn_mulw_obj
+BN_MULW_SRC=$bn_mulw_src
+DES_ENC_OBJ=$des_enc_obj
+DES_ENC_SRC=$des_enc_src
+DES_CRYPT_OBJ=$des_crypt_obj
+DES_CRYPT_SRC=$des_crypt_src
+BF_ENC_OBJ=$bf_enc_obj
+BF_ENC_SRC=$bf_enc_src
+CAST_ENC_OBJ=$cast_enc_obj
+CAST_ENC_SRC=$cast_enc_src
+RC4_ENC_OBJ=$rc4_enc_obj
+RC4_ENC_SRC=$rc4_enc_src
+RC5_ENC_OBJ=$rc5_enc_obj
+RC5_ENC_SRC=$rc5_enc_src
+MD5_ASM_OBJ=$md5_asm_obj
+MD5_ASM_SRC=$md5_asm_src
+SHA1_ASM_OBJ=$sha1_asm_obj
+SHA1_ASM_SRC=$sha1_asm_src
+RMD160_ASM_OBJ=$rmd160_asm_obj
+RMD160_ASM_SRC=$rmd160_asm_src
+# The output directory for everything intersting
+OUT_D=$out_dir
+# The output directory for all the temporary muck
+TMP_D=$tmp_dir
+# The output directory for the header files
+INC_D=$inc_dir
+CP=$cp
+RM=$rm
+RANLIB=$ranlib
+MKDIR=mkdir
+MKLIB=$bin_dir$mklib
+MLFLAGS=$mlflags
+ASM=$bin_dir$asm
+######################################################
+# You should not need to touch anything below this point
+######################################################
+E_EXE=ssleay
+SSL=$ssl
+CRYPTO=$crypto
+RSAGLUE=$RSAglue
+# BIN_D  - Binary output directory
+# TEST_D - Binary test file output directory
+# LIB_D  - library output directory
+BIN_D=\$(OUT_D)
+TEST_D=\$(OUT_D)
+LIB_D=\$(OUT_D)
+# INCL_D - local library directory
+# OBJ_D  - temp object file directory
+OBJ_D=\$(TMP_D)
+INCL_D=\$(TMP_D)
+O_SSL=     \$(LIB_D)$o$plib\$(SSL)$shlibp
+O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
+O_RSAGLUE= \$(LIB_D)$o$plib\$(RSAGLUE)$libp
+SO_SSL=    $plib\$(SSL)$so_shlibp
+SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
+L_SSL=     \$(LIB_D)$o\$(SSL)$libp
+L_CRYPTO=  \$(LIB_D)$o\$(CRYPTO)$libp
+L_LIBS= \$(L_SSL) \$(L_CRYPTO)
+#L_LIBS= \$(O_SSL) \$(O_RSAGLUE) -lrsaref \$(O_CRYPTO)
+######################################################
+# Don't touch anything below this point
+######################################################
+INC=-I\$(INC_D) -I\$(INCL_D)
+APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
+LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
+SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
+LIBS_DEP=\$(O_CRYPTO) \$(O_RSAGLUE) \$(O_SSL)
+#############################################
+EOF
+$rules=<<"EOF";
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INC_D) headers lib exe
+banner:
+$banner
+\$(TMP_D):
+        \$(MKDIR) \$(TMP_D)
+\$(BIN_D):
+        \$(MKDIR) \$(BIN_D)
+\$(TEST_D):
+        \$(MKDIR) \$(TEST_D)
+\$(LIB_D):
+        \$(MKDIR) \$(LIB_D)
+\$(INC_D):
+        \$(MKDIR) \$(INC_D)
+headers: \$(HEADER) \$(EXHEADER)
+lib: \$(LIBS_DEP)
+exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep
+install:
+        \$(MKDIR) \$(INSTALLTOP)
+        \$(MKDIR) \$(INSTALLTOP)${o}bin
+        \$(MKDIR) \$(INSTALLTOP)${o}include
+        \$(MKDIR) \$(INSTALLTOP)${o}lib
+        \$(CP) \$(INC_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include
+        \$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin
+        \$(CP) \$(O_SSL) \$(INSTALLTOP)${o}lib
+        \$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}lib
+clean:
+        \$(RM) \$(TMP_D)$o*.*
+vclean:
+        \$(RM) \$(TMP_D)$o*.*
+        \$(RM) \$(OUT_D)$o*.*
+EOF
+#############################################
+# We parse in input file and 'store' info for later printing.
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+        {
+        chop;
+        ($key,$val)=/^([^=]+)=(.*)/;
+        if ($key eq "RELATIVE_DIRECTORY")
+                {
+                if ($lib ne "")
+                        {
+                        $uc=$lib;
+                        $uc =~ s/^lib(.*)\.a/$1/;
+                        $uc =~ tr/a-z/A-Z/;
+                        $lib_nam{$uc}=$uc;
+                        $lib_obj{$uc}.=$libobj." ";
+                        }
+                last if ($val eq "FINISHED");
+                $lib="";
+                $libobj="";
+                $dir=$val;
+                }
+        if ($key eq "TEST")
+                { $test.=&var_add($dir,$val); }
+        if (($key eq "PROGS") || ($key eq "E_OBJ"))
+                { $e_exe.=&var_add($dir,$val); }
+        if ($key eq "LIB")
+                {
+                $lib=$val;
+                $lib =~ s/^.*\/([^\/]+)$/$1/;
+                }
+        if ($key eq "EXHEADER")
+                { $exheader.=&var_add($dir,$val); }
+        if ($key eq "HEADER")
+                { $header.=&var_add($dir,$val); }
+        if ($key eq "LIBOBJ")
+                { $libobj=&var_add($dir,$val); }
+        if (!($_=<IN>))
+                { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+        }
+close(IN);
+# Strip of trailing ' '
+foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
+$test=&clean_up_ws($test);
+$e_exe=&clean_up_ws($e_exe);
+$exheader=&clean_up_ws($exheader);
+$header=&clean_up_ws($header);
+# First we strip the exheaders from the headers list
+foreach (split(/\s+/,$exheader)){ $h{$_}=1; }
+foreach (split(/\s+/,$header))  { $h.=$_." " unless $h{$_}; }
+chop($h); $header=$h;
+$defs.=&do_defs("HEADER",$header,"\$(INCL_D)",".h");
+$rules.=&do_copy_rule("\$(INCL_D)",$header,".h");
+$defs.=&do_defs("EXHEADER",$exheader,"\$(INC_D)",".h");
+$rules.=&do_copy_rule("\$(INC_D)",$exheader,".h");
+$defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
+$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
+foreach (values %lib_nam)
+        {
+        $lib_obj=$lib_obj{$_};
+        local($slib)=$shlib;
+        $slib=0 if ($_ eq "RSAGLUE");
+        if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
+                {
+                $rules.="\$(O_SSL):\n\n"; 
+                next;
+                }
+        if (($_ eq "RSAGLUE") && $no_rsa)
+                {
+                $rules.="\$(O_RSAGLUE):\n\n"; 
+                next;
+                }
+        if (($bn_mulw_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*\/bn_mulw\S*/ \$(BN_MULW_OBJ)/;
+                $rules.=&do_asm_rule($bn_mulw_obj,$bn_mulw_src);
+                }
+        if (($des_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
+                $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
+                $rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
+                }
+        if (($bf_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*\/bf_enc\S*/ \$(BF_ENC_OBJ)/;
+                $rules.=&do_asm_rule($bf_enc_obj,$bf_enc_src);
+                }
+        if (($cast_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/(\s\S*\/c_enc\S*)/ \$(CAST_ENC_OBJ)/;
+                $rules.=&do_asm_rule($cast_enc_obj,$cast_enc_src);
+                }
+        if (($rc4_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*\/rc4_enc\S*/ \$(RC4_ENC_OBJ)/;
+                $rules.=&do_asm_rule($rc4_enc_obj,$rc4_enc_src);
+                }
+        if (($rc5_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*\/rc5_enc\S*/ \$(RC5_ENC_OBJ)/;
+                $rules.=&do_asm_rule($rc5_enc_obj,$rc5_enc_src);
+                }
+        if (($md5_asm_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/;
+                $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src);
+                }
+        if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
+                $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
+                }
+        if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/;
+                $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
+                }
+        $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
+        $lib=($slib)?" \$(SHLIB_CFLAGS)":" \$(LIB_CFLAGS)";
+        $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
+        }
+$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
+foreach (split(/\s+/,$test))
+        {
+        $t=&bname($_);
+        $tt="\$(OBJ_D)${o}$t${obj}";
+        $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+        }
+$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
+$rules.= &do_lib_rule("\$(RSAGLUEOBJ)","\$(O_RSAGLUE)",$RSAglue,0,"")
+        unless $no_rsa;
+$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
+$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+print $defs;
+print "###################################################################\n";
+print $rules;
+###############################################
+# strip off any trailing .[och] and append the relative directory
+# also remembering to do nothing if we are in one of the dropped
+# directories
+sub var_add
+        {
+        local($dir,$val)=@_;
+        local(@a,$_,$ret);
+        return("") if $no_idea && $dir =~ /\/idea/;
+        return("") if $no_rc2  && $dir =~ /\/rc2/;
+        return("") if $no_rc4  && $dir =~ /\/rc4/;
+        return("") if $no_rc5  && $dir =~ /\/rc5/;
+        return("") if $no_rsa  && $dir =~ /\/rsa/;
+        return("") if $no_rsa  && $dir =~ /^rsaref/;
+        return("") if $no_dsa  && $dir =~ /\/dsa/;
+        return("") if $no_dh   && $dir =~ /\/dh/;
+        if ($no_des && $dir =~ /\/des/)
+                {
+                if ($val =~ /read_pwd/)
+                        { return("$dir/read_pwd "); }
+                else
+                        { return(""); }
+                }
+        return("") if $no_mdc2 && $dir =~ /\/mdc2/;
+        return("") if $no_sock && $dir =~ /\/proxy/;
+        return("") if $no_bf   && $dir =~ /\/bf/;
+        return("") if $no_cast && $dir =~ /\/cast/;
+        $val =~ s/^\s*(.*)\s*$/$1/;
+        @a=split(/\s+/,$val);
+        grep(s/\.[och]$//,@a);
+        @a=grep(!/^e_.*_3d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_i$/,@a) if $no_idea;
+        @a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
+        @a=grep(!/^e_.*_r5$/,@a) if $no_rc5;
+        @a=grep(!/^e_.*_bf$/,@a) if $no_bf;
+        @a=grep(!/^e_.*_c$/,@a) if $no_cast;
+        @a=grep(!/^e_rc4$/,@a) if $no_rc4;
+        @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+        @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+        @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
+        @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+        @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+        @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+        @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(^pem_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa;
+        @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa;
+        @a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4;
+        @a=grep(!/_dhp$/,@a) if $no_dh;
+        @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha;
+        @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        @a=grep(!/_mdc2$/,@a) if $no_mdc2;
+        @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+        @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+        @a=grep(!/^gendsa$/,@a) if $no_sha1;
+        @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
+        @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        grep($_="$dir/$_",@a);
+        @a=grep(!/(^|\/)s_/,@a) if $no_sock;
+        @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
+        $ret=join(' ',@a)." ";
+        return($ret);
+        }
+# change things so that each 'token' is only separated by one space
+sub clean_up_ws
+        {
+        local($w)=@_;
+        $w =~ s/^\s*(.*)\s*$/$1/;
+        $w =~ s/\s+/ /g;
+        return($w);
+        }
+sub do_defs
+        {
+        local($var,$files,$location,$postfix)=@_;
+        local($_,$ret,$pf);
+        local(*OUT,$tmp,$t);
+        $files =~ s/\//$o/g if $o ne '/';
+        $ret="$var="; 
+        $n=1;
+        $Vars{$var}.="";
+        foreach (split(/ /,$files))
+                {
+                $orig=$_;
+                $_=&bname($_) unless /^\$/;
+                if ($n++ == 2)
+                        {
+                        $n=0;
+                        $ret.="\\\n\t";
+                        }
+                if (($_ =~ /bss_file/) && ($postfix eq ".h"))
+                        { $pf=".c"; }
+                else    { $pf=$postfix; }
+                if ($_ =~ /BN_MULW/)    { $t="$_ "; }
+                elsif ($_ =~ /DES_ENC/) { $t="$_ "; }
+                elsif ($_ =~ /BF_ENC/)  { $t="$_ "; }
+                elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
+                elsif ($_ =~ /RC4_ENC/) { $t="$_ "; }
+                elsif ($_ =~ /RC5_ENC/) { $t="$_ "; }
+                elsif ($_ =~ /MD5_ASM/) { $t="$_ "; }
+                elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
+                elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
+                else    { $t="$location${o}$_$pf "; }
+                $Vars{$var}.="$t ";
+                $ret.=$t;
+                }
+        chop($ret);
+        $ret.="\n\n";
+        return($ret);
+        }
+# return the name with the leading path removed
+sub bname
+        {
+        local($ret)=@_;
+        $ret =~ s/^.*[\\\/]([^\\\/]+)$/$1/;
+        return($ret);
+        }
+# do a rule for each file that says 'copy' to new direcory on change
+sub do_copy_rule
+        {
+        local($to,$files,$p)=@_;
+        local($ret,$_,$n,$pp);
+        
+        $files =~ s/\//$o/g if $o ne '/';
+        foreach (split(/\s+/,$files))
+                {
+                $n=&bname($_);
+                if ($n =~ /bss_file/)
+                        { $pp=".c"; }
+                else    { $pp=$p; }
+                $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \$(SRC_D)$o$_$pp $to${o}$n$pp\n\n";
+                }
+        return($ret);
+        }
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+# compile the files in '$files' into $to
+sub do_compile_rule
+        {
+        local($to,$files,$ex)=@_;
+        local($ret,$_,$n);
+        
+        $files =~ s/\//$o/g if $o ne '/';
+        foreach (split(/\s+/,$files))
+                {
+                $n=&bname($_);
+                $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
+                }
+        return($ret);
+        }
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+sub cc_compile_target
+        {
+        local($target,$source,$ex_flags)=@_;
+        local($ret);
+        
+        # EAY EAY
+        $ex_flags.=' -DCFLAGS="\"$(CC) $(CFLAG)\""' if ($source =~ /cversion/);
+        $target =~ s/\//$o/g if $o ne "/";
+        $source =~ s/\//$o/g if $o ne "/";
+        $ret ="$target: \$(SRC_D)$o$source\n\t";
+        $ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n";
+        return($ret);
+        }
+##############################################################
+sub do_asm_rule
+        {
+        local($target,$src)=@_;
+        local($ret,@s,@t,$i);
+        $target =~ s/\//$o/g if $o ne "/";
+        $src =~ s/\//$o/g if $o ne "/";
+        @s=split(/\s+/,$src);
+        @t=split(/\s+/,$target);
+        for ($i=0; $i<=$#s; $i++)
+                {
+                $ret.="$t[$i]: $s[$i]\n";
+                $ret.="\t\$(ASM) $afile$t[$i] \$(SRC_D)$o$s[$i]\n\n";
+                }
+        return($ret);
+        }
+sub do_shlib_rule
+        {
+        local($n,$def)=@_;
+        local($ret,$nn);
+        local($t);
+        ($nn=$n) =~ tr/a-z/A-Z/;
+        $ret.="$n.dll: \$(${nn}OBJ)\n";
+        if ($vc && $w32)
+                {
+                $ret.="\t\$(MKSHLIB) $efile$n.dll $def @<<\n  \$(${nn}OBJ_F)\n<<\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
diff --git a/src/lib/libcrypto/util/mkcerts.sh b/src/lib/libcrypto/util/mkcerts.sh
new file mode 100644
index 0000000000..5f8a1dae73
--- /dev/null
+++ b/src/lib/libcrypto/util/mkcerts.sh
@@ -0,0 +1,220 @@
+#!bin/sh
+# This script will re-make all the required certs.
+# cd apps
+# sh ../util/mkcerts.sh
+# mv ca-cert.pem pca-cert.pem ../certs
+# cd ..
+# cat certs/*.pem >>apps/server.pem
+# cat certs/*.pem >>apps/server2.pem
+# SSLEAY=`pwd`/apps/ssleay; export SSLEAY
+# sh tools/c_rehash certs
+#
+ 
+CAbits=1024
+SSLEAY="../apps/ssleay"
+CONF="-config ../apps/ssleay.cnf"
+# create pca request.
+echo creating $CAbits bit PCA cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey $CAbits \
+        -keyout pca-key.pem \
+        -out pca-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Test PCA (1024 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating PCA request
+        exit 1
+fi
+#sign it.
+echo
+echo self signing PCA
+$SSLEAY x509 -md5 -days 1461 \
+        -req -signkey pca-key.pem \
+        -CAcreateserial -CAserial pca-cert.srl \
+        -in pca-req.pem -out pca-cert.pem
+if [ $? != 0 ]; then
+        echo problems self signing PCA cert
+        exit 1
+fi
+echo
+# create ca request.
+echo creating $CAbits bit CA cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey $CAbits \
+        -keyout ca-key.pem \
+        -out ca-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Test CA (1024 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating CA request
+        exit 1
+fi
+#sign it.
+echo
+echo signing CA
+$SSLEAY x509 -md5 -days 1461 \
+        -req \
+        -CAcreateserial -CAserial pca-cert.srl \
+        -CA pca-cert.pem -CAkey pca-key.pem \
+        -in ca-req.pem -out ca-cert.pem
+if [ $? != 0 ]; then
+        echo problems signing CA cert
+        exit 1
+fi
+echo
+# create server request.
+echo creating 512 bit server cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey 512 \
+        -keyout s512-key.pem \
+        -out s512-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Server test cert (512 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating 512 bit server cert request
+        exit 1
+fi
+#sign it.
+echo
+echo signing 512 bit server cert
+$SSLEAY x509 -md5 -days 365 \
+        -req \
+        -CAcreateserial -CAserial ca-cert.srl \
+        -CA ca-cert.pem -CAkey ca-key.pem \
+        -in s512-req.pem -out server.pem
+if [ $? != 0 ]; then
+        echo problems signing 512 bit server cert
+        exit 1
+fi
+echo
+# create 1024 bit server request.
+echo creating 1024 bit server cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey 1024 \
+        -keyout s1024key.pem \
+        -out s1024req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Server test cert (1024 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating 1024 bit server cert request
+        exit 1
+fi
+#sign it.
+echo
+echo signing 1024 bit server cert
+$SSLEAY x509 -md5 -days 365 \
+        -req \
+        -CAcreateserial -CAserial ca-cert.srl \
+        -CA ca-cert.pem -CAkey ca-key.pem \
+        -in s1024req.pem -out server2.pem
+if [ $? != 0 ]; then
+        echo problems signing 1024 bit server cert
+        exit 1
+fi
+echo
+# create 512 bit client request.
+echo creating 512 bit client cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey 512 \
+        -keyout c512-key.pem \
+        -out c512-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Client test cert (512 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating 512 bit client cert request
+        exit 1
+fi
+#sign it.
+echo
+echo signing 512 bit client cert
+$SSLEAY x509 -md5 -days 365 \
+        -req \
+        -CAcreateserial -CAserial ca-cert.srl \
+        -CA ca-cert.pem -CAkey ca-key.pem \
+        -in c512-req.pem -out client.pem
+if [ $? != 0 ]; then
+        echo problems signing 512 bit client cert
+        exit 1
+fi
+echo cleanup
+cat pca-key.pem  >> pca-cert.pem
+cat ca-key.pem   >> ca-cert.pem
+cat s512-key.pem >> server.pem
+cat s1024key.pem >> server2.pem
+cat c512-key.pem >> client.pem
+for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
+do
+$SSLEAY x509 -issuer -subject -in $i -noout >$$
+cat $$
+/bin/cat $i >>$$
+/bin/mv $$ $i
+done
+#/bin/rm -f *key.pem *req.pem *.srl
+echo Finished
diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl
new file mode 100644
index 0000000000..8124f11292
--- /dev/null
+++ b/src/lib/libcrypto/util/mkdef.pl
@@ -0,0 +1,292 @@
+#!/usr/bin/perl
+#
+# generate a .def file
+#
+# It does this by parsing the header files and looking for the
+# non-prototyped functions.
+#
+$crypto_num="util/libeay.num";
+$ssl_num=   "util/ssleay.num";
+$NT=1;
+foreach (@ARGV)
+        {
+        $NT=1 if $_ eq "32";
+        $NT=0 if $_ eq "16";
+        $do_ssl=1 if $_ eq "ssleay";
+        $do_crypto=1 if $_ eq "libeay";
+        }
+if (!$do_ssl && !$do_crypto)
+        {
+        print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 ]\n";
+        exit(1);
+        }
+%ssl_list=&load_numbers($ssl_num);
+%crypto_list=&load_numbers($crypto_num);
+$ssl="ssl/ssl.h";
+$crypto ="crypto/crypto.h";
+$crypto.=" crypto/des/des.h";
+$crypto.=" crypto/idea/idea.h";
+$crypto.=" crypto/rc4/rc4.h";
+$crypto.=" crypto/rc5/rc5.h";
+$crypto.=" crypto/rc2/rc2.h";
+$crypto.=" crypto/bf/blowfish.h";
+$crypto.=" crypto/cast/cast.h";
+$crypto.=" crypto/md2/md2.h";
+$crypto.=" crypto/md5/md5.h";
+$crypto.=" crypto/mdc2/mdc2.h";
+$crypto.=" crypto/sha/sha.h";
+$crypto.=" crypto/ripemd/ripemd.h";
+$crypto.=" crypto/bn/bn.h";
+$crypto.=" crypto/rsa/rsa.h";
+$crypto.=" crypto/dsa/dsa.h";
+$crypto.=" crypto/dh/dh.h";
+$crypto.=" crypto/stack/stack.h";
+$crypto.=" crypto/buffer/buffer.h";
+$crypto.=" crypto/bio/bio.h";
+$crypto.=" crypto/lhash/lhash.h";
+$crypto.=" crypto/conf/conf.h";
+$crypto.=" crypto/txt_db/txt_db.h";
+$crypto.=" crypto/evp/evp.h";
+$crypto.=" crypto/objects/objects.h";
+$crypto.=" crypto/pem/pem.h";
+#$crypto.=" crypto/meth/meth.h";
+$crypto.=" crypto/asn1/asn1.h";
+$crypto.=" crypto/asn1/asn1_mac.h";
+$crypto.=" crypto/err/err.h";
+$crypto.=" crypto/pkcs7/pkcs7.h";
+$crypto.=" crypto/x509/x509.h";
+$crypto.=" crypto/x509/x509_vfy.h";
+$crypto.=" crypto/rand/rand.h";
+$crypto.=" crypto/hmac/hmac.h";
+$match{'NOPROTO'}=1;
+$match2{'PERL5'}=1;
+&print_def_file(*STDOUT,"SSLEAY",*ssl_list,&do_defs("SSLEAY",$ssl))
+        if $do_ssl == 1;
+&print_def_file(*STDOUT,"LIBEAY",*crypto_list,&do_defs("LIBEAY",$crypto))
+        if $do_crypto == 1;
+sub do_defs
+        {
+        local($name,$files)=@_;
+        local(@ret);
+        $off=-1;
+        foreach $file (split(/\s+/,$files))
+                {
+#               print STDERR "reading $file\n";
+                open(IN,"<$file") || die "unable to open $file:$!\n";
+                $depth=0;
+                $pr=-1;
+                @np="";
+                $/=undef;
+                $a=<IN>;
+                while (($i=index($a,"/*")) >= 0)
+                        {
+                        $j=index($a,"*/");
+                        break unless ($j >= 0);
+                        $a=substr($a,0,$i).substr($a,$j+2);
+                #       print "$i $j\n";
+                        }
+                foreach (split("\n",$a))
+                        {
+                        if (/^\#\s*ifndef (.*)/)
+                                {
+                                push(@tag,$1);
+                                $tag{$1}=-1;
+                                next;
+                                }
+                        elsif (/^\#\s*if !defined\(([^\)]+)\)/)
+                                {
+                                push(@tag,$1);
+                                $tag{$1}=-1;
+                                next;
+                                }
+                        elsif (/^\#\s*ifdef (.*)/)
+                                {
+                                push(@tag,$1);
+                                $tag{$1}=1;
+                                next;
+                                }
+                        elsif (/^\#\s*if defined(.*)/)
+                                {
+                                push(@tag,$1);
+                                $tag{$1}=1;
+                                next;
+                                }
+                        elsif (/^\#\s*endif/)
+                                {
+                                $tag{$tag[$#tag]}=0;
+                                pop(@tag);
+                                next;
+                                }
+                        elsif (/^\#\s*else/)
+                                {
+                                $t=$tag[$#tag];
+                                $tag{$t}= -$tag{$t};
+                                next;
+                                }
+#printf STDERR "$_\n%2d %2d %2d %2d %2d $NT\n",
+#$tag{'NOPROTO'},$tag{'FreeBSD'},$tag{'WIN16'},$tag{'PERL5'},$tag{'NO_FP_API'};
+                        $t=undef;
+                        if (/^extern .*;$/)
+                                { $t=&do_extern($name,$_); }
+                        elsif ( ($tag{'NOPROTO'} == 1) &&
+                                ($tag{'FreeBSD'} != 1) &&
+                                (($NT && ($tag{'WIN16'} != 1)) ||
+                                 (!$NT && ($tag{'WIN16'} != -1))) &&
+                                ($tag{'PERL5'} != 1) &&
+#                               ($tag{'_WINDLL'} != -1) &&
+                                ((!$NT && $tag{'_WINDLL'} != -1) ||
+                                 ($NT && $tag{'_WINDLL'} != 1)) &&
+                                ((($tag{'NO_FP_API'} != 1) && $NT) ||
+                                 (($tag{'NO_FP_API'} != -1) && !$NT)))
+                                { $t=&do_line($name,$_); }
+                        else
+                                { $t=undef; }
+                        if (($t ne undef) && (!$done{$name,$t}))
+                                {
+                                $done{$name,$t}++;
+                                push(@ret,$t);
+#printf STDERR "one:$t\n" if $t =~ /BIO_/;
+                                }
+                        }
+                close(IN);
+                }
+        return(@ret);
+        }
+sub do_line
+        {
+        local($file,$_)=@_;
+        local($n);
+        return(undef) if /^$/;
+        return(undef) if /^\s/;
+#printf STDERR "two:$_\n" if $_ =~ /BIO_/;
+        if (/(CRYPTO_get_locking_callback)/)
+                { return($1); }
+        elsif (/(CRYPTO_get_id_callback)/)
+                { return($1); }
+        elsif (/(CRYPTO_get_add_lock_callback)/)
+                { return($1); }
+        elsif (/(SSL_CTX_get_verify_callback)/)
+                { return($1); }
+        elsif (/(SSL_get_info_callback)/)
+                { return($1); }
+        elsif ((!$NT) && /(ERR_load_CRYPTO_strings)/)
+                { return("ERR_load_CRYPTOlib_strings"); }
+        elsif (!$NT && /BIO_s_file/)
+                { return(undef); }
+        elsif (!$NT && /BIO_new_file/)
+                { return(undef); }
+        elsif (!$NT && /BIO_new_fp/)
+                { return(undef); }
+        elsif ($NT && /BIO_s_file_internal/)
+                { return(undef); }
+        elsif ($NT && /BIO_new_file_internal/)
+                { return(undef); }
+        elsif ($NT && /BIO_new_fp_internal/)
+                { return(undef); }
+        else
+                {
+                /\s\**(\S+)\s*\(/;
+                return($1);
+                }
+        }
+sub do_extern
+        {
+        local($file,$_)=@_;
+        local($n);
+        /\s\**(\S+);$/;
+        return($1);
+        }
+sub print_def_file
+        {
+        local(*OUT,$name,*nums,@functions)=@_;
+        local($n)=1;
+        if ($NT)
+                { $name.="32"; }
+        else
+                { $name.="16"; }
+        print OUT <<"EOF";
+;
+; Definition file for the DDL version of the $name library from SSLeay
+;
+LIBRARY         $name
+DESCRIPTION     'SSLeay $name - eay\@cryptsoft.com'
+EOF
+        if (!$NT)
+                {
+                print <<"EOF";
+CODE            PRELOAD MOVEABLE
+DATA            PRELOAD MOVEABLE SINGLE
+EXETYPE         WINDOWS
+HEAPSIZE        4096
+STACKSIZE       8192
+EOF
+                }
+        print "EXPORTS\n";
+        (@e)=grep(/^SSLeay/,@functions);
+        (@r)=grep(!/^SSLeay/,@functions);
+        @functions=((sort @e),(sort @r));
+        foreach $func (@functions)
+                {
+                if (!defined($nums{$func}))
+                        {
+                        printf STDERR "$func does not have a number assigned\n";
+                        }
+                else
+                        {
+                        $n=$nums{$func};
+                        printf OUT "    %s%-35s@%d\n",($NT)?"":"_",$func,$n;
+                        }
+                }
+        printf OUT "\n";
+        }
+sub load_numbers
+        {
+        local($name)=@_;
+        local($j,@a,%ret);
+        open(IN,"<$name") || die "unable to open $name:$!\n";
+        while (<IN>)
+                {
+                chop;
+                s/#.*$//;
+                next if /^\s*$/;
+                @a=split;
+                $ret{$a[0]}=$a[1];
+                }
+        close(IN);
+        return(%ret);
+        }
diff --git a/src/lib/libcrypto/util/perlpath.pl b/src/lib/libcrypto/util/perlpath.pl
new file mode 100644
index 0000000000..9e57e10ad4
--- /dev/null
+++ b/src/lib/libcrypto/util/perlpath.pl
@@ -0,0 +1,30 @@
+#!/usr/bin/perl
+#
+# modify the '#!/usr/local/bin/perl'
+# line in all scripts that rely on perl.
+#
+require "find.pl";
+$#ARGV == 0 || print STDERR "usage: perlpath newpath  (eg /usr/bin)\n";
+&find(".");
+sub wanted
+        {
+        return unless /\.pl$/ || /^[Cc]onfigur/;
+        open(IN,"<$_") || die "unable to open $dir/$_:$!\n";
+        @a=<IN>;
+        close(IN);
+        $a[0]="#!$ARGV[0]/perl\n";
+        # Playing it safe...
+        $new="$_.new";
+        open(OUT,">$new") || die "unable to open $dir/$new:$!\n";
+        print OUT @a;
+        close(OUT);
+        rename($new,$_) || die "unable to rename $dir/$new:$!\n";
+        chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n";
+        }
diff --git a/src/lib/libcrypto/util/pl/BC-16.pl b/src/lib/libcrypto/util/pl/BC-16.pl
new file mode 100644
index 0000000000..7c3fdb68f4
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/BC-16.pl
@@ -0,0 +1,146 @@
+#!/usr/bin/perl
+# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
+#
+$o='\\';
+$cp='copy';
+$rm='del';
+# C compiler stuff
+$cc='bcc';
+if ($debug)
+        { $op="-v "; }
+else    { $op="-O "; }
+$cflags="-d -ml $op -DL_ENDIAN";
+# I add the stack opt
+$base_lflags="/c /C";
+$lflags="$base_lflags";
+if ($win16)
+        {
+        $shlib=1;
+        $cflags.=" -DWINDOWS -DWIN16";
+        $app_cflag="-W";
+        $lib_cflag="-WD";
+        $lflags.="/Twe";
+        }
+else
+        {
+        $cflags.=" -DMSDOS";
+        $lflags.=" /Tde";
+        }
+if ($shlib)
+        {
+        $mlflags=" /Twd $base_lflags"; # stack if defined in .def file
+        $libs="libw ldllcew";
+        $no_asm=1;
+        }
+else
+        { $mlflags=''; }
+$obj='.obj';
+$ofile="-o";
+# EXE linking stuff
+$link="tlink";
+$efile="";
+$exep='.exe';
+$ex_libs="CL";
+$ex_libs.=$no_sock?"":" winsock.lib";
+$app_ex_obj="C0L.obj ";
+$shlib_ex_obj="" if ($shlib);
+# static library stuff
+$mklib='tlib';
+$ranlib='echo no ranlib';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+$asm='bcc -c -B -Tml';
+$afile='/o';
+if ($no_asm)
+        {
+        $bn_mulw_obj='';
+        $bn_mulw_src='';
+        }
+elsif ($asmbits == 32)
+        {
+        $bn_mulw_obj='crypto\bn\asm\x86w32.obj';
+        $bn_mulw_src='crypto\bn\asm\x86w32.asm';
+        }
+else
+        {
+        $bn_mulw_obj='crypto\bn\asm\x86w16.obj';
+        $bn_mulw_src='crypto\bn\asm\x86w16.asm';
+        }
+sub do_lib_rule
+        {
+        local($target,$name,$shlib)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) \$(O_$Name)\n";
+        # Due to a pathetic line length limit, I unwrap the args.
+        local($lib_names)="";
+        local($dll_names)="";
+        foreach $_ (sort split(/\s+/,$Vars{"${Name}OBJ"}))
+                {
+                $lib_names.="  +$_ &\n";
+                $dll_names.="  $_\n";
+                }
+        if (!$shlib)
+                {
+                $ret.="\t\$(MKLIB) $target & <<|\n$lib_names\n,\n|\n";
+                }
+        else
+                {
+                local($ex)=($Name eq "SSL")?' $(L_CRYPTO) winsock':"";
+                $ret.="\t\$(LINK) \$(MLFLAGS) @&&|\n";
+                $ret.=$dll_names;
+                $ret.="\n  $target\n\n  $ex $libs\nms$o${name}16.def;\n|\n";
+                ($out_lib=$target) =~ s/O_/L_/;
+                $ret.="\timplib /nowep $out_lib $target\n\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$f,$_,@f);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="  \$(LINK) @&&|";
+        
+        # Due to a pathetic line length limit, I have to unwrap the args.
+        $ret.=" \$(LFLAGS) ";
+        if ($files =~ /\(([^)]*)\)$/)
+                {
+                $ret.=" \$(APP_EX_OBJ)";
+                foreach $_ (sort split(/\s+/,$Vars{$1}))
+                        { $ret.="\n  $r $_ +"; }
+                chop($ret);
+                $ret.="\n";
+                }
+        else
+                { $ret.="\n $r \$(APP_EX_OBJ) $files\n"; }
+        $ret.="  $target\n\n  $libs\n\n|\n\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl
new file mode 100644
index 0000000000..3898d16f61
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/BC-32.pl
@@ -0,0 +1,135 @@
+#!/usr/bin/perl
+# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
+#
+$o='\\';
+$cp='copy';
+$rm='del';
+# C compiler stuff
+$cc='bcc32';
+if ($debug)
+        { $op="-v "; }
+else    { $op="-O "; }
+$cflags="-d $op -DL_ENDIAN ";
+# I add the stack opt
+$base_lflags="-c";
+$lflags="$base_lflags";
+$cflags.=" -DWINDOWS -DWIN32";
+$app_cflag="-WC";
+$lib_cflag="-WC";
+$lflags.=" -Tpe";
+if ($shlib)
+        {
+        $mlflags="$base_lflags -Tpe"; # stack if defined in .def file
+        $libs="libw ldllcew";
+        }
+else
+        { $mlflags=''; }
+$obj='.obj';
+$ofile="-o";
+# EXE linking stuff
+$link="tlink32";
+$efile="";
+$exep='.exe';
+$ex_libs="CW32.LIB IMPORT32.LIB";
+$ex_libs.=$no_sock?"":" wsock32.lib";
+$shlib_ex_obj="" if $shlib;
+$app_ex_obj="C0X32.OBJ";
+# static library stuff
+$mklib='tlib';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+$asm='ml /Cp /c /Cx';
+$afile='/Fo';
+if ($noasm)
+        {
+        $bn_mulw_obj='';
+        $bn_mulw_src='';
+        }
+else
+        {
+        $bn_mulw_obj='crypto\bn\asm\x86b32.obj';
+        $bn_mulw_src='crypto\bn\asm\x86m32.asm';
+        }
+sub do_lib_rule
+        {
+        local($target,$name,$shlib)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) \$(O_$Name)\n";
+        # Due to a pathetic line length limit, I unwrap the args.
+        local($lib_names)="";
+        local($dll_names)="";
+        foreach $_ (sort split(/\s+/,$Vars{"${Name}OBJ"}))
+                {
+                $lib_names.="  +$_ &\n";
+                $dll_names.="  $_\n";
+                }
+        if (!$shlib)
+                {
+                $ret.="\t\$(MKLIB) $target & <<|\n$lib_names\n,\n|\n";
+                }
+        else
+                {
+                # $(SHLIB_EX_OBJ)
+                local($ex)=($Name eq "SSL")?' $(L_CRYPTO) winsock':"";
+                $ret.="\t\$(LINK) \$(MLFLAGS) @&&|\n";
+                $ret.=$dll_names;
+                $ret.="\n  $target\n\n  $ex $libs\nms$o${name}16.def;\n|\n";
+                ($out_lib=$target) =~ s/O_/L_/;
+                $ret.="\timplib /nowep $out_lib $target\n\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$f,$_,@f);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="  \$(LINK) @&&|";
+        
+        # Due to a pathetic line length limit, I have to unwrap the args.
+        $r="  \$(LFLAGS) ";
+        if ($files =~ /\(([^)]*)\)$/)
+                {
+                @a=('$(APP_EX_OBJ)');
+                push(@a,sort split(/\s+/,$Vars{$1}));
+                foreach $_ (@a)
+                        {
+                        $ret.="\n  $r $_ +";
+                        $r="";
+                        }
+                chop($ret);
+                $ret.="\n";
+                }
+        else
+                { $ret.="\n $r \$(APP_EX_OBJ) $files\n"; }
+        $ret.="  $target\n\n  $libs\n\n|\n\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/VC-16.pl b/src/lib/libcrypto/util/pl/VC-16.pl
new file mode 100644
index 0000000000..a6e6c0241c
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/VC-16.pl
@@ -0,0 +1,173 @@
+#!/usr/bin/perl
+# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
+#
+$ssl=   "ssleay16";
+$crypto="libeay16";
+$RSAref="RSAref16";
+$o='\\';
+$cp='copy';
+$rm='del';
+# C compiler stuff
+$cc='cl';
+$out_def="out16";
+$tmp_def="tmp16";
+$inc_def="inc16";
+if ($debug)
+        {
+        $op="/Od /Zi /Zd";
+        $base_lflags="/CO";
+        }
+else    {
+        $op="/G2 /f- /Ocgnotb2";
+        }
+$base_lflags.=" /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000";
+if ($win16) { $base_lflags.=" /PACKD:60000"; }
+$cflags="/ALw /Gx- /Gt256 /Gf $op /W3 /WX -DL_ENDIAN /nologo";
+# I add the stack opt
+$lflags="$base_lflags /STACK:20000";
+if ($win16)
+        {
+        $cflags.=" -DWINDOWS -DWIN16";
+        $app_cflag="/Gw /FPi87";
+        $lib_cflag="/Gw";
+        $lib_cflag.=" -D_WINDLL -D_DLL" if $shlib;
+        $lib_cflag.=" -DWIN16TTY" if !$shlib;
+        $lflags.=" /ALIGN:256";
+        $ex_libs.="oldnames llibcewq libw";
+        }
+else
+        {
+        $no_sock=1;
+        $cflags.=" -DMSDOS";
+        $lflags.=" /EXEPACK";
+        $ex_libs.="oldnames.lib llibce.lib";
+        }
+if ($shlib)
+        {
+        $mlflags="$base_lflags";
+        $libs="oldnames ldllcew libw";
+        $shlib_ex_obj="";
+#       $no_asm=1;
+        $out_def="out16dll";
+        $tmp_def="tmp16dll";
+        }
+else
+        { $mlflags=''; }
+$app_ex_obj="setargv.obj";
+$obj='.obj';
+$ofile="/Fo";
+# EXE linking stuff
+$link="link";
+$efile="";
+$exep='.exe';
+$ex_libs.=$no_sock?"":" winsock";
+# static library stuff
+$mklib='lib /PAGESIZE:1024';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+$asm='ml /Cp /c /Cx';
+$afile='/Fo';
+$bn_mulw_obj='';
+$bn_mulw_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+if (!$no_asm)
+        {
+        if ($asmbits == 32)
+                {
+                $bn_mulw_obj='crypto\bn\asm\x86w32.obj';
+                $bn_mulw_src='crypto\bn\asm\x86w32.asm';
+                }
+        else
+                {
+                $bn_mulw_obj='crypto\bn\asm\x86w16.obj';
+                $bn_mulw_src='crypto\bn\asm\x86w16.asm';
+                }
+        }
+sub do_lib_rule
+        {
+        local($objs,$target,$name,$shlib)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+#       $target="\$(LIB_D)$o$target";
+        $ret.="$target: $objs\n";
+#       $ret.="\t\$(RM) \$(O_$Name)\n";
+        # Due to a pathetic line length limit, I unwrap the args.
+        local($lib_names)="";
+        local($dll_names)="  \$(SHLIB_EX_OBJ) +\n";
+        ($obj)= ($objs =~ /\((.*)\)/);
+        foreach $_ (sort split(/\s+/,$Vars{$obj}))
+                {
+                $lib_names.="+$_ &\n";
+                $dll_names.="  $_ +\n";
+                }
+        if (!$shlib)
+                {
+                $ret.="\tdel $target\n";
+                $ret.="\t\$(MKLIB) @<<\n$target\ny\n$lib_names\n\n<<\n";
+                }
+        else
+                {
+                local($ex)=($target =~ /O_SSL/)?'$(L_CRYPTO)':"";
+                $ex.=' winsock';
+                $ret.="\t\$(LINK) \$(MLFLAGS) @<<\n";
+                $ret.=$dll_names;
+                $ret.="\n  $target\n\n  $ex $libs\nms$o${name}.def;\n<<\n";
+                ($out_lib=$target) =~ s/O_/L_/;
+                $ret.="\timplib /noignorecase /nowep $out_lib $target\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$f,$_,@f);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="  \$(LINK) \$(LFLAGS) @<<\n";
+        
+        # Due to a pathetic line length limit, I have to unwrap the args.
+        if ($files =~ /\(([^)]*)\)$/)
+                {
+                @a=('$(APP_EX_OBJ)');
+                push(@a,sort split(/\s+/,$Vars{$1}));
+                for $_ (@a)
+                        { $ret.="  $_ +\n"; }
+                }
+        else
+                { $ret.="  \$(APP_EX_OBJ) $files"; }
+        $ret.="\n  $target\n\n  $libs\n\n<<\n\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl
new file mode 100644
index 0000000000..701e282c33
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/VC-32.pl
@@ -0,0 +1,133 @@
+#!/usr/bin/perl
+# VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries
+#
+$ssl=   "ssleay32";
+$crypto="libeay32";
+$RSAref="RSAref32";
+$o='\\';
+$cp='copy';
+$rm='del';
+# C compiler stuff
+$cc='cl';
+$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN';
+$lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
+$mlflags='';
+$out_def="out32";
+$tmp_def="tmp32";
+$inc_def="inc32";
+if ($debug)
+        {
+        $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWINDOWS -DWIN32 -D_DEBUG -DL_ENDIAN";
+        $lflags.=" /debug";
+        $mlflags.=' /debug';
+        }
+$obj='.obj';
+$ofile="/Fo";
+# EXE linking stuff
+$link="link";
+$efile="/out:";
+$exep='.exe';
+if ($no_sock)
+        { $ex_libs=""; }
+else    { $ex_libs="wsock32.lib user32.lib gdi32.lib"; }
+# static library stuff
+$mklib='lib';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='/out:';
+$shlib_ex_obj="";
+$app_ex_obj="setargv.obj";
+$asm='ml /Cp /coff /c /Cx';
+$asm.=" /Zi" if $debug;
+$afile='/Fo';
+$bn_mulw_obj='';
+$bn_mulw_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+if (!$no_asm)
+        {
+        $bn_mulw_obj='crypto\bn\asm\bn-win32.obj';
+        $bn_mulw_src='crypto\bn\asm\bn-win32.asm';
+        $des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
+        $des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
+        $bf_enc_obj='crypto\bf\asm\b-win32.obj';
+        $bf_enc_src='crypto\bf\asm\b-win32.asm';
+        $cast_enc_obj='crypto\cast\asm\c-win32.obj';
+        $cast_enc_src='crypto\cast\asm\c-win32.asm';
+        $rc4_enc_obj='crypto\rc4\asm\r4-win32.obj';
+        $rc4_enc_src='crypto\rc4\asm\r4-win32.asm';
+        $rc5_enc_obj='crypto\rc5\asm\r5-win32.obj';
+        $rc5_enc_src='crypto\rc5\asm\r5-win32.asm';
+        $md5_asm_obj='crypto\md5\asm\m5-win32.obj';
+        $md5_asm_src='crypto\md5\asm\m5-win32.asm';
+        $sha1_asm_obj='crypto\sha\asm\s1-win32.obj';
+        $sha1_asm_src='crypto\sha\asm\s1-win32.asm';
+        $rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj';
+        $rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm';
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+        }
+if ($shlib)
+        {
+        $mlflags.=" $lflags /dll";
+#       $cflags =~ s| /MD| /MT|;
+        $lib_cflag=" /GD -D_WINDLL -D_DLL";
+        $out_def="out32dll";
+        $tmp_def="tmp32dll";
+        }
+sub do_lib_rule
+        {
+        local($objs,$target,$name,$shlib)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+#       $target="\$(LIB_D)$o$target";
+        $ret.="$target: $objs\n";
+        if (!$shlib)
+                {
+#               $ret.="\t\$(RM) \$(O_$Name)\n";
+                $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs\n<<\n";
+                }
+        else
+                {
+                local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+                $ex.=' wsock32.lib gdi32.lib';
+                $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n";
+        $ret.="  \$(APP_EX_OBJ) $files $libs\n<<\n\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/linux.pl b/src/lib/libcrypto/util/pl/linux.pl
new file mode 100644
index 0000000000..2b13da1bfc
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/linux.pl
@@ -0,0 +1,96 @@
+#!/usr/bin/perl
+#
+# linux.pl - the standard unix makefile stuff.
+#
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+# C compiler stuff
+$cc='gcc';
+if ($debug)
+        { $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; }
+else
+        { $cflags="-O3 -fomit-frame-pointer"; }
+if (!$no_asm)
+        {
+        $bn_mulw_obj='$(OBJ_D)/bn86-elf.o';
+        $bn_mulw_src='crypto/bn/asm/bn86unix.cpp';
+        $des_enc_obj='$(OBJ_D)/dx86-elf.o $(OBJ_D)/yx86-elf.o';
+        $des_enc_src='crypto/des/asm/dx86unix.cpp crypto/des/asm/yx86unix.cpp';
+        $bf_enc_obj='$(OBJ_D)/bx86-elf.o';
+        $bf_enc_src='crypto/bf/asm/bx86unix.cpp';
+        $cast_enc_obj='$(OBJ_D)/cx86-elf.o';
+        $cast_enc_src='crypto/cast/asm/cx86unix.cpp';
+        $rc4_enc_obj='$(OBJ_D)/rx86-elf.o';
+        $rc4_enc_src='crypto/rc4/asm/rx86unix.cpp';
+        $md5_asm_obj='$(OBJ_D)/mx86-elf.o';
+        $md5_asm_src='crypto/md5/asm/mx86unix.cpp';
+        $sha1_asm_obj='$(OBJ_D)/sx86-elf.o';
+        $sha1_asm_src='crypto/sha/asm/sx86unix.cpp';
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM";
+        }
+$cflags.=" -DTERMIO -DL_ENDIAN -m486 -Wall";
+if ($shlib)
+        {
+        $shl_cflag=" -DPIC -fpic";
+        $shlibp=".so.$ssl_version";
+        $so_shlibp=".so";
+        }
+sub do_shlib_rule
+        {
+        local($obj,$target,$name,$shlib,$so_name)=@_;
+        local($ret,$_,$Name);
+        $target =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        $ret.="\$(LIB_D)$o$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) \$(LIB_D)$o$target\n";
+        $ret.="\tgcc \${CFLAGS} -shared -Wl,-soname,$target -o \$(LIB_D)$o$target \$(${Name}OBJ)\n";
+        ($t=$target) =~ s/(^.*)\/[^\/]*$/$1/;
+        if ($so_name ne "")
+                {
+                $ret.="\t\$(RM) \$(LIB_D)$o$so_name\n";
+                $ret.="\tln -s $target \$(LIB_D)$o$so_name\n\n";
+                }
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+        return($ret);
+        }
+sub do_asm_rule
+        {
+        local($target,$src)=@_;
+        local($ret,@s,@t,$i);
+        $target =~ s/\//$o/g if $o ne "/";
+        $src =~ s/\//$o/g if $o ne "/";
+        @s=split(/\s+/,$src);
+        @t=split(/\s+/,$target);
+        for ($i=0; $i<=$#s; $i++)
+                {
+                $ret.="$t[$i]: $s[$i]\n";
+                $ret.="\tgcc -E -DELF \$(SRC_D)$o$s[$i]|\$(AS) $afile$t[$i]\n\n";
+                }
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/unix.pl b/src/lib/libcrypto/util/pl/unix.pl
new file mode 100644
index 0000000000..ab4978fd20
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/unix.pl
@@ -0,0 +1,83 @@
+#!/usr/bin/perl
+#
+# unix.pl - the standard unix makefile stuff.
+#
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+# C compiler stuff
+if ($gcc)
+        {
+        $cc='gcc';
+        if ($debug)
+                { $cflags="-g2 -ggdb"; }
+        else
+                { $cflags="-O3 -fomit-frame-pointer"; }
+        }
+else
+        {
+        $cc='cc';
+        if ($debug)
+                { $cflags="-g"; }
+        else
+                { $cflags="-O"; }
+        }
+$obj='.o';
+$ofile='-o ';
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="";
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib='util/ranlib.sh';
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+$asm='as';
+$afile='-o ';
+$bn_mulw_obj="";
+$bn_mulw_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+sub do_lib_rule
+        {
+        local($obj,$target,$name,$shlib)=@_;
+        local($ret,$_,$Name);
+        $target =~ s/\//$o/g if $o ne '/';
+        $target="\$(LIB_D)$o$target";
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) $target\n";
+        $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+        $ret.="\t\$(RANLIB) $target\n\n";
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/point.sh b/src/lib/libcrypto/util/point.sh
new file mode 100644
index 0000000000..92c12e8282
--- /dev/null
+++ b/src/lib/libcrypto/util/point.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f $2
+ln -s $1 $2
diff --git a/src/lib/libcrypto/util/sp-diff.pl b/src/lib/libcrypto/util/sp-diff.pl
new file mode 100644
index 0000000000..2c88336858
--- /dev/null
+++ b/src/lib/libcrypto/util/sp-diff.pl
@@ -0,0 +1,80 @@
+#!/usr/bin/perl
+#
+# This file takes as input, the files that have been output from
+# ssleay speed.
+# It prints a table of the relative differences with %100 being 'no difference'
+#
+($#ARGV == 1) || die "$0 speedout1 speedout2\n";
+%one=&loadfile($ARGV[0]);
+%two=&loadfile($ARGV[1]);
+$line=0;
+foreach $a ("md2","md5","sha","sha1","rc4","des cfb","des cbc","des ede3",
+        "idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc","cast cbc")
+        {
+        if (defined($one{$a,8}) && defined($two{$a,8}))
+                {
+                print "type              8 byte%    64 byte%   256 byte%  1024 byte%  8192 byte%\n"
+                        unless $line;
+                $line++;
+                printf "%-12s ",$a;
+                foreach $b (8,64,256,1024,8192)
+                        {
+                        $r=$two{$a,$b}/$one{$a,$b}*100;
+                        printf "%12.2f",$r;
+                        }
+                print "\n";
+                }
+        }
+foreach $a      (
+                "rsa  512","rsa 1024","rsa 2048","rsa 4096",
+                "dsa  512","dsa 1024","dsa 2048",
+                )
+        {
+        if (defined($one{$a,1}) && defined($two{$a,1}))
+                {
+                $r1=($one{$a,1}/$two{$a,1})*100;
+                $r2=($one{$a,2}/$two{$a,2})*100;
+                printf "$a bits %%    %6.2f %%    %6.2f\n",$r1,$r2;
+                }
+        }
+sub loadfile
+        {
+        local($file)=@_;
+        local($_,%ret);
+        open(IN,"<$file") || die "unable to open '$file' for input\n";
+        $header=1;
+        while (<IN>)
+                {
+                $header=0 if /^[dr]sa/;
+                if (/^type/) { $header=0; next; }
+                next if $header;
+                chop;
+                @a=split;
+                if ($a[0] =~ /^[dr]sa$/)
+                        {
+                        ($n,$t1,$t2)=($_ =~ /^([dr]sa\s+\d+)\s+bits\s+([.\d]+)s\s+([.\d]+)/);
+                        $ret{$n,1}=$t1;
+                        $ret{$n,2}=$t2;
+                        }
+                else
+                        {
+                        $n=join(' ',grep(/[^k]$/,@a));
+                        @k=grep(s/k$//,@a);
+                        
+                        $ret{$n,   8}=$k[0];
+                        $ret{$n,  64}=$k[1];
+                        $ret{$n, 256}=$k[2];
+                        $ret{$n,1024}=$k[3];
+                        $ret{$n,8192}=$k[4];
+                        }
+                }
+        close(IN);
+        return(%ret);
+        }
diff --git a/src/lib/libcrypto/util/speed.sh b/src/lib/libcrypto/util/speed.sh
new file mode 100644
index 0000000000..f489706197
--- /dev/null
+++ b/src/lib/libcrypto/util/speed.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+#
+# This is a ugly script use, in conjuction with editing the 'b'
+# configuration in the $(TOP)/Configure script which will
+# output when finished a file called speed.log which is the
+# timings of SSLeay with various options turned on or off.
+#
+# from the $(TOP) directory
+# Edit Configure, modifying things to do with the b/bl-4c-2c etc
+# configurations.
+#
+make clean
+perl Configure b
+make
+apps/ssleay version -v -b -f >speed.1
+apps/ssleay speed >speed.1l
+perl Configure bl-4c-2c
+/bin/rm -f crypto/rc4/*.o crypto/bn/bn*.o crypto/md2/md2_dgst.o
+make
+apps/ssleay speed rc4 rsa md2 >speed.2l
+perl Configure bl-4c-ri
+/bin/rm -f crypto/rc4/rc4*.o
+make
+apps/ssleay speed rc4 >speed.3l
+perl Configure b2-is-ri-dp
+/bin/rm -f crypto/idea/i_*.o crypto/rc4/*.o crypto/des/ecb_enc.o crypto/bn/bn*.o
+apps/ssleay speed rsa rc4 idea des >speed.4l
+cat speed.1 >speed.log
+cat speed.1l >>speed.log
+perl util/sp-diff.pl speed.1l speed.2l >>speed.log
+perl util/sp-diff.pl speed.1l speed.3l >>speed.log
+perl util/sp-diff.pl speed.1l speed.4l >>speed.log
diff --git a/src/lib/libcrypto/util/src-dep.pl b/src/lib/libcrypto/util/src-dep.pl
new file mode 100644
index 0000000000..91242f7bb6
--- /dev/null
+++ b/src/lib/libcrypto/util/src-dep.pl
@@ -0,0 +1,147 @@
+#!/usr/bin/perl
+# we make up an array of
+# $file{function_name}=filename;
+# $unres{filename}="func1 func2 ...."
+$debug=1;
+#$nm_func="parse_linux";
+$nm_func="parse_solaris";
+foreach (@ARGV)
+        {
+        &$nm_func($_);
+        }
+foreach $file (sort keys %unres)
+        {
+        @a=split(/\s+/,$unres{$file});
+        %ff=();
+        foreach $func (@a)
+                {
+                $f=$file{$func};
+                $ff{$f}=1 if $f ne "";
+                }
+        foreach $a (keys %ff)
+                { $we_need{$file}.="$a "; }
+        }
+foreach $file (sort keys %we_need)
+        {
+#       print " $file $we_need{$file}\n";
+        foreach $bit (split(/\s+/,$we_need{$file}))
+                { push(@final,&walk($bit)); }
+        foreach (@final) { $fin{$_}=1; }
+        @final="";
+        foreach (sort keys %fin)
+                { push(@final,$_); }
+        print "$file: @final\n";
+        }
+sub walk
+        {
+        local($f)=@_;
+        local(@a,%seen,@ret,$r);
+        @ret="";
+        $f =~ s/^\s+//;
+        $f =~ s/\s+$//;
+        return "" if ($f =~ "^\s*$");
+        return(split(/\s/,$done{$f})) if defined ($done{$f});
+        return if $in{$f} > 0;
+        $in{$f}++;
+        push(@ret,$f);
+        foreach $r (split(/\s+/,$we_need{$f}))
+                {
+                push(@ret,&walk($r));
+                }
+        $in{$f}--;
+        $done{$f}=join(" ",@ret);
+        return(@ret);
+        }
+sub parse_linux
+        {
+        local($name)=@_;
+        open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n";
+        while (<IN>)
+                {
+                chop;
+                next if /^\s*$/;
+                if (/^[^[](.*):$/)
+                        {
+                        $file=$1;
+                        $file="$1.c" if /\[(.*).o\]/;
+                        print STDERR "$file\n";
+                        $we_need{$file}=" ";
+                        next;
+                        }
+                @a=split(/\s*\|\s*/);
+                next unless $#a == 7;
+                next unless $a[4] eq "GLOB";
+                if ($a[6] eq "UNDEF")
+                        {
+                        $unres{$file}.=$a[7]." ";
+                        }
+                else
+                        {
+                        if ($file{$a[7]} ne "")
+                                {
+                                print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n";
+                                }
+                        else
+                                {
+                                $file{$a[7]}=$file;
+                                }
+                        }
+                }
+        close(IN);
+        }
+sub parse_solaris
+        {
+        local($name)=@_;
+        open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n";
+        while (<IN>)
+                {
+                chop;
+                next if /^\s*$/;
+                if (/^(\S+):$/)
+                        {
+                        $file=$1;
+                        #$file="$1.c" if $file =~ /^(.*).o$/;
+                        print STDERR "$file\n";
+                        $we_need{$file}=" ";
+                        next;
+                        }
+                @a=split(/\s*\|\s*/);
+                next unless $#a == 7;
+                next unless $a[4] eq "GLOB";
+                if ($a[6] eq "UNDEF")
+                        {
+                        $unres{$file}.=$a[7]." ";
+                        print STDERR "$file needs $a[7]\n" if $debug;
+                        }
+                else
+                        {
+                        if ($file{$a[7]} ne "")
+                                {
+                                print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n";
+                                }
+                        else
+                                {
+                                $file{$a[7]}=$file;
+                                print STDERR "$file has $a[7]\n" if $debug;
+                                }
+                        }
+                }
+        close(IN);
+        }
diff --git a/src/lib/libcrypto/util/ssleay.num b/src/lib/libcrypto/util/ssleay.num
new file mode 100644
index 0000000000..359fa15df1
--- /dev/null
+++ b/src/lib/libcrypto/util/ssleay.num
@@ -0,0 +1,156 @@
+ERR_load_SSL_strings                    1
+SSL_CIPHER_description                  2
+SSL_CTX_add_client_CA                   3
+SSL_CTX_add_session                     4
+SSL_CTX_check_private_key               5
+SSL_CTX_ctrl                            6
+SSL_CTX_flush_sessions                  7
+SSL_CTX_free                            8
+SSL_CTX_get_client_CA_list              9
+SSL_CTX_get_verify_callback             10
+SSL_CTX_get_verify_mode                 11
+SSL_CTX_new                             12
+SSL_CTX_remove_session                  13
+SSL_CTX_set_cert_verify_cb              14
+SSL_CTX_set_cipher_list                 15
+SSL_CTX_set_client_CA_list              16
+SSL_CTX_set_default_passwd_cb           17
+SSL_CTX_set_ssl_version                 19
+SSL_CTX_set_verify                      21
+SSL_CTX_use_PrivateKey                  22
+SSL_CTX_use_PrivateKey_ASN1             23
+SSL_CTX_use_PrivateKey_file             24
+SSL_CTX_use_RSAPrivateKey               25
+SSL_CTX_use_RSAPrivateKey_ASN1          26
+SSL_CTX_use_RSAPrivateKey_file          27
+SSL_CTX_use_certificate                 28
+SSL_CTX_use_certificate_ASN1            29
+SSL_CTX_use_certificate_file            30
+SSL_SESSION_free                        31
+SSL_SESSION_new                         32
+SSL_SESSION_print                       33
+SSL_SESSION_print_fp                    34
+SSL_accept                              35
+SSL_add_client_CA                       36
+SSL_alert_desc_string                   37
+SSL_alert_desc_string_long              38
+SSL_alert_type_string                   39
+SSL_alert_type_string_long              40
+SSL_check_private_key                   41
+SSL_clear                               42
+SSL_connect                             43
+SSL_copy_session_id                     44
+SSL_ctrl                                45
+SSL_dup                                 46
+SSL_dup_CA_list                         47
+SSL_free                                48
+SSL_get_certificate                     49
+SSL_get_cipher_list                     52
+SSL_get_ciphers                         55
+SSL_get_client_CA_list                  56
+SSL_get_default_timeout                 57
+SSL_get_error                           58
+SSL_get_fd                              59
+SSL_get_peer_cert_chain                 60
+SSL_get_peer_certificate                61
+SSL_get_rbio                            63
+SSL_get_read_ahead                      64
+SSL_get_shared_ciphers                  65
+SSL_get_ssl_method                      66
+SSL_get_verify_callback                 69
+SSL_get_verify_mode                     70
+SSL_get_version                         71
+SSL_get_wbio                            72
+SSL_load_client_CA_file                 73
+SSL_load_error_strings                  74
+SSL_new                                 75
+SSL_peek                                76
+SSL_pending                             77
+SSL_read                                78
+SSL_renegotiate                         79
+SSL_rstate_string                       80
+SSL_rstate_string_long                  81
+SSL_set_accept_state                    82
+SSL_set_bio                             83
+SSL_set_cipher_list                     84
+SSL_set_client_CA_list                  85
+SSL_set_connect_state                   86
+SSL_set_fd                              87
+SSL_set_read_ahead                      88
+SSL_set_rfd                             89
+SSL_set_session                         90
+SSL_set_ssl_method                      91
+SSL_set_verify                          94
+SSL_set_wfd                             95
+SSL_shutdown                            96
+SSL_state_string                        97
+SSL_state_string_long                   98
+SSL_use_PrivateKey                      99
+SSL_use_PrivateKey_ASN1                 100
+SSL_use_PrivateKey_file                 101
+SSL_use_RSAPrivateKey                   102
+SSL_use_RSAPrivateKey_ASN1              103
+SSL_use_RSAPrivateKey_file              104
+SSL_use_certificate                     105
+SSL_use_certificate_ASN1                106
+SSL_use_certificate_file                107
+SSL_write                               108
+SSLeay_add_ssl_algorithms               109
+SSLv23_client_method                    110
+SSLv23_method                           111
+SSLv23_server_method                    112
+SSLv2_client_method                     113
+SSLv2_method                            114
+SSLv2_server_method                     115
+SSLv3_client_method                     116
+SSLv3_method                            117
+SSLv3_server_method                     118
+d2i_SSL_SESSION                         119
+i2d_SSL_SESSION                         120
+BIO_f_ssl                               121
+BIO_new_ssl                             122
+BIO_proxy_ssl_copy_session_id           123
+BIO_ssl_copy_session_id                 124
+SSL_do_handshake                        125
+SSL_get_privatekey                      126
+SSL_get_current_cipher                  127
+SSL_CIPHER_get_bits                     128
+SSL_CIPHER_get_version                  129
+SSL_CIPHER_get_name                     130
+BIO_ssl_shutdown                        131
+SSL_SESSION_cmp                         132
+SSL_SESSION_hash                        133
+SSL_SESSION_get_time                    134
+SSL_SESSION_set_time                    135
+SSL_SESSION_get_timeout                 136
+SSL_SESSION_set_timeout                 137
+SSL_CTX_get_ex_data                     138
+SSL_CTX_get_quiet_shutdown              140
+SSL_CTX_load_verify_locations           141
+SSL_CTX_set_default_verify_paths        142
+SSL_CTX_set_ex_data                     143
+SSL_CTX_set_quiet_shutdown              145
+SSL_SESSION_get_ex_data                 146
+SSL_SESSION_set_ex_data                 148
+SSL_get_SSL_CTX                         150
+SSL_get_ex_data                         151
+SSL_get_quiet_shutdown                  153
+SSL_get_session                         154
+SSL_get_shutdown                        155
+SSL_get_verify_result                   157
+SSL_set_ex_data                         158
+SSL_set_info_callback                   160
+SSL_set_quiet_shutdown                  161
+SSL_set_shutdown                        162
+SSL_set_verify_result                   163
+SSL_version                             164
+SSL_get_info_callback                   165
+SSL_state                               166
+SSL_CTX_get_ex_new_index                167
+SSL_SESSION_get_ex_new_index            168
+SSL_get_ex_new_index                    169
+TLSv1_method                            170
+TLSv1_server_method                     171
+TLSv1_client_method                     172
+BIO_new_buffer_ssl_connect              173
+BIO_new_ssl_connect                     174
diff --git a/src/lib/libcrypto/util/tab_num.pl b/src/lib/libcrypto/util/tab_num.pl
new file mode 100644
index 0000000000..77b591d92f
--- /dev/null
+++ b/src/lib/libcrypto/util/tab_num.pl
@@ -0,0 +1,17 @@
+#!/usr/bin/perl
+$num=1;
+$width=40;
+while (<>)
+        {
+        chop;
+        $i=length($_);
+        $n=$width-$i;
+        $i=int(($n+7)/8);
+        print $_.("\t" x $i).$num."\n";
+        $num++;
+        }
diff --git a/src/lib/libcrypto/util/x86asm.sh b/src/lib/libcrypto/util/x86asm.sh
new file mode 100644
index 0000000000..81d3289860
--- /dev/null
+++ b/src/lib/libcrypto/util/x86asm.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+echo Generating x86 assember
+echo Bignum
+(cd crypto/bn/asm; perl bn-586.pl cpp > bn86unix.cpp)
+(cd crypto/bn/asm; perl bn-586.pl win32 > bn-win32.asm)
+echo DES
+(cd crypto/des/asm; perl des-586.pl cpp > dx86unix.cpp)
+(cd crypto/des/asm; perl des-586.pl win32 > d-win32.asm)
+echo "crypt(3)"
+(cd crypto/des/asm; perl crypt586.pl cpp > yx86unix.cpp)
+(cd crypto/des/asm; perl crypt586.pl win32 > y-win32.asm)
+echo Blowfish
+(cd crypto/bf/asm; perl bf-586.pl cpp > bx86unix.cpp)
+(cd crypto/bf/asm; perl bf-586.pl win32 > b-win32.asm)
+echo CAST5
+(cd crypto/cast/asm; perl cast-586.pl cpp > cx86unix.cpp)
+(cd crypto/cast/asm; perl cast-586.pl win32 > c-win32.asm)
+echo RC4
+(cd crypto/rc4/asm; perl rc4-586.pl cpp > rx86unix.cpp)
+(cd crypto/rc4/asm; perl rc4-586.pl win32 > r4-win32.asm)
+echo MD5
+(cd crypto/md5/asm; perl md5-586.pl cpp > mx86unix.cpp)
+(cd crypto/md5/asm; perl md5-586.pl win32 > m5-win32.asm)
+echo SHA1
+(cd crypto/sha/asm; perl sha1-586.pl cpp > sx86unix.cpp)
+(cd crypto/sha/asm; perl sha1-586.pl win32 > s1-win32.asm)
+echo RIPEMD160
+(cd crypto/ripemd/asm; perl rmd-586.pl cpp > rm86unix.cpp)
+(cd crypto/ripemd/asm; perl rmd-586.pl win32 > rm-win32.asm)
+echo RC5/32
+(cd crypto/rc5/asm; perl rc5-586.pl cpp > r586unix.cpp)
+(cd crypto/rc5/asm; perl rc5-586.pl win32 > r5-win32.asm)
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure
new file mode 100644
index 0000000000..1dc0ed320c
--- /dev/null
+++ b/src/lib/libssl/src/Configure
@@ -0,0 +1,569 @@
+#!/usr/bin/perl
+# see PROBLEMS for instructions on what sort of things to do when 
+# tracking a bug --tjh
+#
+# extra options
+# -DRSAref      build to use RSAref
+# -DNO_IDEA     build with no IDEA algorithm
+# -DNO_RC4      build with no RC4 algorithm
+# -DNO_RC2      build with no RC2 algorithm
+# -DNO_BF       build with no Blowfish algorithm
+# -DNO_DES      build with no DES/3DES algorithm
+# -DNO_MD2      build with no MD2 algorithm
+#
+# DES_PTR       use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
+# DES_RISC1     use different DES_ENCRYPT macro that helps reduce register
+#               dependancies but needs to more registers, good for RISC CPU's
+# DES_RISC2     A different RISC variant.
+# DES_UNROLL    unroll the inner DES loop, sometimes helps, somtimes hinders.
+# DES_INT       use 'int' instead of 'long' for DES_LONG in crypto/des/des.h
+#               This is used on the DEC Alpha where long is 8 bytes
+#               and int is 4
+# BN_LLONG      use the type 'long long' in crypto/bn/bn.h
+# MD2_CHAR      use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
+# MD2_LONG      use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
+# IDEA_SHORT    use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
+# IDEA_LONG     use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
+# RC2_SHORT     use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
+# RC2_LONG      use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
+# RC4_CHAR      use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+# RC4_LONG      use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+# RC4_INDEX     define RC4_INDEX in crypto/rc4/rc4_locl.h.  This turns on
+#               array lookups instead of pointer use.
+# BF_PTR        use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
+# BF_PTR2       use a pentium/intel specific version.
+# MD5_ASM       use some extra md5 assember,
+# SHA1_ASM      use some extra sha1 assember, must define L_ENDIAN for x86
+# RMD160_ASM    use some extra ripemd160 assember,
+# BN_ASM        use some extra bn assember,
+$x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
+# MD2_CHAR slags pentium pros
+$x86_gcc_opts="RC4_INDEX MD2_INT BF_PTR2";
+# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
+# Don't worry about these normally
+$tcc="cc";
+$tflags="-fast -Xa";
+$tbn_mul="";
+$tlib="-lnsl -lsocket";
+#$bits1="SIXTEEN_BIT ";
+#$bits2="THIRTY_TWO_BIT ";
+$bits1="THIRTY_TWO_BIT ";
+$bits2="SIXTY_FOUR_BIT ";
+$x86_sol_asm="asm/bn86-sol.o:asm/dx86-sol.o:asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
+$x86_elf_asm="asm/bn86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
+$x86_out_asm="asm/bn86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
+$x86_bsdi_asm="asm/bn86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
+# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
+# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
+#config-string  CC : CFLAGS : LDFLAGS : special header file mods:bn_asm \
+# des_asm:bf_asm
+%table=(
+#"b",           "$tcc:$tflags:$tlib:$bits1:$tbn_mul::",
+#"bl-4c-2c",    "$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
+#"bl-4c-ri",    "$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
+#"b2-is-ri-dp", "$tcc:$tflags:$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",
+# A few of my development configs
+"purify",       "purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
+"debug",        "gcc:-DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::::",
+"dist",         "cc:-O -DNOPROTO::::",
+# Basic configs that should work on any box
+"gcc",          "gcc:-O3::BN_LLONG:::",
+"cc",           "cc:-O -DNOPROTO -DNOCONST:::::",
+# My solaris setups
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DBN_ASM:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm:",
+"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
+# DO NOT use /xO[34] on sparc with SC3.0. 
+# It is broken, and will not pass the tests
+"solaris-sparc-cc","cc:-fast -O -Xa -DB_ENDIAN:\
+        -lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:asm/sparc.o::",
+# SC4.0 is ok, better than gcc, except for the bignum stuff.
+# -fast slows things like DES down quite a lot
+"solaris-sparc-sc4","cc:-xO5 -Xa -DB_ENDIAN:-lsocket -lnsl:\
+        BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
+"solaris-usparc-sc4","cc:-xtarget=ultra -xarch=v8plus -Xa -xO5 -DB_ENDIAN:\
+        -lsocket -lnsl:\
+        BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
+# Sunos configs, assuming sparc for the gcc one.
+"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::DES_UNROLL:::",
+"sunos-gcc","gcc:-O3 -mv8::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::",
+# SGI configurations.  If the box is rather old (r3000 cpu), you will
+# probably have to remove the '-mips2' flag.  I've only been using
+# IRIX 5.[23].
+#"irix-gcc","gcc:-O2 -mips2::BN_LLONG RC4_INDEX RC4_CHAR:::",
+"irix-gcc","gcc:-O2 -DTERMIOS -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
+"irix-cc", "cc:-O2 -DTERMIOS -DB_ENDIAN::DES_PTR DES_RISC2 DES_UNROLL BF_PTR:asm/r3000.o::",
+"debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:::asm/r3000.o::",
+# HPUX config.  I've been building on HPUX 9, so the options may be
+# different on version 10.  The pa-risc2.o assember file is 2 times
+# faster than the old asm/pa-risc.o version but it may not run on old
+# PA-RISC CPUs.  If you have problems, swap back to the old one.
+# Both were generated by gcc, so use the C version with the PA-RISC specific
+# options turned on if you are using gcc.
+"hpux-cc",      "cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::",
+"hpux-kr-cc",   "cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::",
+"hpux-gcc",     "gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# Dec Alpha, OSF/1 - the alpha400-cc is the flags for a 21164A with
+# the new compiler
+"alpha-gcc","gcc:-O3::SIXTY_FOUR_BIT_LONGS DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
+"alpha-cc", "cc:-O2::SIXTY_FOUR_BIT_LONGS DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
+"alpha400-cc", "cc:-arch host -tune host -fast -std -O4 -inline speed::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
+# bn86-elf.o file file since it is hand tweaked assembler.
+"linux-elf",    "gcc:-DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-linux-elf","gcc:-DREF_CHECK -DBN_ASM -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"linux-aout",   "gcc:-DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-m86",   "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-x86",   "gcc:-DTERMIOS -DBN_ASM -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::SIXTY_FOUR_BIT_LONGS DES_INT DES_PTR DES_RISC2:::",
+"OpenBSD-x86",   "gcc:-DTERMIOS -DBN_ASM -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"OpenBSD-bigendian", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"FreeBSD",   "gcc:-DTERMIOS -DBN_ASM -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+#"bsdi-gcc",     "gcc:-O3 -ffast-math -DBN_ASM -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:$x86_bsdi_asm",
+"nextstep",     "cc:-O3 -Wall -DBN_ASM::BN_LLONG $x86_gcc_des $x86_gcc_opts:::",
+# NCR MP-RAS UNIX ver 02.03.01
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::",
+# UnixWare 2.0
+"unixware-2.0","cc:-O -DFILIO_H:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::",
+"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX $x86_des_des::",
+# IBM's AIX.
+"aix-cc",   "cc:-O -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
+"aix-gcc",  "gcc:-O2 -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
+#
+# Cray T90 (SDSC)
+# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
+# defined.  The T90 ints and longs are 8 bytes long, and apparently the
+# B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
+# non L_ENDIAN code aligns the bytes in each word correctly.
+#
+# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
+#'Taking the address of a bit field is not allowed. '
+#'An expression with bit field exists as the operand of "sizeof" '
+# (written by Wayne Schroeder <schroede@SDSC.EDU>)
+"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
+# DGUX, 88100.
+"dgux-R3-gcc",  "gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc",  "gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-x86-gcc",      "gcc:-O3 -DBN_ASM -fomit-frame-pointer -DL_ENDIAN:-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+# SCO 5
+"sco5-cc",  "cc:-O:-lsocket:$x86_gcc_des $x86_gcc_opts:::", # des options?
+# Sinix RM400
+"SINIX-N","/usr/ucb/cc:-O2 -misaligned:-lucb:RC4_INDEX RC4_CHAR:::",
+# Windows NT, Microsoft Visual C++ 4.0
+# hmm... bug in perl under NT, I need to concatinate :-(
+"VC-NT","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::",
+"VC-WIN32","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::",
+"VC-WIN16","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-W31-16","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-W31-32","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-MSDOS","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+# Borland C++ 4.5
+"BC-32","bcc32:::DES_PTR RC4_INDEX:::",
+"BC-16","bcc:::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+);
+$postfix="org";
+$Makefile="Makefile.ssl";
+$des_locl="crypto/des/des_locl.h";
+$des    ="crypto/des/des.h";
+$bn     ="crypto/bn/bn.h";
+$md2    ="crypto/md2/md2.h";
+$rc4    ="crypto/rc4/rc4.h";
+$rc4_locl="crypto/rc4/rc4_locl.h";
+$idea   ="crypto/idea/idea.h";
+$rc2    ="crypto/rc2/rc2.h";
+$bf     ="crypto/bf/bf_locl.h";
+$bn_mulw="bn_mulw.o";
+$des_enc="des_enc.o fcrypt_b.o";
+$bf_enc ="bf_enc.o";
+$cast_enc="c_enc.o";
+$rc4_enc="rc4_enc.o";
+$rc5_enc="rc5_enc.o";
+$md5_obj="";
+$sha1_obj="";
+$rmd160_obj="";
+if ($#ARGV < 0)
+        {
+        &bad_target;
+        exit(1);
+        }
+$flags="";
+foreach (@ARGV)
+        {
+        if ($_ =~ /^-/)
+                {
+                if ($_ =~ /^-[lL](.*)$/)
+                        {
+                        $libs.=$_." ";
+                        }
+                elsif ($_ =~ /^-D(.*)$/)
+                        {
+                        $flags.=$_." ";
+                        }
+                else
+                        {
+                        die "unknown options, only -Dxxx, -Lxxx -lxxx supported\n";
+                        }
+                }
+        else
+                {
+                die "target already defined - $target\n" if ($target ne "");
+                $target=$_;
+                if (!defined($table{$target}))
+                        {
+                        &bad_target;
+                        exit(1);
+                        }
+                }
+        }
+if (!defined($table{$target}))
+        {
+        &bad_target;
+        exit(1);
+        }
+($cc,$cflags,$lflags,$bn_ops,$bn_obj,$des_obj,$bf_obj,$md5_obj,$sha1_obj,
+        $cast_obj,$rc4_obj,$rmd160_obj,$rc5_obj)=
+        split(/\s*:\s*/,$table{$target});
+$cflags="$flags$cflags" if ($flags ne "");
+$lflags="$libs$lflags"if ($libs ne "");
+$bn_obj=$bn_mulw        unless ($bn_obj =~ /\.o$/);
+$des_obj=$des_enc       unless ($des_obj =~ /\.o$/);
+$bf_obj=$bf_enc         unless ($bf_obj =~ /\.o$/);
+$cast_obj=$cast_enc     unless ($cast_obj =~ /\.o$/);
+$rc4_obj=$rc4_enc       unless ($rc4_obj =~ /\.o$/);
+$rc5_obj=$rc5_enc       unless ($rc5_obj =~ /\.o$/);
+if ($sha1_obj =~ /\.o$/)
+        {
+#       $sha1_obj=$sha1_enc;
+        $cflags.=" -DSHA1_ASM";
+        }
+if ($md5_obj =~ /\.o$/)
+        {
+#       $md5_obj=$md5_enc;
+        $cflags.=" -DMD5_ASM";
+        }
+if ($rmd160_obj =~ /\.o$/)
+        {
+#       $rmd160_obj=$rmd160_enc;
+        $cflags.=" -DRMD160_ASM";
+        }
+$n=&file_new($Makefile);
+open(IN,"<".$Makefile) || die "unable to read $Makefile:$!\n";
+open(OUT,">".$n) || die "unable to read $n:$!\n";
+while (<IN>)
+        {
+        chop;
+        s/^CC=.*$/CC= $cc/;
+        s/^CFLAG=.*$/CFLAG= $cflags/;
+        s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
+        s/^BN_MULW=.*$/BN_MULW= $bn_obj/;
+        s/^DES_ENC=.*$/DES_ENC= $des_obj/;
+        s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
+        s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
+        s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
+        s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
+        s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
+        s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
+        s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
+        print OUT $_."\n";
+        }
+close(IN);
+close(OUT);
+&Rename($Makefile,&file_old($Makefile));
+&Rename($n,$Makefile);
+print "CC            =$cc\n";
+print "CFLAG         =$cflags\n";
+print "EX_LIBS       =$lflags\n";
+print "BN_MULW       =$bn_obj\n";
+print "DES_ENC       =$des_obj\n";
+print "BF_ENC        =$bf_obj\n";
+print "CAST_ENC      =$cast_obj\n";
+print "RC4_ENC       =$rc4_obj\n";
+print "RC5_ENC       =$rc5_obj\n";
+print "MD5_OBJ_ASM   =$md5_obj\n";
+print "SHA1_OBJ_ASM  =$sha1_obj\n";
+print "RMD160_OBJ_ASM=$rmd160_obj\n";
+$des_ptr=0;
+$des_risc1=0;
+$des_risc2=0;
+$des_unroll=0;
+$bn_ll=0;
+$def_int=2;
+$rc4_int=$def_int;
+$md2_int=$def_int;
+$idea_int=$def_int;
+$rc2_int=$def_int;
+$rc4_idx=0;
+$bf_ptr=0;
+@type=("char","short","int","long");
+($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
+foreach (sort split(/\s+/,$bn_ops))
+        {
+        $des_ptr=1 if /DES_PTR/;
+        $des_risc1=1 if /DES_RISC1/;
+        $des_risc2=1 if /DES_RISC2/;
+        $des_unroll=1 if /DES_UNROLL/;
+        $des_int=1 if /DES_INT/;
+        $bn_ll=1 if /BN_LLONG/;
+        $rc4_int=0 if /RC4_CHAR/;
+        $rc4_int=3 if /RC4_LONG/;
+        $rc4_idx=1 if /RC4_INDEX/;
+        $md2_int=0 if /MD2_CHAR/;
+        $md2_int=3 if /MD2_LONG/;
+        $idea_int=1 if /IDEA_SHORT/;
+        $idea_int=3 if /IDEA_LONG/;
+        $rc2_int=1 if /RC2_SHORT/;
+        $rc2_int=3 if /RC2_LONG/;
+        $bf_ptr=1 if $_ eq "BF_PTR";
+        $bf_ptr=2 if $_ eq "BF_PTR2";
+        ($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/;
+        ($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
+        ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
+        ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
+        ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
+        }
+(($in=$bn) =~ s/\.([^.]+)/.$postfix/);
+$n=&file_new($bn);
+open(IN,"<".$in) || die "unable to read $bn:$!\n";
+open(OUT,">$n") || die "unable to read $n:$!\n";
+while (<IN>)
+        {
+        if      (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
+                { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
+        elsif   (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
+                { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
+        elsif   (/^#((define)|(undef))\s+THIRTY_TWO_BIT/)
+                { printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; }
+        elsif   (/^#((define)|(undef))\s+SIXTEEN_BIT/)
+                { printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; }
+        elsif   (/^#((define)|(undef))\s+EIGHT_BIT/)
+                { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
+        elsif   (/^#((define)|(undef))\s+BN_LLONG\s*$/)
+                { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
+        else
+                { print OUT $_; }
+        }
+close(IN);
+close(OUT);
+&Rename($bn,&file_old($bn));
+&Rename($n,$bn);
+(($in=$des) =~ s/\.([^.]+)/.$postfix/);
+$n=&file_new($des);
+open(IN,"<".$in) || die "unable to read $des:$!\n";
+open(OUT,">$n") || die "unable to read $n:$!\n";
+while (<IN>)
+        {
+        if      (/^\#define\s+DES_LONG\s+.*/)
+                { printf OUT "#define DES_LONG unsigned %s\n",
+                        ($des_int)?'int':'long'; }
+        else
+                { print OUT $_; }
+        }
+close(IN);
+close(OUT);
+&Rename($des,&file_old($des));
+&Rename($n,$des);
+(($in=$des_locl) =~ s/\.([^.]+)/.$postfix/);
+$n=&file_new($des_locl);
+open(IN,"<".$in) || die "unable to read $des_locl:$!\n";
+open(OUT,">$n") || die "unable to read $n:$!\n";
+while (<IN>)
+        {
+        if      (/^\#(define|undef)\s+DES_PTR/)
+                { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
+        elsif   (/^\#(define|undef)\s+DES_RISC1/)
+                { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
+        elsif   (/^\#(define|undef)\s+DES_RISC2/)
+                { printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
+        elsif   (/^\#(define|undef)\s+DES_UNROLL/)
+                { printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
+        else
+                { print OUT $_; }
+        }
+close(IN);
+close(OUT);
+&Rename($des_locl,&file_old($des_locl));
+&Rename($n,$des_locl);
+(($in=$rc4) =~ s/\.([^.]+)/.$postfix/);
+$n=&file_new($rc4);
+open(IN,"<".$in) || die "unable to read $rc4:$!\n";
+open(OUT,">$n") || die "unable to read $n:$!\n";
+while (<IN>)
+        {
+        if      (/^#define\s+RC4_INT\s/)
+                { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
+        else
+                { print OUT $_; }
+        }
+close(IN);
+close(OUT);
+&Rename($rc4,&file_old($rc4));
+&Rename($n,$rc4);
+(($in=$rc4_locl) =~ s/\.([^.]+)/.$postfix/);
+$n=&file_new($rc4_locl);
+open(IN,"<".$in) || die "unable to read $rc4_locl:$!\n";
+open(OUT,">$n") || die "unable to read $n:$!\n";
+while (<IN>)
+        {
+        if      (/^#((define)|(undef))\s+RC4_INDEX/)
+                { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
+        else
+                { print OUT $_; }
+        }
+close(IN);
+close(OUT);
+&Rename($rc4_locl,&file_old($rc4_locl));
+&Rename($n,$rc4_locl);
+(($in=$md2) =~ s/\.([^.]+)/.$postfix/);
+$n=&file_new($md2);
+open(IN,"<".$in) || die "unable to read $bn:$!\n";
+open(OUT,">$n") || die "unable to read $n:$!\n";
+while (<IN>)
+        {
+        if      (/^#define\s+MD2_INT\s/)
+                { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
+        else
+                { print OUT $_; }
+        }
+close(IN);
+close(OUT);
+&Rename($md2,&file_old($md2));
+&Rename($n,$md2);
+(($in=$idea) =~ s/\.([^.]+)/.$postfix/);
+$n=&file_new($idea);
+open(IN,"<".$in) || die "unable to read $idea:$!\n";
+open(OUT,">$n") || die "unable to read $n:$!\n";
+while (<IN>)
+        {
+        if      (/^#define\s+IDEA_INT\s/)
+                {printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
+        else
+                { print OUT $_; }
+        }
+close(IN);
+close(OUT);
+&Rename($idea,&file_old($idea));
+&Rename($n,$idea);
+(($in=$rc2) =~ s/\.([^.]+)/.$postfix/);
+$n=&file_new($rc2);
+open(IN,"<".$in) || die "unable to read $rc2:$!\n";
+open(OUT,">$n") || die "unable to read $n:$!\n";
+while (<IN>)
+        {
+        if      (/^#define\s+RC2_INT\s/)
+                {printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
+        else
+                { print OUT $_; }
+        }
+close(IN);
+close(OUT);
+&Rename($rc2,&file_old($rc2));
+&Rename($n,$rc2);
+(($in=$bf) =~ s/\.([^.]+)/.$postfix/);
+$n=&file_new($bf);
+open(IN,"<".$in) || die "unable to read $bf:$!\n";
+open(OUT,">$n") || die "unable to read $n:$!\n";
+while (<IN>)
+        {
+        if (/^#(define|undef)\s+BF_PTR/)
+                {
+                printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
+                printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
+                printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
+                }
+        else
+                { print OUT $_; }
+        }
+close(IN);
+close(OUT);
+&Rename($bf,&file_old($bf));
+&Rename($n,$bf);
+print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
+print "SIXTY_FOUR_BIT mode\n" if $b64;
+print "THIRTY_TWO_BIT mode\n" if $b32;
+print "SIXTEEN_BIT mode\n" if $b16;
+print "EIGHT_BIT mode\n" if $b8;
+print "DES_PTR used\n" if $des_ptr;
+print "DES_RISC1 used\n" if $des_risc1;
+print "DES_RISC2 used\n" if $des_risc2;
+print "DES_UNROLL used\n" if $des_unroll;
+print "DES_INT used\n" if $des_int;
+print "BN_LLONG mode\n" if $bn_ll;
+print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int;
+print "RC4_INDEX mode\n" if $rc4_idx;
+print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int;
+print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
+print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
+print "BF_PTR used\n" if $bf_ptr == 1; 
+print "BF_PTR2 used\n" if $bf_ptr == 2; 
+exit(0);
+sub bad_target
+        {
+        print STDERR "Usage: Configure [-Dxxx] [-Lxxx] [-lxxx] os/compiler\n";
+        print STDERR "pick os/compiler from:";
+        $j=0;
+        foreach $i (sort keys %table)
+                {
+                next if /^b-/;
+                print STDERR "\n" if ($j++ % 4) == 0;
+                printf(STDERR "%-18s ",$i);
+                }
+        print STDERR "\n";
+        }
+sub Rename
+        {
+        local($from,$to)=@_;
+        unlink($to);
+#       rename($from,$to) || die "unable to rename $from to $to:$!\n";
+        rename($from,$to) # Don't care if it fails..
+        }
+sub file_new { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.new/; $a; }
+sub file_old { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.old/; $a; }
diff --git a/src/lib/libssl/src/INSTALL b/src/lib/libssl/src/INSTALL
new file mode 100644
index 0000000000..d394bf8a7b
--- /dev/null
+++ b/src/lib/libssl/src/INSTALL
@@ -0,0 +1,128 @@
+# Installation of SSLeay.
+# It depends on perl for a few bits but those steps can be skipped and
+# the top level makefile edited by hand
+# When bringing the SSLeay distribution back from the evil intel world
+# of Windows NT, do the following to make it nice again under unix :-)
+# You don't normally need to run this.
+sh util/fixNT.sh        # This only works for NT now - eay - 21-Jun-1996
+# If you have perl, and it is not in /usr/local/bin, you can run
+perl util/perlpath.pl /new/path
+# and this will fix the paths in all the scripts.  DO NOT put
+# /new/path/perl, just /new/path. The build
+# environment always run scripts as 'perl perlscript.pl' but some of the
+# 'applications' are easier to usr with the path fixed.
+# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
+# to set the install locations if you don't like
+# the default location of /usr/local/ssl
+# Do this by running
+perl util/ssldir.pl /new/ssl/home
+# if you have perl, or by hand if not.
+# If things have been stuffed up with the sym links, run
+make -f Makefile.ssl links
+# This will re-populate lib/include with symlinks and for each
+# directory, link Makefile to Makefile.ssl
+# Setup the machine dependent stuff for the top level makefile
+# and some select .h files
+# If you don't have perl, this will bomb, in which case just edit the
+# top level Makefile.ssl
+./Configure 'system type'
+# The 'Configure' command contains default configuration parameters
+# for lots of machines.  Configure edits 5 lines in the top level Makefile
+# It modifies the following values in the following files
+Makefile.ssl            CC CFLAG EX_LIBS BN_MULW
+crypto/des/des.h        DES_LONG
+crypto/des/des_locl.h   DES_PTR
+crypto/md2/md2.h        MD2_INT
+crypto/rc4/rc4.h        RC4_INT
+crypto/rc4/rc4_enc.c    RC4_INDEX
+crypto/rc2/rc2.h        RC2_INT
+crypto/bf/bf_locl.h     BF_INT
+crypto/idea/idea.h      IDEA_INT
+crypto/bn/bn.h          BN_LLONG (and defines one of SIXTY_FOUR_BIT,
+                                  SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
+                                  SIXTEEN_BIT or EIGHT_BIT)
+Please remember that all these files are actually copies of the file with
+a .org extention.  So if you change crypto/des/des.h, the next time
+you run Configure, it will be runover by a 'configured' version of
+crypto/des/des.org.  So to make the changer the default, change the .org
+files.  The reason these files have to be edited is because most of
+these modifications change the size of fundamental data types.
+While in theory this stuff is optional, it often makes a big
+difference in performance and when using assember, it is importaint
+for the 'Bignum bits' match those required by the assember code.
+A warning for people using gcc with sparc cpu's.  Gcc needs the -mv8
+flag to use the hardware multiply instruction which was not present in
+earlier versions of the sparc CPU.  I define it by default.  If you
+have an old sparc, and it crashes, try rebuilding with this flag
+removed.  I am leaving this flag on by default because it makes
+things run 4 times faster :-)
+# clean out all the old stuff
+make clean
+# Do a make depend only if you have the makedepend command installed
+# This is not needed but it does make things nice when developing.
+make depend
+# make should build everything
+make
+# fix up the demo certificate hash directory if it has been stuffed up.
+make rehash
+# test everything
+make test
+# install the lot
+make install
+# It is worth noting that all the applications are built into the one
+# program, ssleay, which is then has links from the other programs
+# names to it.
+# The applicatons can be built by themselves, just don't define the
+# 'MONOLITH' flag.  So to build the 'enc' program stand alone,
+gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
+# Other useful make options are
+make makefile.one
+# which generate a 'makefile.one' file which will build the complete
+# SSLeay distribution with temp. files in './tmp' and 'installable' files
+# in './out'
+# Have a look at running
+perl util/mk1mf.pl help
+# this can be used to generate a single makefile and is about the only
+# way to generate makefiles for windows.
+# There is actually a final way of building SSLeay.
+gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
+gcc -O2 -c -Issl -Iinclude ssl/ssl.c
+# and you now have the 2 libraries as single object files :-).
+# If you want to use the assember code for your particular platform
+# (DEC alpha/x86 are the main ones, the other assember is just the
+# output from gcc) you will need to link the assember with the above generated
+# object file and also do the above compile as
+gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
+This last option is probably the best way to go when porting to another
+platform or building shared libraries.  It is not good for development so
+I don't normally use it.
+To build shared libararies under unix, have a look in shlib, basically 
+you are on your own, but it is quite easy and all you have to do
+is compile 2 (or 3) files.
+For mult-threading, have a read of doc/threads.doc.  Again it is quite
+easy and normally only requires some extra callbacks to be defined
+by the application.
+The examples for solaris and windows NT/95 are in the mt directory.
+have fun
+eric 25-Jun-1997
diff --git a/src/lib/libssl/src/PROBLEMS b/src/lib/libssl/src/PROBLEMS
new file mode 100644
index 0000000000..d78e2d9a23
--- /dev/null
+++ b/src/lib/libssl/src/PROBLEMS
@@ -0,0 +1,50 @@
+If you have any problems with SSLeay then please take the following 
+steps:
+    Remove the ASM version of the BN routines (edit Configure)
+    Remove the compiler optimisation flags
+    Add in the compiler debug flags (-g)
+Note: if using gcc then remove -fomit-frame-pointer before you try
+      to debug things.
+If you wish to report a bug then please include the following information
+in any bug report:
+    SSLeay Details
+        - Version, most of these details can be got from the
+          'ssleay version -a' command.
+    Operating System Details
+        - OS Name
+        - OS Version
+        - Hardware platform
+    Compiler Details
+        - Name
+        - Version
+    Application Details 
+        - Name 
+        - Version 
+    Problem Description
+        - include steps that will reproduce the problem (if known)
+    Stack Traceback (if the application dumps core)
+For example:
+    SSLeay-0.5.1a
+    SunOS 5.3, SPARC, SunC 3.0
+    SSLtelnet-0.7
+    Core dumps when using telnet with SSL support in bn_mul() with 
+    the following stack trackback 
+        ...
+Report the bug to either
+    ssleay@mincom.oz.au (Eric and Tim)
+or
+    ssl-bugs@mincom.oz.au (mailing list of active developers)
+Tim Hudson
+tjh@mincom.oz.au
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README
new file mode 100644
index 0000000000..eaa77007f0
--- /dev/null
+++ b/src/lib/libssl/src/README
@@ -0,0 +1,173 @@
+                SSLeay 0.9.0b 29-Jun-1998
+                Copyright (c) 1997, Eric Young
+                All rights reserved.
+This directory contains Eric Young's (eay@cryptsoft.com) implementation
+of SSL and supporting libraries.
+The current version of this library is available from
+    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
+There are patches to a number of internet applications which can be found in
+    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
+A Web page containing the SSLeay FAQ written by Tim Hudson <tjh@cryptsoft.com> 
+can be found at 
+    http://www.psy.uq.oz.au/~ftp/Crypto
+Additional documentation is being slowly written by Eric Young, and is being
+added to http://www.cryptsoft.com/ssleay/doc.  It will normally also be
+available on http://www.psy.uq.oz.au/~ftp/Crypto/ssleay
+This Library and programs are FREE for commercial and non-commercial
+usage.  The only restriction is that I must be attributed with the
+development of this code.  See the COPYRIGHT file for more details.
+Donations would still be accepted :-).
+THIS LIBRARY IS NOT %100 COMPATABLE WITH SSLeay 0.6.6
+The package includes
+libssl.a:
+        My implementation of SSLv2, SSLv3 and the required code to support
+        both SSLv2 and SSLv3 in the one server.
+libcrypto.a:
+        General encryption and X509 stuff needed by SSL but not
+        actually logically part of it.  It includes routines for the following:
+  Ciphers
+        libdes - My libdes DES encryption package which has been floating
+                around the net for a few years.  It includes 15
+                'modes/variations' of DES (1, 2 and 3 key versions of ecb,
+                cbc, cfb and ofb; pcbc and a more general form of cfb and ofb)
+                including desx in cbc mode,
+                a fast crypt(3), and routines to read passwords from the
+                keyboard.
+        RC4 encryption,
+        RC2 encryption          - 4 different modes, ecb, cbc, cfb and ofb.
+        Blowfish encryption     - 4 different modes, ecb, cbc, cfb and ofb.
+        IDEA encryption         - 4 different modes, ecb, cbc, cfb and ofb.
+  Digests
+        MD5 and MD2 message digest algorithms, fast implementations,
+        SHA (SHA-0) and SHA-1 message digest algorithms,
+        MDC2 message digest.  A DES based hash that is polular on smart cards.
+  Public Key
+        RSA encryption/decryption/generation.  There is no limit
+                on the number of bits.
+        DSA encryption/decryption/generation.   There is no limit on the
+                number of bits.
+        Diffie-Hellman key-exchange/key generation.  There is no limit
+                on the number of bits.
+  X509v3 certificates
+        X509 encoding/decoding into/from binary ASN1 and a PEM
+                based ascii-binary encoding which supports encryption with
+                a private key.
+        Program to generate RSA and DSA certificate requests and to
+                generate RSA and DSA certificates.
+  Systems
+        The normal digital envelope routines and base64 encoding.
+        Higher level access to ciphers and digests by name.  New ciphers can be
+                loaded at run time.
+        The BIO io system which is a simple non-blocking IO abstraction.
+                Current methods supported are file descriptors, sockets,
+                socket accept, socket connect, memory buffer, buffering,
+                SSL client/server, file pointer, encryption, digest,
+                non-blocking testing and null.
+  Data structures
+        A dynamically growing hashing system
+        A simple stack.
+        A Configuration loader that uses a format similar to MS .ini files.
+Programs in this package include
+        enc     - a general encryption program that can encrypt/decrypt using
+                one of 17 different cipher/mode combinations.  The
+                input/output can also be converted to/from base64
+                ascii encoding.
+        dgst    - a generate message digesting program that will generate
+                message digests for any of md2, md5, sha (sha-0 or sha-1)
+                or mdc2.
+        asn1parse - parse and display the structure of an asn1 encoded
+                binary file.
+        rsa     - Manipulate RSA private keys.
+        dsa     - Manipulate DSA private keys.
+        dh      - Manipulate Diffie-Hellman parameter files.
+        dsaparam- Manipulate and generate DSA parameter files.
+        crl     - Manipulate certificate revocation lists.
+        crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
+        x509    - Manipulate x509 certificates, self-sign certificates.
+        req     - Manipulate PKCS#10 certificate requests and also
+                  generate certificate requests.
+        genrsa  - Generates an arbitrary sized RSA private key.
+        gendh   - Generates a set of Diffie-Hellman parameters, the prime
+                  will be a strong prime.
+        ca      - Create certificates from PKCS#10 certificate requests.
+                  This program also maintains a database of certificates
+                  issued.
+        verify  - Check x509 certificate signatures.
+        speed   - Benchmark SSLeay's ciphers.
+        s_server- A test SSL server.
+        s_client- A test SSL client.
+        s_time  - Benchmark SSL performance of SSL server programs.
+        errstr  - Convert from SSLeay hex error codes to a readable form.
+        
+Documents avaliable are
+        A Postscript and html reference manual
+        (written by Tim Hudson tjh@cryptsoft.com).
+        A list of text protocol references I used.
+        An initial version of the library manual.
+To install this package, read the INSTALL file.
+For the Microsoft word, read MICROSOFT
+This library has been compiled and tested on Solaris 2.[34] (sparc and x86),
+SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5(?), IRIX 5.[23],
+LINUX, NeXT (intel), linux, Windows NT, Windows 3.1, MSDOS 6.22.
+Multithreading has been tested under Windows NT and Solaris 2.5.1
+Due to time constraints, the current release has only be rigorously tested
+on Solaris 2.[45], Linux and Windows NT.
+For people in the USA, it is possible to compile SSLeay to use RSA
+Inc.'s public key library, RSAref.  From my understanding, it is
+claimed by RSA Inc. to be illegal to use my public key routines inside the USA.
+Read doc/rsaref.doc on how to build with RSAref.
+Read the documentation in the doc directory.  It is quite rough,
+but it lists the functions, you will probably have to look at
+the code to work out how to used them.  I will be working on
+documentation.  Look at the example programs.
+There should be a SSL reference manual which is being put together by
+Tim Hudson (tjh@cryptsoft.com) in the same location as this
+distribution.  This contains a lot more information that is very
+useful.  For a description of X509 Certificates, their use, and
+certification, read rfc1421, rfc1422, rfc1423 and rfc1424.  ssl/README
+also goes over the mechanism.
+We have setup some mailing lists for use by people that are interested
+in helping develop this code and/or ask questions.
+    ssl-bugs@mincom.oz.au
+    ssl-users@mincom.oz.au
+    ssl-bugs-request@mincom.oz.au
+    ssl-users-request@mincom.oz.au
+I have recently read about a new form of software, that which is in
+a permanent state of beta release.  Linux and Netscape are 2 good 
+examples of this, and I would also add SSLeay to this category.
+The Current stable release is 0.6.6.  It has a few minor problems.
+0.8.0 is not call compatable so make sure you have the correct version
+of SSLeay to link with.  
+eric (Jun 1997)
+Eric Young (eay@cryptsoft.com)
+86 Taunton St.
+Annerley 4103.
+Australia.
diff --git a/src/lib/libssl/src/apps/CA.sh b/src/lib/libssl/src/apps/CA.sh
new file mode 100644
index 0000000000..1942b985a2
--- /dev/null
+++ b/src/lib/libssl/src/apps/CA.sh
@@ -0,0 +1,132 @@
+#!/bin/sh
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+#      some setup stuff to be done before you can use it and this makes
+#      things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq ... will generate a certificate request 
+# CA -sign ... will sign the generated request and output 
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key 
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh    Added more things ... including CA -signcert which
+#                  converts a certificate to a request and then signs it.
+# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+#                  environment variable so this can be driven from
+#                  a script.
+# 25-Jul-96 eay    Cleaned up filenames some more.
+# 11-Jun-96 eay    Fixed a few filename missmatches.
+# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh    Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+# default ssleay.cnf file has setup as per the following
+# demoCA ... where everything is stored
+DAYS="-days 365"
+REQ="ssleay req $SSLEAY_CONFIG"
+CA="ssleay ca $SSLEAY_CONFIG"
+VERIFY="ssleay verify"
+X509="ssleay x509"
+CATOP=./demoCA
+CAKEY=./cakey.pem
+CACERT=./cacert.pem
+for i
+do
+case $i in
+-\?|-h|-help)
+    echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2
+    exit 0
+    ;;
+-newcert) 
+    # create a certificate
+    $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
+    RET=$?
+    echo "Certificate (and private key) is in newreq.pem"
+    ;;
+-newreq) 
+    # create a certificate request
+    $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
+    RET=$?
+    echo "Request (and private key) is in newreq.pem"
+    ;;
+-newca)     
+    # if explictly asked for or it doesn't exist then setup the directory
+    # structure that Eric likes to manage things 
+    NEW="1"
+    if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
+        # create the directory hierarchy
+        mkdir ${CATOP} 
+        mkdir ${CATOP}/certs 
+        mkdir ${CATOP}/crl 
+        mkdir ${CATOP}/newcerts
+        mkdir ${CATOP}/private
+        echo "01" > ${CATOP}/serial
+        touch ${CATOP}/index.txt
+    fi
+    if [ ! -f ${CATOP}/private/$CAKEY ]; then
+        echo "CA certificate filename (or enter to create)"
+        read FILE
+        # ask user for existing CA certificate
+        if [ "$FILE" ]; then
+            cp $FILE ${CATOP}/private/$CAKEY
+            RET=$?
+        else
+            echo "Making CA certificate ..."
+            $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
+                           -out ${CATOP}/$CACERT $DAYS
+            RET=$?
+        fi
+    fi
+    ;;
+-xsign)
+    $CA -policy policy_anything -infiles newreq.pem 
+    RET=$?
+    ;;
+-sign|-signreq) 
+    $CA -policy policy_anything -out newcert.pem -infiles newreq.pem
+    RET=$?
+    cat newcert.pem
+    echo "Signed certificate is in newcert.pem"
+    ;;
+-signcert) 
+    echo "Cert passphrase will be requested twice - bug?"
+    $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
+    $CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+    cat newcert.pem
+    echo "Signed certificate is in newcert.pem"
+    ;;
+-verify) 
+    shift
+    if [ -z "$1" ]; then
+            $VERIFY -CAfile $CATOP/$CACERT newcert.pem
+            RET=$?
+    else
+        for j
+        do
+            $VERIFY -CAfile $CATOP/$CACERT $j
+            if [ $? != 0 ]; then
+                    RET=$?
+            fi
+        done
+    fi
+    exit 0
+    ;;
+*)
+    echo "Unknown arg $i";
+    exit 1
+    ;;
+esac
+done
+exit $RET
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
new file mode 100644
index 0000000000..5f0c8fa539
--- /dev/null
+++ b/src/lib/libssl/src/apps/apps.c
@@ -0,0 +1,320 @@
+/* apps/apps.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+#ifdef WINDOWS
+#  include "bss_file.c"
+#endif
+#ifndef NOPROTO
+int app_init(long mesgwin);
+#else
+int app_init();
+#endif
+#ifdef undef /* never finished - probably never will be :-) */
+int args_from_file(file,argc,argv)
+char *file;
+int *argc;
+char **argv[];
+        {
+        FILE *fp;
+        int num,i;
+        unsigned int len;
+        static char *buf=NULL;
+        static char **arg=NULL;
+        char *p;
+        struct stat stbuf;
+        if (stat(file,&stbuf) < 0) return(0);
+        fp=fopen(file,"r");
+        if (fp == NULL)
+                return(0);
+        *argc=0;
+        *argv=NULL;
+        len=(unsigned int)stbuf.st_size;
+        if (buf != NULL) Free(buf);
+        buf=(char *)Malloc(len+1);
+        if (buf == NULL) return(0);
+        len=fread(buf,1,len,fp);
+        if (len <= 1) return(0);
+        buf[len]='\0';
+        i=0;
+        for (p=buf; *p; p++)
+                if (*p == '\n') i++;
+        if (arg != NULL) Free(arg);
+        arg=(char **)Malloc(sizeof(char *)*(i*2));
+        *argv=arg;
+        num=0;
+        p=buf;
+        for (;;)
+                {
+                if (!*p) break;
+                if (*p == '#') /* comment line */
+                        {
+                        while (*p && (*p != '\n')) p++;
+                        continue;
+                        }
+                /* else we have a line */
+                *(arg++)=p;
+                num++;
+                while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
+                        p++;
+                if (!*p) break;
+                if (*p == '\n')
+                        {
+                        *(p++)='\0';
+                        continue;
+                        }
+                /* else it is a tab or space */
+                p++;
+                while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+                        p++;
+                if (!*p) break;
+                if (*p == '\n')
+                        {
+                        p++;
+                        continue;
+                        }
+                *(arg++)=p++;
+                num++;
+                while (*p && (*p != '\n')) p++;
+                if (!*p) break;
+                /* else *p == '\n' */
+                *(p++)='\0';
+                }
+        *argc=num;
+        return(1);
+        }
+#endif
+int str2fmt(s)
+char *s;
+        {
+        if      ((*s == 'D') || (*s == 'd'))
+                return(FORMAT_ASN1);
+        else if ((*s == 'T') || (*s == 't'))
+                return(FORMAT_TEXT);
+        else if ((*s == 'P') || (*s == 'p'))
+                return(FORMAT_PEM);
+        else if ((*s == 'N') || (*s == 'n'))
+                return(FORMAT_NETSCAPE);
+        else
+                return(FORMAT_UNDEF);
+        }
+#if defined(MSDOS) || defined(WIN32) || defined(WIN16)
+void program_name(in,out,size)
+char *in;
+char *out;
+int size;
+        {
+        int i,n;
+        char *p=NULL;
+        n=strlen(in);
+        /* find the last '/', '\' or ':' */
+        for (i=n-1; i>0; i--)
+                {
+                if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
+                        {
+                        p= &(in[i+1]);
+                        break;
+                        }
+                }
+        if (p == NULL)
+                p=in;
+        n=strlen(p);
+        /* strip off trailing .exe if present. */
+        if ((n > 4) && (p[n-4] == '.') &&
+                ((p[n-3] == 'e') || (p[n-3] == 'E')) &&
+                ((p[n-2] == 'x') || (p[n-2] == 'X')) &&
+                ((p[n-1] == 'e') || (p[n-1] == 'E')))
+                n-=4;
+        if (n > size-1)
+                n=size-1;
+        for (i=0; i<n; i++)
+                {
+                if ((p[i] >= 'A') && (p[i] <= 'Z'))
+                        out[i]=p[i]-'A'+'a';
+                else
+                        out[i]=p[i];
+                }
+        out[n]='\0';
+        }
+#else
+void program_name(in,out,size)
+char *in;
+char *out;
+int size;
+        {
+        char *p;
+        p=strrchr(in,'/');
+        if (p != NULL)
+                p++;
+        else
+                p=in;
+        strncpy(out,p,size-1);
+        out[size-1]='\0';
+        }
+#endif
+#ifdef WIN32
+int WIN32_rename(from,to)
+char *from;
+char *to;
+        {
+        int ret;
+        ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
+        return(ret?0:-1);
+        }
+#endif
+int chopup_args(arg,buf,argc,argv)
+ARGS *arg;
+char *buf;
+int *argc;
+char **argv[];
+        {
+        int num,len,i;
+        char *p;
+        *argc=0;
+        *argv=NULL;
+        len=strlen(buf);
+        i=0;
+        if (arg->count == 0)
+                {
+                arg->count=20;
+                arg->data=(char **)Malloc(sizeof(char *)*arg->count);
+                }
+        for (i=0; i<arg->count; i++)
+                arg->data[i]=NULL;
+        num=0;
+        p=buf;
+        for (;;)
+                {
+                /* first scan over white space */
+                if (!*p) break;
+                while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+                        p++;
+                if (!*p) break;
+                /* The start of something good :-) */
+                if (num >= arg->count)
+                        {
+                        arg->count+=20;
+                        arg->data=(char **)Realloc(arg->data,
+                                sizeof(char *)*arg->count);
+                        if (argc == 0) return(0);
+                        }
+                arg->data[num++]=p;
+                /* now look for the end of this */
+                if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
+                        {
+                        i= *(p++);
+                        arg->data[num-1]++; /* jump over quote */
+                        while (*p && (*p != i))
+                                p++;
+                        *p='\0';
+                        }
+                else
+                        {
+                        while (*p && ((*p != ' ') &&
+                                (*p != '\t') && (*p != '\n')))
+                                p++;
+                        if (*p == '\0')
+                                p--;
+                        else
+                                *p='\0';
+                        }
+                p++;
+                }
+        *argc=num;
+        *argv=arg->data;
+        return(1);
+        }
+#ifndef APP_INIT
+int app_init(mesgwin)
+long mesgwin;
+        {
+        return(1);
+        }
+#endif
diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h
new file mode 100644
index 0000000000..25a9262e03
--- /dev/null
+++ b/src/lib/libssl/src/apps/apps.h
@@ -0,0 +1,150 @@
+/* apps/apps.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_APPS_H
+#define HEADER_APPS_H
+#include "e_os.h"
+#include "buffer.h"
+#include "bio.h"
+#include "crypto.h"
+#include "progs.h"
+#ifdef NO_STDIO
+BIO_METHOD *BIO_s_file();
+#endif
+#ifdef WIN32
+#define rename(from,to) WIN32_rename((from),(to))
+int WIN32_rename(char *oldname,char *newname);
+#endif
+#ifndef MONOLITH
+#define MAIN(a,v)       main(a,v)
+#ifndef NON_MAIN
+BIO *bio_err=NULL;
+#else
+extern BIO *bio_err;
+#endif
+#else
+#define MAIN(a,v)       PROG(a,v)
+#include "conf.h"
+extern LHASH *config;
+extern char *default_config_file;
+extern BIO *bio_err;
+#endif
+#include <signal.h>
+#ifdef SIGPIPE
+#define do_pipe_sig()   signal(SIGPIPE,SIG_IGN)
+#else
+#define do_pipe_sig()
+#endif
+#if defined(MONOLITH) && !defined(SSLEAY)
+#  define apps_startup()        do_pipe_sig()
+#else
+#  if defined(MSDOS) || defined(WIN16) || defined(WIN32)
+#    ifdef _O_BINARY
+#      define apps_startup() \
+                _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+                SSLeay_add_all_algorithms()
+#    else
+#      define apps_startup() \
+                _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+                SSLeay_add_all_algorithms()
+#    endif
+#  else
+#    define apps_startup()      do_pipe_sig(); SSLeay_add_all_algorithms();
+#  endif
+#endif
+typedef struct args_st
+        {
+        char **data;
+        int count;
+        } ARGS;
+#ifndef NOPROTO
+int should_retry(int i);
+int args_from_file(char *file, int *argc, char **argv[]);
+int str2fmt(char *s);
+void program_name(char *in,char *out,int size);
+int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
+#else
+int should_retry();
+int args_from_file();
+int str2fmt();
+void program_name();
+int chopup_args();
+#endif
+#define FORMAT_UNDEF    0
+#define FORMAT_ASN1     1
+#define FORMAT_TEXT     2
+#define FORMAT_PEM      3
+#define FORMAT_NETSCAPE 4
+#endif
diff --git a/src/lib/libssl/src/apps/asn1pars.c b/src/lib/libssl/src/apps/asn1pars.c
new file mode 100644
index 0000000000..3d382282e4
--- /dev/null
+++ b/src/lib/libssl/src/apps/asn1pars.c
@@ -0,0 +1,238 @@
+/* apps/asn1pars.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "err.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+#define FORMAT_UNDEF    0
+#define FORMAT_ASN1     1
+#define FORMAT_TEXT     2
+#define FORMAT_PEM      3
+/* -inform arg  - input format - default PEM (DER or PEM)
+ * -in arg      - input file - default stdin
+ * -i           - indent the details by depth
+ * -offset      - where in the file to start
+ * -length      - how many bytes to use
+ * -oid file    - extra oid decription file
+ */
+#undef PROG
+#define PROG    asn1parse_main
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        int i,badops=0,offset=0,ret=1;
+        unsigned int length=0;
+        long num;
+        BIO *in=NULL,*out=NULL,*b64=NULL;
+        int informat,indent=0;
+        char *infile=NULL,*str=NULL,*prog,*oidfile=NULL;
+        BUF_MEM *buf=NULL;
+        informat=FORMAT_PEM;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        prog=argv[0];
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-inform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        informat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-i") == 0)
+                        {
+                        indent=1;
+                        }
+                else if (strcmp(*argv,"-oid") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        oidfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-offset") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        offset= atoi(*(++argv));
+                        }
+                else if (strcmp(*argv,"-length") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        length= atoi(*(++argv));
+                        if (length == 0) goto bad;
+                        }
+                else
+                        {
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+bad:
+                BIO_printf(bio_err,"%s [options] <infile\n",prog);
+                BIO_printf(bio_err,"where options are\n");
+                BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+                BIO_printf(bio_err," -in arg       inout file\n");
+                BIO_printf(bio_err," -offset arg   offset into file\n");
+                BIO_printf(bio_err," -length arg   lenth of section in file\n");
+                BIO_printf(bio_err," -i            indent entries\n");
+                BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
+                goto end;
+                }
+        ERR_load_crypto_strings();
+        in=BIO_new(BIO_s_file());
+        out=BIO_new(BIO_s_file());
+        if ((in == NULL) || (out == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+        if (oidfile != NULL)
+                {
+                if (BIO_read_filename(in,oidfile) <= 0)
+                        {
+                        BIO_printf(bio_err,"problems opening %s\n",oidfile);
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                OBJ_create_objects(in);
+                }
+        if (infile == NULL)
+                BIO_set_fp(in,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(in,infile) <= 0)
+                        {
+                        perror(infile);
+                        goto end;
+                        }
+                }
+        if ((buf=BUF_MEM_new()) == NULL) goto end;
+        if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
+        if (informat == FORMAT_PEM)
+                {
+                BIO *tmp;
+                if ((b64=BIO_new(BIO_f_base64())) == NULL)
+                        goto end;
+                BIO_push(b64,in);
+                tmp=in;
+                in=b64;
+                b64=tmp;
+                }
+        num=0;
+        for (;;)
+                {
+                if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
+                i=BIO_read(in,&(buf->data[num]),BUFSIZ);
+                if (i <= 0) break;
+                num+=i;
+                }
+        str=buf->data;
+        if (length == 0) length=(unsigned int)num;
+        if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        ret=0;
+end:
+        if (in != NULL) BIO_free(in);
+        if (out != NULL) BIO_free(out);
+        if (b64 != NULL) BIO_free(b64);
+        if (ret != 0)
+                ERR_print_errors(bio_err);
+        if (buf != NULL) BUF_MEM_free(buf);
+        OBJ_cleanup();
+        EXIT(ret);
+        }
diff --git a/src/lib/libssl/src/apps/ca-cert.srl b/src/lib/libssl/src/apps/ca-cert.srl
new file mode 100644
index 0000000000..75016ea362
--- /dev/null
+++ b/src/lib/libssl/src/apps/ca-cert.srl
@@ -0,0 +1 @@
+03
diff --git a/src/lib/libssl/src/apps/ca-key.pem b/src/lib/libssl/src/apps/ca-key.pem
new file mode 100644
index 0000000000..3a520b238f
--- /dev/null
+++ b/src/lib/libssl/src/apps/ca-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/apps/ca-req.pem b/src/lib/libssl/src/apps/ca-req.pem
new file mode 100644
index 0000000000..77bf7ec308
--- /dev/null
+++ b/src/lib/libssl/src/apps/ca-req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
+GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx
+MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy
+bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d
+FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe
+cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7
+cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR
+5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW
+kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA=
+-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
new file mode 100644
index 0000000000..a5848366cf
--- /dev/null
+++ b/src/lib/libssl/src/apps/ca.c
@@ -0,0 +1,2056 @@
+/* apps/ca.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* The PPKI stuff has been donated by Jeff Barber <jeffb@issl.atl.hp.com> */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "bn.h"
+#include "txt_db.h"
+#include "evp.h"
+#include "x509.h"
+#include "objects.h"
+#include "pem.h"
+#include "conf.h"
+#ifndef W_OK
+#include <sys/file.h>
+#endif
+#undef PROG
+#define PROG ca_main
+#define BASE_SECTION    "ca"
+#define CONFIG_FILE "lib/ssleay.cnf"
+#define ENV_DEFAULT_CA          "default_ca"
+#define ENV_DIR                 "dir"
+#define ENV_CERTS               "certs"
+#define ENV_CRL_DIR             "crl_dir"
+#define ENV_CA_DB               "CA_DB"
+#define ENV_NEW_CERTS_DIR       "new_certs_dir"
+#define ENV_CERTIFICATE         "certificate"
+#define ENV_SERIAL              "serial"
+#define ENV_CRL                 "crl"
+#define ENV_PRIVATE_KEY         "private_key"
+#define ENV_RANDFILE            "RANDFILE"
+#define ENV_DEFAULT_DAYS        "default_days"
+#define ENV_DEFAULT_STARTDATE   "default_startdate"
+#define ENV_DEFAULT_CRL_DAYS    "default_crl_days"
+#define ENV_DEFAULT_CRL_HOURS   "default_crl_hours"
+#define ENV_DEFAULT_MD          "default_md"
+#define ENV_PRESERVE            "preserve"
+#define ENV_POLICY              "policy"
+#define ENV_EXTENSIONS          "x509_extensions"
+#define ENV_MSIE_HACK           "msie_hack"
+#define ENV_DATABASE            "database"
+#define DB_type         0
+#define DB_exp_date     1
+#define DB_rev_date     2
+#define DB_serial       3       /* index - unique */
+#define DB_file         4       
+#define DB_name         5       /* index - unique for active */
+#define DB_NUMBER       6
+#define DB_TYPE_REV     'R'
+#define DB_TYPE_EXP     'E'
+#define DB_TYPE_VAL     'V'
+static char *ca_usage[]={
+"usage: ca args\n",
+"\n",
+" -verbose        - Talk alot while doing things\n",
+" -config file    - A config file\n",
+" -name arg       - The particular CA definition to use\n",
+" -gencrl         - Generate a new CRL\n",
+" -crldays days   - Days is when the next CRL is due\n",
+" -crlhours hours - Hours is when the next CRL is due\n",
+" -days arg       - number of days to certify the certificate for\n",
+" -md arg         - md to use, one of md2, md5, sha or sha1\n",
+" -policy arg     - The CA 'policy' to support\n",
+" -keyfile arg    - PEM private key file\n",
+" -key arg        - key to decode the private key if it is encrypted\n",
+" -cert           - The CA certificate\n",
+" -in file        - The input PEM encoded certificate request(s)\n",
+" -out file       - Where to put the output file(s)\n",
+" -outdir dir     - Where to put output certificates\n",
+" -infiles ....   - The last argument, requests to process\n",
+" -spkac file     - File contains DN and signed public key and challenge\n",
+" -ss_cert file   - File contains a self signed cert to sign\n",
+" -preserveDN     - Don't re-order the DN\n",
+" -batch          - Don't ask questions\n",
+" -msie_hack      - msie modifications to handle all thos universal strings\n",
+NULL
+};
+#ifdef EFENCE
+extern int EF_PROTECT_FREE;
+extern int EF_PROTECT_BELOW;
+extern int EF_ALIGNMENT;
+#endif
+#ifndef NOPROTO
+static STACK *load_extensions(char *section);
+static void lookup_fail(char *name,char *tag);
+static int MS_CALLBACK key_callback(char *buf,int len,int verify);
+static unsigned long index_serial_hash(char **a);
+static int index_serial_cmp(char **a, char **b);
+static unsigned long index_name_hash(char **a);
+static int index_name_qual(char **a);
+static int index_name_cmp(char **a,char **b);
+static BIGNUM *load_serial(char *serialfile);
+static int save_serial(char *serialfile, BIGNUM *serial);
+static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
+        EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
+        int days, int batch, STACK *extensions,int verbose);
+static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
+        EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
+        int days,int batch,STACK *extensions,int verbose);
+static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
+        EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
+        int days,STACK *extensions,int verbose);
+static int fix_data(int nid, int *type);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der);
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst,
+        STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate,
+        int days, int batch, int verbose, X509_REQ *req, STACK *extensions);
+static int check_time_format(char *str);
+#else
+static STACK *load_extensions();
+static void lookup_fail();
+static int MS_CALLBACK key_callback();
+static unsigned long index_serial_hash();
+static int index_serial_cmp();
+static unsigned long index_name_hash();
+static int index_name_qual();
+static int index_name_cmp();
+static int fix_data();
+static BIGNUM *load_serial();
+static int save_serial();
+static int certify();
+static int certify_cert();
+static int certify_spkac();
+static void write_new_certificate();
+static int do_body();
+static int check_time_format();
+#endif
+static LHASH *conf;
+static char *key=NULL;
+static char *section=NULL;
+static int preserve=0;
+static int msie_hack=0;
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        int total=0;
+        int total_done=0;
+        int badops=0;
+        int ret=1;
+        int req=0;
+        int verbose=0;
+        int gencrl=0;
+        long crldays=0;
+        long crlhours=0;
+        long errorline= -1;
+        char *configfile=NULL;
+        char *md=NULL;
+        char *policy=NULL;
+        char *keyfile=NULL;
+        char *certfile=NULL;
+        char *infile=NULL;
+        char *spkac_file=NULL;
+        char *ss_cert_file=NULL;
+        EVP_PKEY *pkey=NULL;
+        int output_der = 0;
+        char *outfile=NULL;
+        char *outdir=NULL;
+        char *serialfile=NULL;
+        char *extensions=NULL;
+        BIGNUM *serial=NULL;
+        char *startdate=NULL;
+        int days=0;
+        int batch=0;
+        X509 *x509=NULL;
+        X509 *x=NULL;
+        BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
+        char *dbfile=NULL;
+        TXT_DB *db=NULL;
+        X509_CRL *crl=NULL;
+        X509_CRL_INFO *ci=NULL;
+        X509_REVOKED *r=NULL;
+        char **pp,*p,*f;
+        int i,j;
+        long l;
+        EVP_MD *dgst=NULL;
+        STACK *attribs=NULL;
+        STACK *extensions_sk=NULL;
+        STACK *cert_sk=NULL;
+        BIO *hex=NULL;
+#undef BSIZE
+#define BSIZE 256
+        MS_STATIC char buf[3][BSIZE];
+#ifdef EFENCE
+EF_PROTECT_FREE=1;
+EF_PROTECT_BELOW=1;
+EF_ALIGNMENT=0;
+#endif
+        apps_startup();
+        X509v3_add_netscape_extensions();
+        preserve=0;
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-verbose") == 0)
+                        verbose=1;
+                else if (strcmp(*argv,"-config") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        configfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-name") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        section= *(++argv);
+                        }
+                else if (strcmp(*argv,"-startdate") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        startdate= *(++argv);
+                        }
+                else if (strcmp(*argv,"-days") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        days=atoi(*(++argv));
+                        }
+                else if (strcmp(*argv,"-md") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        md= *(++argv);
+                        }
+                else if (strcmp(*argv,"-policy") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        policy= *(++argv);
+                        }
+                else if (strcmp(*argv,"-keyfile") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        keyfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-key") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        key= *(++argv);
+                        }
+                else if (strcmp(*argv,"-cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        certfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        req=1;
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-outdir") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outdir= *(++argv);
+                        }
+                else if (strcmp(*argv,"-batch") == 0)
+                        batch=1;
+                else if (strcmp(*argv,"-preserveDN") == 0)
+                        preserve=1;
+                else if (strcmp(*argv,"-gencrl") == 0)
+                        gencrl=1;
+                else if (strcmp(*argv,"-msie_hack") == 0)
+                        msie_hack=1;
+                else if (strcmp(*argv,"-crldays") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        crldays= atol(*(++argv));
+                        }
+                else if (strcmp(*argv,"-crlhours") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        crlhours= atol(*(++argv));
+                        }
+                else if (strcmp(*argv,"-infiles") == 0)
+                        {
+                        argc--;
+                        argv++;
+                        req=1;
+                        break;
+                        }
+                else if (strcmp(*argv, "-ss_cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        ss_cert_file = *(++argv);
+                        req=1;
+                        }
+                else if (strcmp(*argv, "-spkac") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        spkac_file = *(++argv);
+                        req=1;
+                        }
+                else
+                        {
+bad:
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+                for (pp=ca_usage; (*pp != NULL); pp++)
+                        BIO_printf(bio_err,*pp);
+                goto err;
+                }
+        ERR_load_crypto_strings();
+        /*****************************************************************/
+        if (configfile == NULL)
+                {
+                /* We will just use 'buf[0]' as a temporary buffer.  */
+                strncpy(buf[0],X509_get_default_cert_area(),
+                        sizeof(buf[0])-2-sizeof(CONFIG_FILE));
+                strcat(buf[0],"/");
+                strcat(buf[0],CONFIG_FILE);
+                configfile=buf[0];
+                }
+        BIO_printf(bio_err,"Using configuration from %s\n",configfile);
+        if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
+                {
+                if (errorline <= 0)
+                        BIO_printf(bio_err,"error loading the config file '%s'\n",
+                                configfile);
+                else
+                        BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
+                                ,errorline,configfile);
+                goto err;
+                }
+        /* Lets get the config section we are using */
+        if (section == NULL)
+                {
+                section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
+                if (section == NULL)
+                        {
+                        lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
+                        goto err;
+                        }
+                }
+        in=BIO_new(BIO_s_file());
+        out=BIO_new(BIO_s_file());
+        Sout=BIO_new(BIO_s_file());
+        Cout=BIO_new(BIO_s_file());
+        if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto err;
+                }
+        /*****************************************************************/
+        /* we definitly need an public key, so lets get it */
+        if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
+                section,ENV_PRIVATE_KEY)) == NULL))
+                {
+                lookup_fail(section,ENV_PRIVATE_KEY);
+                goto err;
+                }
+        if (BIO_read_filename(in,keyfile) <= 0)
+                {
+                perror(keyfile);
+                BIO_printf(bio_err,"trying to load CA private key\n");
+                goto err;
+                }
+        if (key == NULL)
+                pkey=PEM_read_bio_PrivateKey(in,NULL,NULL);
+        else
+                {
+                pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback);
+                memset(key,0,strlen(key));
+                }
+        if (pkey == NULL)
+                {
+                BIO_printf(bio_err,"unable to load CA private key\n");
+                goto err;
+                }
+        /*****************************************************************/
+        /* we need a certificate */
+        if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
+                section,ENV_CERTIFICATE)) == NULL))
+                {
+                lookup_fail(section,ENV_CERTIFICATE);
+                goto err;
+                }
+        if (BIO_read_filename(in,certfile) <= 0)
+                {
+                perror(certfile);
+                BIO_printf(bio_err,"trying to load CA certificate\n");
+                goto err;
+                }
+        x509=PEM_read_bio_X509(in,NULL,NULL);
+        if (x509 == NULL)
+                {
+                BIO_printf(bio_err,"unable to load CA certificate\n");
+                goto err;
+                }
+        f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+        if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+                preserve=1;
+        f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+        if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+                msie_hack=1;
+        /*****************************************************************/
+        /* lookup where to write new certificates */
+        if ((outdir == NULL) && (req))
+                {
+                struct stat sb;
+                if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
+                        == NULL)
+                        {
+                        BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
+                        goto err;
+                        }
+                if (access(outdir,R_OK|W_OK|X_OK) != 0)
+                        {
+                        BIO_printf(bio_err,"I am unable to acces the %s directory\n",outdir);
+                        perror(outdir);
+                        goto err;
+                        }
+                if (stat(outdir,&sb) != 0)
+                        {
+                        BIO_printf(bio_err,"unable to stat(%s)\n",outdir);
+                        perror(outdir);
+                        goto err;
+                        }
+                if (!(sb.st_mode & S_IFDIR))
+                        {
+                        BIO_printf(bio_err,"%s need to be a directory\n",outdir);
+                        perror(outdir);
+                        goto err;
+                        }
+                }
+        /*****************************************************************/
+        /* we need to load the database file */
+        if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+                {
+                lookup_fail(section,ENV_DATABASE);
+                goto err;
+                }
+        if (BIO_read_filename(in,dbfile) <= 0)
+                {
+                perror(dbfile);
+                BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+                goto err;
+                }
+        db=TXT_DB_read(in,DB_NUMBER);
+        if (db == NULL) goto err;
+        /* Lets check some fields */
+        for (i=0; i<sk_num(db->data); i++)
+                {
+                pp=(char **)sk_value(db->data,i);
+                if ((pp[DB_type][0] != DB_TYPE_REV) &&
+                        (pp[DB_rev_date][0] != '\0'))
+                        {
+                        BIO_printf(bio_err,"entry %d: not, revoked yet has a revokation date\n",i+1);
+                        goto err;
+                        }
+                if ((pp[DB_type][0] == DB_TYPE_REV) &&
+                        !check_time_format(pp[DB_rev_date]))
+                        {
+                        BIO_printf(bio_err,"entry %d: invalid revokation date\n",
+                                i+1);
+                        goto err;
+                        }
+                if (!check_time_format(pp[DB_exp_date]))
+                        {
+                        BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);
+                        goto err;
+                        }
+                p=pp[DB_serial];
+                j=strlen(p);
+                if ((j&1) || (j < 2))
+                        {
+                        BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j);
+                        goto err;
+                        }
+                while (*p)
+                        {
+                        if (!(  ((*p >= '0') && (*p <= '9')) ||
+                                ((*p >= 'A') && (*p <= 'F')) ||
+                                ((*p >= 'a') && (*p <= 'f')))  )
+                                {
+                                BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p);
+                                goto err;
+                                }
+                        p++;
+                        }
+                }
+        if (verbose)
+                {
+                BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
+                TXT_DB_write(out,db);
+                BIO_printf(bio_err,"%d entries loaded from the database\n",
+                        db->data->num);
+                BIO_printf(bio_err,"generating indexs\n");
+                }
+        
+        if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash,
+                index_serial_cmp))
+                {
+                BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2);
+                goto err;
+                }
+        if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash,
+                index_name_cmp))
+                {
+                BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
+                        db->error,db->arg1,db->arg2);
+                goto err;
+                }
+        /*****************************************************************/
+        if (req || gencrl)
+                {
+                if (outfile != NULL)
+                        {
+                        if (BIO_write_filename(Sout,outfile) <= 0)
+                                {
+                                perror(outfile);
+                                goto err;
+                                }
+                        }
+                else
+                        BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+                }
+        if (req)
+                {
+                if ((md == NULL) && ((md=CONF_get_string(conf,
+                        section,ENV_DEFAULT_MD)) == NULL))
+                        {
+                        lookup_fail(section,ENV_DEFAULT_MD);
+                        goto err;
+                        }
+                if ((dgst=EVP_get_digestbyname(md)) == NULL)
+                        {
+                        BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
+                        goto err;
+                        }
+                if (verbose)
+                        BIO_printf(bio_err,"message digest is %s\n",
+                                OBJ_nid2ln(dgst->type));
+                if ((policy == NULL) && ((policy=CONF_get_string(conf,
+                        section,ENV_POLICY)) == NULL))
+                        {
+                        lookup_fail(section,ENV_POLICY);
+                        goto err;
+                        }
+                if (verbose)
+                        BIO_printf(bio_err,"policy is %s\n",policy);
+                if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
+                        == NULL)
+                        {
+                        lookup_fail(section,ENV_SERIAL);
+                        goto err;
+                        }
+                if ((extensions=CONF_get_string(conf,section,ENV_EXTENSIONS))
+                        != NULL)
+                        {
+                        if ((extensions_sk=load_extensions(extensions)) == NULL)
+                                goto err;
+                        }
+                if (startdate == NULL)
+                        {
+                        startdate=(char *)CONF_get_string(conf,section,
+                                ENV_DEFAULT_STARTDATE);
+                        if (startdate == NULL)
+                                startdate="today";
+                        else
+                                {
+                                if (!ASN1_UTCTIME_set_string(NULL,startdate))
+                                        {
+                                        BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSS\n");
+                                        goto err;
+                                        }
+                                }
+                        }
+                if (days == 0)
+                        {
+                        days=(int)CONF_get_number(conf,section,
+                                ENV_DEFAULT_DAYS);
+                        }
+                if (days == 0)
+                        {
+                        BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
+                        goto err;
+                        }
+                if ((serial=load_serial(serialfile)) == NULL)
+                        {
+                        BIO_printf(bio_err,"error while loading serial number\n");
+                        goto err;
+                        }
+                if (verbose)
+                        {
+                        if ((f=BN_bn2ascii(serial)) == NULL) goto err;
+                        BIO_printf(bio_err,"next serial number is %s\n",f);
+                        Free(f);
+                        }
+                if ((attribs=CONF_get_section(conf,policy)) == NULL)
+                        {
+                        BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
+                        goto err;
+                        }
+                if ((cert_sk=sk_new_null()) == NULL)
+                        {
+                        BIO_printf(bio_err,"Malloc failure\n");
+                        goto err;
+                        }
+                if (spkac_file != NULL)
+                        {
+                        total++;
+                        j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
+                                serial,startdate,days,extensions_sk,verbose);
+                        if (j < 0) goto err;
+                        if (j > 0)
+                                {
+                                total_done++;
+                                BIO_printf(bio_err,"\n");
+                                if (!BN_add_word(serial,1)) goto err;
+                                if (!sk_push(cert_sk,(char *)x))
+                                        {
+                                        BIO_printf(bio_err,"Malloc failure\n");
+                                        goto err;
+                                        }
+                                if (outfile)
+                                        {
+                                        output_der = 1;
+                                        batch = 1;
+                                        }
+                                }
+                        }
+                if (ss_cert_file != NULL)
+                        {
+                        total++;
+                        j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
+                                db,serial,startdate,days,batch,
+                                extensions_sk,verbose);
+                        if (j < 0) goto err;
+                        if (j > 0)
+                                {
+                                total_done++;
+                                BIO_printf(bio_err,"\n");
+                                if (!BN_add_word(serial,1)) goto err;
+                                if (!sk_push(cert_sk,(char *)x))
+                                        {
+                                        BIO_printf(bio_err,"Malloc failure\n");
+                                        goto err;
+                                        }
+                                }
+                        }
+                if (infile != NULL)
+                        {
+                        total++;
+                        j=certify(&x,infile,pkey,x509,dgst,attribs,db,
+                                serial,startdate,days,batch,
+                                extensions_sk,verbose);
+                        if (j < 0) goto err;
+                        if (j > 0)
+                                {
+                                total_done++;
+                                BIO_printf(bio_err,"\n");
+                                if (!BN_add_word(serial,1)) goto err;
+                                if (!sk_push(cert_sk,(char *)x))
+                                        {
+                                        BIO_printf(bio_err,"Malloc failure\n");
+                                        goto err;
+                                        }
+                                }
+                        }
+                for (i=0; i<argc; i++)
+                        {
+                        total++;
+                        j=certify(&x,argv[i],pkey,x509,dgst,attribs,db,
+                                serial,startdate,days,batch,
+                                extensions_sk,verbose);
+                        if (j < 0) goto err;
+                        if (j > 0)
+                                {
+                                total_done++;
+                                BIO_printf(bio_err,"\n");
+                                if (!BN_add_word(serial,1)) goto err;
+                                if (!sk_push(cert_sk,(char *)x))
+                                        {
+                                        BIO_printf(bio_err,"Malloc failure\n");
+                                        goto err;
+                                        }
+                                }
+                        }       
+                /* we have a stack of newly certified certificates
+                 * and a data base and serial number that need
+                 * updating */
+                if (sk_num(cert_sk) > 0)
+                        {
+                        if (!batch)
+                                {
+                                BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
+                                BIO_flush(bio_err);
+                                buf[0][0]='\0';
+                                fgets(buf[0],10,stdin);
+                                if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
+                                        {
+                                        BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); 
+                                        ret=0;
+                                        goto err;
+                                        }
+                                }
+                        BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk));
+                        strncpy(buf[0],serialfile,BSIZE-4);
+                        strcat(buf[0],".new");
+                        if (!save_serial(buf[0],serial)) goto err;
+                        strncpy(buf[1],dbfile,BSIZE-4);
+                        strcat(buf[1],".new");
+                        if (BIO_write_filename(out,buf[1]) <= 0)
+                                {
+                                perror(dbfile);
+                                BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+                                goto err;
+                                }
+                        l=TXT_DB_write(out,db);
+                        if (l <= 0) goto err;
+                        }
+        
+                if (verbose)
+                        BIO_printf(bio_err,"writing new certificates\n");
+                for (i=0; i<sk_num(cert_sk); i++)
+                        {
+                        int k;
+                        unsigned char *n;
+                        x=(X509 *)sk_value(cert_sk,i);
+                        j=x->cert_info->serialNumber->length;
+                        p=(char *)x->cert_info->serialNumber->data;
+                        
+                        strncpy(buf[2],outdir,BSIZE-(j*2)-6);
+                        strcat(buf[2],"/");
+                        n=(unsigned char *)&(buf[2][strlen(buf[2])]);
+                        if (j > 0)
+                                {
+                                for (k=0; k<j; k++)
+                                        {
+                                        sprintf((char *)n,"%02X",(unsigned char)*(p++));
+                                        n+=2;
+                                        }
+                                }
+                        else
+                                {
+                                *(n++)='0';
+                                *(n++)='0';
+                                }
+                        *(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m';
+                        *n='\0';
+                        if (verbose)
+                                BIO_printf(bio_err,"writing %s\n",buf[2]);
+                        if (BIO_write_filename(Cout,buf[2]) <= 0)
+                                {
+                                perror(buf[2]);
+                                goto err;
+                                }
+                        write_new_certificate(Cout,x, 0);
+                        write_new_certificate(Sout,x, output_der);
+                        }
+                if (sk_num(cert_sk))
+                        {
+                        /* Rename the database and the serial file */
+                        strncpy(buf[2],serialfile,BSIZE-4);
+                        strcat(buf[2],".old");
+                        BIO_free(in);
+                        BIO_free(out);
+                        in=NULL;
+                        out=NULL;
+                        if (rename(serialfile,buf[2]) < 0)
+                                {
+                                BIO_printf(bio_err,"unabel to rename %s to %s\n",
+                                        serialfile,buf[2]);
+                                perror("reason");
+                                goto err;
+                                }
+                        if (rename(buf[0],serialfile) < 0)
+                                {
+                                BIO_printf(bio_err,"unabel to rename %s to %s\n",
+                                        buf[0],serialfile);
+                                perror("reason");
+                                rename(buf[2],serialfile);
+                                goto err;
+                                }
+                        strncpy(buf[2],dbfile,BSIZE-4);
+                        strcat(buf[2],".old");
+                        if (rename(dbfile,buf[2]) < 0)
+                                {
+                                BIO_printf(bio_err,"unabel to rename %s to %s\n",
+                                        dbfile,buf[2]);
+                                perror("reason");
+                                goto err;
+                                }
+                        if (rename(buf[1],dbfile) < 0)
+                                {
+                                BIO_printf(bio_err,"unabel to rename %s to %s\n",
+                                        buf[1],dbfile);
+                                perror("reason");
+                                rename(buf[2],dbfile);
+                                goto err;
+                                }
+                        BIO_printf(bio_err,"Data Base Updated\n");
+                        }
+                }
+        
+        /*****************************************************************/
+        if (gencrl)
+                {
+                if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err;
+                if (!crldays && !crlhours)
+                        {
+                        crldays=CONF_get_number(conf,section,
+                                ENV_DEFAULT_CRL_DAYS);
+                        crlhours=CONF_get_number(conf,section,
+                                ENV_DEFAULT_CRL_HOURS);
+                        }
+                if ((crldays == 0) && (crlhours == 0))
+                        {
+                        BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
+                        goto err;
+                        }
+                if (verbose) BIO_printf(bio_err,"making CRL\n");
+                if ((crl=X509_CRL_new()) == NULL) goto err;
+                ci=crl->crl;
+                X509_NAME_free(ci->issuer);
+                ci->issuer=X509_NAME_dup(x509->cert_info->subject);
+                if (ci->issuer == NULL) goto err;
+                X509_gmtime_adj(ci->lastUpdate,0);
+                if (ci->nextUpdate == NULL)
+                        ci->nextUpdate=ASN1_UTCTIME_new();
+                X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60);
+                for (i=0; i<sk_num(db->data); i++)
+                        {
+                        pp=(char **)sk_value(db->data,i);
+                        if (pp[DB_type][0] == DB_TYPE_REV)
+                                {
+                                if ((r=X509_REVOKED_new()) == NULL) goto err;
+                                ASN1_STRING_set((ASN1_STRING *)
+                                        r->revocationDate,
+                                        (unsigned char *)pp[DB_rev_date],
+                                        strlen(pp[DB_rev_date]));
+                                /* strcpy(r->revocationDate,pp[DB_rev_date]);*/
+                                BIO_reset(hex);
+                                if (!BIO_puts(hex,pp[DB_serial]))
+                                        goto err;
+                                if (!a2i_ASN1_INTEGER(hex,r->serialNumber,
+                                        buf[0],BSIZE)) goto err;
+                                sk_push(ci->revoked,(char *)r);
+                                }
+                        }
+                /* sort the data so it will be written in serial
+                 * number order */
+                sk_find(ci->revoked,NULL);
+                for (i=0; i<sk_num(ci->revoked); i++)
+                        {
+                        r=(X509_REVOKED *)sk_value(ci->revoked,i);
+                        r->sequence=i;
+                        }
+                /* we how have a CRL */
+                if (verbose) BIO_printf(bio_err,"signing CRL\n");
+                if (md != NULL)
+                        {
+                        if ((dgst=EVP_get_digestbyname(md)) == NULL)
+                                {
+                                BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
+                                goto err;
+                                }
+                        }
+                else
+                        dgst=EVP_md5();
+                if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
+                PEM_write_bio_X509_CRL(Sout,crl);
+                }
+        /*****************************************************************/
+        ret=0;
+err:
+        if (hex != NULL) BIO_free(hex);
+        if (Cout != NULL) BIO_free(Cout);
+        if (Sout != NULL) BIO_free(Sout);
+        if (out != NULL) BIO_free(out);
+        if (in != NULL) BIO_free(in);
+        if (cert_sk != NULL) sk_pop_free(cert_sk,X509_free);
+        if (extensions_sk != NULL)
+                sk_pop_free(extensions_sk,X509_EXTENSION_free);
+        if (ret) ERR_print_errors(bio_err);
+        if (serial != NULL) BN_free(serial);
+        if (db != NULL) TXT_DB_free(db);
+        if (pkey != NULL) EVP_PKEY_free(pkey);
+        if (x509 != NULL) X509_free(x509);
+        if (crl != NULL) X509_CRL_free(crl);
+        if (conf != NULL) CONF_free(conf);
+        X509v3_cleanup_extensions();
+        EXIT(ret);
+        }
+static void lookup_fail(name,tag)
+char *name;
+char *tag;
+        {
+        BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
+        }
+static int MS_CALLBACK key_callback(buf,len,verify)
+char *buf;
+int len,verify;
+        {
+        int i;
+        if (key == NULL) return(0);
+        i=strlen(key);
+        i=(i > len)?len:i;
+        memcpy(buf,key,i);
+        return(i);
+        }
+static unsigned long index_serial_hash(a)
+char **a;
+        {
+        char *n;
+        n=a[DB_serial];
+        while (*n == '0') n++;
+        return(lh_strhash(n));
+        }
+static int index_serial_cmp(a,b)
+char **a;
+char **b;
+        {
+        char *aa,*bb;
+        for (aa=a[DB_serial]; *aa == '0'; aa++);
+        for (bb=b[DB_serial]; *bb == '0'; bb++);
+        return(strcmp(aa,bb));
+        }
+static unsigned long index_name_hash(a)
+char **a;
+        { return(lh_strhash(a[DB_name])); }
+static int index_name_qual(a)
+char **a;
+        { return(a[0][0] == 'V'); }
+static int index_name_cmp(a,b)
+char **a;
+char **b;
+        { return(strcmp(a[DB_name],b[DB_name])); }
+static BIGNUM *load_serial(serialfile)
+char *serialfile;
+        {
+        BIO *in=NULL;
+        BIGNUM *ret=NULL;
+        MS_STATIC char buf[1024];
+        ASN1_INTEGER *ai=NULL;
+        if ((in=BIO_new(BIO_s_file())) == NULL)
+                {
+                ERR_print_errors(bio_err);
+                goto err;
+                }
+        if (BIO_read_filename(in,serialfile) <= 0)
+                {
+                perror(serialfile);
+                goto err;
+                }
+        ai=ASN1_INTEGER_new();
+        if (ai == NULL) goto err;
+        if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
+                {
+                BIO_printf(bio_err,"unable to load number from %s\n",
+                        serialfile);
+                goto err;
+                }
+        ret=ASN1_INTEGER_to_BN(ai,NULL);
+        if (ret == NULL)
+                {
+                BIO_printf(bio_err,"error converting number from bin to BIGNUM");
+                goto err;
+                }
+err:
+        if (in != NULL) BIO_free(in);
+        if (ai != NULL) ASN1_INTEGER_free(ai);
+        return(ret);
+        }
+static int save_serial(serialfile,serial)
+char *serialfile;
+BIGNUM *serial;
+        {
+        BIO *out;
+        int ret=0;
+        ASN1_INTEGER *ai=NULL;
+        out=BIO_new(BIO_s_file());
+        if (out == NULL)
+                {
+                ERR_print_errors(bio_err);
+                goto err;
+                }
+        if (BIO_write_filename(out,serialfile) <= 0)
+                {
+                perror(serialfile);
+                goto err;
+                }
+        if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
+                {
+                BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
+                goto err;
+                }
+        i2a_ASN1_INTEGER(out,ai);
+        BIO_puts(out,"\n");
+        ret=1;
+err:
+        if (out != NULL) BIO_free(out);
+        if (ai != NULL) ASN1_INTEGER_free(ai);
+        return(ret);
+        }
+static int certify(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,days,
+        batch,extensions,verbose)
+X509 **xret;
+char *infile;
+EVP_PKEY *pkey;
+X509 *x509;
+EVP_MD *dgst;
+STACK *policy;
+TXT_DB *db;
+BIGNUM *serial;
+char *startdate;
+int days;
+int batch;
+STACK *extensions;
+int verbose;
+        {
+        X509_REQ *req=NULL;
+        BIO *in=NULL;
+        EVP_PKEY *pktmp=NULL;
+        int ok= -1,i;
+        in=BIO_new(BIO_s_file());
+        if (BIO_read_filename(in,infile) <= 0)
+                {
+                perror(infile);
+                goto err;
+                }
+        if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL)) == NULL)
+                {
+                BIO_printf(bio_err,"Error reading certificate request in %s\n",
+                        infile);
+                goto err;
+                }
+        if (verbose)
+                X509_REQ_print(bio_err,req);
+        BIO_printf(bio_err,"Check that the request matches the signature\n");
+        if ((pktmp=X509_REQ_get_pubkey(req)) == NULL)
+                {
+                BIO_printf(bio_err,"error unpacking public key\n");
+                goto err;
+                }
+        i=X509_REQ_verify(req,pktmp);
+        if (i < 0)
+                {
+                ok=0;
+                BIO_printf(bio_err,"Signature verification problems....\n");
+                goto err;
+                }
+        if (i == 0)
+                {
+                ok=0;
+                BIO_printf(bio_err,"Signature did not match the certificate request\n");
+                goto err;
+                }
+        else
+                BIO_printf(bio_err,"Signature ok\n");
+        ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
+                days,batch,verbose,req,extensions);
+err:
+        if (req != NULL) X509_REQ_free(req);
+        if (in != NULL) BIO_free(in);
+        return(ok);
+        }
+static int certify_cert(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,
+        days, batch,extensions,verbose)
+X509 **xret;
+char *infile;
+EVP_PKEY *pkey;
+X509 *x509;
+EVP_MD *dgst;
+STACK *policy;
+TXT_DB *db;
+BIGNUM *serial;
+char *startdate;
+int days;
+int batch;
+STACK *extensions;
+int verbose;
+        {
+        X509 *req=NULL;
+        X509_REQ *rreq=NULL;
+        BIO *in=NULL;
+        EVP_PKEY *pktmp=NULL;
+        int ok= -1,i;
+        in=BIO_new(BIO_s_file());
+        if (BIO_read_filename(in,infile) <= 0)
+                {
+                perror(infile);
+                goto err;
+                }
+        if ((req=PEM_read_bio_X509(in,NULL,NULL)) == NULL)
+                {
+                BIO_printf(bio_err,"Error reading self signed certificate in %s\n",infile);
+                goto err;
+                }
+        if (verbose)
+                X509_print(bio_err,req);
+        BIO_printf(bio_err,"Check that the request matches the signature\n");
+        if ((pktmp=X509_get_pubkey(req)) == NULL)
+                {
+                BIO_printf(bio_err,"error unpacking public key\n");
+                goto err;
+                }
+        i=X509_verify(req,pktmp);
+        if (i < 0)
+                {
+                ok=0;
+                BIO_printf(bio_err,"Signature verification problems....\n");
+                goto err;
+                }
+        if (i == 0)
+                {
+                ok=0;
+                BIO_printf(bio_err,"Signature did not match the certificate request\n");
+                goto err;
+                }
+        else
+                BIO_printf(bio_err,"Signature ok\n");
+        if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
+                goto err;
+        ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
+                batch,verbose,rreq,extensions);
+err:
+        if (rreq != NULL) X509_REQ_free(rreq);
+        if (req != NULL) X509_free(req);
+        if (in != NULL) BIO_free(in);
+        return(ok);
+        }
+static int do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
+        batch,verbose,req, extensions)
+X509 **xret;
+EVP_PKEY *pkey;
+X509 *x509;
+EVP_MD *dgst;
+STACK *policy;
+TXT_DB *db;
+BIGNUM *serial;
+char *startdate;
+int days;
+int batch;
+int verbose;
+X509_REQ *req;
+STACK *extensions;
+        {
+        X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
+        ASN1_UTCTIME *tm,*tmptm;
+        ASN1_STRING *str,*str2;
+        ASN1_OBJECT *obj;
+        X509 *ret=NULL;
+        X509_CINF *ci;
+        X509_NAME_ENTRY *ne;
+        X509_NAME_ENTRY *tne,*push;
+        X509_EXTENSION *ex=NULL;
+        EVP_PKEY *pktmp;
+        int ok= -1,i,j,last,nid;
+        char *p;
+        CONF_VALUE *cv;
+        char *row[DB_NUMBER],**rrow,**irow=NULL;
+        char buf[25],*pbuf;
+        tmptm=ASN1_UTCTIME_new();
+        if (tmptm == NULL)
+                {
+                BIO_printf(bio_err,"malloc error\n");
+                return(0);
+                }
+        for (i=0; i<DB_NUMBER; i++)
+                row[i]=NULL;
+        BIO_printf(bio_err,"The Subjects Distinguished Name is as follows\n");
+        name=X509_REQ_get_subject_name(req);
+        for (i=0; i<X509_NAME_entry_count(name); i++)
+                {
+                ne=(X509_NAME_ENTRY *)X509_NAME_get_entry(name,i);
+                obj=X509_NAME_ENTRY_get_object(ne);
+                j=i2a_ASN1_OBJECT(bio_err,obj);
+                str=X509_NAME_ENTRY_get_data(ne);
+                pbuf=buf;
+                for (j=22-j; j>0; j--)
+                        *(pbuf++)=' ';
+                *(pbuf++)=':';
+                *(pbuf++)='\0';
+                BIO_puts(bio_err,buf);
+                if (msie_hack)
+                        {
+                        /* assume all type should be strings */
+                        nid=OBJ_obj2nid(ne->object);
+                        if (str->type == V_ASN1_UNIVERSALSTRING)
+                                ASN1_UNIVERSALSTRING_to_string(str);
+                        if ((str->type == V_ASN1_IA5STRING) &&
+                                (nid != NID_pkcs9_emailAddress))
+                                str->type=V_ASN1_T61STRING;
+                        if ((nid == NID_pkcs9_emailAddress) &&
+                                (str->type == V_ASN1_PRINTABLESTRING))
+                                str->type=V_ASN1_IA5STRING;
+                        }
+                if (str->type == V_ASN1_PRINTABLESTRING)
+                        BIO_printf(bio_err,"PRINTABLE:'");
+                else if (str->type == V_ASN1_T61STRING)
+                        BIO_printf(bio_err,"T61STRING:'");
+                else if (str->type == V_ASN1_IA5STRING)
+                        BIO_printf(bio_err,"IA5STRING:'");
+                else if (str->type == V_ASN1_UNIVERSALSTRING)
+                        BIO_printf(bio_err,"UNIVERSALSTRING:'");
+                else
+                        BIO_printf(bio_err,"ASN.1 %2d:'",str->type);
+                /* check some things */
+                if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
+                        (str->type != V_ASN1_IA5STRING))
+                        {
+                        BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
+                        goto err;
+                        }
+                j=ASN1_PRINTABLE_type(str->data,str->length);
+                if (    ((j == V_ASN1_T61STRING) &&
+                         (str->type != V_ASN1_T61STRING)) ||
+                        ((j == V_ASN1_IA5STRING) &&
+                         (str->type == V_ASN1_PRINTABLESTRING)))
+                        {
+                        BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
+                        goto err;
+                        }
+                        
+                p=(char *)str->data;
+                for (j=str->length; j>0; j--)
+                        {
+                        if ((*p >= ' ') && (*p <= '~'))
+                                BIO_printf(bio_err,"%c",*p);
+                        else if (*p & 0x80)
+                                BIO_printf(bio_err,"\\0x%02X",*p);
+                        else if ((unsigned char)*p == 0xf7)
+                                BIO_printf(bio_err,"^?");
+                        else    BIO_printf(bio_err,"^%c",*p+'@');
+                        p++;
+                        }
+                BIO_printf(bio_err,"'\n");
+                }
+        /* Ok, now we check the 'policy' stuff. */
+        if ((subject=X509_NAME_new()) == NULL)
+                {
+                BIO_printf(bio_err,"Malloc failure\n");
+                goto err;
+                }
+        /* take a copy of the issuer name before we mess with it. */
+        CAname=X509_NAME_dup(x509->cert_info->subject);
+        if (CAname == NULL) goto err;
+        str=str2=NULL;
+        for (i=0; i<sk_num(policy); i++)
+                {
+                cv=(CONF_VALUE *)sk_value(policy,i); /* get the object id */
+                if ((j=OBJ_txt2nid(cv->name)) == NID_undef)
+                        {
+                        BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);
+                        goto err;
+                        }
+                obj=OBJ_nid2obj(j);
+                last= -1;
+                for (;;)
+                        {
+                        /* lookup the object in the supplied name list */
+                        j=X509_NAME_get_index_by_OBJ(name,obj,last);
+                        if (j < 0)
+                                {
+                                if (last != -1) break;
+                                tne=NULL;
+                                }
+                        else
+                                {
+                                tne=X509_NAME_get_entry(name,j);
+                                }
+                        last=j;
+                        /* depending on the 'policy', decide what to do. */
+                        push=NULL;
+                        if (strcmp(cv->value,"optional") == 0)
+                                {
+                                if (tne != NULL)
+                                        push=tne;
+                                }
+                        else if (strcmp(cv->value,"supplied") == 0)
+                                {
+                                if (tne == NULL)
+                                        {
+                                        BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name);
+                                        goto err;
+                                        }
+                                else
+                                        push=tne;
+                                }
+                        else if (strcmp(cv->value,"match") == 0)
+                                {
+                                int last2;
+                                if (tne == NULL)
+                                        {
+                                        BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name);
+                                        goto err;
+                                        }
+                                last2= -1;
+again2:
+                                j=X509_NAME_get_index_by_OBJ(CAname,obj,last2);
+                                if ((j < 0) && (last2 == -1))
+                                        {
+                                        BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name);
+                                        goto err;
+                                        }
+                                if (j >= 0)
+                                        {
+                                        push=X509_NAME_get_entry(CAname,j);
+                                        str=X509_NAME_ENTRY_get_data(tne);
+                                        str2=X509_NAME_ENTRY_get_data(push);
+                                        last2=j;
+                                        if (ASN1_STRING_cmp(str,str2) != 0)
+                                                goto again2;
+                                        }
+                                if (j < 0)
+                                        {
+                                        BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str == NULL)?"NULL":(char *)str->data),((str2 == NULL)?"NULL":(char *)str2->data));
+                                        goto err;
+                                        }
+                                }
+                        else
+                                {
+                                BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value);
+                                goto err;
+                                }
+                        if (push != NULL)
+                                {
+                                if (!X509_NAME_add_entry(subject,push,
+                                        X509_NAME_entry_count(subject),0))
+                                        {
+                                        if (push != NULL)
+                                                X509_NAME_ENTRY_free(push);
+                                        BIO_printf(bio_err,"Malloc failure\n");
+                                        goto err;
+                                        }
+                                }
+                        if (j < 0) break;
+                        }
+                }
+        if (preserve)
+                {
+                X509_NAME_free(subject);
+                subject=X509_NAME_dup(X509_REQ_get_subject_name(req));
+                if (subject == NULL) goto err;
+                }
+        if (verbose)
+                BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n");
+        row[DB_name]=X509_NAME_oneline(subject,NULL,0);
+        row[DB_serial]=BN_bn2ascii(serial);
+        if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+                {
+                BIO_printf(bio_err,"Malloc failure\n");
+                goto err;
+                }
+        rrow=TXT_DB_get_by_index(db,DB_name,row);
+        if (rrow != NULL)
+                {
+                BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n",
+                        row[DB_name]);
+                }
+        else
+                {
+                rrow=TXT_DB_get_by_index(db,DB_serial,row);
+                if (rrow != NULL)
+                        {
+                        BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
+                                row[DB_serial]);
+                        BIO_printf(bio_err,"      check the database/serial_file for corruption\n");
+                        }
+                }
+        if (rrow != NULL)
+                {
+                BIO_printf(bio_err,
+                        "The matching entry has the following details\n");
+                if (rrow[DB_type][0] == 'E')
+                        p="Expired";
+                else if (rrow[DB_type][0] == 'R')
+                        p="Revoked";
+                else if (rrow[DB_type][0] == 'V')
+                        p="Valid";
+                else
+                        p="\ninvalid type, Data base error\n";
+                BIO_printf(bio_err,"Type          :%s\n",p);;
+                if (rrow[DB_type][0] == 'R')
+                        {
+                        p=rrow[DB_exp_date]; if (p == NULL) p="undef";
+                        BIO_printf(bio_err,"Was revoked on:%s\n",p);
+                        }
+                p=rrow[DB_exp_date]; if (p == NULL) p="undef";
+                BIO_printf(bio_err,"Expires on    :%s\n",p);
+                p=rrow[DB_serial]; if (p == NULL) p="undef";
+                BIO_printf(bio_err,"Serial Number :%s\n",p);
+                p=rrow[DB_file]; if (p == NULL) p="undef";
+                BIO_printf(bio_err,"File name     :%s\n",p);
+                p=rrow[DB_name]; if (p == NULL) p="undef";
+                BIO_printf(bio_err,"Subject Name  :%s\n",p);
+                ok= -1; /* This is now a 'bad' error. */
+                goto err;
+                }
+        /* We are now totaly happy, lets make and sign the certificate */
+        if (verbose)
+                BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
+        if ((ret=X509_new()) == NULL) goto err;
+        ci=ret->cert_info;
+#ifdef X509_V3
+        /* Make it an X509 v3 certificate. */
+        if (!X509_set_version(x509,2)) goto err;
+#endif
+        if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)
+                goto err;
+        if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
+                goto err;
+        BIO_printf(bio_err,"Certificate is to be certified until ");
+        if (strcmp(startdate,"today") == 0)
+                {
+                X509_gmtime_adj(X509_get_notBefore(ret),0);
+                X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
+                }
+        else
+                {
+                /*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX*/
+                ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+                }
+        ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+        BIO_printf(bio_err," (%d days)\n",days);
+        if (!X509_set_subject_name(ret,subject)) goto err;
+        pktmp=X509_REQ_get_pubkey(req);
+        if (!X509_set_pubkey(ret,pktmp)) goto err;
+        /* Lets add the extensions, if there are any */
+        if ((extensions != NULL) && (sk_num(extensions) > 0))
+                {
+                if (ci->version == NULL)
+                        if ((ci->version=ASN1_INTEGER_new()) == NULL)
+                                goto err;
+                ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
+                /* Free the current entries if any, there should not
+                 * be any I belive */
+                if (ci->extensions != NULL)
+                        sk_pop_free(ci->extensions,X509_EXTENSION_free);
+                if ((ci->extensions=sk_new_null()) == NULL)
+                        goto err;
+                /* Lets 'copy' in the new ones */
+                for (i=0; i<sk_num(extensions); i++)
+                        {
+                        ex=X509_EXTENSION_dup((X509_EXTENSION *)
+                                sk_value(extensions,i));
+                        if (ex == NULL) goto err;
+                        if (!sk_push(ci->extensions,(char *)ex)) goto err;
+                        }
+                }
+        if (!batch)
+                {
+                BIO_printf(bio_err,"Sign the certificate? [y/n]:");
+                BIO_flush(bio_err);
+                buf[0]='\0';
+                fgets(buf,sizeof(buf)-1,stdin);
+                if (!((buf[0] == 'y') || (buf[0] == 'Y')))
+                        {
+                        BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n");
+                        ok=0;
+                        goto err;
+                        }
+                }
+#ifndef NO_DSA
+        pktmp=X509_get_pubkey(ret);
+        if (EVP_PKEY_missing_parameters(pktmp) &&
+                !EVP_PKEY_missing_parameters(pkey))
+                EVP_PKEY_copy_parameters(pktmp,pkey);
+#endif
+        if (!X509_sign(ret,pkey,dgst))
+                goto err;
+        /* We now just add it to the database */
+        row[DB_type]=(char *)Malloc(2);
+        tm=X509_get_notAfter(ret);
+        row[DB_exp_date]=(char *)Malloc(tm->length+1);
+        memcpy(row[DB_exp_date],tm->data,tm->length);
+        row[DB_exp_date][tm->length]='\0';
+        row[DB_rev_date]=NULL;
+        /* row[DB_serial] done already */
+        row[DB_file]=(char *)Malloc(8);
+        /* row[DB_name] done already */
+        if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+                (row[DB_file] == NULL))
+                {
+                BIO_printf(bio_err,"Malloc failure\n");
+                goto err;
+                }
+        strcpy(row[DB_file],"unknown");
+        row[DB_type][0]='V';
+        row[DB_type][1]='\0';
+        if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+                {
+                BIO_printf(bio_err,"Malloc failure\n");
+                goto err;
+                }
+        for (i=0; i<DB_NUMBER; i++)
+                {
+                irow[i]=row[i];
+                row[i]=NULL;
+                }
+        irow[DB_NUMBER]=NULL;
+        if (!TXT_DB_insert(db,irow))
+                {
+                BIO_printf(bio_err,"failed to update database\n");
+                BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
+                goto err;
+                }
+        ok=1;
+err:
+        for (i=0; i<DB_NUMBER; i++)
+                if (row[i] != NULL) Free(row[i]);
+        if (CAname != NULL)
+                X509_NAME_free(CAname);
+        if (subject != NULL)
+                X509_NAME_free(subject);
+        if (ok <= 0)
+                {
+                if (ret != NULL) X509_free(ret);
+                ret=NULL;
+                }
+        else
+                *xret=ret;
+        return(ok);
+        }
+static void write_new_certificate(bp,x, output_der)
+BIO *bp;
+X509 *x;
+int output_der;
+        {
+        char *f;
+        char buf[256];
+        if (output_der)
+                {
+                (void)i2d_X509_bio(bp,x);
+                return;
+                }
+        f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
+        BIO_printf(bp,"issuer :%s\n",f);
+        f=X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+        BIO_printf(bp,"subject:%s\n",f);
+        BIO_puts(bp,"serial :");
+        i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
+        BIO_puts(bp,"\n\n");
+        X509_print(bp,x);
+        BIO_puts(bp,"\n");
+        PEM_write_bio_X509(bp,x);
+        BIO_puts(bp,"\n");
+        }
+static int certify_spkac(xret,infile,pkey,x509,dgst,policy,db,serial,
+        startdate,days,extensions,verbose)
+X509 **xret;
+char *infile;
+EVP_PKEY *pkey;
+X509 *x509;
+EVP_MD *dgst;
+STACK *policy;
+TXT_DB *db;
+BIGNUM *serial;
+char *startdate;
+int days;
+STACK *extensions;
+int verbose;
+        {
+        STACK *sk=NULL;
+        LHASH *parms=NULL;
+        X509_REQ *req=NULL;
+        CONF_VALUE *cv=NULL;
+        NETSCAPE_SPKI *spki = NULL;
+        unsigned char *spki_der = NULL,*p;
+        X509_REQ_INFO *ri;
+        char *type,*buf;
+        EVP_PKEY *pktmp=NULL;
+        X509_NAME *n=NULL;
+        X509_NAME_ENTRY *ne=NULL;
+        int ok= -1,i,j;
+        long errline;
+        int nid;
+        /*
+         * Load input file into a hash table.  (This is just an easy
+         * way to read and parse the file, then put it into a convenient
+         * STACK format).
+         */
+        parms=CONF_load(NULL,infile,&errline);
+        if (parms == NULL)
+                {
+                BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile);
+                ERR_print_errors(bio_err);
+                goto err;
+                }
+        sk=CONF_get_section(parms, "default");
+        if (sk_num(sk) == 0)
+                {
+                BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
+                CONF_free(parms);
+                goto err;
+                }
+        /*
+         * Now create a dummy X509 request structure.  We don't actually
+         * have an X509 request, but we have many of the components
+         * (a public key, various DN components).  The idea is that we
+         * put these components into the right X509 request structure
+         * and we can use the same code as if you had a real X509 request.
+         */
+        req=X509_REQ_new();
+        if (req == NULL)
+                {
+                ERR_print_errors(bio_err);
+                goto err;
+                }
+        /*
+         * Build up the subject name set.
+         */
+        ri=req->req_info;
+        n = ri->subject;
+        for (i = 0; ; i++)
+                {
+                if ((int)sk_num(sk) <= i) break;
+                cv=(CONF_VALUE *)sk_value(sk,i);
+                type=cv->name;
+                buf=cv->value;
+                if ((nid=OBJ_txt2nid(type)) == NID_undef)
+                        {
+                        if (strcmp(type, "SPKAC") == 0)
+                                {
+                                spki_der=(unsigned char *)Malloc(
+                                        strlen(cv->value)+1);
+                                if (spki_der == NULL)
+                                        {
+                                        BIO_printf(bio_err,"Malloc failure\n");
+                                        goto err;
+                                        }
+                                j = EVP_DecodeBlock(spki_der, (unsigned char *)cv->value,
+                                        strlen(cv->value));
+                                if (j <= 0)
+                                        {
+                                        BIO_printf(bio_err, "Can't b64 decode SPKAC structure\n");
+                                        goto err;
+                                        }
+                                p=spki_der;
+                                spki = d2i_NETSCAPE_SPKI(&spki, &p, j);
+                                Free(spki_der);
+                                spki_der = NULL;
+                                if (spki == NULL)
+                                        {
+                                        BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n");
+                                        ERR_print_errors(bio_err);
+                                        goto err;
+                                        }
+                                }
+                        continue;
+                        }
+                j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
+                if (fix_data(nid, &j) == 0)
+                        {
+                        BIO_printf(bio_err,
+                                "invalid characters in string %s\n",buf);
+                        goto err;
+                        }
+                if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j,
+                        (unsigned char *)buf,
+                        strlen(buf))) == NULL)
+                        goto err;
+                if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
+                        goto err;
+                }
+        if (spki == NULL)
+                {
+                BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n",
+                        infile);
+                goto err;
+                }
+        /*
+         * Now extract the key from the SPKI structure.
+         */
+        BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n");
+        if ((pktmp=X509_PUBKEY_get(spki->spkac->pubkey)) == NULL)
+                {
+                BIO_printf(bio_err,"error unpacking SPKAC public key\n");
+                goto err;
+                }
+        j = NETSCAPE_SPKI_verify(spki, pktmp);
+        if (j <= 0)
+                {
+                BIO_printf(bio_err,"signature verification failed on SPKAC public key\n");
+                goto err;
+                }
+        BIO_printf(bio_err,"Signature ok\n");
+        X509_REQ_set_pubkey(req,pktmp);
+        ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
+                days,1,verbose,req,extensions);
+err:
+        if (req != NULL) X509_REQ_free(req);
+        if (parms != NULL) CONF_free(parms);
+        if (spki_der != NULL) Free(spki_der);
+        if (spki != NULL) NETSCAPE_SPKI_free(spki);
+        if (ne != NULL) X509_NAME_ENTRY_free(ne);
+        return(ok);
+        }
+static int fix_data(nid,type)
+int nid;
+int *type;
+        {
+        if (nid == NID_pkcs9_emailAddress)
+                *type=V_ASN1_IA5STRING;
+        if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
+                *type=V_ASN1_T61STRING;
+        if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING))
+                *type=V_ASN1_T61STRING;
+        if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING))
+                return(0);
+        if (nid == NID_pkcs9_unstructuredName)
+                *type=V_ASN1_IA5STRING;
+        return(1);
+        }
+static STACK *load_extensions(sec)
+char *sec;
+        {
+        STACK *ext;
+        STACK *ret=NULL;
+        CONF_VALUE *cv;
+        ASN1_OCTET_STRING *str=NULL;
+        ASN1_STRING *tmp=NULL;
+        X509_EXTENSION *x;
+        BIO *mem=NULL;
+        BUF_MEM *buf=NULL;
+        int i,nid,len;
+        unsigned char *ptr;
+        int pack_type;
+        int data_type;
+        if ((ext=CONF_get_section(conf,sec)) == NULL)
+                {
+                BIO_printf(bio_err,"unable to find extension section called '%s'\n",sec);
+                return(NULL);
+                }
+        if ((ret=sk_new_null()) == NULL) return(NULL);
+        for (i=0; i<sk_num(ext); i++)
+                {
+                cv=(CONF_VALUE *)sk_value(ext,i); /* get the object id */
+                if ((nid=OBJ_txt2nid(cv->name)) == NID_undef)
+                        {
+                        BIO_printf(bio_err,"%s:unknown object type in section, '%s'\n",sec,cv->name);
+                        goto err;
+                        }
+                pack_type=X509v3_pack_type_by_NID(nid);
+                data_type=X509v3_data_type_by_NID(nid);
+                /* pack up the input bytes */
+                ptr=(unsigned char *)cv->value;
+                len=strlen((char *)ptr);
+                if ((len > 2) && (cv->value[0] == '0') &&
+                        (cv->value[1] == 'x'))
+                        {
+                        if (data_type == V_ASN1_UNDEF)
+                                {
+                                BIO_printf(bio_err,"data type for extension %s is unknown\n",cv->name);
+                                goto err;
+                                }
+                        if (mem == NULL)
+                                if ((mem=BIO_new(BIO_s_mem())) == NULL)
+                                        goto err;
+                        if (((buf=BUF_MEM_new()) == NULL) ||
+                                !BUF_MEM_grow(buf,128))
+                                goto err;
+                        if ((tmp=ASN1_STRING_new()) == NULL) goto err;
+                        BIO_reset(mem);
+                        BIO_write(mem,(char *)&(ptr[2]),len-2);
+                        if (!a2i_ASN1_STRING(mem,tmp,buf->data,buf->max))
+                                goto err;
+                        len=tmp->length;
+                        ptr=tmp->data;
+                        }
+                switch (pack_type)
+                        {
+                case X509_EXT_PACK_STRING:
+                        if ((str=X509v3_pack_string(&str,
+                                data_type,ptr,len)) == NULL)
+                                goto err;
+                        break;
+                case X509_EXT_PACK_UNKNOWN:
+                default:
+                        BIO_printf(bio_err,"Don't know how to pack extension %s\n",cv->name);
+                        goto err;
+                        break;
+                        }
+                if ((x=X509_EXTENSION_create_by_NID(NULL,nid,0,str)) == NULL)
+                        goto err;
+                sk_push(ret,(char *)x);
+                }
+        if (0)
+                {
+err:
+                if (ret != NULL) sk_pop_free(ret,X509_EXTENSION_free);
+                ret=NULL;
+                }
+        if (str != NULL) ASN1_OCTET_STRING_free(str);
+        if (tmp != NULL) ASN1_STRING_free(tmp);
+        if (buf != NULL) BUF_MEM_free(buf);
+        if (mem != NULL) BIO_free(mem);
+        return(ret);
+        }
+static int check_time_format(str)
+char *str;
+        {
+        ASN1_UTCTIME tm;
+        tm.data=(unsigned char *)str;
+        tm.length=strlen(str);
+        tm.type=V_ASN1_UTCTIME;
+        return(ASN1_UTCTIME_check(&tm));
+        }
diff --git a/src/lib/libssl/src/apps/cert.pem b/src/lib/libssl/src/apps/cert.pem
new file mode 100644
index 0000000000..de4a77ac6d
--- /dev/null
+++ b/src/lib/libssl/src/apps/cert.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
+VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
+Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
+DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
+tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
+sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
+19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/apps/ciphers.c b/src/lib/libssl/src/apps/ciphers.c
new file mode 100644
index 0000000000..867196e393
--- /dev/null
+++ b/src/lib/libssl/src/apps/ciphers.c
@@ -0,0 +1,191 @@
+/* apps/ciphers.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef NO_STDIO
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include "err.h"
+#include "ssl.h"
+#undef PROG
+#define PROG    ciphers_main
+static char *ciphers_usage[]={
+"usage: ciphers args\n",
+" -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
+" -ssl2       - SSL2 mode\n",
+" -ssl3       - SSL3 mode\n",
+NULL
+};
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        int ret=1,i;
+        int verbose=0;
+        char **pp,*p;
+        int badops=0;
+        SSL_CTX *ctx=NULL;
+        SSL *ssl=NULL;
+        char *ciphers=NULL;
+        SSL_METHOD *meth=NULL;
+        STACK *sk;
+        char buf[512];
+        BIO *STDout=NULL;
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+        meth=SSLv23_server_method();
+#elif !defined(NO_SSL3)
+        meth=SSLv3_server_method();
+#elif !defined(NO_SSL2)
+        meth=SSLv2_server_method();
+#endif
+        apps_startup();
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if (strcmp(*argv,"-v") == 0)
+                        verbose=1;
+#ifndef NO_SSL2
+                else if (strcmp(*argv,"-ssl2") == 0)
+                        meth=SSLv2_client_method();
+#endif
+#ifndef NO_SSL3
+                else if (strcmp(*argv,"-ssl3") == 0)
+                        meth=SSLv3_client_method();
+#endif
+                else if ((strncmp(*argv,"-h",2) == 0) ||
+                         (strcmp(*argv,"-?") == 0))
+                        {
+                        badops=1;
+                        break;
+                        }
+                else
+                        {
+                        ciphers= *argv;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+                for (pp=ciphers_usage; (*pp != NULL); pp++)
+                        BIO_printf(bio_err,*pp);
+                goto end;
+                }
+        SSLeay_add_ssl_algorithms();
+        ctx=SSL_CTX_new(meth);
+        if (ctx == NULL) goto err;
+        if (ciphers != NULL)
+                SSL_CTX_set_cipher_list(ctx,ciphers);
+        ssl=SSL_new(ctx);
+        if (ssl == NULL) goto err;
+        if (!verbose)
+                {
+                for (i=0; ; i++)
+                        {
+                        p=SSL_get_cipher_list(ssl,i);
+                        if (p == NULL) break;
+                        if (i != 0) BIO_printf(STDout,":");
+                        BIO_printf(STDout,"%s",p);
+                        }
+                BIO_printf(STDout,"\n");
+                }
+        else
+                {
+                sk=SSL_get_ciphers(ssl);
+                for (i=0; i<sk_num(sk); i++)
+                        {
+                        BIO_puts(STDout,SSL_CIPHER_description(
+                                (SSL_CIPHER *)sk_value(sk,i),
+                                buf,512));
+                        }
+                }
+        ret=0;
+        if (0)
+                {
+err:
+                SSL_load_error_strings();
+                ERR_print_errors(bio_err);
+                }
+end:
+        if (ctx != NULL) SSL_CTX_free(ctx);
+        if (ssl != NULL) SSL_free(ssl);
+        if (STDout != NULL) BIO_free(STDout);
+        EXIT(ret);
+        }
diff --git a/src/lib/libssl/src/apps/client.pem b/src/lib/libssl/src/apps/client.pem
new file mode 100644
index 0000000000..307910e56e
--- /dev/null
+++ b/src/lib/libssl/src/apps/client.pem
@@ -0,0 +1,24 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQIwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU2WhcNOTgwNjA5
+MTM1NzU2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i2Plw
+Z1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs62NNt
+XrT8odkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBwtMmI7oGUG8nKmftQssATViH5
+NRRtoEw07DxJp/LfatHdrhqQB73eGdL5WILZJXk46Xz2e9WMSUjVCSYhdKxtflU3
+UR2Ajv1Oo0sTNdfz0wDqJNirLNtzyhhsaq8qMTrLwXrCP31VxBiigFSQSUFnZyTE
+9TKwhS4GlwbtCfxSKQ==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
+q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
+/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
+HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
+ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
+nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
+ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/apps/crl.c b/src/lib/libssl/src/apps/crl.c
new file mode 100644
index 0000000000..2c18374ee0
--- /dev/null
+++ b/src/lib/libssl/src/apps/crl.c
@@ -0,0 +1,335 @@
+/* apps/crl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "x509.h"
+#include "pem.h"
+#undef PROG
+#define PROG    crl_main
+#undef POSTFIX
+#define POSTFIX ".rvk"
+#define FORMAT_UNDEF    0
+#define FORMAT_ASN1     1
+#define FORMAT_TEXT     2
+#define FORMAT_PEM      3
+static char *crl_usage[]={
+"usage: crl args\n",
+"\n",
+" -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
+" -outform arg    - output format - default PEM\n",
+" -text           - print out a text format version\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -hash           - print hash value\n",
+" -issuer         - print issuer DN\n",
+" -lastupdate     - lastUpdate field\n",
+" -nextupdate     - nextUpdate field\n",
+" -noout          - no CRL output\n",
+NULL
+};
+#ifndef NOPROTO
+static X509_CRL *load_crl(char *file, int format);
+#else
+static X509_CRL *load_crl();
+#endif
+static BIO *bio_out=NULL;
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        X509_CRL *x=NULL;
+        int ret=1,i,num,badops=0;
+        BIO *out=NULL;
+        int informat,outformat;
+        char *infile=NULL,*outfile=NULL;
+        int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
+        char **pp,buf[256];
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        if (bio_out == NULL)
+                if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
+        informat=FORMAT_PEM;
+        outformat=FORMAT_PEM;
+        argc--;
+        argv++;
+        num=0;
+        while (argc >= 1)
+                {
+#ifdef undef
+                if      (strcmp(*argv,"-p") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/
+                        }
+#endif
+                if      (strcmp(*argv,"-inform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        informat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-outform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outformat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-text") == 0)
+                        {
+                        outformat=FORMAT_TEXT;
+                        }
+                else if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-hash") == 0)
+                        hash= ++num;
+                else if (strcmp(*argv,"-issuer") == 0)
+                        issuer= ++num;
+                else if (strcmp(*argv,"-lastupdate") == 0)
+                        lastupdate= ++num;
+                else if (strcmp(*argv,"-nextupdate") == 0)
+                        nextupdate= ++num;
+                else if (strcmp(*argv,"-noout") == 0)
+                        noout= ++num;
+                else
+                        {
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (outformat == FORMAT_TEXT)
+                {
+                num=0;
+                issuer= ++num;
+                lastupdate= ++num;
+                nextupdate= ++num;
+                }
+        if (badops)
+                {
+bad:
+                for (pp=crl_usage; (*pp != NULL); pp++)
+                        BIO_printf(bio_err,*pp);
+                goto end;
+                }
+        ERR_load_crypto_strings();
+        x=load_crl(infile,informat);
+        if (x == NULL) { goto end; }
+        if (num)
+                {
+                for (i=1; i<=num; i++)
+                        {
+                        if (issuer == i)
+                                {
+                                X509_NAME_oneline(x->crl->issuer,buf,256);
+                                fprintf(stdout,"issuer= %s\n",buf);
+                                }
+                        if (hash == i)
+                                {
+                                fprintf(stdout,"%08lx\n",
+                                        X509_NAME_hash(x->crl->issuer));
+                                }
+                        if (lastupdate == i)
+                                {
+                                fprintf(stdout,"lastUpdate=");
+                                ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate);
+                                fprintf(stdout,"\n");
+                                }
+                        if (nextupdate == i)
+                                {
+                                fprintf(stdout,"nextUpdate=");
+                                if (x->crl->nextUpdate != NULL)
+                                        ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
+                                else
+                                        fprintf(stdout,"NONE");
+                                fprintf(stdout,"\n");
+                                }
+                        }
+                }
+        if (noout) goto end;
+        out=BIO_new(BIO_s_file());
+        if (out == NULL)
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (outfile == NULL)
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_write_filename(out,outfile) <= 0)
+                        {
+                        perror(outfile);
+                        goto end;
+                        }
+                }
+        if      (outformat == FORMAT_ASN1)
+                i=(int)i2d_X509_CRL_bio(out,x);
+        else if (outformat == FORMAT_PEM)
+                i=PEM_write_bio_X509_CRL(out,x);
+        else if (outformat == FORMAT_TEXT)
+                {
+                X509_REVOKED *r;
+                STACK *sk;
+                sk=sk_dup(x->crl->revoked);
+                while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL)
+                        {
+                        fprintf(stdout,"revoked: serialNumber=");
+                        i2a_ASN1_INTEGER(out,r->serialNumber);
+                        fprintf(stdout," revocationDate=");
+                        ASN1_UTCTIME_print(bio_out,r->revocationDate);
+                        fprintf(stdout,"\n");
+                        }
+                sk_free(sk);
+                i=1;
+                }
+        else    
+                {
+                BIO_printf(bio_err,"bad output format specified for outfile\n");
+                goto end;
+                }
+        if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
+        ret=0;
+end:
+        if (out != NULL) BIO_free(out);
+        if (bio_out != NULL) BIO_free(bio_out);
+        if (x != NULL) X509_CRL_free(x);
+        EXIT(ret);
+        }
+static X509_CRL *load_crl(infile, format)
+char *infile;
+int format;
+        {
+        X509_CRL *x=NULL;
+        BIO *in=NULL;
+        in=BIO_new(BIO_s_file());
+        if (in == NULL)
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (infile == NULL)
+                BIO_set_fp(in,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(in,infile) <= 0)
+                        {
+                        perror(infile);
+                        goto end;
+                        }
+                }
+        if      (format == FORMAT_ASN1)
+                x=d2i_X509_CRL_bio(in,NULL);
+        else if (format == FORMAT_PEM)
+                x=PEM_read_bio_X509_CRL(in,NULL,NULL);
+        else    {
+                BIO_printf(bio_err,"bad input format specified for input crl\n");
+                goto end;
+                }
+        if (x == NULL)
+                {
+                BIO_printf(bio_err,"unable to load CRL\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        
+end:
+        if (in != NULL) BIO_free(in);
+        return(x);
+        }
diff --git a/src/lib/libssl/src/apps/crl2p7.c b/src/lib/libssl/src/apps/crl2p7.c
new file mode 100644
index 0000000000..82a7829558
--- /dev/null
+++ b/src/lib/libssl/src/apps/crl2p7.c
@@ -0,0 +1,334 @@
+/* apps/crl2p7.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
+ * and donated 'to the cause' along with lots and lots of other fixes to
+ * the library. */
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "err.h"
+#include "evp.h"
+#include "x509.h"
+#include "pkcs7.h"
+#include "pem.h"
+#include "objects.h"
+#ifndef NOPROTO
+static int add_certs_from_file(STACK *stack, char *certfile);
+#else
+static int add_certs_from_file();
+#endif
+#undef PROG
+#define PROG    crl2pkcs7_main
+/* -inform arg  - input format - default PEM (one of DER, TXT or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg      - input file - default stdin
+ * -out arg     - output file - default stdout
+ */
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        int i,badops=0;
+        BIO *in=NULL,*out=NULL;
+        int informat,outformat;
+        char *infile,*outfile,*prog,*certfile;
+        PKCS7 *p7 = NULL;
+        PKCS7_SIGNED *p7s = NULL;
+        X509_CRL *crl=NULL;
+        STACK *crl_stack=NULL;
+        STACK *cert_stack=NULL;
+        int ret=1,nocrl=0;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        infile=NULL;
+        outfile=NULL;
+        informat=FORMAT_PEM;
+        outformat=FORMAT_PEM;
+        certfile=NULL;
+        prog=argv[0];
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-inform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        informat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-outform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outformat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-nocrl") == 0)
+                        {
+                        nocrl=1;
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-certfile") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        certfile= *(++argv);
+                        }
+                else
+                        {
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+bad:
+                BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+                BIO_printf(bio_err,"where options are\n");
+                BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
+                BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
+                BIO_printf(bio_err," -in arg        inout file\n");
+                BIO_printf(bio_err," -out arg       output file\n");
+                BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+                BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
+                EXIT(1);
+                }
+        ERR_load_crypto_strings();
+        in=BIO_new(BIO_s_file());
+        out=BIO_new(BIO_s_file());
+        if ((in == NULL) || (out == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (!nocrl)
+                {
+                if (infile == NULL)
+                        BIO_set_fp(in,stdin,BIO_NOCLOSE);
+                else
+                        {
+                        if (BIO_read_filename(in,infile) <= 0)
+                                {
+                                perror(infile);
+                                goto end;
+                                }
+                        }
+                if      (informat == FORMAT_ASN1)
+                        crl=d2i_X509_CRL_bio(in,NULL);
+                else if (informat == FORMAT_PEM)
+                        crl=PEM_read_bio_X509_CRL(in,NULL,NULL);
+                else    {
+                        BIO_printf(bio_err,"bad input format specified for input crl\n");
+                        goto end;
+                        }
+                if (crl == NULL)
+                        {
+                        BIO_printf(bio_err,"unable to load CRL\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                }
+        
+        if ((p7=PKCS7_new()) == NULL) goto end;
+        if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
+        p7->type=OBJ_nid2obj(NID_pkcs7_signed);
+        p7->d.sign=p7s;
+        p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
+        if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
+        if ((crl_stack=sk_new(NULL)) == NULL) goto end;
+        p7s->crl=crl_stack;
+        if (crl != NULL)
+                {
+                sk_push(crl_stack,(char *)crl);
+                crl=NULL; /* now part of p7 for Freeing */
+                }
+        if ((cert_stack=sk_new(NULL)) == NULL) goto end;
+        p7s->cert=cert_stack;
+        if (certfile != NULL) 
+                {
+                if (add_certs_from_file(cert_stack,certfile) < 0)
+                        {
+                        BIO_printf(bio_err,"error loading certificates\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                }
+        if (outfile == NULL)
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_write_filename(out,outfile) <= 0)
+                        {
+                        perror(outfile);
+                        goto end;
+                        }
+                }
+        if      (outformat == FORMAT_ASN1)
+                i=i2d_PKCS7_bio(out,p7);
+        else if (outformat == FORMAT_PEM)
+                i=PEM_write_bio_PKCS7(out,p7);
+        else    {
+                BIO_printf(bio_err,"bad output format specified for outfile\n");
+                goto end;
+                }
+        if (!i)
+                {
+                BIO_printf(bio_err,"unable to write pkcs7 object\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        ret=0;
+end:
+        if (in != NULL) BIO_free(in);
+        if (out != NULL) BIO_free(out);
+        if (p7 != NULL) PKCS7_free(p7);
+        if (crl != NULL) X509_CRL_free(crl);
+        EXIT(ret);
+        }
+/*
+ *----------------------------------------------------------------------
+ * int add_certs_from_file
+ *
+ *      Read a list of certificates to be checked from a file.
+ *
+ * Results:
+ *      number of certs added if successful, -1 if not.
+ *----------------------------------------------------------------------
+ */
+static int add_certs_from_file(stack,certfile)
+STACK *stack;
+char *certfile;
+        {
+        struct stat st;
+        BIO *in=NULL;
+        int count=0;
+        int ret= -1;
+        STACK *sk=NULL;
+        X509_INFO *xi;
+        if ((stat(certfile,&st) != 0))
+                {
+                BIO_printf(bio_err,"unable to file the file, %s\n",certfile);
+                goto end;
+                }
+        in=BIO_new(BIO_s_file());
+        if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
+                {
+                goto end;
+                }
+        /* This loads from a file, a stack of x509/crl/pkey sets */
+        sk=PEM_X509_INFO_read_bio(in,NULL,NULL);
+        if (sk == NULL) goto end;
+        /* scan over it and pull out the CRL's */
+        while (sk_num(sk))
+                {
+                xi=(X509_INFO *)sk_shift(sk);
+                if (xi->x509 != NULL)
+                        {
+                        sk_push(stack,(char *)xi->x509);
+                        xi->x509=NULL;
+                        count++;
+                        }
+                X509_INFO_free(xi);
+                }
+        ret=count;
+end:
+        /* never need to Free x */
+        if (in != NULL) BIO_free(in);
+        if (sk != NULL) sk_free(sk);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/apps/demoCA/cacert.pem b/src/lib/libssl/src/apps/demoCA/cacert.pem
new file mode 100644
index 0000000000..affbce3bc9
--- /dev/null
+++ b/src/lib/libssl/src/apps/demoCA/cacert.pem
@@ -0,0 +1,14 @@
+subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+-----BEGIN X509 CERTIFICATE-----
+MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
+MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
+BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
+LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
+/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
+DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
+IMs6ZOZB
+-----END X509 CERTIFICATE-----
diff --git a/src/lib/libssl/src/apps/demoCA/index.txt b/src/lib/libssl/src/apps/demoCA/index.txt
new file mode 100644
index 0000000000..2cdd252d67
--- /dev/null
+++ b/src/lib/libssl/src/apps/demoCA/index.txt
@@ -0,0 +1,39 @@
+R       980705233205Z   951009233205Z   01      certs/00000001  /CN=Eric Young
+E       951009233205Z           02      certs/00000002  /CN=Duncan Young
+R       980705233205Z   951201010000Z   03      certs/00000003  /CN=Tim Hudson
+V       980705233205Z           04      certs/00000004  /CN=Eric Young4
+V       980705233205Z           05      certs/00000004  /CN=Eric Young5
+V       980705233205Z           06      certs/00000004  /CN=Eric Young6
+V       980705233205Z           07      certs/00000004  /CN=Eric Young7
+V       980705233205Z           08      certs/00000004  /CN=Eric Young8
+V       980705233205Z           09      certs/00000004  /CN=Eric Young9
+V       980705233205Z           0A      certs/00000004  /CN=Eric YoungA
+V       980705233205Z           0B      certs/00000004  /CN=Eric YoungB
+V       980705233205Z           0C      certs/00000004  /CN=Eric YoungC
+V       980705233205Z           0D      certs/00000004  /CN=Eric YoungD
+V       980705233205Z           0E      certs/00000004  /CN=Eric YoungE
+V       980705233205Z           0F      certs/00000004  /CN=Eric YoungF
+V       980705233205Z           10      certs/00000004  /CN=Eric Young10
+V       980705233205Z           11      certs/00000004  /CN=Eric Young11
+V       980705233205Z           12      certs/00000004  /CN=Eric Young12
+V       980705233205Z           13      certs/00000004  /CN=Eric Young13
+V       980705233205Z           14      certs/00000004  /CN=Eric Young14
+V       980705233205Z           15      certs/00000004  /CN=Eric Young15
+V       980705233205Z           16      certs/00000004  /CN=Eric Young16
+V       980705233205Z           17      certs/00000004  /CN=Eric Young17
+V       961206150305Z           010C    unknown /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
+V       961206153245Z           010D    unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
+V       970322074816Z           010E    unknown /CN=Eric Young/Email=eay@mincom.oz.au
+V       970322075152Z           010F    unknown /CN=Eric Young
+V       970322075906Z           0110    unknown /CN=Eric Youngg
+V       970324092238Z           0111    unknown /C=AU/SP=Queensland/CN=Eric Young
+V       970324221931Z           0112    unknown /CN=Fred
+V       970324224934Z           0113    unknown /C=AU/CN=eay
+V       971001005237Z           0114    unknown /C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
+V       971001010331Z           0115    unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3
+V       971001013945Z           0117    unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
+V       971014225415Z           0118    unknown /C=AU/SP=Queensland/CN=test
+V       971015004448Z           0119    unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2
+V       971016035001Z           011A    unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64
+V       971016080129Z           011B    unknown /C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr
+V       971016224000Z           011D    unknown /L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk
diff --git a/src/lib/libssl/src/apps/demoCA/private/cakey.pem b/src/lib/libssl/src/apps/demoCA/private/cakey.pem
new file mode 100644
index 0000000000..48fb18c7d8
--- /dev/null
+++ b/src/lib/libssl/src/apps/demoCA/private/cakey.pem
@@ -0,0 +1,24 @@
+issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+-----BEGIN X509 CERTIFICATE-----
+MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
+MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
+BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
+LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
+/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
+DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
+IMs6ZOZB
+-----END X509 CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
+Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
+hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
+sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
+tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
+agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
+g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/apps/demoCA/serial b/src/lib/libssl/src/apps/demoCA/serial
new file mode 100644
index 0000000000..69fa0ffe28
--- /dev/null
+++ b/src/lib/libssl/src/apps/demoCA/serial
@@ -0,0 +1 @@
+011E
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
new file mode 100644
index 0000000000..eea291db12
--- /dev/null
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -0,0 +1,227 @@
+/* apps/dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "pem.h"
+#undef BUFSIZE
+#define BUFSIZE 1024*8
+#undef PROG
+#define PROG    dgst_main
+#ifndef NOPROTO
+void do_fp(unsigned char *buf,BIO *f,int sep);
+#else
+void do_fp();
+#endif
+int MAIN(argc,argv)
+int argc;
+char **argv;
+        {
+        unsigned char *buf=NULL;
+        int i,err=0;
+        EVP_MD *md=NULL,*m;
+        BIO *in=NULL,*inp;
+        BIO *bmd=NULL;
+        char *name;
+#define PROG_NAME_SIZE  16
+        char pname[PROG_NAME_SIZE];
+        int separator=0;
+        int debug=0;
+        apps_startup();
+        if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL)
+                {
+                BIO_printf(bio_err,"out of memory\n");
+                goto end;
+                }
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        /* first check the program name */
+        program_name(argv[0],pname,PROG_NAME_SIZE);
+        md=EVP_get_digestbyname(pname);
+        argc--;
+        argv++;
+        for (i=0; i<argc; i++)
+                {
+                if ((*argv)[0] != '-') break;
+                if (strcmp(*argv,"-c") == 0)
+                        separator=1;
+                else if (strcmp(*argv,"-d") == 0)
+                        debug=1;
+                else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+                        md=m;
+                else
+                        break;
+                argc--;
+                argv++;
+                }
+        if (md == NULL)
+                md=EVP_md5();
+        if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
+                {
+                BIO_printf(bio_err,"unknown option '%s'\n",*argv);
+                BIO_printf(bio_err,"options are\n");
+                BIO_printf(bio_err,"-c   to output the digest with separating colons\n");
+                BIO_printf(bio_err,"-d   to output debug info\n");
+                BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
+                        LN_md5,LN_md5);
+                BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+                        LN_md2,LN_md2);
+                BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+                        LN_sha1,LN_sha1);
+                BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+                        LN_sha,LN_sha);
+                BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+                        LN_mdc2,LN_mdc2);
+                err=1;
+                goto end;
+                }
+        
+        in=BIO_new(BIO_s_file());
+        bmd=BIO_new(BIO_f_md());
+        if (debug)
+                {
+                BIO_set_callback(in,BIO_debug_callback);
+                /* needed for windows 3.1 */
+                BIO_set_callback_arg(in,bio_err);
+                }
+        if ((in == NULL) || (bmd == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        /* we use md as a filter, reading from 'in' */
+        BIO_set_md(bmd,md);
+        inp=BIO_push(bmd,in);
+        if (argc == 0)
+                {
+                BIO_set_fp(in,stdin,BIO_NOCLOSE);
+                do_fp(buf,inp,separator);
+                }
+        else
+                {
+                name=OBJ_nid2sn(md->type);
+                for (i=0; i<argc; i++)
+                        {
+                        if (BIO_read_filename(in,argv[i]) <= 0)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("%s(%s)= ",name,argv[i]);
+                        do_fp(buf,inp,separator);
+                        BIO_reset(bmd);
+                        }
+                }
+end:
+        if (buf != NULL)
+                {
+                memset(buf,0,BUFSIZE);
+                Free(buf);
+                }
+        if (in != NULL) BIO_free(in);
+        if (bmd != NULL) BIO_free(bmd);
+        EXIT(err);
+        }
+void do_fp(buf,bp,sep)
+unsigned char *buf;
+BIO *bp;
+int sep;
+        {
+        int len;
+        int i;
+        for (;;)
+                {
+                i=BIO_read(bp,(char *)buf,BUFSIZE);
+                if (i <= 0) break;
+                }
+        len=BIO_gets(bp,(char *)buf,BUFSIZE);
+        for (i=0; i<len; i++)
+                {
+                if (sep && (i != 0))
+                        putc(':',stdout);
+                printf("%02x",buf[i]);
+                }
+        printf("\n");
+        }
diff --git a/src/lib/libssl/src/apps/dh.c b/src/lib/libssl/src/apps/dh.c
new file mode 100644
index 0000000000..bbf445e845
--- /dev/null
+++ b/src/lib/libssl/src/apps/dh.c
@@ -0,0 +1,312 @@
+/* apps/dh.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "bn.h"
+#include "dh.h"
+#include "x509.h"
+#include "pem.h"
+#undef PROG
+#define PROG    dh_main
+/* -inform arg  - input format - default PEM (one of DER, TXT or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg      - input file - default stdin
+ * -out arg     - output file - default stdout
+ * -check       - check the parameters are ok
+ * -noout
+ * -text
+ * -C
+ */
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        DH *dh=NULL;
+        int i,badops=0,text=0;
+        BIO *in=NULL,*out=NULL;
+        int informat,outformat,check=0,noout=0,C=0,ret=1;
+        char *infile,*outfile,*prog;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        infile=NULL;
+        outfile=NULL;
+        informat=FORMAT_PEM;
+        outformat=FORMAT_PEM;
+        prog=argv[0];
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-inform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        informat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-outform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outformat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-check") == 0)
+                        check=1;
+                else if (strcmp(*argv,"-text") == 0)
+                        text=1;
+                else if (strcmp(*argv,"-C") == 0)
+                        C=1;
+                else if (strcmp(*argv,"-noout") == 0)
+                        noout=1;
+                else
+                        {
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+bad:
+                BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+                BIO_printf(bio_err,"where options are\n");
+                BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+                BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
+                BIO_printf(bio_err," -in arg       inout file\n");
+                BIO_printf(bio_err," -out arg      output file\n");
+                BIO_printf(bio_err," -check        check the DH parameters\n");
+                BIO_printf(bio_err," -text         check the DH parameters\n");
+                BIO_printf(bio_err," -C            Output C code\n");
+                BIO_printf(bio_err," -noout        no output\n");
+                goto end;
+                }
+        ERR_load_crypto_strings();
+        in=BIO_new(BIO_s_file());
+        out=BIO_new(BIO_s_file());
+        if ((in == NULL) || (out == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (infile == NULL)
+                BIO_set_fp(in,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(in,infile) <= 0)
+                        {
+                        perror(infile);
+                        goto end;
+                        }
+                }
+        if (outfile == NULL)
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_write_filename(out,outfile) <= 0)
+                        {
+                        perror(outfile);
+                        goto end;
+                        }
+                }
+        if      (informat == FORMAT_ASN1)
+                dh=d2i_DHparams_bio(in,NULL);
+        else if (informat == FORMAT_PEM)
+                dh=PEM_read_bio_DHparams(in,NULL,NULL);
+        else
+                {
+                BIO_printf(bio_err,"bad input format specified\n");
+                goto end;
+                }
+        if (dh == NULL)
+                {
+                BIO_printf(bio_err,"unable to load DH parameters\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        
+        if (text)
+                {
+                DHparams_print(out,dh);
+#ifdef undef
+                printf("p=");
+                BN_print(stdout,dh->p);
+                printf("\ng=");
+                BN_print(stdout,dh->g);
+                printf("\n");
+                if (dh->length != 0)
+                        printf("recomented private length=%ld\n",dh->length);
+#endif
+                }
+        
+        if (check)
+                {
+                if (!DH_check(dh,&i))
+                        {
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                if (i & DH_CHECK_P_NOT_PRIME)
+                        printf("p value is not prime\n");
+                if (i & DH_CHECK_P_NOT_STRONG_PRIME)
+                        printf("p value is not a strong prime\n");
+                if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+                        printf("unable to check the generator value\n");
+                if (i & DH_NOT_SUITABLE_GENERATOR)
+                        printf("the g value is not a generator\n");
+                if (i == 0)
+                        printf("DH parameters appear to be ok.\n");
+                }
+        if (C)
+                {
+                unsigned char *data;
+                int len,l,bits;
+                len=BN_num_bytes(dh->p);
+                bits=BN_num_bits(dh->p);
+                data=(unsigned char *)Malloc(len);
+                if (data == NULL)
+                        {
+                        perror("Malloc");
+                        goto end;
+                        }
+                l=BN_bn2bin(dh->p,data);
+                printf("static unsigned char dh%d_p[]={",bits);
+                for (i=0; i<l; i++)
+                        {
+                        if ((i%12) == 0) printf("\n\t");
+                        printf("0x%02X,",data[i]);
+                        }
+                printf("\n\t};\n");
+                l=BN_bn2bin(dh->g,data);
+                printf("static unsigned char dh%d_g[]={",bits);
+                for (i=0; i<l; i++)
+                        {
+                        if ((i%12) == 0) printf("\n\t");
+                        printf("0x%02X,",data[i]);
+                        }
+                printf("\n\t};\n\n");
+                printf("DH *get_dh%d()\n\t{\n",bits);
+                printf("\tDH *dh;\n\n");
+                printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
+                printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
+                        bits,bits);
+                printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
+                        bits,bits);
+                printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
+                printf("\t\treturn(NULL);\n");
+                printf("\treturn(dh);\n\t}\n");
+                }
+        if (!noout)
+                {
+                if      (outformat == FORMAT_ASN1)
+                        i=i2d_DHparams_bio(out,dh);
+                else if (outformat == FORMAT_PEM)
+                        i=PEM_write_bio_DHparams(out,dh);
+                else    {
+                        BIO_printf(bio_err,"bad output format specified for outfile\n");
+                        goto end;
+                        }
+                if (!i)
+                        {
+                        BIO_printf(bio_err,"unable to write DH paramaters\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                }
+        ret=0;
+end:
+        if (in != NULL) BIO_free(in);
+        if (out != NULL) BIO_free(out);
+        if (dh != NULL) DH_free(dh);
+        EXIT(ret);
+        }
diff --git a/src/lib/libssl/src/apps/dh1024.pem b/src/lib/libssl/src/apps/dh1024.pem
new file mode 100644
index 0000000000..81d43f6a3e
--- /dev/null
+++ b/src/lib/libssl/src/apps/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
+-----END DH PARAMETERS-----
diff --git a/src/lib/libssl/src/apps/dsa-ca.pem b/src/lib/libssl/src/apps/dsa-ca.pem
new file mode 100644
index 0000000000..9eb08f3ddd
--- /dev/null
+++ b/src/lib/libssl/src/apps/dsa-ca.pem
@@ -0,0 +1,43 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
+svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
+Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
+Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
+par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
+zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
+uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
+rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
+1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
+HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
+MVqOsYxGCb+kez0FoDSTgw==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
+ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
+sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
+rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
+cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
+bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
+CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
+F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
+vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
+AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
+3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
+AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
+AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
+ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
+MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
+MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
+C1Q=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/apps/dsa-pca.pem b/src/lib/libssl/src/apps/dsa-pca.pem
new file mode 100644
index 0000000000..e3641ad47e
--- /dev/null
+++ b/src/lib/libssl/src/apps/dsa-pca.pem
@@ -0,0 +1,49 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
+GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
+mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
+of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
+FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
+RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
+qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
+diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
+V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
+hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
+dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
+MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
+lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
+Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
+5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
+aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
+kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
+QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
+6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
+yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
+z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
+nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
+ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
+R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
+JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
+BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
+mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
+VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
+uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
+AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
+5rKUjNBhSg==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/apps/dsa.c b/src/lib/libssl/src/apps/dsa.c
new file mode 100644
index 0000000000..fbd85a467a
--- /dev/null
+++ b/src/lib/libssl/src/apps/dsa.c
@@ -0,0 +1,257 @@
+/* apps/dsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "dsa.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+#undef PROG
+#define PROG    dsa_main
+/* -inform arg  - input format - default PEM (one of DER, NET or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg      - input file - default stdin
+ * -out arg     - output file - default stdout
+ * -des         - encrypt output if PEM format with DES in cbc mode
+ * -des3        - encrypt output if PEM format
+ * -idea        - encrypt output if PEM format
+ * -text        - print a text version
+ * -modulus     - print the DSA public key
+ */
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        int ret=1;
+        DSA *dsa=NULL;
+        int i,badops=0;
+        EVP_CIPHER *enc=NULL;
+        BIO *in=NULL,*out=NULL;
+        int informat,outformat,text=0,noout=0;
+        char *infile,*outfile,*prog;
+        int modulus=0;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        infile=NULL;
+        outfile=NULL;
+        informat=FORMAT_PEM;
+        outformat=FORMAT_PEM;
+        prog=argv[0];
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-inform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        informat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-outform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outformat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-noout") == 0)
+                        noout=1;
+                else if (strcmp(*argv,"-text") == 0)
+                        text=1;
+                else if (strcmp(*argv,"-modulus") == 0)
+                        modulus=1;
+                else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+                        {
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+bad:
+                BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+                BIO_printf(bio_err,"where options are\n");
+                BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
+                BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
+                BIO_printf(bio_err," -in arg       inout file\n");
+                BIO_printf(bio_err," -out arg      output file\n");
+                BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
+                BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
+#ifndef NO_IDEA
+                BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
+#endif
+                BIO_printf(bio_err," -text         print the key in text\n");
+                BIO_printf(bio_err," -noout        don't print key out\n");
+                BIO_printf(bio_err," -modulus      print the DSA public value\n");
+                goto end;
+                }
+        ERR_load_crypto_strings();
+        in=BIO_new(BIO_s_file());
+        out=BIO_new(BIO_s_file());
+        if ((in == NULL) || (out == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (infile == NULL)
+                BIO_set_fp(in,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(in,infile) <= 0)
+                        {
+                        perror(infile);
+                        goto end;
+                        }
+                }
+        BIO_printf(bio_err,"read DSA private key\n");
+        if      (informat == FORMAT_ASN1)
+                dsa=d2i_DSAPrivateKey_bio(in,NULL);
+        else if (informat == FORMAT_PEM)
+                dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL);
+        else
+                {
+                BIO_printf(bio_err,"bad input format specified for key\n");
+                goto end;
+                }
+        if (dsa == NULL)
+                {
+                BIO_printf(bio_err,"unable to load Private Key\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (outfile == NULL)
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_write_filename(out,outfile) <= 0)
+                        {
+                        perror(outfile);
+                        goto end;
+                        }
+                }
+        if (text) 
+                if (!DSA_print(out,dsa,0))
+                        {
+                        perror(outfile);
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+        if (modulus)
+                {
+                fprintf(stdout,"Public Key=");
+                BN_print(out,dsa->pub_key);
+                fprintf(stdout,"\n");
+                }
+        if (noout) goto end;
+        BIO_printf(bio_err,"writing DSA private key\n");
+        if      (outformat == FORMAT_ASN1)
+                i=i2d_DSAPrivateKey_bio(out,dsa);
+        else if (outformat == FORMAT_PEM)
+                i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL);
+        else    {
+                BIO_printf(bio_err,"bad output format specified for outfile\n");
+                goto end;
+                }
+        if (!i)
+                {
+                BIO_printf(bio_err,"unable to write private key\n");
+                ERR_print_errors(bio_err);
+                }
+        else
+                ret=0;
+end:
+        if (in != NULL) BIO_free(in);
+        if (out != NULL) BIO_free(out);
+        if (dsa != NULL) DSA_free(dsa);
+        EXIT(ret);
+        }
diff --git a/src/lib/libssl/src/apps/dsa1024.pem b/src/lib/libssl/src/apps/dsa1024.pem
new file mode 100644
index 0000000000..082dec3897
--- /dev/null
+++ b/src/lib/libssl/src/apps/dsa1024.pem
@@ -0,0 +1,9 @@
+-----BEGIN DSA PARAMETERS-----
+MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx
+mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us
+OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36
+bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8
+3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH
+zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O
+Arg=
+-----END DSA PARAMETERS-----
diff --git a/src/lib/libssl/src/apps/dsa512.pem b/src/lib/libssl/src/apps/dsa512.pem
new file mode 100644
index 0000000000..5f86d1a6e7
--- /dev/null
+++ b/src/lib/libssl/src/apps/dsa512.pem
@@ -0,0 +1,6 @@
+-----BEGIN DSA PARAMETERS-----
+MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97
+TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA
+gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO
+L8wka5B33qJoplISogOdIA==
+-----END DSA PARAMETERS-----
diff --git a/src/lib/libssl/src/apps/dsap.pem b/src/lib/libssl/src/apps/dsap.pem
new file mode 100644
index 0000000000..d4dfdb3054
--- /dev/null
+++ b/src/lib/libssl/src/apps/dsap.pem
@@ -0,0 +1,6 @@
+-----BEGIN DSA PARAMETERS-----
+MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
+GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
+t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
+ADiRffvSdhrNw5dkqdql
+-----END DSA PARAMETERS-----
diff --git a/src/lib/libssl/src/apps/dsaparam.c b/src/lib/libssl/src/apps/dsaparam.c
new file mode 100644
index 0000000000..6e99289bd3
--- /dev/null
+++ b/src/lib/libssl/src/apps/dsaparam.c
@@ -0,0 +1,342 @@
+/* apps/dsaparam.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "bn.h"
+#include "rand.h"
+#include "dsa.h"
+#include "x509.h"
+#include "pem.h"
+#undef PROG
+#define PROG    dsaparam_main
+/* -inform arg  - input format - default PEM (one of DER, TXT or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg      - input file - default stdin
+ * -out arg     - output file - default stdout
+ * -noout
+ * -text
+ * -C
+ * -noout
+ */
+#ifndef NOPROTO
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
+#else
+static void MS_CALLBACK dsa_cb();
+#endif
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        DSA *dsa=NULL;
+        int i,badops=0,text=0;
+        BIO *in=NULL,*out=NULL;
+        int informat,outformat,noout=0,C=0,ret=1;
+        char *infile,*outfile,*prog,*inrand=NULL;
+        int numbits= -1,num;
+        char buffer[200],*randfile=NULL;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        infile=NULL;
+        outfile=NULL;
+        informat=FORMAT_PEM;
+        outformat=FORMAT_PEM;
+        prog=argv[0];
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-inform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        informat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-outform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outformat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-text") == 0)
+                        text=1;
+                else if (strcmp(*argv,"-C") == 0)
+                        C=1;
+                else if (strcmp(*argv,"-rand") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        inrand= *(++argv);
+                        }
+                else if (strcmp(*argv,"-noout") == 0)
+                        noout=1;
+                else if (sscanf(*argv,"%d",&num) == 1)
+                        {
+                        /* generate a key */
+                        numbits=num;
+                        }
+                else
+                        {
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+bad:
+                BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
+                BIO_printf(bio_err,"where options are\n");
+                BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+                BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
+                BIO_printf(bio_err," -in arg       inout file\n");
+                BIO_printf(bio_err," -out arg      output file\n");
+                BIO_printf(bio_err," -text         check the DSA parameters\n");
+                BIO_printf(bio_err," -C            Output C code\n");
+                BIO_printf(bio_err," -noout        no output\n");
+                BIO_printf(bio_err," -rand         files to use for random number input\n");
+                BIO_printf(bio_err," number        number of bits to use for generating private key\n");
+                goto end;
+                }
+        ERR_load_crypto_strings();
+        in=BIO_new(BIO_s_file());
+        out=BIO_new(BIO_s_file());
+        if ((in == NULL) || (out == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (infile == NULL)
+                BIO_set_fp(in,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(in,infile) <= 0)
+                        {
+                        perror(infile);
+                        goto end;
+                        }
+                }
+        if (outfile == NULL)
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_write_filename(out,outfile) <= 0)
+                        {
+                        perror(outfile);
+                        goto end;
+                        }
+                }
+        if (numbits > 0)
+                {
+                randfile=RAND_file_name(buffer,200);
+                RAND_load_file(randfile,1024L*1024L);
+                BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+                BIO_printf(bio_err,"This could take some time\n");
+                dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,
+                        dsa_cb,(char *)bio_err);
+                }
+        else if (informat == FORMAT_ASN1)
+                dsa=d2i_DSAparams_bio(in,NULL);
+        else if (informat == FORMAT_PEM)
+                dsa=PEM_read_bio_DSAparams(in,NULL,NULL);
+        else
+                {
+                BIO_printf(bio_err,"bad input format specified\n");
+                goto end;
+                }
+        if (dsa == NULL)
+                {
+                BIO_printf(bio_err,"unable to load DSA parameters\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (text)
+                {
+                DSAparams_print(out,dsa);
+                }
+        
+        if (C)
+                {
+                unsigned char *data;
+                int l,len,bits_p,bits_q,bits_g;
+                len=BN_num_bytes(dsa->p);
+                bits_p=BN_num_bits(dsa->p);
+                bits_q=BN_num_bits(dsa->q);
+                bits_g=BN_num_bits(dsa->g);
+                data=(unsigned char *)Malloc(len+20);
+                if (data == NULL)
+                        {
+                        perror("Malloc");
+                        goto end;
+                        }
+                l=BN_bn2bin(dsa->p,data);
+                printf("static unsigned char dsa%d_p[]={",bits_p);
+                for (i=0; i<l; i++)
+                        {
+                        if ((i%12) == 0) printf("\n\t");
+                        printf("0x%02X,",data[i]);
+                        }
+                printf("\n\t};\n");
+                l=BN_bn2bin(dsa->q,data);
+                printf("static unsigned char dsa%d_q[]={",bits_p);
+                for (i=0; i<l; i++)
+                        {
+                        if ((i%12) == 0) printf("\n\t");
+                        printf("0x%02X,",data[i]);
+                        }
+                printf("\n\t};\n");
+                l=BN_bn2bin(dsa->g,data);
+                printf("static unsigned char dsa%d_g[]={",bits_p);
+                for (i=0; i<l; i++)
+                        {
+                        if ((i%12) == 0) printf("\n\t");
+                        printf("0x%02X,",data[i]);
+                        }
+                printf("\n\t};\n\n");
+                printf("DSA *get_dsa%d()\n\t{\n",bits_p);
+                printf("\tDSA *dsa;\n\n");
+                printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n");
+                printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n",
+                        bits_p,bits_p);
+                printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n",
+                        bits_p,bits_p);
+                printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
+                        bits_p,bits_p);
+                printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
+                printf("\t\treturn(NULL);\n");
+                printf("\treturn(dsa);\n\t}\n");
+                }
+        if (!noout)
+                {
+                if      (outformat == FORMAT_ASN1)
+                        i=i2d_DSAparams_bio(out,dsa);
+                else if (outformat == FORMAT_PEM)
+                        i=PEM_write_bio_DSAparams(out,dsa);
+                else    {
+                        BIO_printf(bio_err,"bad output format specified for outfile\n");
+                        goto end;
+                        }
+                if (!i)
+                        {
+                        BIO_printf(bio_err,"unable to write DSA paramaters\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                }
+        ret=0;
+end:
+        if (in != NULL) BIO_free(in);
+        if (out != NULL) BIO_free(out);
+        if (dsa != NULL) DSA_free(dsa);
+        EXIT(ret);
+        }
+static void MS_CALLBACK dsa_cb(p, n, arg)
+int p;
+int n;
+char *arg;
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write((BIO *)arg,&c,1);
+        BIO_flush((BIO *)arg);
+#ifdef LINT
+        p=n;
+#endif
+        }
diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c
new file mode 100644
index 0000000000..c00d520b44
--- /dev/null
+++ b/src/lib/libssl/src/apps/enc.c
@@ -0,0 +1,561 @@
+/* apps/enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#ifdef NO_MD5
+#include "md5.h"
+#endif
+#include "pem.h"
+#ifndef NOPROTO
+int set_hex(char *in,unsigned char *out,int size);
+#else
+int set_hex();
+#endif
+#undef SIZE
+#undef BSIZE
+#undef PROG
+#define SIZE    (512)
+#define BSIZE   (8*1024)
+#define PROG    enc_main
+int MAIN(argc,argv)
+int argc;
+char **argv;
+        {
+        char *strbuf=NULL;
+        unsigned char *buff=NULL,*bufsize=NULL;
+        int bsize=BSIZE,verbose=0;
+        int ret=1,inl;
+        unsigned char key[24],iv[MD5_DIGEST_LENGTH];
+        char *str=NULL;
+        char *hkey=NULL,*hiv=NULL;
+        int enc=1,printkey=0,i,base64=0;
+        int debug=0,olb64=0;
+        EVP_CIPHER *cipher=NULL,*c;
+        char *inf=NULL,*outf=NULL;
+        BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+#define PROG_NAME_SIZE  16
+        char pname[PROG_NAME_SIZE];
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        /* first check the program name */
+        program_name(argv[0],pname,PROG_NAME_SIZE);
+        if (strcmp(pname,"base64") == 0)
+                base64=1;
+        cipher=EVP_get_cipherbyname(pname);
+        if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
+                {
+                BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
+                goto bad;
+                }
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-e") == 0)
+                        enc=1;
+                else if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        inf= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outf= *(++argv);
+                        }
+                else if (strcmp(*argv,"-d") == 0)
+                        enc=0;
+                else if (strcmp(*argv,"-p") == 0)
+                        printkey=1;
+                else if (strcmp(*argv,"-v") == 0)
+                        verbose=1;
+                else if ((strcmp(*argv,"-debug") == 0) ||
+                         (strcmp(*argv,"-d") == 0))
+                        debug=1;
+                else if (strcmp(*argv,"-P") == 0)
+                        printkey=2;
+                else if (strcmp(*argv,"-A") == 0)
+                        olb64=1;
+                else if (strcmp(*argv,"-a") == 0)
+                        base64=1;
+                else if (strcmp(*argv,"-base64") == 0)
+                        base64=1;
+                else if (strcmp(*argv,"-bufsize") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        bufsize=(unsigned char *)*(++argv);
+                        }
+                else if (strcmp(*argv,"-k") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        str= *(++argv);
+                        }
+                else if (strcmp(*argv,"-kfile") == 0)
+                        {
+                        static char buf[128];
+                        FILE *infile;
+                        char *file;
+                        if (--argc < 1) goto bad;
+                        file= *(++argv);
+                        infile=fopen(file,"r");
+                        if (infile == NULL)
+                                {
+                                BIO_printf(bio_err,"unable to read key from '%s'\n",
+                                        file);
+                                goto bad;
+                                }
+                        buf[0]='\0';
+                        fgets(buf,128,infile);
+                        fclose(infile);
+                        i=strlen(buf);
+                        if ((i > 0) &&
+                                ((buf[i-1] == '\n') || (buf[i-1] == '\r')))
+                                buf[--i]='\0';
+                        if ((i > 0) &&
+                                ((buf[i-1] == '\n') || (buf[i-1] == '\r')))
+                                buf[--i]='\0';
+                        if (i < 1)
+                                {
+                                BIO_printf(bio_err,"zero length password\n");
+                                goto bad;
+                                }
+                        str=buf;
+                        }
+                else if (strcmp(*argv,"-K") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        hkey= *(++argv);
+                        }
+                else if (strcmp(*argv,"-iv") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        hiv= *(++argv);
+                        }
+                else if ((argv[0][0] == '-') &&
+                        ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
+                        {
+                        cipher=c;
+                        }
+                else if (strcmp(*argv,"-none") == 0)
+                        cipher=NULL;
+                else
+                        {
+                        BIO_printf(bio_err,"unknown option '%s'\n",*argv);
+bad:
+                        BIO_printf(bio_err,"options are\n");
+                        BIO_printf(bio_err,"%-14s input file\n","-in <file>");
+                        BIO_printf(bio_err,"%-14s output fileencrypt\n","-out <file>");
+                        BIO_printf(bio_err,"%-14s encrypt\n","-e");
+                        BIO_printf(bio_err,"%-14s decrypt\n","-d");
+                        BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
+                        BIO_printf(bio_err,"%-14s key is the next argument\n","-k");
+                        BIO_printf(bio_err,"%-14s key is the first line of the file argument\n","-kfile");
+                        BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
+                        BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
+                        BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+                        BIO_printf(bio_err,"Cipher Types\n");
+                        BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
+                        BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n");
+                        BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n");
+#ifndef NO_IDEA
+                        BIO_printf(bio_err,"idea    :128 bit key IDEA encryption\n");
+#endif
+#ifndef NO_RC4
+                        BIO_printf(bio_err,"rc2     :128 bit key RC2 encryption\n");
+#endif
+#ifndef NO_BLOWFISH
+                        BIO_printf(bio_err,"bf      :128 bit key BlowFish encryption\n");
+#endif
+#ifndef NO_RC4
+                        BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
+                                LN_rc4);
+#endif
+                        BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+                                LN_des_ecb,LN_des_cbc,
+                                LN_des_cfb64,LN_des_ofb64);
+                        BIO_printf(bio_err," -%-4s (%s)\n",
+                                "des", LN_des_cbc);
+                        BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+                                LN_des_ede,LN_des_ede_cbc,
+                                LN_des_ede_cfb64,LN_des_ede_ofb64);
+                        BIO_printf(bio_err," -desx -none\n");
+                        BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+                                LN_des_ede3,LN_des_ede3_cbc,
+                                LN_des_ede3_cfb64,LN_des_ede3_ofb64);
+                        BIO_printf(bio_err," -%-4s (%s)\n",
+                                "des3", LN_des_ede3_cbc);
+#ifndef NO_IDEA
+                        BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+                                LN_idea_ecb, LN_idea_cbc,
+                                LN_idea_cfb64, LN_idea_ofb64);
+                        BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc);
+#endif
+#ifndef NO_RC2
+                        BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+                                LN_rc2_ecb, LN_rc2_cbc,
+                                LN_rc2_cfb64, LN_rc2_ofb64);
+                        BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
+#endif
+#ifndef NO_BLOWFISH
+                        BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+                                LN_bf_ecb, LN_bf_cbc,
+                                LN_bf_cfb64, LN_bf_ofb64);
+                        BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
+#endif
+#ifndef NO_BLOWFISH
+                        BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+                                LN_cast5_ecb, LN_cast5_cbc,
+                                LN_cast5_cfb64, LN_cast5_ofb64);
+                        BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
+#endif
+#ifndef NO_BLOWFISH
+                        BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+                                LN_rc5_ecb, LN_rc5_cbc,
+                                LN_rc5_cfb64, LN_rc5_ofb64);
+                        BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
+#endif
+                        goto end;
+                        }
+                argc--;
+                argv++;
+                }
+        if (bufsize != NULL)
+                {
+                unsigned long n;
+                for (n=0; *bufsize; bufsize++)
+                        {
+                        i= *bufsize;
+                        if ((i <= '9') && (i >= '0'))
+                                n=n*10+i-'0';
+                        else if (i == 'k')
+                                {
+                                n*=1024;
+                                bufsize++;
+                                break;
+                                }
+                        }
+                if (*bufsize != '\0')
+                        {
+                        BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
+                        goto end;
+                        }
+                /* It must be large enough for a base64 encoded line */
+                if (n < 80) n=80;
+                bsize=(int)n;
+                if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
+                }
+        strbuf=Malloc(SIZE);
+        buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
+        if ((buff == NULL) || (strbuf == NULL))
+                {
+                BIO_printf(bio_err,"Malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
+                goto end;
+                }
+        in=BIO_new(BIO_s_file());
+        out=BIO_new(BIO_s_file());
+        if ((in == NULL) || (out == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (debug)
+                {
+                BIO_set_callback(in,BIO_debug_callback);
+                BIO_set_callback(out,BIO_debug_callback);
+                BIO_set_callback_arg(in,bio_err);
+                BIO_set_callback_arg(out,bio_err);
+                }
+        if (inf == NULL)
+                BIO_set_fp(in,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(in,inf) <= 0)
+                        {
+                        perror(inf);
+                        goto end;
+                        }
+                }
+        if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
+                {
+                for (;;)
+                        {
+                        char buf[200];
+                        sprintf(buf,"enter %s %s password:",
+                                OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+                                (enc)?"encryption":"decryption");
+                        strbuf[0]='\0';
+                        i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
+                        if (i == 0)
+                                {
+                                if (strbuf[0] == '\0')
+                                        {
+                                        ret=1;
+                                        goto end;
+                                        }
+                                str=strbuf;
+                                break;
+                                }
+                        if (i < 0)
+                                {
+                                BIO_printf(bio_err,"bad password read\n");
+                                goto end;
+                                }
+                        }
+                }
+        if (cipher != NULL)
+                {
+                if (str != NULL)
+                        {
+                        EVP_BytesToKey(cipher,EVP_md5(),NULL,
+                                (unsigned char *)str,
+                                strlen(str),1,key,iv);
+                        /* zero the complete buffer or the string
+                         * passed from the command line
+                         * bug picked up by
+                         * Larry J. Hughes Jr. <hughes@indiana.edu> */
+                        if (str == strbuf)
+                                memset(str,0,SIZE);
+                        else
+                                memset(str,0,strlen(str));
+                        }
+                if ((hiv != NULL) && !set_hex(hiv,iv,8))
+                        {
+                        BIO_printf(bio_err,"invalid hex iv value\n");
+                        goto end;
+                        }
+                if ((hkey != NULL) && !set_hex(hkey,key,24))
+                        {
+                        BIO_printf(bio_err,"invalid hex key value\n");
+                        goto end;
+                        }
+                if ((benc=BIO_new(BIO_f_cipher())) == NULL)
+                        goto end;
+                BIO_set_cipher(benc,cipher,key,iv,enc);
+                if (debug)
+                        {
+                        BIO_set_callback(benc,BIO_debug_callback);
+                        BIO_set_callback_arg(benc,bio_err);
+                        }
+                if (printkey)
+                        {
+                        if (cipher->key_len > 0)
+                                {
+                                printf("key=");
+                                for (i=0; i<cipher->key_len; i++)
+                                        printf("%02X",key[i]);
+                                printf("\n");
+                                }
+                        if (cipher->iv_len > 0)
+                                {
+                                printf("iv =");
+                                for (i=0; i<cipher->iv_len; i++)
+                                        printf("%02X",iv[i]);
+                                printf("\n");
+                                }
+                        if (printkey == 2)
+                                {
+                                ret=0;
+                                goto end;
+                                }
+                        }
+                }
+        if (outf == NULL)
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_write_filename(out,outf) <= 0)
+                        {
+                        perror(outf);
+                        goto end;
+                        }
+                }
+        rbio=in;
+        wbio=out;
+        if (base64)
+                {
+                if ((b64=BIO_new(BIO_f_base64())) == NULL)
+                        goto end;
+                if (debug)
+                        {
+                        BIO_set_callback(b64,BIO_debug_callback);
+                        BIO_set_callback_arg(b64,bio_err);
+                        }
+                if (olb64)
+                        BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
+                if (enc)
+                        wbio=BIO_push(b64,wbio);
+                else
+                        rbio=BIO_push(b64,rbio);
+                }
+        /* Only encrypt/decrypt as we write the file */
+        if (benc != NULL)
+                wbio=BIO_push(benc,wbio);
+        for (;;)
+                {
+                inl=BIO_read(rbio,(char *)buff,bsize);
+                if (inl <= 0) break;
+                if (BIO_write(wbio,(char *)buff,inl) != inl)
+                        {
+                        BIO_printf(bio_err,"error writing output file\n");
+                        goto end;
+                        }
+                }
+        if (!BIO_flush(wbio))
+                {
+                BIO_printf(bio_err,"bad decrypt\n");
+                goto end;
+                }
+        ret=0;
+        if (verbose)
+                {
+                BIO_printf(bio_err,"bytes read   :%8ld\n",BIO_number_read(in));
+                BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
+                }
+end:
+        if (strbuf != NULL) Free(strbuf);
+        if (buff != NULL) Free(buff);
+        if (in != NULL) BIO_free(in);
+        if (out != NULL) BIO_free(out);
+        if (benc != NULL) BIO_free(benc);
+        if (b64 != NULL) BIO_free(b64);
+        EXIT(ret);
+        }
+int set_hex(in,out,size)
+char *in;
+unsigned char *out;
+int size;
+        {
+        int i,n;
+        unsigned char j;
+        n=strlen(in);
+        if (n > (size*2))
+                {
+                BIO_printf(bio_err,"hex string is too long\n");
+                return(0);
+                }
+        memset(out,0,size);
+        for (i=0; i<n; i++)
+                {
+                j=(unsigned char)*in;
+                *(in++)='\0';
+                if (j == 0) break;
+                if ((j >= '0') && (j <= '9'))
+                        j-='0';
+                else if ((j >= 'A') && (j <= 'F'))
+                        j=j-'A'+10;
+                else if ((j >= 'a') && (j <= 'f'))
+                        j=j-'a'+10;
+                else
+                        {
+                        BIO_printf(bio_err,"non-hex digit\n");
+                        return(0);
+                        }
+                if (i&1)
+                        out[i/2]|=j;
+                else
+                        out[i/2]=(j<<4);
+                }
+        return(1);
+        }
diff --git a/src/lib/libssl/src/apps/errstr.c b/src/lib/libssl/src/apps/errstr.c
new file mode 100644
index 0000000000..d2b2b3fcea
--- /dev/null
+++ b/src/lib/libssl/src/apps/errstr.c
@@ -0,0 +1,116 @@
+/* apps/errstr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "lhash.h"
+#include "err.h"
+#include "ssl.h"
+#undef PROG
+#define PROG    errstr_main
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        int i,ret=0;
+        char buf[256];
+        unsigned long l;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        SSL_load_error_strings();
+        if ((argc > 1) && (strcmp(argv[1],"-stats") == 0))
+                {
+                BIO *out=NULL;
+                out=BIO_new(BIO_s_file());
+                if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
+                        {
+                        lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
+                        lh_stats_bio((LHASH *)ERR_get_string_table(),out);
+                        lh_node_usage_stats_bio((LHASH *)
+                                ERR_get_string_table(),out);
+                        }
+                if (out != NULL) BIO_free(out);
+                argc--;
+                argv++;
+                }
+        for (i=1; i<argc; i++)
+                {
+                if (sscanf(argv[i],"%lx",&l))
+                        printf("%s\n",ERR_error_string(l,buf));
+                else
+                        {
+                        printf("%s: bad error code\n",argv[i]);
+                        printf("usage: errstr [-stats] <errno> ...\n");
+                        ret++;
+                        }
+                }
+        EXIT(ret);
+        }
diff --git a/src/lib/libssl/src/apps/gendh.c b/src/lib/libssl/src/apps/gendh.c
new file mode 100644
index 0000000000..2790f179fd
--- /dev/null
+++ b/src/lib/libssl/src/apps/gendh.c
@@ -0,0 +1,235 @@
+/* apps/gendh.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "bio.h"
+#include "rand.h"
+#include "err.h"
+#include "bn.h"
+#include "dh.h"
+#include "x509.h"
+#include "pem.h"
+#define DEFBITS 512
+#undef PROG
+#define PROG gendh_main
+#ifndef NOPROTO
+static void MS_CALLBACK dh_cb(int p, int n, char *arg);
+static long dh_load_rand(char *names);
+#else
+static void MS_CALLBACK dh_cb();
+static long dh_load_rand();
+#endif
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        char buffer[200];
+        DH *dh=NULL;
+        int ret=1,num=DEFBITS;
+        int g=2;
+        char *outfile=NULL;
+        char *inrand=NULL,*randfile;
+        BIO *out=NULL;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        argv++;
+        argc--;
+        for (;;)
+                {
+                if (argc <= 0) break;
+                if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-2") == 0)
+                        g=2;
+        /*      else if (strcmp(*argv,"-3") == 0)
+                        g=3; */
+                else if (strcmp(*argv,"-5") == 0)
+                        g=5;
+                else if (strcmp(*argv,"-rand") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        inrand= *(++argv);
+                        }
+                else
+                        break;
+                argv++;
+                argc--;
+                }
+        if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
+                {
+bad:
+                BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
+                BIO_printf(bio_err," -out file - output the key to 'file\n");
+                BIO_printf(bio_err," -2    use 2 as the generator value\n");
+        /*      BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
+                BIO_printf(bio_err," -5    use 5 as the generator value\n");
+                BIO_printf(bio_err," -rand file:file:...\n");
+                BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
+                BIO_printf(bio_err,"             the random number generator\n");
+                goto end;
+                }
+                
+        out=BIO_new(BIO_s_file());
+        if (out == NULL)
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (outfile == NULL)
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_write_filename(out,outfile) <= 0)
+                        {
+                        perror(outfile);
+                        goto end;
+                        }
+                }
+        randfile=RAND_file_name(buffer,200);
+        if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
+                BIO_printf(bio_err,"unable to load 'random state'\n");
+        if (inrand == NULL)
+                BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+        else
+                {
+                BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+                        dh_load_rand(inrand));
+                }
+        BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
+        BIO_printf(bio_err,"This is going to take a long time\n");
+        dh=DH_generate_parameters(num,g,dh_cb,(char *)bio_err);
+                
+        if (dh == NULL) goto end;
+        if (randfile == NULL)
+                BIO_printf(bio_err,"unable to write 'random state'\n");
+        else
+                RAND_write_file(randfile);
+        if (!PEM_write_bio_DHparams(out,dh))
+                goto end;
+        ret=0;
+end:
+        if (ret != 0)
+                ERR_print_errors(bio_err);
+        if (out != NULL) BIO_free(out);
+        if (dh != NULL) DH_free(dh);
+        EXIT(ret);
+        }
+static void MS_CALLBACK dh_cb(p,n,arg)
+int p;
+int n;
+char *arg;
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write((BIO *)arg,&c,1);
+        BIO_flush((BIO *)arg);
+#ifdef LINT
+        p=n;
+#endif
+        }
+static long dh_load_rand(name)
+char *name;
+        {
+        char *p,*n;
+        int last;
+        long tot=0;
+        for (;;)
+                {
+                last=0;
+                for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+                if (*p == '\0') last=1;
+                *p='\0';
+                n=name;
+                name=p+1;
+                if (*n == '\0') break;
+                tot+=RAND_load_file(n,1);
+                if (last) break;
+                }
+        return(tot);
+        }
diff --git a/src/lib/libssl/src/apps/gendsa.c b/src/lib/libssl/src/apps/gendsa.c
new file mode 100644
index 0000000000..e0e5afa400
--- /dev/null
+++ b/src/lib/libssl/src/apps/gendsa.c
@@ -0,0 +1,220 @@
+/* apps/gendsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "bio.h"
+#include "rand.h"
+#include "err.h"
+#include "bn.h"
+#include "dsa.h"
+#include "x509.h"
+#include "pem.h"
+#define DEFBITS 512
+#undef PROG
+#define PROG gendsa_main
+#ifndef NOPROTO
+static long dsa_load_rand(char *names);
+#else
+static long dsa_load_rand();
+#endif
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        char buffer[200];
+        DSA *dsa=NULL;
+        int ret=1,num=DEFBITS;
+        char *outfile=NULL;
+        char *inrand=NULL,*randfile,*dsaparams=NULL;
+        BIO *out=NULL,*in=NULL;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        argv++;
+        argc--;
+        for (;;)
+                {
+                if (argc <= 0) break;
+                if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-rand") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        inrand= *(++argv);
+                        }
+                else if (strcmp(*argv,"-") == 0)
+                        goto bad;
+                else if (dsaparams == NULL)
+                        {
+                        dsaparams= *argv;
+                        }
+                else
+                        goto bad;
+                argv++;
+                argc--;
+                }
+        if (dsaparams == NULL)
+                {
+bad:
+                BIO_printf(bio_err,"usage: gendsa [args] [numbits]\n");
+                BIO_printf(bio_err," -out file - output the key to 'file\n");
+                BIO_printf(bio_err," -rand file:file:...\n");
+                BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
+                BIO_printf(bio_err,"             the random number generator\n");
+                goto end;
+                }
+        in=BIO_new(BIO_s_file());
+        if (!(BIO_read_filename(in,"dsaparams")))
+                {
+                perror(dsaparams);
+                goto end;
+                }
+        if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL)
+                {
+                BIO_printf(bio_err,"unable to load DSA parameter file\n");
+                goto end;
+                }
+        BIO_free(in);
+                
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) goto end;
+        if (outfile == NULL)
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_write_filename(out,outfile) <= 0)
+                        {
+                        perror(outfile);
+                        goto end;
+                        }
+                }
+        randfile=RAND_file_name(buffer,200);
+        if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
+                BIO_printf(bio_err,"unable to load 'random state'\n");
+        if (inrand == NULL)
+                BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+        else
+                {
+                BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+                        dsa_load_rand(inrand));
+                }
+        BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+        BIO_printf(bio_err,"This could take some time\n");
+        if (!DSA_generate_key(dsa)) goto end;
+        if (randfile == NULL)
+                BIO_printf(bio_err,"unable to write 'random state'\n");
+        else
+                RAND_write_file(randfile);
+        if (!PEM_write_bio_DSAPrivateKey(out,dsa,EVP_des_ede3_cbc(),NULL,0,NULL))
+                goto end;
+        ret=0;
+end:
+        if (ret != 0)
+                ERR_print_errors(bio_err);
+        if (out != NULL) BIO_free(out);
+        if (dsa != NULL) DSA_free(dsa);
+        EXIT(ret);
+        }
+static long dsa_load_rand(name)
+char *name;
+        {
+        char *p,*n;
+        int last;
+        long tot=0;
+        for (;;)
+                {
+                last=0;
+                for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+                if (*p == '\0') last=1;
+                *p='\0';
+                n=name;
+                name=p+1;
+                if (*n == '\0') break;
+                tot+=RAND_load_file(n,1);
+                if (last) break;
+                }
+        return(tot);
+        }
diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c
new file mode 100644
index 0000000000..cdba6189ad
--- /dev/null
+++ b/src/lib/libssl/src/apps/genrsa.c
@@ -0,0 +1,278 @@
+/* apps/genrsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "bio.h"
+#include "rand.h"
+#include "err.h"
+#include "bn.h"
+#include "rsa.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+#define DEFBITS 512
+#undef PROG
+#define PROG genrsa_main
+#ifndef NOPROTO
+static void MS_CALLBACK genrsa_cb(int p, int n, char *arg);
+static long gr_load_rand(char *names);
+#else
+static void MS_CALLBACK genrsa_cb();
+static long gr_load_rand();
+#endif
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        int ret=1;
+        char buffer[200];
+        RSA *rsa=NULL;
+        int i,num=DEFBITS;
+        long rnum=0,l;
+        EVP_CIPHER *enc=NULL;
+        unsigned long f4=RSA_F4;
+        char *outfile=NULL;
+        char *inrand=NULL,*randfile;
+        BIO *out=NULL;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        if ((out=BIO_new(BIO_s_file())) == NULL)
+                {
+                BIO_printf(bio_err,"unable to creat BIO for output\n");
+                goto err;
+                }
+        argv++;
+        argc--;
+        for (;;)
+                {
+                if (argc <= 0) break;
+                if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-3") == 0)
+                        f4=3;
+                else if (strcmp(*argv,"-F4") == 0)
+                        f4=RSA_F4;
+                else if (strcmp(*argv,"-rand") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        inrand= *(++argv);
+                        }
+#ifndef NO_DES
+                else if (strcmp(*argv,"-des") == 0)
+                        enc=EVP_des_cbc();
+                else if (strcmp(*argv,"-des3") == 0)
+                        enc=EVP_des_ede3_cbc();
+#endif
+#ifndef NO_IDEA
+                else if (strcmp(*argv,"-idea") == 0)
+                        enc=EVP_idea_cbc();
+#endif
+                else
+                        break;
+                argv++;
+                argc--;
+                }
+        if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
+                {
+bad:
+                BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
+                BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
+                BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+#ifndef NO_IDEA
+                BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
+#endif
+                BIO_printf(bio_err," -out file - output the key to 'file\n");
+                BIO_printf(bio_err," -f4       - use F4 (0x10001) for the E value\n");
+                BIO_printf(bio_err," -3        - use 3 for the E value\n");
+                BIO_printf(bio_err," -rand file:file:...\n");
+                BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
+                BIO_printf(bio_err,"             the random number generator\n");
+                goto err;
+                }
+                
+        ERR_load_crypto_strings();
+        if (outfile == NULL)
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_write_filename(out,outfile) <= 0)
+                        {
+                        perror(outfile);
+                        goto err;
+                        }
+                }
+#ifdef WINDOWS
+        BIO_printf(bio_err,"Loading 'screen' into random state -");
+        BIO_flush(bio_err);
+        RAND_screen();
+        BIO_printf(bio_err," done\n");
+#endif
+        randfile=RAND_file_name(buffer,200);
+        if ((randfile == NULL) ||
+                 !(rnum=(long)RAND_load_file(randfile,1024L*1024L)))
+                {
+                BIO_printf(bio_err,"unable to load 'random state'\n");
+                }
+        if (inrand == NULL)
+                {
+                if (rnum == 0)
+                        {
+                        BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+                        }
+                }
+        else
+                {
+                rnum+=gr_load_rand(inrand);
+                }
+        if (rnum != 0)
+                BIO_printf(bio_err,"%ld semi-random bytes loaded\n",rnum);
+        BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
+                num);
+        rsa=RSA_generate_key(num,f4,genrsa_cb,(char *)bio_err);
+                
+        if (randfile == NULL)
+                BIO_printf(bio_err,"unable to write 'random state'\n");
+        else
+                RAND_write_file(randfile);
+        if (rsa == NULL) goto err;
+        
+        /* We need to do the folloing for when the base number size is <
+         * long, esp windows 3.1 :-(. */
+        l=0L;
+        for (i=0; i<rsa->e->top; i++)
+                {
+#ifndef SIXTY_FOUR_BIT
+                l<<=BN_BITS4;
+                l<<=BN_BITS4;
+#endif
+                l+=rsa->e->d[i];
+                }
+        BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
+        if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL))
+                goto err;
+        ret=0;
+err:
+        if (rsa != NULL) RSA_free(rsa);
+        if (out != NULL) BIO_free(out);
+        if (ret != 0)
+                ERR_print_errors(bio_err);
+        EXIT(ret);
+        }
+static void MS_CALLBACK genrsa_cb(p, n, arg)
+int p;
+int n;
+char *arg;
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write((BIO *)arg,&c,1);
+        BIO_flush((BIO *)arg);
+#ifdef LINT
+        p=n;
+#endif
+        }
+static long gr_load_rand(name)
+char *name;
+        {
+        char *p,*n;
+        int last;
+        long tot=0;
+        for (;;)
+                {
+                last=0;
+                for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+                if (*p == '\0') last=1;
+                *p='\0';
+                n=name;
+                name=p+1;
+                if (*n == '\0') break;
+                tot+=RAND_load_file(n,1024L*1024L);
+                if (last) break;
+                }
+        return(tot);
+        }
diff --git a/src/lib/libssl/src/apps/pca-cert.srl b/src/lib/libssl/src/apps/pca-cert.srl
new file mode 100644
index 0000000000..8a0f05e166
--- /dev/null
+++ b/src/lib/libssl/src/apps/pca-cert.srl
@@ -0,0 +1 @@
+01
diff --git a/src/lib/libssl/src/apps/pca-key.pem b/src/lib/libssl/src/apps/pca-key.pem
new file mode 100644
index 0000000000..20029ab779
--- /dev/null
+++ b/src/lib/libssl/src/apps/pca-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/apps/pca-req.pem b/src/lib/libssl/src/apps/pca-req.pem
new file mode 100644
index 0000000000..33f155337b
--- /dev/null
+++ b/src/lib/libssl/src/apps/pca-req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmjCCAQMCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
+GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAo
+MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfj
+Irkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUX
+MRsp22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3
+vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAEzz
+IG8NnfpnPTQSCN5zJhOfy6p9AcDyQzuJirYv1HR/qoYWalPh/U2uiK0lAim7qMcv
+wOlK3I7A8B7/4dLqvIqgtUj9b1WT8zIrnwdvJI4osLI2BY+c1pVlp174DHLMol1L
+Cl1e3N5BTm7lCitTYjuUhsw6hiA8IcdNKDo6sktV
+-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/src/apps/pkcs7.c b/src/lib/libssl/src/apps/pkcs7.c
new file mode 100644
index 0000000000..4105dbd9ef
--- /dev/null
+++ b/src/lib/libssl/src/apps/pkcs7.c
@@ -0,0 +1,315 @@
+/* apps/pkcs7.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "err.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+#include "pkcs7.h"
+#include "pem.h"
+#undef PROG
+#define PROG    pkcs7_main
+/* -inform arg  - input format - default PEM (one of DER, TXT or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg      - input file - default stdin
+ * -out arg     - output file - default stdout
+ * -des         - encrypt output if PEM format with DES in cbc mode
+ * -des3        - encrypt output if PEM format
+ * -idea        - encrypt output if PEM format
+ * -print_certs
+ */
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        PKCS7 *p7=NULL;
+        int i,badops=0;
+#if !defined(NO_DES) || !defined(NO_IDEA)
+        EVP_CIPHER *enc=NULL;
+#endif
+        BIO *in=NULL,*out=NULL;
+        int informat,outformat;
+        char *infile,*outfile,*prog,buf[256];
+        int print_certs=0;
+        int ret=0;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        infile=NULL;
+        outfile=NULL;
+        informat=FORMAT_PEM;
+        outformat=FORMAT_PEM;
+        prog=argv[0];
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-inform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        informat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-outform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outformat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-print_certs") == 0)
+                        print_certs=1;
+#ifndef NO_DES
+                else if (strcmp(*argv,"-des") == 0)
+                        enc=EVP_des_cbc();
+                else if (strcmp(*argv,"-des3") == 0)
+                        enc=EVP_des_ede3_cbc();
+#endif
+#ifndef NO_IDEA
+                else if (strcmp(*argv,"-idea") == 0)
+                        enc=EVP_idea_cbc();
+#endif
+                else
+                        {
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+bad:
+                BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+                BIO_printf(bio_err,"where options are\n");
+                BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+                BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
+                BIO_printf(bio_err," -in arg       inout file\n");
+                BIO_printf(bio_err," -out arg      output file\n");
+                BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
+                BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
+                BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
+#ifndef NO_IDEA
+                BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
+#endif
+                EXIT(1);
+                }
+        ERR_load_crypto_strings();
+        in=BIO_new(BIO_s_file());
+        out=BIO_new(BIO_s_file());
+        if ((in == NULL) || (out == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (infile == NULL)
+                BIO_set_fp(in,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(in,infile) <= 0)
+                if (in == NULL)
+                        {
+                        perror(infile);
+                        goto end;
+                        }
+                }
+        if      (informat == FORMAT_ASN1)
+                p7=d2i_PKCS7_bio(in,NULL);
+        else if (informat == FORMAT_PEM)
+                p7=PEM_read_bio_PKCS7(in,NULL,NULL);
+        else
+                {
+                BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
+                goto end;
+                }
+        if (p7 == NULL)
+                {
+                BIO_printf(bio_err,"unable to load PKCS7 object\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (outfile == NULL)
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_write_filename(out,outfile) <= 0)
+                        {
+                        perror(outfile);
+                        goto end;
+                        }
+                }
+        if (print_certs)
+                {
+                STACK *certs=NULL;
+                STACK *crls=NULL;
+                i=OBJ_obj2nid(p7->type);
+                switch (i)
+                        {
+                case NID_pkcs7_signed:
+                        certs=p7->d.sign->cert;
+                        crls=p7->d.sign->crl;
+                        break;
+                case NID_pkcs7_signedAndEnveloped:
+                        certs=p7->d.signed_and_enveloped->cert;
+                        crls=p7->d.signed_and_enveloped->crl;
+                        break;
+                default:
+                        break;
+                        }
+                if (certs != NULL)
+                        {
+                        X509 *x;
+                        for (i=0; i<sk_num(certs); i++)
+                                {
+                                x=(X509 *)sk_value(certs,i);
+                                X509_NAME_oneline(X509_get_subject_name(x),
+                                        buf,256);
+                                BIO_puts(out,"subject=");
+                                BIO_puts(out,buf);
+                                X509_NAME_oneline(X509_get_issuer_name(x),
+                                        buf,256);
+                                BIO_puts(out,"\nissuer= ");
+                                BIO_puts(out,buf);
+                                BIO_puts(out,"\n");
+                                PEM_write_bio_X509(out,x);
+                                BIO_puts(out,"\n");
+                                }
+                        }
+                if (crls != NULL)
+                        {
+                        X509_CRL *crl;
+                        for (i=0; i<sk_num(crls); i++)
+                                {
+                                crl=(X509_CRL *)sk_value(crls,i);
+                                X509_NAME_oneline(crl->crl->issuer,buf,256);
+                                BIO_puts(out,"issuer= ");
+                                BIO_puts(out,buf);
+                                BIO_puts(out,"\nlast update=");
+                                ASN1_UTCTIME_print(out,crl->crl->lastUpdate);
+                                BIO_puts(out,"\nnext update=");
+                                ASN1_UTCTIME_print(out,crl->crl->nextUpdate);
+                                BIO_puts(out,"\n");
+                                PEM_write_bio_X509_CRL(out,crl);
+                                BIO_puts(out,"\n");
+                                }
+                        }
+                ret=0;
+                goto end;
+                }
+        if      (outformat == FORMAT_ASN1)
+                i=i2d_PKCS7_bio(out,p7);
+        else if (outformat == FORMAT_PEM)
+                i=PEM_write_bio_PKCS7(out,p7);
+        else    {
+                BIO_printf(bio_err,"bad output format specified for outfile\n");
+                goto end;
+                }
+        if (!i)
+                {
+                BIO_printf(bio_err,"unable to write pkcs7 object\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        ret=0;
+end:
+        if (p7 != NULL) PKCS7_free(p7);
+        if (in != NULL) BIO_free(in);
+        if (out != NULL) BIO_free(out);
+        EXIT(ret);
+        }
diff --git a/src/lib/libssl/src/apps/privkey.pem b/src/lib/libssl/src/apps/privkey.pem
new file mode 100644
index 0000000000..b567e411b2
--- /dev/null
+++ b/src/lib/libssl/src/apps/privkey.pem
@@ -0,0 +1,11 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1BF8E9CE60B9941C
+JuhgIvVRrxCRedTTC9ABlIByMsq6IcpqyDZwOPS4rxTtVWvjj1BMHtoCebK7CKMZ
+dLsvztfSkdAYmTGK62C73RwlmnMxB4JXhTLaoAX2eL9iylojTWRg+/0Y4rbIKmUe
+hrmwrHld7vnfE9XHL8OoaFp6aJ8BB9B8HIfdJMnrNcTWJSGS6gYPTWPdm7ZCykEV
+2fFEX6IqWjBjaRm36Esj5mHLRVhBbi2n/jy5IhZeqjEsQ8adYGUulzPSe5xc2JZa
+OO4ch/RRqWTFP59eNPfdke3UE7uNlUhPnYDAOXhSdMJBzI+T9RQXU2y/tMOrYYK
+3+jNQcQ9q1Xy1s5dz/BOvw==
+-----END DSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/apps/progs.h b/src/lib/libssl/src/apps/progs.h
new file mode 100644
index 0000000000..ec00396ed7
--- /dev/null
+++ b/src/lib/libssl/src/apps/progs.h
@@ -0,0 +1,251 @@
+#ifndef NOPROTO
+extern int verify_main(int argc,char *argv[]);
+extern int asn1parse_main(int argc,char *argv[]);
+extern int req_main(int argc,char *argv[]);
+extern int dgst_main(int argc,char *argv[]);
+extern int dh_main(int argc,char *argv[]);
+extern int enc_main(int argc,char *argv[]);
+extern int gendh_main(int argc,char *argv[]);
+extern int errstr_main(int argc,char *argv[]);
+extern int ca_main(int argc,char *argv[]);
+extern int crl_main(int argc,char *argv[]);
+extern int rsa_main(int argc,char *argv[]);
+extern int dsa_main(int argc,char *argv[]);
+extern int dsaparam_main(int argc,char *argv[]);
+extern int x509_main(int argc,char *argv[]);
+extern int genrsa_main(int argc,char *argv[]);
+extern int s_server_main(int argc,char *argv[]);
+extern int s_client_main(int argc,char *argv[]);
+extern int speed_main(int argc,char *argv[]);
+extern int s_time_main(int argc,char *argv[]);
+extern int version_main(int argc,char *argv[]);
+extern int pkcs7_main(int argc,char *argv[]);
+extern int crl2pkcs7_main(int argc,char *argv[]);
+extern int sess_id_main(int argc,char *argv[]);
+extern int ciphers_main(int argc,char *argv[]);
+#else
+extern int verify_main();
+extern int asn1parse_main();
+extern int req_main();
+extern int dgst_main();
+extern int dh_main();
+extern int enc_main();
+extern int gendh_main();
+extern int errstr_main();
+extern int ca_main();
+extern int crl_main();
+extern int rsa_main();
+extern int dsa_main();
+extern int dsaparam_main();
+extern int x509_main();
+extern int genrsa_main();
+extern int s_server_main();
+extern int s_client_main();
+extern int speed_main();
+extern int s_time_main();
+extern int version_main();
+extern int pkcs7_main();
+extern int crl2pkcs7_main();
+extern int sess_id_main();
+extern int ciphers_main();
+#endif
+#ifdef SSLEAY_SRC
+#define FUNC_TYPE_GENERAL       1
+#define FUNC_TYPE_MD            2
+#define FUNC_TYPE_CIPHER        3
+typedef struct {
+        int type;
+        char *name;
+        int (*func)();
+        } FUNCTION;
+FUNCTION functions[] = {
+        {FUNC_TYPE_GENERAL,"verify",verify_main},
+        {FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
+#ifndef NO_RSA
+        {FUNC_TYPE_GENERAL,"req",req_main},
+#endif
+        {FUNC_TYPE_GENERAL,"dgst",dgst_main},
+#ifndef NO_DH
+        {FUNC_TYPE_GENERAL,"dh",dh_main},
+#endif
+        {FUNC_TYPE_GENERAL,"enc",enc_main},
+#ifndef NO_DH
+        {FUNC_TYPE_GENERAL,"gendh",gendh_main},
+#endif
+        {FUNC_TYPE_GENERAL,"errstr",errstr_main},
+#ifndef NO_RSA
+        {FUNC_TYPE_GENERAL,"ca",ca_main},
+#endif
+        {FUNC_TYPE_GENERAL,"crl",crl_main},
+#ifndef NO_RSA
+        {FUNC_TYPE_GENERAL,"rsa",rsa_main},
+#endif
+#ifndef NO_DSA
+        {FUNC_TYPE_GENERAL,"dsa",dsa_main},
+#endif
+#ifndef NO_DSA
+        {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
+#endif
+#ifndef NO_RSA
+        {FUNC_TYPE_GENERAL,"x509",x509_main},
+#endif
+#ifndef NO_RSA
+        {FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
+#endif
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+        {FUNC_TYPE_GENERAL,"s_server",s_server_main},
+#endif
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+        {FUNC_TYPE_GENERAL,"s_client",s_client_main},
+#endif
+        {FUNC_TYPE_GENERAL,"speed",speed_main},
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+        {FUNC_TYPE_GENERAL,"s_time",s_time_main},
+#endif
+        {FUNC_TYPE_GENERAL,"version",version_main},
+        {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
+        {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
+        {FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+        {FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
+#endif
+        {FUNC_TYPE_MD,"md2",dgst_main},
+        {FUNC_TYPE_MD,"md5",dgst_main},
+        {FUNC_TYPE_MD,"sha",dgst_main},
+        {FUNC_TYPE_MD,"sha1",dgst_main},
+        {FUNC_TYPE_MD,"mdc2",dgst_main},
+        {FUNC_TYPE_CIPHER,"base64",enc_main},
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des3",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"desx",enc_main},
+#endif
+#ifndef NO_IDEA
+        {FUNC_TYPE_CIPHER,"idea",enc_main},
+#endif
+#ifndef NO_RC4
+        {FUNC_TYPE_CIPHER,"rc4",enc_main},
+#endif
+#ifndef NO_RC2
+        {FUNC_TYPE_CIPHER,"rc2",enc_main},
+#endif
+#ifndef NO_BLOWFISH
+        {FUNC_TYPE_CIPHER,"bf",enc_main},
+#endif
+#ifndef NO_CAST
+        {FUNC_TYPE_CIPHER,"cast",enc_main},
+#endif
+#ifndef NO_RC5
+        {FUNC_TYPE_CIPHER,"rc5",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des-ecb",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des-ede",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des-ede3",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des-cbc",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des-cfb",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des-ofb",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
+#endif
+#ifndef NO_DES
+        {FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
+#endif
+#ifndef NO_IDEA
+        {FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
+#endif
+#ifndef NO_IDEA
+        {FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
+#endif
+#ifndef NO_IDEA
+        {FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
+#endif
+#ifndef NO_IDEA
+        {FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
+#endif
+#ifndef NO_RC2
+        {FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
+#endif
+#ifndef NO_RC2
+        {FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
+#endif
+#ifndef NO_RC2
+        {FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
+#endif
+#ifndef NO_RC2
+        {FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
+#endif
+#ifndef NO_BLOWFISH
+        {FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
+#endif
+#ifndef NO_BLOWFISH
+        {FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
+#endif
+#ifndef NO_BLOWFISH
+        {FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
+#endif
+#ifndef NO_BLOWFISH
+        {FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
+#endif
+#ifndef NO_CAST
+        {FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
+#endif
+#ifndef NO_CAST
+        {FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
+#endif
+#ifndef NO_CAST
+        {FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
+#endif
+#ifndef NO_CAST
+        {FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
+#endif
+#ifndef NO_CAST
+        {FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
+#endif
+#ifndef NO_RC5
+        {FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
+#endif
+#ifndef NO_RC5
+        {FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
+#endif
+#ifndef NO_RC5
+        {FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
+#endif
+#ifndef NO_RC5
+        {FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
+#endif
+        {0,NULL,NULL}
+        };
+#endif
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
new file mode 100644
index 0000000000..f51345f5a2
--- /dev/null
+++ b/src/lib/libssl/src/apps/req.c
@@ -0,0 +1,1137 @@
+/* apps/req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#ifdef NO_STDIO
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include "bio.h"
+#include "evp.h"
+#include "rand.h"
+#include "conf.h"
+#include "err.h"
+#include "asn1.h"
+#include "x509.h"
+#include "objects.h"
+#include "pem.h"
+#define SECTION         "req"
+#define BITS            "default_bits"
+#define KEYFILE         "default_keyfile"
+#define DISTINGUISHED_NAME      "distinguished_name"
+#define ATTRIBUTES      "attributes"
+#define DEFAULT_KEY_LENGTH      512
+#define MIN_KEY_LENGTH          384
+#undef PROG
+#define PROG    req_main
+/* -inform arg  - input format - default PEM (one of DER, TXT or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg      - input file - default stdin
+ * -out arg     - output file - default stdout
+ * -verify      - check request signature
+ * -noout       - don't print stuff out.
+ * -text        - print out human readable text.
+ * -nodes       - no des encryption
+ * -config file - Load configuration file.
+ * -key file    - make a request using key in file (or use it for verification).
+ * -keyform     - key file format.
+ * -newkey      - make a key and a request.
+ * -modulus     - print RSA modulus.
+ * -x509        - output a self signed X509 structure instead.
+ * -asn1-kludge - output new certificate request in a format that some CA's
+ *                require.  This format is wrong
+ */
+#ifndef NOPROTO
+static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
+static int add_attribute_object(STACK *n, char *text, char *def, 
+        char *value, int nid,int min,int max);
+static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
+        int nid,int min,int max);
+static void MS_CALLBACK req_cb(int p,int n,char *arg);
+static int req_fix_data(int nid,int *type,int len,int min,int max);
+#else
+static int make_REQ();
+static int add_attribute_object();
+static int add_DN_object();
+static void MS_CALLBACK req_cb();
+static int req_fix_data();
+#endif
+#ifndef MONOLITH
+static char *default_config_file=NULL;
+static LHASH *config=NULL;
+#endif
+static LHASH *req_conf=NULL;
+#define TYPE_RSA        1
+#define TYPE_DSA        2
+#define TYPE_DH         3
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+#ifndef NO_DSA
+        DSA *dsa_params=NULL;
+#endif
+        int ex=1,x509=0,days=30;
+        X509 *x509ss=NULL;
+        X509_REQ *req=NULL;
+        EVP_PKEY *pkey=NULL;
+        int i,badops=0,newreq=0,newkey= -1,pkey_type=0;
+        BIO *in=NULL,*out=NULL;
+        int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
+        int nodes=0,kludge=0;
+        char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+        EVP_CIPHER *cipher=NULL;
+        int modulus=0;
+        char *p;
+        EVP_MD *md_alg=NULL,*digest=EVP_md5();
+#ifndef MONOLITH
+        MS_STATIC char config_name[256];
+#endif
+#ifndef NO_DES
+        cipher=EVP_des_ede3_cbc();
+#endif
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        infile=NULL;
+        outfile=NULL;
+        informat=FORMAT_PEM;
+        outformat=FORMAT_PEM;
+        prog=argv[0];
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-inform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        informat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-outform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outformat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-key") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        keyfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-new") == 0)
+                        {
+                        pkey_type=TYPE_RSA;
+                        newreq=1;
+                        }
+                else if (strcmp(*argv,"-config") == 0)
+                        {       
+                        if (--argc < 1) goto bad;
+                        template= *(++argv);
+                        }
+                else if (strcmp(*argv,"-keyform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        keyform=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-keyout") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        keyout= *(++argv);
+                        }
+                else if (strcmp(*argv,"-newkey") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        p= *(++argv);
+                        if ((strncmp("rsa:",p,4) == 0) ||
+                                ((p[0] >= '0') && (p[0] <= '9')))
+                                {
+                                pkey_type=TYPE_RSA;
+                                p+=4;
+                                newkey= atoi(p);
+                                }
+                        else
+#ifndef NO_DSA
+                                if (strncmp("dsa:",p,4) == 0)
+                                {
+                                X509 *xtmp=NULL;
+                                EVP_PKEY *dtmp;
+                                pkey_type=TYPE_DSA;
+                                p+=4;
+                                if ((in=BIO_new_file(p,"r")) == NULL)
+                                        {
+                                        perror(p);
+                                        goto end;
+                                        }
+                                if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL)
+                                        {
+                                        ERR_clear_error();
+                                        BIO_reset(in);
+                                        if ((xtmp=PEM_read_bio_X509(in,NULL,NULL)) == NULL)
+                                                {
+                                                BIO_printf(bio_err,"unable to load DSA parameters from file\n");
+                                                goto end;
+                                                }
+                                        /* This will 'disapear'
+                                         * when we free xtmp */
+                                        dtmp=X509_get_pubkey(xtmp);
+                                        if (dtmp->type == EVP_PKEY_DSA)
+                                                dsa_params=DSAparams_dup(dtmp->pkey.dsa);
+                                        X509_free(xtmp);
+                                        if (dsa_params == NULL)
+                                                {
+                                                BIO_printf(bio_err,"Certificate does not contain DSA parameters\n");
+                                                goto end;
+                                                }
+                                        }
+                                BIO_free(in);
+                                newkey=BN_num_bits(dsa_params->p);
+                                in=NULL;
+                                }
+                        else 
+#endif
+#ifndef NO_DH
+                                if (strncmp("dh:",p,4) == 0)
+                                {
+                                pkey_type=TYPE_DH;
+                                p+=3;
+                                }
+                        else
+#endif
+                                pkey_type=TYPE_RSA;
+                        newreq=1;
+                        }
+                else if (strcmp(*argv,"-modulus") == 0)
+                        modulus=1;
+                else if (strcmp(*argv,"-verify") == 0)
+                        verify=1;
+                else if (strcmp(*argv,"-nodes") == 0)
+                        nodes=1;
+                else if (strcmp(*argv,"-noout") == 0)
+                        noout=1;
+                else if (strcmp(*argv,"-text") == 0)
+                        text=1;
+                else if (strcmp(*argv,"-x509") == 0)
+                        x509=1;
+                else if (strcmp(*argv,"-asn1-kludge") == 0)
+                        kludge=1;
+                else if (strcmp(*argv,"-no-asn1-kludge") == 0)
+                        kludge=0;
+                else if (strcmp(*argv,"-days") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        days= atoi(*(++argv));
+                        if (days == 0) days=30;
+                        }
+                else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+                        {
+                        /* ok */
+                        digest=md_alg;
+                        }
+                else
+                        {
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+bad:
+                BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+                BIO_printf(bio_err,"where options  are\n");
+                BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
+                BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
+                BIO_printf(bio_err," -in arg        inout file\n");
+                BIO_printf(bio_err," -out arg       output file\n");
+                BIO_printf(bio_err," -text          text form of request\n");
+                BIO_printf(bio_err," -noout         do not output REQ\n");
+                BIO_printf(bio_err," -verify        verify signature on REQ\n");
+                BIO_printf(bio_err," -modulus       RSA modulus\n");
+                BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
+                BIO_printf(bio_err," -key file  use the private key contained in file\n");
+                BIO_printf(bio_err," -keyform arg   key file format\n");
+                BIO_printf(bio_err," -keyout arg    file to send the key to\n");
+                BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
+                BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
+                BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
+                BIO_printf(bio_err," -config file   request templace file.\n");
+                BIO_printf(bio_err," -new           new request.\n");
+                BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
+                BIO_printf(bio_err," -days          number of days a x509 generated by -x509 is valid for.\n");
+                BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");
+                BIO_printf(bio_err,"                have been reported as requiring\n");
+                BIO_printf(bio_err,"                [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n");
+                goto end;
+                }
+        ERR_load_crypto_strings();
+#ifndef MONOLITH
+        /* Lets load up our environment a little */
+        p=getenv("SSLEAY_CONF");
+        if (p == NULL)
+                {
+                strcpy(config_name,X509_get_default_cert_area());
+                strcat(config_name,"/lib/");
+                strcat(config_name,SSLEAY_CONF);
+                p=config_name;
+                }
+        default_config_file=p;
+        config=CONF_load(config,p,NULL);
+#endif
+        if (template != NULL)
+                {
+                long errline;
+                BIO_printf(bio_err,"Using configuration from %s\n",template);
+                req_conf=CONF_load(NULL,template,&errline);
+                if (req_conf == NULL)
+                        {
+                        BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
+                        goto end;
+                        }
+                }
+        else
+                {
+                req_conf=config;
+                BIO_printf(bio_err,"Using configuration from %s\n",
+                        default_config_file);
+                if (req_conf == NULL)
+                        {
+                        BIO_printf(bio_err,"Unable to load config info\n");
+                        }
+                }
+        if ((md_alg == NULL) &&
+                ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
+                {
+                if ((md_alg=EVP_get_digestbyname(p)) != NULL)
+                        digest=md_alg;
+                }
+        in=BIO_new(BIO_s_file());
+        out=BIO_new(BIO_s_file());
+        if ((in == NULL) || (out == NULL))
+                goto end;
+        if (keyfile != NULL)
+                {
+                if (BIO_read_filename(in,keyfile) <= 0)
+                        {
+                        perror(keyfile);
+                        goto end;
+                        }
+/*              if (keyform == FORMAT_ASN1)
+                        rsa=d2i_RSAPrivateKey_bio(in,NULL);
+                else */
+                if (keyform == FORMAT_PEM)
+                        pkey=PEM_read_bio_PrivateKey(in,NULL,NULL);
+                else
+                        {
+                        BIO_printf(bio_err,"bad input format specified for X509 request\n");
+                        goto end;
+                        }
+                if (pkey == NULL)
+                        {
+                        BIO_printf(bio_err,"unable to load Private key\n");
+                        goto end;
+                        }
+                }
+        if (newreq && (pkey == NULL))
+                {
+                char *randfile;
+                char buffer[200];
+                if ((randfile=CONF_get_string(req_conf,SECTION,"RANDFILE")) == NULL)
+                        randfile=RAND_file_name(buffer,200);
+#ifdef WINDOWS
+                BIO_printf(bio_err,"Loading 'screen' into random state -");
+                BIO_flush(bio_err);
+                RAND_screen();
+                BIO_printf(bio_err," done\n");
+#endif
+                if ((randfile == NULL) || !RAND_load_file(randfile,1024L*1024L))
+                        {
+                        BIO_printf(bio_err,"unable to load 'random state'\n");
+                        BIO_printf(bio_err,"What this means is that the random number generator has not been seeded\n");
+                        BIO_printf(bio_err,"with much random data.\n");
+                        BIO_printf(bio_err,"Consider setting the RANDFILE environment variable to point at a file that\n");
+                        BIO_printf(bio_err,"'random' data can be kept in.\n");
+                        }
+                if (newkey <= 0)
+                        {
+                        newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
+                        if (newkey <= 0)
+                                newkey=DEFAULT_KEY_LENGTH;
+                        }
+                if (newkey < MIN_KEY_LENGTH)
+                        {
+                        BIO_printf(bio_err,"private key length is too short,\n");
+                        BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey);
+                        goto end;
+                        }
+                BIO_printf(bio_err,"Generating a %d bit %s private key\n",
+                        newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA");
+                if ((pkey=EVP_PKEY_new()) == NULL) goto end;
+#ifndef NO_RSA
+                if (pkey_type == TYPE_RSA)
+                        {
+                        if (!EVP_PKEY_assign_RSA(pkey,
+                                RSA_generate_key(newkey,0x10001,
+                                        req_cb,(char *)bio_err)))
+                                goto end;
+                        }
+                else
+#endif
+#ifndef NO_DSA
+                        if (pkey_type == TYPE_DSA)
+                        {
+                        if (!DSA_generate_key(dsa_params)) goto end;
+                        if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end;
+                        dsa_params=NULL;
+                        }
+#endif
+                if ((randfile == NULL) || (RAND_write_file(randfile) == 0))
+                        BIO_printf(bio_err,"unable to write 'random state'\n");
+                if (pkey == NULL) goto end;
+                if (keyout == NULL)
+                        keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
+                if (keyout == NULL)
+                        {
+                        BIO_printf(bio_err,"writing new private key to stdout\n");
+                        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+                        }
+                else
+                        {
+                        BIO_printf(bio_err,"writing new private key to '%s'\n",keyout);
+                        if (BIO_write_filename(out,keyout) <= 0)
+                                {
+                                perror(keyout);
+                                goto end;
+                                }
+                        }
+                p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
+                if (p == NULL)
+                        p=CONF_get_string(req_conf,SECTION,"encrypt_key");
+                if ((p != NULL) && (strcmp(p,"no") == 0))
+                        cipher=NULL;
+                if (nodes) cipher=NULL;
+                
+                i=0;
+loop:
+                if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
+                        NULL,0,NULL))
+                        {
+                        if ((ERR_GET_REASON(ERR_peek_error()) ==
+                                PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
+                                {
+                                ERR_clear_error();
+                                i++;
+                                goto loop;
+                                }
+                        goto end;
+                        }
+                BIO_printf(bio_err,"-----\n");
+                }
+        if (!newreq)
+                {
+                /* Since we are using a pre-existing certificate
+                 * request, the kludge 'format' info should not be
+                 * changed. */
+                kludge= -1;
+                if (infile == NULL)
+                        BIO_set_fp(in,stdin,BIO_NOCLOSE);
+                else
+                        {
+                        if (BIO_read_filename(in,infile) <= 0)
+                                {
+                                perror(infile);
+                                goto end;
+                                }
+                        }
+                if      (informat == FORMAT_ASN1)
+                        req=d2i_X509_REQ_bio(in,NULL);
+                else if (informat == FORMAT_PEM)
+                        req=PEM_read_bio_X509_REQ(in,NULL,NULL);
+                else
+                        {
+                        BIO_printf(bio_err,"bad input format specified for X509 request\n");
+                        goto end;
+                        }
+                if (req == NULL)
+                        {
+                        BIO_printf(bio_err,"unable to load X509 request\n");
+                        goto end;
+                        }
+                }
+        if (newreq || x509)
+                {
+#ifndef NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                        digest=EVP_dss1();
+#endif
+                if (pkey == NULL)
+                        {
+                        BIO_printf(bio_err,"you need to specify a private key\n");
+                        goto end;
+                        }
+                if (req == NULL)
+                        {
+                        req=X509_REQ_new();
+                        if (req == NULL)
+                                {
+                                goto end;
+                                }
+                        i=make_REQ(req,pkey,!x509);
+                        if (kludge >= 0)
+                                req->req_info->req_kludge=kludge;
+                        if (!i)
+                                {
+                                BIO_printf(bio_err,"problems making Certificate Request\n");
+                                goto end;
+                                }
+                        }
+                if (x509)
+                        {
+                        if ((x509ss=X509_new()) == NULL) goto end;
+                        /* don't set the version number, for starters
+                         * the field is null and second, null is v0 
+                         * if (!ASN1_INTEGER_set(ci->version,0L)) goto end;
+                         */
+                        ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
+                        X509_set_issuer_name(x509ss,
+                                X509_REQ_get_subject_name(req));
+                        X509_gmtime_adj(X509_get_notBefore(x509ss),0);
+                        X509_gmtime_adj(X509_get_notAfter(x509ss),
+                                (long)60*60*24*days);
+                        X509_set_subject_name(x509ss,
+                                X509_REQ_get_subject_name(req));
+                        X509_set_pubkey(x509ss,X509_REQ_get_pubkey(req));
+                        if (!(i=X509_sign(x509ss,pkey,digest)))
+                                goto end;
+                        }
+                else
+                        {
+                        if (!(i=X509_REQ_sign(req,pkey,digest)))
+                                goto end;
+                        }
+                }
+        if (verify && !x509)
+                {
+                int tmp=0;
+                if (pkey == NULL)
+                        {
+                        pkey=X509_REQ_get_pubkey(req);
+                        tmp=1;
+                        if (pkey == NULL) goto end;
+                        }
+                i=X509_REQ_verify(req,pkey);
+                if (tmp) pkey=NULL;
+                if (i < 0)
+                        {
+                        goto end;
+                        }
+                else if (i == 0)
+                        {
+                        BIO_printf(bio_err,"verify failure\n");
+                        }
+                else /* if (i > 0) */
+                        BIO_printf(bio_err,"verify OK\n");
+                }
+        if (noout && !text && !modulus)
+                {
+                ex=0;
+                goto end;
+                }
+        if (outfile == NULL)
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        else
+                {
+                if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
+                        i=(int)BIO_append_filename(out,outfile);
+                else
+                        i=(int)BIO_write_filename(out,outfile);
+                if (!i)
+                        {
+                        perror(outfile);
+                        goto end;
+                        }
+                }
+        if (text)
+                {
+                if (x509)
+                        X509_print(out,x509ss);
+                else    
+                        X509_REQ_print(out,req);
+                }
+        if (modulus)
+                {
+                EVP_PKEY *pubkey;
+                if (x509)
+                        pubkey=X509_get_pubkey(x509ss);
+                else
+                        pubkey=X509_REQ_get_pubkey(req);
+                if (pubkey == NULL)
+                        {
+                        fprintf(stdout,"Modulus=unavailable\n");
+                        goto end; 
+                        }
+                fprintf(stdout,"Modulus=");
+                if (pubkey->type == EVP_PKEY_RSA)
+                        BN_print(out,pubkey->pkey.rsa->n);
+                else
+                        fprintf(stdout,"Wrong Algorithm type");
+                fprintf(stdout,"\n");
+                }
+        if (!noout && !x509)
+                {
+                if      (outformat == FORMAT_ASN1)
+                        i=i2d_X509_REQ_bio(out,req);
+                else if (outformat == FORMAT_PEM)
+                        i=PEM_write_bio_X509_REQ(out,req);
+                else    {
+                        BIO_printf(bio_err,"bad output format specified for outfile\n");
+                        goto end;
+                        }
+                if (!i)
+                        {
+                        BIO_printf(bio_err,"unable to write X509 request\n");
+                        goto end;
+                        }
+                }
+        if (!noout && x509 && (x509ss != NULL))
+                {
+                if      (outformat == FORMAT_ASN1)
+                        i=i2d_X509_bio(out,x509ss);
+                else if (outformat == FORMAT_PEM)
+                        i=PEM_write_bio_X509(out,x509ss);
+                else    {
+                        BIO_printf(bio_err,"bad output format specified for outfile\n");
+                        goto end;
+                        }
+                if (!i)
+                        {
+                        BIO_printf(bio_err,"unable to write X509 certificate\n");
+                        goto end;
+                        }
+                }
+        ex=0;
+end:
+        if (ex)
+                {
+                ERR_print_errors(bio_err);
+                }
+        if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
+        if (in != NULL) BIO_free(in);
+        if (out != NULL) BIO_free(out);
+        if (pkey != NULL) EVP_PKEY_free(pkey);
+        if (req != NULL) X509_REQ_free(req);
+        if (x509ss != NULL) X509_free(x509ss);
+#ifndef NO_DSA
+        if (dsa_params != NULL) DSA_free(dsa_params);
+#endif
+        EXIT(ex);
+        }
+static int make_REQ(req,pkey,attribs)
+X509_REQ *req;
+EVP_PKEY *pkey;
+int attribs;
+        {
+        int ret=0,i,j;
+        unsigned char *p,*q;
+        X509_REQ_INFO *ri;
+        char buf[100];
+        int nid,min,max;
+        char *type,*def,*tmp,*value,*tmp_attr;
+        STACK *sk,*attr=NULL;
+        CONF_VALUE *v;
+        
+        tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+        if (tmp == NULL)
+                {
+                BIO_printf(bio_err,"unable to find '%s' in config\n",
+                        DISTINGUISHED_NAME);
+                goto err;
+                }
+        sk=CONF_get_section(req_conf,tmp);
+        if (sk == NULL)
+                {
+                BIO_printf(bio_err,"unable to get '%s' section\n",tmp);
+                goto err;
+                }
+        tmp_attr=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
+        if (tmp_attr == NULL)
+                attr=NULL;
+        else
+                {
+                attr=CONF_get_section(req_conf,tmp_attr);
+                if (attr == NULL)
+                        {
+                        BIO_printf(bio_err,"unable to get '%s' section\n",tmp_attr);
+                        goto err;
+                        }
+                }
+        ri=req->req_info;
+        BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
+        BIO_printf(bio_err,"into your certificate request.\n");
+        BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
+        BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
+        BIO_printf(bio_err,"For some fields there will be a default value,\n");
+        BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
+        BIO_printf(bio_err,"-----\n");
+        /* setup version number */
+        if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */
+        if (sk_num(sk))
+                {
+                i= -1;
+start:          for (;;)
+                        {
+                        i++;
+                        if ((int)sk_num(sk) <= i) break;
+                        v=(CONF_VALUE *)sk_value(sk,i);
+                        p=q=NULL;
+                        type=v->name;
+                        /* Allow for raw OIDs */
+                        /* [n.mm.ooo.ppp] */
+                        for (j=0; type[j] != '\0'; j++)
+                                {
+                                if (    (type[j] == ':') ||
+                                        (type[j] == ',') ||
+                                        (type[j] == '.'))
+                                        p=(unsigned char *)&(type[j+1]);
+                                if (type[j] == '[')
+                                        {
+                                        p=(unsigned char *)&(type[j+1]);
+                                        for (j++; type[j] != '\0'; j++)
+                                                if (type[j] == ']')
+                                                        {
+                                                        q=(unsigned char *)&(type[j]);
+                                                        break;
+                                                        }
+                                        break;
+                                        }
+                                }
+                        if (p != NULL)
+                                type=(char *)p;
+                        if ((nid=OBJ_txt2nid(type)) == NID_undef)
+                                {
+                                /* Add a new one if possible */
+                                if ((p != NULL) && (q != NULL) && (*q == ']'))
+                                        {
+                                        *q='\0';
+                                        nid=OBJ_create((char *)p,NULL,NULL);
+                                        *q=']';
+                                        if (nid == NID_undef) goto start;
+                                        }
+                                else
+                                        goto start;
+                                }
+                        sprintf(buf,"%s_default",v->name);
+                        if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL)
+                                def="";
+                                
+                        sprintf(buf,"%s_value",v->name);
+                        if ((value=CONF_get_string(req_conf,tmp,buf)) == NULL)
+                                value=NULL;
+                        sprintf(buf,"%s_min",v->name);
+                        min=(int)CONF_get_number(req_conf,tmp,buf);
+                        sprintf(buf,"%s_max",v->name);
+                        max=(int)CONF_get_number(req_conf,tmp,buf);
+                        if (!add_DN_object(ri->subject,v->value,def,value,nid,
+                                min,max))
+                                goto err;
+                        }
+                if (sk_num(ri->subject->entries) == 0)
+                        {
+                        BIO_printf(bio_err,"error, no objects specified in config file\n");
+                        goto err;
+                        }
+                if (attribs)
+                        {
+                        if ((attr != NULL) && (sk_num(attr) > 0))
+                                {
+                                BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
+                                BIO_printf(bio_err,"to be sent with your certificate request\n");
+                                }
+                        i= -1;
+start2:                 for (;;)
+                                {
+                                i++;
+                                if ((attr == NULL) || ((int)sk_num(attr) <= i))
+                                        break;
+                                v=(CONF_VALUE *)sk_value(attr,i);
+                                type=v->name;
+                                if ((nid=OBJ_txt2nid(type)) == NID_undef)
+                                        goto start2;
+                                sprintf(buf,"%s_default",type);
+                                if ((def=CONF_get_string(req_conf,tmp_attr,buf))
+                                        == NULL)
+                                        def="";
+                                
+                                sprintf(buf,"%s_value",type);
+                                if ((value=CONF_get_string(req_conf,tmp_attr,buf))
+                                        == NULL)
+                                        value=NULL;
+                                sprintf(buf,"%s_min",type);
+                                min=(int)CONF_get_number(req_conf,tmp_attr,buf);
+                                sprintf(buf,"%s_max",type);
+                                max=(int)CONF_get_number(req_conf,tmp_attr,buf);
+                                if (!add_attribute_object(ri->attributes,
+                                        v->value,def,value,nid,min,max))
+                                        goto err;
+                                }
+                        }
+                }
+        else
+                {
+                BIO_printf(bio_err,"No template, please set one up.\n");
+                goto err;
+                }
+        X509_REQ_set_pubkey(req,pkey);
+        ret=1;
+err:
+        return(ret);
+        }
+static int add_DN_object(n,text,def,value,nid,min,max)
+X509_NAME *n;
+char *text;
+char *def;
+char *value;
+int nid;
+int min;
+int max;
+        {
+        int i,j,ret=0;
+        X509_NAME_ENTRY *ne=NULL;
+        MS_STATIC char buf[1024];
+        BIO_printf(bio_err,"%s [%s]:",text,def);
+        BIO_flush(bio_err);
+        if (value != NULL)
+                {
+                strcpy(buf,value);
+                strcat(buf,"\n");
+                BIO_printf(bio_err,"%s\n",value);
+                }
+        else
+                {
+                buf[0]='\0';
+                fgets(buf,1024,stdin);
+                }
+        if (buf[0] == '\0') return(0);
+        else if (buf[0] == '\n')
+                {
+                if ((def == NULL) || (def[0] == '\0'))
+                        return(1);
+                strcpy(buf,def);
+                strcat(buf,"\n");
+                }
+        else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
+        i=strlen(buf);
+        if (buf[i-1] != '\n')
+                {
+                BIO_printf(bio_err,"weird input :-(\n");
+                return(0);
+                }
+        buf[--i]='\0';
+        j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
+        if (req_fix_data(nid,&j,i,min,max) == 0)
+                goto err;
+        if ((ne=X509_NAME_ENTRY_create_by_NID(NULL,nid,j,(unsigned char *)buf,
+                strlen(buf)))
+                == NULL) goto err;
+        if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
+                goto err;
+        ret=1;
+err:
+        if (ne != NULL) X509_NAME_ENTRY_free(ne);
+        return(ret);
+        }
+static int add_attribute_object(n,text,def,value,nid,min,max)
+STACK *n;
+char *text;
+char *def;
+char *value;
+int nid;
+int min;
+int max;
+        {
+        int i,z;
+        X509_ATTRIBUTE *xa=NULL;
+        static char buf[1024];
+        ASN1_BIT_STRING *bs=NULL;
+        ASN1_TYPE *at=NULL;
+start:
+        BIO_printf(bio_err,"%s [%s]:",text,def);
+        BIO_flush(bio_err);
+        if (value != NULL)
+                {
+                strcpy(buf,value);
+                strcat(buf,"\n");
+                BIO_printf(bio_err,"%s\n",value);
+                }
+        else
+                {
+                buf[0]='\0';
+                fgets(buf,1024,stdin);
+                }
+        if (buf[0] == '\0') return(0);
+        else if (buf[0] == '\n')
+                {
+                if ((def == NULL) || (def[0] == '\0'))
+                        return(1);
+                strcpy(buf,def);
+                strcat(buf,"\n");
+                }
+        else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
+        i=strlen(buf);
+        if (buf[i-1] != '\n')
+                {
+                BIO_printf(bio_err,"weird input :-(\n");
+                return(0);
+                }
+        buf[--i]='\0';
+        /* add object plus value */
+        if ((xa=X509_ATTRIBUTE_new()) == NULL)
+                goto err;
+        if ((xa->value.set=sk_new_null()) == NULL)
+                goto err;
+        xa->set=1;
+        if (xa->object != NULL) ASN1_OBJECT_free(xa->object);
+        xa->object=OBJ_nid2obj(nid);
+        if ((bs=ASN1_BIT_STRING_new()) == NULL) goto err;
+        bs->type=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
+        z=req_fix_data(nid,&bs->type,i,min,max);
+        if (z == 0)
+                {
+                if (value == NULL)
+                        goto start;
+                else    goto err;
+                }
+        if (!ASN1_STRING_set(bs,(unsigned char *)buf,i+1))
+                { BIO_printf(bio_err,"Malloc failure\n"); goto err; }
+        if ((at=ASN1_TYPE_new()) == NULL)
+                { BIO_printf(bio_err,"Malloc failure\n"); goto err; }
+        ASN1_TYPE_set(at,bs->type,(char *)bs);
+        sk_push(xa->value.set,(char *)at);
+        bs=NULL;
+        at=NULL;
+        /* only one item per attribute */
+        if (!sk_push(n,(char *)xa)) goto err;
+        return(1);
+err:
+        if (xa != NULL) X509_ATTRIBUTE_free(xa);
+        if (at != NULL) ASN1_TYPE_free(at);
+        if (bs != NULL) ASN1_BIT_STRING_free(bs);
+        return(0);
+        }
+static void MS_CALLBACK req_cb(p,n,arg)
+int p;
+int n;
+char *arg;
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write((BIO *)arg,&c,1);
+        BIO_flush((BIO *)arg);
+#ifdef LINT
+        p=n;
+#endif
+        }
+static int req_fix_data(nid,type,len,min,max)
+int nid;
+int *type;
+int len,min,max;
+        {
+        if (nid == NID_pkcs9_emailAddress)
+                *type=V_ASN1_IA5STRING;
+        if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
+                *type=V_ASN1_T61STRING;
+        if ((nid == NID_pkcs9_challengePassword) &&
+                (*type == V_ASN1_IA5STRING))
+                *type=V_ASN1_T61STRING;
+        if ((nid == NID_pkcs9_unstructuredName) &&
+                (*type == V_ASN1_T61STRING))
+                {
+                BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n");
+                return(0);
+                }
+        if (nid == NID_pkcs9_unstructuredName)
+                *type=V_ASN1_IA5STRING;
+        if (len < min)
+                {
+                BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
+                return(0);
+                }
+        if ((max != 0) && (len > max))
+                {
+                BIO_printf(bio_err,"string is too long, it needs to be less than  %d bytes long\n",max);
+                return(0);
+                }
+        return(1);
+        }
diff --git a/src/lib/libssl/src/apps/req.pem b/src/lib/libssl/src/apps/req.pem
new file mode 100644
index 0000000000..5537df601d
--- /dev/null
+++ b/src/lib/libssl/src/apps/req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp
+YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ
+S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV
+AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg
+tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo
+84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38
+CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ
+Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf
+-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/src/apps/rsa.c b/src/lib/libssl/src/apps/rsa.c
new file mode 100644
index 0000000000..267b12b15e
--- /dev/null
+++ b/src/lib/libssl/src/apps/rsa.c
@@ -0,0 +1,303 @@
+/* apps/rsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "rsa.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+#undef PROG
+#define PROG    rsa_main
+/* -inform arg  - input format - default PEM (one of DER, NET or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg      - input file - default stdin
+ * -out arg     - output file - default stdout
+ * -des         - encrypt output if PEM format with DES in cbc mode
+ * -des3        - encrypt output if PEM format
+ * -idea        - encrypt output if PEM format
+ * -text        - print a text version
+ * -modulus     - print the RSA key modulus
+ */
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        int ret=1;
+        RSA *rsa=NULL;
+        int i,badops=0;
+        EVP_CIPHER *enc=NULL;
+        BIO *in=NULL,*out=NULL;
+        int informat,outformat,text=0,noout=0;
+        char *infile,*outfile,*prog;
+        int modulus=0;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        infile=NULL;
+        outfile=NULL;
+        informat=FORMAT_PEM;
+        outformat=FORMAT_PEM;
+        prog=argv[0];
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-inform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        informat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-outform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outformat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-noout") == 0)
+                        noout=1;
+                else if (strcmp(*argv,"-text") == 0)
+                        text=1;
+                else if (strcmp(*argv,"-modulus") == 0)
+                        modulus=1;
+                else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+                        {
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+bad:
+                BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+                BIO_printf(bio_err,"where options are\n");
+                BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
+                BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
+                BIO_printf(bio_err," -in arg       inout file\n");
+                BIO_printf(bio_err," -out arg      output file\n");
+                BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
+                BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
+#ifndef NO_IDEA
+                BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
+#endif
+                BIO_printf(bio_err," -text         print the key in text\n");
+                BIO_printf(bio_err," -noout        don't print key out\n");
+                BIO_printf(bio_err," -modulus      print the RSA key modulus\n");
+                goto end;
+                }
+        ERR_load_crypto_strings();
+        in=BIO_new(BIO_s_file());
+        out=BIO_new(BIO_s_file());
+        if ((in == NULL) || (out == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (infile == NULL)
+                BIO_set_fp(in,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(in,infile) <= 0)
+                        {
+                        perror(infile);
+                        goto end;
+                        }
+                }
+        BIO_printf(bio_err,"read RSA private key\n");
+        if      (informat == FORMAT_ASN1)
+                rsa=d2i_RSAPrivateKey_bio(in,NULL);
+#ifndef NO_RC4
+        else if (informat == FORMAT_NETSCAPE)
+                {
+                BUF_MEM *buf=NULL;
+                unsigned char *p;
+                int size=0;
+                buf=BUF_MEM_new();
+                for (;;)
+                        {
+                        if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
+                                goto end;
+                        i=BIO_read(in,&(buf->data[size]),1024*10);
+                        size+=i;
+                        if (i == 0) break;
+                        if (i < 0)
+                                {
+                                perror("reading private key");
+                                BUF_MEM_free(buf);
+                                goto end;
+                                }
+                        }
+                p=(unsigned char *)buf->data;
+                rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
+                BUF_MEM_free(buf);
+                }
+#endif
+        else if (informat == FORMAT_PEM)
+                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL);
+        else
+                {
+                BIO_printf(bio_err,"bad input format specified for key\n");
+                goto end;
+                }
+        if (rsa == NULL)
+                {
+                BIO_printf(bio_err,"unable to load Private Key\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (outfile == NULL)
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_write_filename(out,outfile) <= 0)
+                        {
+                        perror(outfile);
+                        goto end;
+                        }
+                }
+        if (text) 
+                if (!RSA_print(out,rsa,0))
+                        {
+                        perror(outfile);
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+        if (modulus)
+                {
+                fprintf(stdout,"Modulus=");
+                BN_print(out,rsa->n);
+                fprintf(stdout,"\n");
+                }
+        if (noout) goto end;
+        BIO_printf(bio_err,"writing RSA private key\n");
+        if      (outformat == FORMAT_ASN1)
+                i=i2d_RSAPrivateKey_bio(out,rsa);
+#ifndef NO_RC4
+        else if (outformat == FORMAT_NETSCAPE)
+                {
+                unsigned char *p,*pp;
+                int size;
+                i=1;
+                size=i2d_Netscape_RSA(rsa,NULL,NULL);
+                if ((p=(unsigned char *)Malloc(size)) == NULL)
+                        {
+                        BIO_printf(bio_err,"Malloc failure\n");
+                        goto end;
+                        }
+                pp=p;
+                i2d_Netscape_RSA(rsa,&p,NULL);
+                BIO_write(out,(char *)pp,size);
+                Free(pp);
+                }
+#endif
+        else if (outformat == FORMAT_PEM)
+                i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL);
+        else    {
+                BIO_printf(bio_err,"bad output format specified for outfile\n");
+                goto end;
+                }
+        if (!i)
+                {
+                BIO_printf(bio_err,"unable to write private key\n");
+                ERR_print_errors(bio_err);
+                }
+        else
+                ret=0;
+end:
+        if (in != NULL) BIO_free(in);
+        if (out != NULL) BIO_free(out);
+        if (rsa != NULL) RSA_free(rsa);
+        EXIT(ret);
+        }
diff --git a/src/lib/libssl/src/apps/rsa8192.pem b/src/lib/libssl/src/apps/rsa8192.pem
new file mode 100644
index 0000000000..946a6e5433
--- /dev/null
+++ b/src/lib/libssl/src/apps/rsa8192.pem
@@ -0,0 +1,101 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
+ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
+MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
+55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm
+yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3
+tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA
+LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE
+aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d
+PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59
+mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi
+71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z
+d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2
+wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0
+bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE
+Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa
+Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd
+pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS
+os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah
+mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx
+cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K
+LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ
+tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS
+PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9
+psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0
+9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6
+xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c
+ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW
+RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf
+1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI
+P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH
+77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4
+4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I
+/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg
+GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq
+HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB
+ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy
+AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT
+52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p
+5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr
+7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5
+KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h
+cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1
+dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/
+DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw
+Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr
+f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ
+J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+
+TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY
+fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c
+Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5
+mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC
+YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd
+mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ
+Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw
+c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w
+Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR
+WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh
+KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi
+JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo
+yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
+kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
+DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
+22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
+ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
+D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
+PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
+dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ
+FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg
+6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz
+eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG
+bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz
+XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf
+7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w
+82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly
+beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr
+pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9
+70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM
+YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin
+ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy
+lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe
+4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P
+lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG
+LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3
+x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w
+O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD
+6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80
+Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz
+DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn
+Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R
+oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q
+nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H
+X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV
+QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg
+TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c
+46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE
+rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
+I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/apps/s1024key.pem b/src/lib/libssl/src/apps/s1024key.pem
new file mode 100644
index 0000000000..19e0403572
--- /dev/null
+++ b/src/lib/libssl/src/apps/s1024key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
+S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
+pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
+AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
+dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
+bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
+Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
+zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
+6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
+QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
+dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
+0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
+nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/apps/s1024req.pem b/src/lib/libssl/src/apps/s1024req.pem
new file mode 100644
index 0000000000..bb75e7eeb7
--- /dev/null
+++ b/src/lib/libssl/src/apps/s1024req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
+GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz
+dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR
+9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo
+KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2
+RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE
+BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq
+nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil
+frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M=
+-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/src/apps/s512-key.pem b/src/lib/libssl/src/apps/s512-key.pem
new file mode 100644
index 0000000000..0e3ff2d373
--- /dev/null
+++ b/src/lib/libssl/src/apps/s512-key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/apps/s512-req.pem b/src/lib/libssl/src/apps/s512-req.pem
new file mode 100644
index 0000000000..ea314be555
--- /dev/null
+++ b/src/lib/libssl/src/apps/s512-req.pem
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
+MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0
+IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S
+MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E
+y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm
+5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8=
+-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/src/apps/s_apps.h b/src/lib/libssl/src/apps/s_apps.h
new file mode 100644
index 0000000000..ba320946be
--- /dev/null
+++ b/src/lib/libssl/src/apps/s_apps.h
@@ -0,0 +1,119 @@
+/* apps/s_apps.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#define PORT            4433
+#define PORT_STR        "4433"
+#define PROTOCOL        "tcp"
+#ifndef NOPROTO
+int do_accept(int acc_sock, int *sock, char **host);
+int do_server(int port, int *ret, int (*cb) ());
+#ifdef HEADER_X509_H
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+#else
+int MS_CALLBACK verify_callback(int ok, char *ctx);
+#endif
+#ifdef HEADER_SSL_H
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+#else
+int set_cert_stuff(char *ctx, char *cert_file, char *key_file);
+#endif
+int init_client(int *sock, char *server, int port);
+int init_client_ip(int *sock,unsigned char ip[4], int port);
+int nbio_init_client_ip(int *sock,unsigned char ip[4], int port);
+int nbio_sock_error(int sock);
+int spawn(int argc, char **argv, int *in, int *out);
+int init_server(int *sock, int port);
+int init_server_long(int *sock, int port,char *ip);
+int should_retry(int i);
+void sock_cleanup(void );
+int extract_port(char *str, short *port_ptr);
+int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
+int host_ip(char *str, unsigned char ip[4]);
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, char *argp,
+        int argi, long argl, long ret);
+#ifdef HEADER_SSL_H
+void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret);
+#else
+void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret);
+#endif
+#else
+int do_accept();
+int do_server();
+int MS_CALLBACK verify_callback();
+int set_cert_stuff();
+int init_client();
+int init_client_ip();
+int nbio_init_client_ip();
+int nbio_sock_error();
+int spawn();
+int init_server();
+int should_retry();
+void sock_cleanup();
+int extract_port();
+int extract_host_port();
+int host_ip();
+long MS_CALLBACK bio_dump_cb();
+void MS_CALLBACK apps_ssl_info_callback();
+#endif
diff --git a/src/lib/libssl/src/apps/s_cb.c b/src/lib/libssl/src/apps/s_cb.c
new file mode 100644
index 0000000000..cd086bb93e
--- /dev/null
+++ b/src/lib/libssl/src/apps/s_cb.c
@@ -0,0 +1,242 @@
+/* apps/s_cb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#define USE_SOCKETS
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+#undef USE_SOCKETS
+#include "err.h"
+#include "x509.h"
+#include "ssl.h"
+#include "s_apps.h"
+int verify_depth=0;
+int verify_error=X509_V_OK;
+int MS_CALLBACK verify_callback(ok, ctx)
+int ok;
+X509_STORE_CTX *ctx;
+        {
+        char buf[256];
+        X509 *err_cert;
+        int err,depth;
+        err_cert=X509_STORE_CTX_get_current_cert(ctx);
+        err=    X509_STORE_CTX_get_error(ctx);
+        depth=  X509_STORE_CTX_get_error_depth(ctx);
+        X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+        BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
+        if (!ok)
+                {
+                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+                        X509_verify_cert_error_string(err));
+                if (verify_depth >= depth)
+                        {
+                        ok=1;
+                        verify_error=X509_V_OK;
+                        }
+                else
+                        {
+                        ok=0;
+                        verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
+                        }
+                }
+        switch (ctx->error)
+                {
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+                X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+                BIO_printf(bio_err,"issuer= %s\n",buf);
+                break;
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+                BIO_printf(bio_err,"notBefore=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+                BIO_printf(bio_err,"notAfter=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+                }
+        BIO_printf(bio_err,"verify return:%d\n",ok);
+        return(ok);
+        }
+int set_cert_stuff(ctx, cert_file, key_file)
+SSL_CTX *ctx;
+char *cert_file;
+char *key_file;
+        {
+        if (cert_file != NULL)
+                {
+                SSL *ssl;
+                X509 *x509;
+                if (SSL_CTX_use_certificate_file(ctx,cert_file,
+                        SSL_FILETYPE_PEM) <= 0)
+                        {
+                        BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
+                        ERR_print_errors(bio_err);
+                        return(0);
+                        }
+                if (key_file == NULL) key_file=cert_file;
+                if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
+                        SSL_FILETYPE_PEM) <= 0)
+                        {
+                        BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
+                        ERR_print_errors(bio_err);
+                        return(0);
+                        }
+                ssl=SSL_new(ctx);
+                x509=SSL_get_certificate(ssl);
+                if (x509 != NULL)
+                        EVP_PKEY_copy_parameters(X509_get_pubkey(x509),
+                                SSL_get_privatekey(ssl));
+                SSL_free(ssl);
+                /* If we are using DSA, we can copy the parameters from
+                 * the private key */
+                
+                
+                /* Now we know that a key and cert have been set against
+                 * the SSL context */
+                if (!SSL_CTX_check_private_key(ctx))
+                        {
+                        BIO_printf(bio_err,"Private key does not match the certificate public key\n");
+                        return(0);
+                        }
+                }
+        return(1);
+        }
+long MS_CALLBACK bio_dump_cb(bio,cmd,argp,argi,argl,ret)
+BIO *bio;
+int cmd;
+char *argp;
+int argi;
+long argl;
+long ret;
+        {
+        BIO *out;
+        out=(BIO *)BIO_get_callback_arg(bio);
+        if (out == NULL) return(ret);
+        if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
+                {
+                BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n",
+                        bio,argp,argi,ret,ret);
+                BIO_dump(out,argp,(int)ret);
+                return(ret);
+                }
+        else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
+                {
+                BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n",
+                        bio,argp,argi,ret,ret);
+                BIO_dump(out,argp,(int)ret);
+                }
+        return(ret);
+        }
+void MS_CALLBACK apps_ssl_info_callback(s,where,ret)
+SSL *s;
+int where;
+int ret;
+        {
+        char *str;
+        int w;
+        w=where& ~SSL_ST_MASK;
+        if (w & SSL_ST_CONNECT) str="SSL_connect";
+        else if (w & SSL_ST_ACCEPT) str="SSL_accept";
+        else str="undefined";
+        if (where & SSL_CB_LOOP)
+                {
+                BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
+                }
+        else if (where & SSL_CB_ALERT)
+                {
+                str=(where & SSL_CB_READ)?"read":"write";
+                BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
+                        str,
+                        SSL_alert_type_string_long(ret),
+                        SSL_alert_desc_string_long(ret));
+                }
+        else if (where & SSL_CB_EXIT)
+                {
+                if (ret == 0)
+                        BIO_printf(bio_err,"%s:failed in %s\n",
+                                str,SSL_state_string_long(s));
+                else if (ret < 0)
+                        {
+                        BIO_printf(bio_err,"%s:error in %s\n",
+                                str,SSL_state_string_long(s));
+                        }
+                }
+        }
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
new file mode 100644
index 0000000000..e783eb723c
--- /dev/null
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -0,0 +1,746 @@
+/* apps/s_client.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#define USE_SOCKETS
+#ifdef NO_STDIO
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include "x509.h"
+#include "ssl.h"
+#include "err.h"
+#include "pem.h"
+#include "s_apps.h"
+#undef PROG
+#define PROG    s_client_main
+/*#define SSL_HOST_NAME "www.netscape.com" */
+/*#define SSL_HOST_NAME "193.118.187.102" */
+#define SSL_HOST_NAME   "localhost"
+/*#define TEST_CERT "client.pem" */ /* no default cert. */
+#undef BUFSIZZ
+#define BUFSIZZ 1024*8
+extern int verify_depth;
+extern int verify_error;
+#ifdef FIONBIO
+static int c_nbio=0;
+#endif
+static int c_Pause=0;
+static int c_debug=0;
+#ifndef NOPROTO
+static void sc_usage(void);
+static void print_stuff(BIO *berr,SSL *con,int full);
+#else
+static void sc_usage();
+static void print_stuff();
+#endif
+static BIO *bio_c_out=NULL;
+static int c_quiet=0;
+static void sc_usage()
+        {
+        BIO_printf(bio_err,"usage: client args\n");
+        BIO_printf(bio_err,"\n");
+        BIO_printf(bio_err," -host host     - use -connect instead\n");
+        BIO_printf(bio_err," -port port     - use -connect instead\n");
+        BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
+        BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
+        BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
+        BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
+        BIO_printf(bio_err,"                 not specified but cert file is.\n");
+        BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
+        BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
+        BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
+        BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
+        BIO_printf(bio_err," -debug        - extra output\n");
+        BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
+        BIO_printf(bio_err," -state        - print the 'ssl' states\n");
+#ifdef FIONBIO
+        BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
+#endif
+        BIO_printf(bio_err," -quiet        - no s_client output\n");
+        BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
+        BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
+        BIO_printf(bio_err," -tls1         - just use TLSv1\n");
+        BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
+        BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
+        BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'ssleay ciphers'\n");
+        BIO_printf(bio_err,"                 command to se what is available\n");
+        }
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        int off=0;
+        SSL *con=NULL,*con2=NULL;
+        int s,k,width,state=0;
+        char *cbuf=NULL,*sbuf=NULL;
+        int cbuf_len,cbuf_off;
+        int sbuf_len,sbuf_off;
+        fd_set readfds,writefds;
+        short port=PORT;
+        int full_log=1;
+        char *host=SSL_HOST_NAME;
+        char *cert_file=NULL,*key_file=NULL;
+        char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
+        int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
+        int write_tty,read_tty,write_ssl,read_ssl,tty_on;
+        SSL_CTX *ctx=NULL;
+        int ret=1,in_init=1,i,nbio_test=0;
+        SSL_METHOD *meth=NULL;
+        BIO *sbio;
+        /*static struct timeval timeout={10,0};*/
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+        meth=SSLv23_client_method();
+#elif !defined(NO_SSL3)
+        meth=SSLv3_client_method();
+#elif !defined(NO_SSL2)
+        meth=SSLv2_client_method();
+#endif
+        apps_startup();
+        c_Pause=0;
+        c_quiet=0;
+        c_debug=0;
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        if (    ((cbuf=Malloc(BUFSIZZ)) == NULL) ||
+                ((sbuf=Malloc(BUFSIZZ)) == NULL))
+                {
+                BIO_printf(bio_err,"out of memory\n");
+                goto end;
+                }
+        verify_depth=0;
+        verify_error=X509_V_OK;
+#ifdef FIONBIO
+        c_nbio=0;
+#endif
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-host") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        host= *(++argv);
+                        }
+                else if (strcmp(*argv,"-port") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        port=atoi(*(++argv));
+                        if (port == 0) goto bad;
+                        }
+                else if (strcmp(*argv,"-connect") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        if (!extract_host_port(*(++argv),&host,NULL,&port))
+                                goto bad;
+                        }
+                else if (strcmp(*argv,"-verify") == 0)
+                        {
+                        verify=SSL_VERIFY_PEER;
+                        if (--argc < 1) goto bad;
+                        verify_depth=atoi(*(++argv));
+                        BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+                        }
+                else if (strcmp(*argv,"-cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        cert_file= *(++argv);
+                        }
+                else if (strcmp(*argv,"-quiet") == 0)
+                        c_quiet=1;
+                else if (strcmp(*argv,"-pause") == 0)
+                        c_Pause=1;
+                else if (strcmp(*argv,"-debug") == 0)
+                        c_debug=1;
+                else if (strcmp(*argv,"-nbio_test") == 0)
+                        nbio_test=1;
+                else if (strcmp(*argv,"-state") == 0)
+                        state=1;
+#ifndef NO_SSL2
+                else if (strcmp(*argv,"-ssl2") == 0)
+                        meth=SSLv2_client_method();
+#endif
+#ifndef NO_SSL3
+                else if (strcmp(*argv,"-ssl3") == 0)
+                        meth=SSLv3_client_method();
+#endif
+#ifndef NO_TLS1
+                else if (strcmp(*argv,"-tls1") == 0)
+                        meth=TLSv1_client_method();
+#endif
+                else if (strcmp(*argv,"-bugs") == 0)
+                        bugs=1;
+                else if (strcmp(*argv,"-key") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        key_file= *(++argv);
+                        }
+                else if (strcmp(*argv,"-reconnect") == 0)
+                        {
+                        reconnect=5;
+                        }
+                else if (strcmp(*argv,"-CApath") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CApath= *(++argv);
+                        }
+                else if (strcmp(*argv,"-CAfile") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CAfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-no_tls1") == 0)
+                        off|=SSL_OP_NO_TLSv1;
+                else if (strcmp(*argv,"-no_ssl3") == 0)
+                        off|=SSL_OP_NO_SSLv3;
+                else if (strcmp(*argv,"-no_ssl2") == 0)
+                        off|=SSL_OP_NO_SSLv2;
+                else if (strcmp(*argv,"-cipher") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        cipher= *(++argv);
+                        }
+#ifdef FIONBIO
+                else if (strcmp(*argv,"-nbio") == 0)
+                        { c_nbio=1; }
+#endif
+                else
+                        {
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badop=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badop)
+                {
+bad:
+                sc_usage();
+                goto end;
+                }
+        if (bio_c_out == NULL)
+                {
+                if (c_quiet)
+                        {
+                        bio_c_out=BIO_new(BIO_s_null());
+                        }
+                else
+                        {
+                        if (bio_c_out == NULL)
+                                bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+                        }
+                }
+        SSLeay_add_ssl_algorithms();
+        ctx=SSL_CTX_new(meth);
+        if (ctx == NULL)
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (bugs)
+                SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
+        else
+                SSL_CTX_set_options(ctx,off);
+        if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
+        if (cipher != NULL)
+                SSL_CTX_set_cipher_list(ctx,cipher);
+#if 0
+        else
+                SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
+#endif
+        SSL_CTX_set_verify(ctx,verify,verify_callback);
+        if (!set_cert_stuff(ctx,cert_file,key_file))
+                goto end;
+        if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(ctx)))
+                {
+                /* BIO_printf(bio_err,"error seting default verify locations\n"); */
+                ERR_print_errors(bio_err);
+                /* goto end; */
+                }
+        SSL_load_error_strings();
+        con=(SSL *)SSL_new(ctx);
+/*      SSL_set_cipher_list(con,"RC4-MD5"); */
+re_start:
+        if (init_client(&s,host,port) == 0)
+                {
+                BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
+                SHUTDOWN(s);
+                goto end;
+                }
+        BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
+#ifdef FIONBIO
+        if (c_nbio)
+                {
+                unsigned long l=1;
+                BIO_printf(bio_c_out,"turning on non blocking io\n");
+                if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
+                        {
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                }
+#endif                                              
+        if (c_Pause & 0x01) con->debug=1;
+        sbio=BIO_new_socket(s,BIO_NOCLOSE);
+        if (nbio_test)
+                {
+                BIO *test;
+                test=BIO_new(BIO_f_nbio_test());
+                sbio=BIO_push(test,sbio);
+                }
+        if (c_debug)
+                {
+                con->debug=1;
+                BIO_set_callback(sbio,bio_dump_cb);
+                BIO_set_callback_arg(sbio,bio_c_out);
+                }
+        SSL_set_bio(con,sbio,sbio);
+        SSL_set_connect_state(con);
+        /* ok, lets connect */
+        width=SSL_get_fd(con)+1;
+        read_tty=1;
+        write_tty=0;
+        tty_on=0;
+        read_ssl=1;
+        write_ssl=1;
+        
+        cbuf_len=0;
+        cbuf_off=0;
+        sbuf_len=0;
+        sbuf_off=0;
+        for (;;)
+                {
+                FD_ZERO(&readfds);
+                FD_ZERO(&writefds);
+                if (SSL_in_init(con) && !SSL_total_renegotiations(con))
+                        {
+                        in_init=1;
+                        tty_on=0;
+                        }
+                else
+                        {
+                        tty_on=1;
+                        if (in_init)
+                                {
+                                in_init=0;
+                                print_stuff(bio_c_out,con,full_log);
+                                if (full_log > 0) full_log--;
+                                if (reconnect)
+                                        {
+                                        reconnect--;
+                                        BIO_printf(bio_c_out,"drop connection and then reconnect\n");
+                                        SSL_shutdown(con);
+                                        SSL_set_connect_state(con);
+                                        SHUTDOWN(SSL_get_fd(con));
+                                        goto re_start;
+                                        }
+                                }
+                        }
+#ifndef WINDOWS
+                if (tty_on)
+                        {
+                        if (read_tty)  FD_SET(fileno(stdin),&readfds);
+                        if (write_tty) FD_SET(fileno(stdout),&writefds);
+                        }
+#endif
+                if (read_ssl)
+                        FD_SET(SSL_get_fd(con),&readfds);
+                if (write_ssl)
+                        FD_SET(SSL_get_fd(con),&writefds);
+/*              printf("mode tty(%d %d%d) ssl(%d%d)\n",
+                        tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
+                i=select(width,&readfds,&writefds,NULL,NULL);
+                if ( i < 0)
+                        {
+                        BIO_printf(bio_err,"bad select %d\n",
+                                get_last_socket_error());
+                        goto shut;
+                        /* goto end; */
+                        }
+                if (FD_ISSET(SSL_get_fd(con),&writefds))
+                        {
+                        k=SSL_write(con,&(cbuf[cbuf_off]),
+                                (unsigned int)cbuf_len);
+                        switch (SSL_get_error(con,k))
+                                {
+                        case SSL_ERROR_NONE:
+                                cbuf_off+=k;
+                                cbuf_len-=k;
+                                if (k <= 0) goto end;
+                                /* we have done a  write(con,NULL,0); */
+                                if (cbuf_len <= 0)
+                                        {
+                                        read_tty=1;
+                                        write_ssl=0;
+                                        }
+                                else /* if (cbuf_len > 0) */
+                                        {
+                                        read_tty=0;
+                                        write_ssl=1;
+                                        }
+                                break;
+                        case SSL_ERROR_WANT_WRITE:
+                                BIO_printf(bio_c_out,"write W BLOCK\n");
+                                write_ssl=1;
+                                read_tty=0;
+                                break;
+                        case SSL_ERROR_WANT_READ:
+                                BIO_printf(bio_c_out,"write R BLOCK\n");
+                                write_tty=0;
+                                read_ssl=1;
+                                write_ssl=0;
+                                break;
+                        case SSL_ERROR_WANT_X509_LOOKUP:
+                                BIO_printf(bio_c_out,"write X BLOCK\n");
+                                break;
+                        case SSL_ERROR_ZERO_RETURN:
+                                if (cbuf_len != 0)
+                                        {
+                                        BIO_printf(bio_c_out,"shutdown\n");
+                                        goto shut;
+                                        }
+                                else
+                                        {
+                                        read_tty=1;
+                                        write_ssl=0;
+                                        break;
+                                        }
+                                
+                        case SSL_ERROR_SYSCALL:
+                                if ((k != 0) || (cbuf_len != 0))
+                                        {
+                                        BIO_printf(bio_err,"write:errno=%d\n",
+                                                get_last_socket_error());
+                                        goto shut;
+                                        }
+                                else
+                                        {
+                                        read_tty=1;
+                                        write_ssl=0;
+                                        }
+                                break;
+                        case SSL_ERROR_SSL:
+                                ERR_print_errors(bio_err);
+                                goto shut;
+                                }
+                        }
+#ifndef WINDOWS
+                else if (FD_ISSET(fileno(stdout),&writefds))
+                        {
+                        i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
+                        if (i <= 0)
+                                {
+                                BIO_printf(bio_c_out,"DONE\n");
+                                goto shut;
+                                /* goto end; */
+                                }
+                        sbuf_len-=i;;
+                        sbuf_off+=i;
+                        if (sbuf_len <= 0)
+                                {
+                                read_ssl=1;
+                                write_tty=0;
+                                }
+                        }
+#endif
+                else if (FD_ISSET(SSL_get_fd(con),&readfds))
+                        {
+#ifdef RENEG
+{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
+#endif
+                        k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
+                        switch (SSL_get_error(con,k))
+                                {
+                        case SSL_ERROR_NONE:
+                                if (k <= 0)
+                                        goto end;
+                                sbuf_off=0;
+                                sbuf_len=k;
+                                read_ssl=0;
+                                write_tty=1;
+                                break;
+                        case SSL_ERROR_WANT_WRITE:
+                                BIO_printf(bio_c_out,"read W BLOCK\n");
+                                write_ssl=1;
+                                read_tty=0;
+                                break;
+                        case SSL_ERROR_WANT_READ:
+                                BIO_printf(bio_c_out,"read R BLOCK\n");
+                                write_tty=0;
+                                read_ssl=1;
+                                if ((read_tty == 0) && (write_ssl == 0))
+                                        write_ssl=1;
+                                break;
+                        case SSL_ERROR_WANT_X509_LOOKUP:
+                                BIO_printf(bio_c_out,"read X BLOCK\n");
+                                break;
+                        case SSL_ERROR_SYSCALL:
+                                BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
+                                goto shut;
+                        case SSL_ERROR_ZERO_RETURN:
+                                BIO_printf(bio_c_out,"closed\n");
+                                goto shut;
+                        case SSL_ERROR_SSL:
+                                ERR_print_errors(bio_err);
+                                goto shut;
+                                break;
+                                }
+                        }
+#ifndef WINDOWS
+                else if (FD_ISSET(fileno(stdin),&readfds))
+                        {
+                        i=read(fileno(stdin),cbuf,BUFSIZZ);
+                        if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
+                                {
+                                BIO_printf(bio_err,"DONE\n");
+                                goto shut;
+                                }
+                        if ((!c_quiet) && (cbuf[0] == 'R'))
+                                {
+                                SSL_renegotiate(con);
+                                read_tty=0;
+                                write_ssl=1;
+                                }
+                        else
+                                {
+                                cbuf_len=i;
+                                cbuf_off=0;
+                                }
+                        read_tty=0;
+                        write_ssl=1;
+                        }
+#endif
+                }
+shut:
+        SSL_shutdown(con);
+        SHUTDOWN(SSL_get_fd(con));
+        ret=0;
+end:
+        if (con != NULL) SSL_free(con);
+        if (con2 != NULL) SSL_free(con2);
+        if (ctx != NULL) SSL_CTX_free(ctx);
+        if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
+        if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
+        if (bio_c_out != NULL)
+                {
+                BIO_free(bio_c_out);
+                bio_c_out=NULL;
+                }
+        EXIT(ret);
+        }
+static void print_stuff(bio,s,full)
+BIO *bio;
+SSL *s;
+int full;
+        {
+        X509 *peer=NULL;
+        char *p;
+        static char *space="                ";
+        char buf[BUFSIZ];
+        STACK *sk;
+        SSL_CIPHER *c;
+        X509_NAME *xn;
+        int j,i;
+        if (full)
+                {
+                sk=SSL_get_peer_cert_chain(s);
+                if (sk != NULL)
+                        {
+                        BIO_printf(bio,"---\nCertficate chain\n");
+                        for (i=0; i<sk_num(sk); i++)
+                                {
+                                X509_NAME_oneline(X509_get_subject_name((X509 *)
+                                        sk_value(sk,i)),buf,BUFSIZ);
+                                BIO_printf(bio,"%2d s:%s\n",i,buf);
+                                X509_NAME_oneline(X509_get_issuer_name((X509 *)
+                                        sk_value(sk,i)),buf,BUFSIZ);
+                                BIO_printf(bio,"   i:%s\n",buf);
+                                }
+                        }
+                BIO_printf(bio,"---\n");
+                peer=SSL_get_peer_certificate(s);
+                if (peer != NULL)
+                        {
+                        BIO_printf(bio,"Server certificate\n");
+                        PEM_write_bio_X509(bio,peer);
+                        X509_NAME_oneline(X509_get_subject_name(peer),
+                                buf,BUFSIZ);
+                        BIO_printf(bio,"subject=%s\n",buf);
+                        X509_NAME_oneline(X509_get_issuer_name(peer),
+                                buf,BUFSIZ);
+                        BIO_printf(bio,"issuer=%s\n",buf);
+                        }
+                else
+                        BIO_printf(bio,"no peer certificate available\n");
+                sk=SSL_get_client_CA_list(s);
+                if ((sk != NULL) && (sk_num(sk) > 0))
+                        {
+                        BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
+                        for (i=0; i<sk_num(sk); i++)
+                                {
+                                xn=(X509_NAME *)sk_value(sk,i);
+                                X509_NAME_oneline(xn,buf,sizeof(buf));
+                                BIO_write(bio,buf,strlen(buf));
+                                BIO_write(bio,"\n",1);
+                                }
+                        }
+                else
+                        {
+                        BIO_printf(bio,"---\nNo client certificate CA names sent\n");
+                        }
+                p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
+                if (p != NULL)
+                        {
+                        BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
+                        j=i=0;
+                        while (*p)
+                                {
+                                if (*p == ':')
+                                        {
+                                        BIO_write(bio,space,15-j%25);
+                                        i++;
+                                        j=0;
+                                        BIO_write(bio,((i%3)?" ":"\n"),1);
+                                        }
+                                else
+                                        {
+                                        BIO_write(bio,p,1);
+                                        j++;
+                                        }
+                                p++;
+                                }
+                        BIO_write(bio,"\n",1);
+                        }
+                BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
+                        BIO_number_read(SSL_get_rbio(s)),
+                        BIO_number_written(SSL_get_wbio(s)));
+                }
+        BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
+        c=SSL_get_current_cipher(s);
+        BIO_printf(bio,"%s, Cipher is %s\n",
+                SSL_CIPHER_get_version(c),
+                SSL_CIPHER_get_name(c));
+        if (peer != NULL)
+                BIO_printf(bio,"Server public key is %d bit\n",
+                        EVP_PKEY_bits(X509_get_pubkey(peer)));
+        SSL_SESSION_print(bio,SSL_get_session(s));
+        BIO_printf(bio,"---\n");
+        if (peer != NULL)
+                X509_free(peer);
+        }
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
new file mode 100644
index 0000000000..5012ef254d
--- /dev/null
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -0,0 +1,1225 @@
+/* apps/s_server.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#ifdef NO_STDIO
+#define APPS_WIN16
+#endif
+#include "lhash.h"
+#include "bn.h"
+#define USE_SOCKETS
+#include "apps.h"
+#include "err.h"
+#include "pem.h"
+#include "x509.h"
+#include "ssl.h"
+#include "s_apps.h"
+#ifndef NOPROTO
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
+static int sv_body(char *hostname, int s);
+static int www_body(char *hostname, int s);
+static void close_accept_socket(void );
+static void sv_usage(void);
+static int init_ssl_connection(SSL *s);
+static void print_stats(BIO *bp,SSL_CTX *ctx);
+#ifndef NO_DH
+static DH *load_dh_param(void );
+static DH *get_dh512(void);
+#endif
+/* static void s_server_init(void);*/
+#else
+static RSA MS_CALLBACK *tmp_rsa_cb();
+static int sv_body();
+static int www_body();
+static void close_accept_socket();
+static void sv_usage();
+static int init_ssl_connection();
+static void print_stats();
+#ifndef NO_DH
+static DH *load_dh_param();
+static DH *get_dh512();
+#endif
+/* static void s_server_init(); */
+#endif
+#ifndef S_ISDIR
+#define S_ISDIR(a)      (((a) & _S_IFMT) == _S_IFDIR)
+#endif
+#ifndef NO_DH
+static unsigned char dh512_p[]={
+        0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+        0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+        0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+        0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+        0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+        0x47,0x74,0xE8,0x33,
+        };
+static unsigned char dh512_g[]={
+        0x02,
+        };
+static DH *get_dh512()
+        {
+        DH *dh=NULL;
+        if ((dh=DH_new()) == NULL) return(NULL);
+        dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+        dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+        if ((dh->p == NULL) || (dh->g == NULL))
+                return(NULL);
+        return(dh);
+        }
+#endif
+/* static int load_CA(SSL_CTX *ctx, char *file);*/
+#undef BUFSIZZ
+#define BUFSIZZ 8*1024
+static int accept_socket= -1;
+#define TEST_CERT       "server.pem"
+#undef PROG
+#define PROG            s_server_main
+#define DH_PARAM        "server.pem"
+extern int verify_depth;
+static char *cipher=NULL;
+static int s_server_verify=SSL_VERIFY_NONE;
+static char *s_cert_file=TEST_CERT,*s_key_file=NULL;
+static char *s_dcert_file=NULL,*s_dkey_file=NULL;
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+static int s_nbio_test=0;
+static SSL_CTX *ctx=NULL;
+static int www=0;
+static BIO *bio_s_out=NULL;
+static int s_debug=0;
+static int s_quiet=0;
+#if 0
+static void s_server_init()
+        {
+        cipher=NULL;
+        s_server_verify=SSL_VERIFY_NONE;
+        s_dcert_file=NULL;
+        s_dkey_file=NULL;
+        s_cert_file=TEST_CERT;
+        s_key_file=NULL;
+#ifdef FIONBIO
+        s_nbio=0;
+#endif
+        s_nbio_test=0;
+        ctx=NULL;
+        www=0;
+        bio_s_out=NULL;
+        s_debug=0;
+        s_quiet=0;
+        }
+#endif
+static void sv_usage()
+        {
+        BIO_printf(bio_err,"usage: s_server [args ...]\n");
+        BIO_printf(bio_err,"\n");
+        BIO_printf(bio_err," -accept arg   - port to accept on (default is %d\n",PORT);
+        BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
+        BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
+        BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
+        BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);
+        BIO_printf(bio_err," -key arg      - RSA file to use, PEM format assumed, in cert file if\n");
+        BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT);
+#ifdef FIONBIO
+        BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
+#endif
+        BIO_printf(bio_err," -nbio_test    - test with the non-blocking test bio\n");
+        BIO_printf(bio_err," -debug        - Print more output\n");
+        BIO_printf(bio_err," -state        - Print the SSL states\n");
+        BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
+        BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
+        BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
+        BIO_printf(bio_err," -cipher arg   - play with 'ssleay ciphers' to see what goes here\n");
+        BIO_printf(bio_err," -quiet        - No server output\n");
+        BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
+        BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
+        BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
+        BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
+        BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
+        BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
+        BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
+        BIO_printf(bio_err," -bugs         - Turn on SSL bug compatability\n");
+        BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
+        BIO_printf(bio_err," -WWW          - Returns requested page from to a 'GET <path> HTTP/1.0'\n");
+        }
+static int local_argc=0;
+static char **local_argv;
+static int hack=0;
+int MAIN(argc, argv)
+int argc;
+char *argv[];
+        {
+        short port=PORT;
+        char *CApath=NULL,*CAfile=NULL;
+        int badop=0,bugs=0;
+        int ret=1;
+        int off=0;
+        int no_tmp_rsa=0,nocert=0;
+        int state=0;
+        SSL_METHOD *meth=NULL;
+#ifndef NO_DH
+        DH *dh=NULL;
+#endif
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+        meth=SSLv23_server_method();
+#elif !defined(NO_SSL3)
+        meth=SSLv3_server_method();
+#elif !defined(NO_SSL2)
+        meth=SSLv2_server_method();
+#endif
+        local_argc=argc;
+        local_argv=argv;
+        apps_startup();
+        s_quiet=0;
+        s_debug=0;
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        verify_depth=0;
+#ifdef FIONBIO
+        s_nbio=0;
+#endif
+        s_nbio_test=0;
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      ((strcmp(*argv,"-port") == 0) ||
+                         (strcmp(*argv,"-accept") == 0))
+                        {
+                        if (--argc < 1) goto bad;
+                        if (!extract_port(*(++argv),&port))
+                                goto bad;
+                        }
+                else if (strcmp(*argv,"-verify") == 0)
+                        {
+                        s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
+                        if (--argc < 1) goto bad;
+                        verify_depth=atoi(*(++argv));
+                        BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+                        }
+                else if (strcmp(*argv,"-Verify") == 0)
+                        {
+                        s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
+                                SSL_VERIFY_CLIENT_ONCE;
+                        if (--argc < 1) goto bad;
+                        verify_depth=atoi(*(++argv));
+                        BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
+                        }
+                else if (strcmp(*argv,"-cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        s_cert_file= *(++argv);
+                        }
+                else if (strcmp(*argv,"-key") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        s_key_file= *(++argv);
+                        }
+                else if (strcmp(*argv,"-dcert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        s_dcert_file= *(++argv);
+                        }
+                else if (strcmp(*argv,"-dkey") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        s_dkey_file= *(++argv);
+                        }
+                else if (strcmp(*argv,"-nocert") == 0)
+                        {
+                        nocert=1;
+                        }
+                else if (strcmp(*argv,"-CApath") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CApath= *(++argv);
+                        }
+                else if (strcmp(*argv,"-cipher") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        cipher= *(++argv);
+                        }
+                else if (strcmp(*argv,"-CAfile") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CAfile= *(++argv);
+                        }
+#ifdef FIONBIO  
+                else if (strcmp(*argv,"-nbio") == 0)
+                        { s_nbio=1; }
+#endif
+                else if (strcmp(*argv,"-nbio_test") == 0)
+                        {
+#ifdef FIONBIO  
+                        s_nbio=1;
+#endif
+                        s_nbio_test=1;
+                        }
+                else if (strcmp(*argv,"-debug") == 0)
+                        { s_debug=1; }
+                else if (strcmp(*argv,"-hack") == 0)
+                        { hack=1; }
+                else if (strcmp(*argv,"-state") == 0)
+                        { state=1; }
+                else if (strcmp(*argv,"-quiet") == 0)
+                        { s_quiet=1; }
+                else if (strcmp(*argv,"-bugs") == 0)
+                        { bugs=1; }
+                else if (strcmp(*argv,"-no_tmp_rsa") == 0)
+                        { no_tmp_rsa=1; }
+                else if (strcmp(*argv,"-www") == 0)
+                        { www=1; }
+                else if (strcmp(*argv,"-WWW") == 0)
+                        { www=2; }
+                else if (strcmp(*argv,"-no_ssl2") == 0)
+                        { off|=SSL_OP_NO_SSLv2; }
+                else if (strcmp(*argv,"-no_ssl3") == 0)
+                        { off|=SSL_OP_NO_SSLv3; }
+                else if (strcmp(*argv,"-no_tls1") == 0)
+                        { off|=SSL_OP_NO_TLSv1; }
+#ifndef NO_SSL2
+                else if (strcmp(*argv,"-ssl2") == 0)
+                        { meth=SSLv2_server_method(); }
+#endif
+#ifndef NO_SSL3
+                else if (strcmp(*argv,"-ssl3") == 0)
+                        { meth=SSLv3_server_method(); }
+#endif
+#ifndef NO_TLS1
+                else if (strcmp(*argv,"-tls1") == 0)
+                        { meth=TLSv1_server_method(); }
+#endif
+                else
+                        {
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badop=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badop)
+                {
+bad:
+                sv_usage();
+                goto end;
+                }
+        if (bio_s_out == NULL)
+                {
+                if (s_quiet && !s_debug)
+                        {
+                        bio_s_out=BIO_new(BIO_s_null());
+                        }
+                else
+                        {
+                        if (bio_s_out == NULL)
+                                bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+                        }
+                }
+#if !defined(NO_RSA) || !defined(NO_DSA)
+        if (nocert)
+#endif
+                {
+                s_cert_file=NULL;
+                s_key_file=NULL;
+                s_dcert_file=NULL;
+                s_dkey_file=NULL;
+                }
+        SSL_load_error_strings();
+        SSLeay_add_ssl_algorithms();
+        ctx=SSL_CTX_new(meth);
+        if (ctx == NULL)
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        SSL_CTX_set_quiet_shutdown(ctx,1);
+        if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
+        if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+        SSL_CTX_set_options(ctx,off);
+        if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST);
+        if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
+        SSL_CTX_sess_set_cache_size(ctx,128);
+#if 0
+        if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+#endif
+#if 0
+        if (s_cert_file == NULL)
+                {
+                BIO_printf(bio_err,"You must specify a certificate file for the server to use\n");
+                goto end;
+                }
+#endif
+        if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(ctx)))
+                {
+                /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
+                ERR_print_errors(bio_err);
+                /* goto end; */
+                }
+#ifndef NO_DH
+        /* EAY EAY EAY evil hack */
+        dh=load_dh_param();
+        if (dh != NULL)
+                {
+                BIO_printf(bio_s_out,"Setting temp DH parameters\n");
+                }
+        else
+                {
+                BIO_printf(bio_s_out,"Using default temp DH parameters\n");
+                dh=get_dh512();
+                }
+        BIO_flush(bio_s_out);
+        SSL_CTX_set_tmp_dh(ctx,dh);
+        DH_free(dh);
+#endif
+        
+        if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
+                goto end;
+        if (s_dcert_file != NULL)
+                {
+                if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file))
+                        goto end;
+                }
+#if 1
+        SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
+#else
+        if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
+                {
+                RSA *rsa;
+                BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key...");
+                BIO_flush(bio_s_out);
+                rsa=RSA_generate_key(512,RSA_F4,NULL);
+                if (!SSL_CTX_set_tmp_rsa(ctx,rsa))
+                        {
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                RSA_free(rsa);
+                BIO_printf(bio_s_out,"\n");
+                }
+#endif
+        if (cipher != NULL)
+                SSL_CTX_set_cipher_list(ctx,cipher);
+        SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
+        SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+        BIO_printf(bio_s_out,"ACCEPT\n");
+        if (www)
+                do_server(port,&accept_socket,www_body);
+        else
+                do_server(port,&accept_socket,sv_body);
+        print_stats(bio_s_out,ctx);
+        ret=0;
+end:
+        if (ctx != NULL) SSL_CTX_free(ctx);
+        if (bio_s_out != NULL)
+                {
+                BIO_free(bio_s_out);
+                bio_s_out=NULL;
+                }
+        EXIT(ret);
+        }
+static void print_stats(bio,ssl_ctx)
+BIO *bio;
+SSL_CTX *ssl_ctx;
+        {
+        BIO_printf(bio,"%4ld items in the session cache\n",
+                SSL_CTX_sess_number(ssl_ctx));
+        BIO_printf(bio,"%4d client connects (SSL_connect())\n",
+                SSL_CTX_sess_connect(ssl_ctx));
+        BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n",
+                SSL_CTX_sess_connect_renegotiate(ssl_ctx));
+        BIO_printf(bio,"%4d client connects that finished\n",
+                SSL_CTX_sess_connect_good(ssl_ctx));
+        BIO_printf(bio,"%4d server accepts (SSL_accept())\n",
+                SSL_CTX_sess_accept(ssl_ctx));
+        BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n",
+                SSL_CTX_sess_accept_renegotiate(ssl_ctx));
+        BIO_printf(bio,"%4d server accepts that finished\n",
+                SSL_CTX_sess_accept_good(ssl_ctx));
+        BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
+        BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
+        BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
+        BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
+        BIO_printf(bio,"%4d cache full overflows (%d allowed)\n",
+                SSL_CTX_sess_cache_full(ssl_ctx),
+                SSL_CTX_sess_get_cache_size(ssl_ctx));
+        }
+static int sv_body(hostname, s)
+char *hostname;
+int s;
+        {
+        char *buf=NULL;
+        fd_set readfds;
+        int ret=1,width;
+        int k,i;
+        unsigned long l;
+        SSL *con=NULL;
+        BIO *sbio;
+        if ((buf=Malloc(BUFSIZZ)) == NULL)
+                {
+                BIO_printf(bio_err,"out of memory\n");
+                goto err;
+                }
+#ifdef FIONBIO  
+        if (s_nbio)
+                {
+                unsigned long sl=1;
+                if (!s_quiet)
+                        BIO_printf(bio_err,"turning on non blocking io\n");
+                if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
+                        ERR_print_errors(bio_err);
+                }
+#endif
+        if (con == NULL)
+                con=(SSL *)SSL_new(ctx);
+        SSL_clear(con);
+        sbio=BIO_new_socket(s,BIO_NOCLOSE);
+        if (s_nbio_test)
+                {
+                BIO *test;
+                test=BIO_new(BIO_f_nbio_test());
+                sbio=BIO_push(test,sbio);
+                }
+        SSL_set_bio(con,sbio,sbio);
+        SSL_set_accept_state(con);
+        /* SSL_set_fd(con,s); */
+        if (s_debug)
+                {
+                con->debug=1;
+                BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
+                BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
+                }
+        width=s+1;
+        for (;;)
+                {
+                FD_ZERO(&readfds);
+#ifndef WINDOWS
+                FD_SET(fileno(stdin),&readfds);
+#endif
+                FD_SET(s,&readfds);
+                i=select(width,&readfds,NULL,NULL,NULL);
+                if (i <= 0) continue;
+                if (FD_ISSET(fileno(stdin),&readfds))
+                        {
+                        i=read(fileno(stdin),buf,128/*BUFSIZZ*/);
+                        if (!s_quiet)
+                                {
+                                if ((i <= 0) || (buf[0] == 'Q'))
+                                        {
+                                        BIO_printf(bio_s_out,"DONE\n");
+                                        SHUTDOWN(s);
+                                        close_accept_socket();
+                                        ret= -11;
+                                        goto err;
+                                        }
+                                if ((i <= 0) || (buf[0] == 'q'))
+                                        {
+                                        BIO_printf(bio_s_out,"DONE\n");
+                                        SHUTDOWN(s);
+        /*                              close_accept_socket();
+                                        ret= -11;*/
+                                        goto err;
+                                        }
+                                if ((buf[0] == 'r') && 
+                                        ((buf[1] == '\n') || (buf[1] == '\r')))
+                                        {
+                                        SSL_renegotiate(con);
+                                        i=SSL_do_handshake(con);
+                                        printf("SSL_do_handshake -> %d\n",i);
+                                        i=0; /*13; */
+                                        continue;
+                                        strcpy(buf,"server side RE-NEGOTIATE\n");
+                                        }
+                                if ((buf[0] == 'R') &&
+                                        ((buf[1] == '\0') || (buf[1] == '\r')))
+                                        {
+                                        SSL_set_verify(con,
+                                                SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
+                                        SSL_renegotiate(con);
+                                        i=SSL_do_handshake(con);
+                                        printf("SSL_do_handshake -> %d\n",i);
+                                        i=0; /* 13; */
+                                        continue;
+                                        strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n");
+                                        }
+                                if (buf[0] == 'P')
+                                        {
+                                        static char *str="Lets print some clear text\n";
+                                        BIO_write(SSL_get_wbio(con),str,strlen(str));
+                                        }
+                                if (buf[0] == 'S')
+                                        {
+                                        print_stats(bio_s_out,SSL_get_SSL_CTX(con));
+                                        }
+                                }
+                        l=k=0;
+                        for (;;)
+                                {
+                                /* should do a select for the write */
+#ifdef RENEG
+{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
+#endif
+                                k=SSL_write(con,&(buf[l]),(unsigned int)i);
+                                switch (SSL_get_error(con,k))
+                                        {
+                                case SSL_ERROR_NONE:
+                                        break;
+                                case SSL_ERROR_WANT_WRITE:
+                                case SSL_ERROR_WANT_READ:
+                                case SSL_ERROR_WANT_X509_LOOKUP:
+                                        BIO_printf(bio_s_out,"Write BLOCK\n");
+                                        break;
+                                case SSL_ERROR_SYSCALL:
+                                case SSL_ERROR_SSL:
+                                        BIO_printf(bio_s_out,"ERROR\n");
+                                        ERR_print_errors(bio_err);
+                                        ret=1;
+                                        goto err;
+                                        break;
+                                case SSL_ERROR_ZERO_RETURN:
+                                        BIO_printf(bio_s_out,"DONE\n");
+                                        ret=1;
+                                        goto err;
+                                        }
+                                l+=k;
+                                i-=k;
+                                if (i <= 0) break;
+                                }
+                        }
+                if (FD_ISSET(s,&readfds))
+                        {
+                        if (!SSL_is_init_finished(con))
+                                {
+                                i=init_ssl_connection(con);
+                                
+                                if (i < 0)
+                                        {
+                                        ret=0;
+                                        goto err;
+                                        }
+                                else if (i == 0)
+                                        {
+                                        ret=1;
+                                        goto err;
+                                        }
+                                }
+                        else
+                                {
+                                i=SSL_read(con,(char *)buf,128 /*BUFSIZZ */);
+                                switch (SSL_get_error(con,i))
+                                        {
+                                case SSL_ERROR_NONE:
+                                        write(fileno(stdout),buf,
+                                                (unsigned int)i);
+                                        break;
+                                case SSL_ERROR_WANT_WRITE:
+                                case SSL_ERROR_WANT_READ:
+                                case SSL_ERROR_WANT_X509_LOOKUP:
+                                        BIO_printf(bio_s_out,"Read BLOCK\n");
+                                        break;
+                                case SSL_ERROR_SYSCALL:
+                                case SSL_ERROR_SSL:
+                                        BIO_printf(bio_s_out,"ERROR\n");
+                                        ERR_print_errors(bio_err);
+                                        ret=1;
+                                        goto err;
+                                case SSL_ERROR_ZERO_RETURN:
+                                        BIO_printf(bio_s_out,"DONE\n");
+                                        ret=1;
+                                        goto err;
+                                        }
+                                }
+                        }
+                }
+err:
+        BIO_printf(bio_s_out,"shutting down SSL\n");
+#if 1
+        SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+        SSL_shutdown(con);
+#endif
+        if (con != NULL) SSL_free(con);
+        BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
+        if (buf != NULL)
+                {
+                memset(buf,0,BUFSIZZ);
+                Free(buf);
+                }
+        if (ret >= 0)
+                BIO_printf(bio_s_out,"ACCEPT\n");
+        return(ret);
+        }
+static void close_accept_socket()
+        {
+        BIO_printf(bio_err,"shutdown accept socket\n");
+        if (accept_socket >= 0)
+                {
+                SHUTDOWN2(accept_socket);
+                }
+        }
+static int init_ssl_connection(con)
+SSL *con;
+        {
+        int i;
+        char *str;
+        X509 *peer;
+        long verify_error;
+        MS_STATIC char buf[BUFSIZ];
+        if ((i=SSL_accept(con)) <= 0)
+                {
+                if (BIO_sock_should_retry(i))
+                        {
+                        BIO_printf(bio_s_out,"DELAY\n");
+                        return(1);
+                        }
+                BIO_printf(bio_err,"ERROR\n");
+                verify_error=SSL_get_verify_result(con);
+                if (verify_error != X509_V_OK)
+                        {
+                        BIO_printf(bio_err,"verify error:%s\n",
+                                X509_verify_cert_error_string(verify_error));
+                        }
+                else
+                        ERR_print_errors(bio_err);
+                return(0);
+                }
+        PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));
+        peer=SSL_get_peer_certificate(con);
+        if (peer != NULL)
+                {
+                BIO_printf(bio_s_out,"Client certificate\n");
+                PEM_write_bio_X509(bio_s_out,peer);
+                X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ);
+                BIO_printf(bio_s_out,"subject=%s\n",buf);
+                X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ);
+                BIO_printf(bio_s_out,"issuer=%s\n",buf);
+                X509_free(peer);
+                }
+        if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL)
+                BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
+        str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
+        BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
+        if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
+        return(1);
+        }
+#ifndef NO_DH
+static DH *load_dh_param()
+        {
+        DH *ret=NULL;
+        BIO *bio;
+        if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL)
+                goto err;
+        ret=PEM_read_bio_DHparams(bio,NULL,NULL);
+err:
+        if (bio != NULL) BIO_free(bio);
+        return(ret);
+        }
+#endif
+#if 0
+static int load_CA(ctx,file)
+SSL_CTX *ctx;
+char *file;
+        {
+        FILE *in;
+        X509 *x=NULL;
+        if ((in=fopen(file,"r")) == NULL)
+                return(0);
+        for (;;)
+                {
+                if (PEM_read_X509(in,&x,NULL) == NULL)
+                        break;
+                SSL_CTX_add_client_CA(ctx,x);
+                }
+        if (x != NULL) X509_free(x);
+        fclose(in);
+        return(1);
+        }
+#endif
+static int www_body(hostname, s)
+char *hostname;
+int s;
+        {
+        char buf[1024];
+        int ret=1;
+        int i,j,k,blank,dot;
+        struct stat st_buf;
+        SSL *con;
+        SSL_CIPHER *c;
+        BIO *io,*ssl_bio,*sbio;
+        long total_bytes;
+        io=BIO_new(BIO_f_buffer());
+        ssl_bio=BIO_new(BIO_f_ssl());
+        if ((io == NULL) || (ssl_bio == NULL)) goto err;
+#ifdef FIONBIO  
+        if (s_nbio)
+                {
+                unsigned long sl=1;
+                if (!s_quiet)
+                        BIO_printf(bio_err,"turning on non blocking io\n");
+                if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
+                        ERR_print_errors(bio_err);
+                }
+#endif
+        /* lets make the output buffer a reasonable size */
+        if (!BIO_set_write_buffer_size(io,253 /*16*1024*/)) goto err;
+        if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
+        sbio=BIO_new_socket(s,BIO_NOCLOSE);
+        if (s_nbio_test)
+                {
+                BIO *test;
+                test=BIO_new(BIO_f_nbio_test());
+                sbio=BIO_push(test,sbio);
+                }
+        SSL_set_bio(con,sbio,sbio);
+        SSL_set_accept_state(con);
+        /* SSL_set_fd(con,s); */
+        BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
+        BIO_push(io,ssl_bio);
+        if (s_debug)
+                {
+                con->debug=1;
+                BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
+                BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
+                }
+        blank=0;
+        for (;;)
+                {
+                if (hack)
+                        {
+                        i=SSL_accept(con);
+                        switch (SSL_get_error(con,i))
+                                {
+                        case SSL_ERROR_NONE:
+                                break;
+                        case SSL_ERROR_WANT_WRITE:
+                        case SSL_ERROR_WANT_READ:
+                        case SSL_ERROR_WANT_X509_LOOKUP:
+                                continue;
+                        case SSL_ERROR_SYSCALL:
+                        case SSL_ERROR_SSL:
+                        case SSL_ERROR_ZERO_RETURN:
+                                ret=1;
+                                goto err;
+                                break;
+                                }
+                        SSL_renegotiate(con);
+                        SSL_write(con,NULL,0);
+                        }
+                i=BIO_gets(io,buf,sizeof(buf)-1);
+                if (i < 0) /* error */
+                        {
+                        if (!BIO_should_retry(io))
+                                {
+                                if (!s_quiet)
+                                        ERR_print_errors(bio_err);
+                                goto err;
+                                }
+                        else
+                                {
+                                BIO_printf(bio_s_out,"read R BLOCK\n");
+#ifndef MSDOS
+                                sleep(1);
+#endif
+                                continue;
+                                }
+                        }
+                else if (i == 0) /* end of input */
+                        {
+                        ret=1;
+                        goto end;
+                        }
+                /* else we have data */
+                if (    ((www == 1) && (strncmp("GET ",buf,4) == 0)) ||
+                        ((www == 2) && (strncmp("GET /stats ",buf,10) == 0)))
+                        {
+                        char *p;
+                        X509 *peer;
+                        STACK *sk;
+                        static char *space="                          ";
+                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+                        BIO_puts(io,"<HTML><BODY BGCOLOR=ffffff>\n");
+                        BIO_puts(io,"<pre>\n");
+/*                      BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
+                        BIO_puts(io,"\n");
+                        for (i=0; i<local_argc; i++)
+                                {
+                                BIO_puts(io,local_argv[i]);
+                                BIO_write(io," ",1);
+                                }
+                        BIO_puts(io,"\n");
+                        /* The following is evil and should not really
+                         * be done */
+                        BIO_printf(io,"Ciphers supported in s_server binary\n");
+                        sk=SSL_get_ciphers(con);
+                        j=sk_num(sk);
+                        for (i=0; i<j; i++)
+                                {
+                                c=(SSL_CIPHER *)sk_value(sk,i);
+                                BIO_printf(io,"%-11s:%-25s",
+                                        SSL_CIPHER_get_version(c),
+                                        SSL_CIPHER_get_name(c));
+                                if ((((i+1)%2) == 0) && (i+1 != j))
+                                        BIO_puts(io,"\n");
+                                }
+                        BIO_puts(io,"\n");
+                        p=SSL_get_shared_ciphers(con,buf,sizeof(buf));
+                        if (p != NULL)
+                                {
+                                BIO_printf(io,"---\nCiphers common between both SSL end points:\n");
+                                j=i=0;
+                                while (*p)
+                                        {
+                                        if (*p == ':')
+                                                {
+                                                BIO_write(io,space,26-j);
+                                                i++;
+                                                j=0;
+                                                BIO_write(io,((i%3)?" ":"\n"),1);
+                                                }
+                                        else
+                                                {
+                                                BIO_write(io,p,1);
+                                                j++;
+                                                }
+                                        p++;
+                                        }
+                                BIO_puts(io,"\n");
+                                }
+                        BIO_printf(io,((con->hit)
+                                ?"---\nReused, "
+                                :"---\nNew, "));
+                        c=SSL_get_current_cipher(con);
+                        BIO_printf(io,"%s, Cipher is %s\n",
+                                SSL_CIPHER_get_version(c),
+                                SSL_CIPHER_get_name(c));
+                        SSL_SESSION_print(io,SSL_get_session(con));
+                        BIO_printf(io,"---\n");
+                        print_stats(io,SSL_get_SSL_CTX(con));
+                        BIO_printf(io,"---\n");
+                        peer=SSL_get_peer_certificate(con);
+                        if (peer != NULL)
+                                {
+                                BIO_printf(io,"Client certificate\n");
+                                X509_print(io,peer);
+                                PEM_write_bio_X509(io,peer);
+                                }
+                        else
+                                BIO_puts(io,"no client certificate available\n");
+                        BIO_puts(io,"</BODY></HTML>\r\n\r\n");
+                        break;
+                        }
+                else if ((www == 2) && (strncmp("GET ",buf,4) == 0))
+                        {
+                        BIO *file;
+                        char *p,*e;
+                        static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+                        /* skip the '/' */
+                        p= &(buf[5]);
+                        dot=0;
+                        for (e=p; *e != '\0'; e++)
+                                {
+                                if (e[0] == ' ') break;
+                                if (    (e[0] == '.') &&
+                                        (strncmp(&(e[-1]),"/../",4) == 0))
+                                        dot=1;
+                                }
+                        
+                        if (*e == '\0')
+                                {
+                                BIO_puts(io,text);
+                                BIO_printf(io,"'%s' is an invalid file name\r\n",p);
+                                break;
+                                }
+                        *e='\0';
+                        if (dot)
+                                {
+                                BIO_puts(io,text);
+                                BIO_printf(io,"'%s' contains '..' reference\r\n",p);
+                                break;
+                                }
+                        if (*p == '/')
+                                {
+                                BIO_puts(io,text);
+                                BIO_printf(io,"'%s' is an invalid path\r\n",p);
+                                break;
+                                }
+                        /* append if a directory lookup */
+                        if (e[-1] == '/')
+                                strcat(p,"index.html");
+                        /* if a directory, do the index thang */
+                        if (stat(p,&st_buf) < 0)
+                                {
+                                BIO_puts(io,text);
+                                BIO_printf(io,"Error accessing '%s'\r\n",p);
+                                ERR_print_errors(io);
+                                break;
+                                }
+                        if (S_ISDIR(st_buf.st_mode))
+                                {
+                                strcat(p,"/index.html");
+                                }
+                        if ((file=BIO_new_file(p,"r")) == NULL)
+                                {
+                                BIO_puts(io,text);
+                                BIO_printf(io,"Error opening '%s'\r\n",p);
+                                ERR_print_errors(io);
+                                break;
+                                }
+                        if (!s_quiet)
+                                BIO_printf(bio_err,"FILE:%s\n",p);
+                        i=strlen(p);
+                        if (    ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
+                                ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
+                                ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
+                                BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+                        else
+                                BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+                        /* send the file */
+                        total_bytes=0;
+                        for (;;)
+                                {
+                                i=BIO_read(file,buf,1024);
+                                if (i <= 0) break;
+                                total_bytes+=i;
+                                fprintf(stderr,"%d\n",i);
+                                if (total_bytes > 3*1024)
+                                        {
+                                        total_bytes=0;
+                                        fprintf(stderr,"RENEGOTIATE\n");
+                                        SSL_renegotiate(con);
+                                        }
+                                for (j=0; j<i; )
+                                        {
+#ifdef RENEG
+{ static count=0; if (++count == 13) { SSL_renegotiate(con); } }
+#endif
+                                        k=BIO_write(io,&(buf[j]),i-j);
+                                        if (k <= 0)
+                                                {
+                                                if (!BIO_should_retry(io))
+                                                        goto write_error;
+                                                else
+                                                        {
+                                                        BIO_printf(bio_s_out,"rwrite W BLOCK\n");
+                                                        }
+                                                }
+                                        else
+                                                {
+                                                j+=k;
+                                                }
+                                        }
+                                }
+write_error:
+                        BIO_free(file);
+                        break;
+                        }
+                }
+        for (;;)
+                {
+                i=(int)BIO_flush(io);
+                if (i <= 0)
+                        {
+                        if (!BIO_should_retry(io))
+                                break;
+                        }
+                else
+                        break;
+                }
+end:
+#if 1
+        /* make sure we re-use sessions */
+        SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+        /* This kills performace */
+/*      SSL_shutdown(con); A shutdown gets sent in the
+ *      BIO_free_all(io) procession */
+#endif
+err:
+        if (ret >= 0)
+                BIO_printf(bio_s_out,"ACCEPT\n");
+        if (io != NULL) BIO_free_all(io);
+/*      if (ssl_bio != NULL) BIO_free(ssl_bio);*/
+        return(ret);
+        }
+static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
+SSL *s;
+int export;
+        {
+        static RSA *rsa_tmp=NULL;
+        if (rsa_tmp == NULL)
+                {
+                if (!s_quiet)
+                        {
+                        BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
+                        BIO_flush(bio_err);
+                        }
+#ifndef NO_RSA
+                rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
+#endif
+                if (!s_quiet)
+                        {
+                        BIO_printf(bio_err,"\n");
+                        BIO_flush(bio_err);
+                        }
+                }
+        return(rsa_tmp);
+        }
diff --git a/src/lib/libssl/src/apps/s_socket.c b/src/lib/libssl/src/apps/s_socket.c
new file mode 100644
index 0000000000..4bc3fde925
--- /dev/null
+++ b/src/lib/libssl/src/apps/s_socket.c
@@ -0,0 +1,669 @@
+/* apps/s_socket.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <signal.h>
+#define USE_SOCKETS
+#define NON_MAIN
+#include "apps.h"
+#undef USE_SOCKETS
+#undef NON_MAIN
+#include "s_apps.h"
+#include "ssl.h"
+#ifndef NOPROTO
+static struct hostent *GetHostByName(char *name);
+int sock_init(void );
+#else
+static struct hostent *GetHostByName();
+int sock_init();
+#endif
+#ifdef WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+#ifdef WINDOWS
+static struct WSAData wsa_state;
+static int wsa_init_done=0;
+#ifdef WIN16
+static HWND topWnd=0;
+static FARPROC lpTopWndProc=NULL;
+static FARPROC lpTopHookProc=NULL;
+extern HINSTANCE _hInstance;  /* nice global CRT provides */
+static LONG FAR PASCAL topHookProc(hwnd,message,wParam,lParam)
+HWND hwnd;
+UINT message;
+WPARAM wParam;
+LPARAM lParam;
+        {
+        if (hwnd == topWnd)
+                {
+                switch(message)
+                        {
+                case WM_DESTROY:
+                case WM_CLOSE:
+                        SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
+                        sock_cleanup();
+                        break;
+                        }
+                }
+        return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam);
+        }
+static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
+        {
+        topWnd=hwnd;
+        return(FALSE);
+        }
+#endif /* WIN32 */
+#endif /* WINDOWS */
+void sock_cleanup()
+        {
+#ifdef WINDOWS
+        if (wsa_init_done)
+                {
+                wsa_init_done=0;
+                WSACancelBlockingCall();
+                WSACleanup();
+                }
+#endif
+        }
+int sock_init()
+        {
+#ifdef WINDOWS
+        if (!wsa_init_done)
+                {
+                int err;
+          
+#ifdef SIGINT
+                signal(SIGINT,(void (*)(int))sock_cleanup);
+#endif
+                wsa_init_done=1;
+                memset(&wsa_state,0,sizeof(wsa_state));
+                if (WSAStartup(0x0101,&wsa_state)!=0)
+                        {
+                        err=WSAGetLastError();
+                        BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err);
+                        return(0);
+                        }
+#ifdef WIN16
+                EnumTaskWindows(GetCurrentTask(),enumproc,0L);
+                lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
+                lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
+                SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
+#endif /* WIN16 */
+                }
+#endif /* WINDOWS */
+        return(1);
+        }
+int init_client(sock, host, port)
+int *sock;
+char *host;
+int port;
+        {
+        unsigned char ip[4];
+        short p=0;
+        if (!host_ip(host,&(ip[0])))
+                {
+                return(0);
+                }
+        if (p != 0) port=p;
+        return(init_client_ip(sock,ip,port));
+        }
+int init_client_ip(sock, ip, port)
+int *sock;
+unsigned char ip[4];
+int port;
+        {
+        unsigned long addr;
+        struct sockaddr_in them;
+        int s,i;
+        if (!sock_init()) return(0);
+        memset((char *)&them,0,sizeof(them));
+        them.sin_family=AF_INET;
+        them.sin_port=htons((unsigned short)port);
+        addr=(unsigned long)
+                ((unsigned long)ip[0]<<24L)|
+                ((unsigned long)ip[1]<<16L)|
+                ((unsigned long)ip[2]<< 8L)|
+                ((unsigned long)ip[3]);
+        them.sin_addr.s_addr=htonl(addr);
+        s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+        if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+        i=0;
+        i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+        if (i < 0) { perror("keepalive"); return(0); }
+        if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
+                { close(s); perror("connect"); return(0); }
+        *sock=s;
+        return(1);
+        }
+int nbio_sock_error(sock)
+int sock;
+        {
+        int j,i,size;
+        size=sizeof(int);
+        i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size);
+        if (i < 0)
+                return(1);
+        else
+                return(j);
+        }
+int nbio_init_client_ip(sock, ip, port)
+int *sock;
+unsigned char ip[4];
+int port;
+        {
+        unsigned long addr;
+        struct sockaddr_in them;
+        int s,i;
+        if (!sock_init()) return(0);
+        memset((char *)&them,0,sizeof(them));
+        them.sin_family=AF_INET;
+        them.sin_port=htons((unsigned short)port);
+        addr=   (unsigned long)
+                ((unsigned long)ip[0]<<24L)|
+                ((unsigned long)ip[1]<<16L)|
+                ((unsigned long)ip[2]<< 8L)|
+                ((unsigned long)ip[3]);
+        them.sin_addr.s_addr=htonl(addr);
+        if (*sock <= 0)
+                {
+                unsigned long l=1;
+                s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+                if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+                i=0;
+                i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+                if (i < 0) { perror("keepalive"); return(0); }
+                *sock=s;
+#ifdef FIONBIO
+                BIO_socket_ioctl(s,FIONBIO,&l);
+#endif
+                }
+        else
+                s= *sock;
+        i=connect(s,(struct sockaddr *)&them,sizeof(them));
+        if (i == INVALID_SOCKET)
+                {
+                if (BIO_sock_should_retry(i))
+                        return(-1);
+                else
+                        return(0);
+                }
+        else
+                return(1);
+        }
+int do_server(port, ret, cb)
+int port;
+int *ret;
+int (*cb)();
+        {
+        int sock;
+        char *name;
+        int accept_socket;
+        int i;
+        if (!init_server(&accept_socket,port)) return(0);
+        if (ret != NULL)
+                {
+                *ret=accept_socket;
+                /* return(1);*/
+                }
+        for (;;)
+                {
+                if (do_accept(accept_socket,&sock,&name) == 0)
+                        {
+                        SHUTDOWN(accept_socket);
+                        return(0);
+                        }
+                i=(*cb)(name,sock);
+                if (name != NULL) Free(name);
+                SHUTDOWN2(sock);
+                if (i < 0)
+                        {
+                        SHUTDOWN2(accept_socket);
+                        return(i);
+                        }
+                }
+        }
+int init_server_long(sock, port, ip)
+int *sock;
+int port;
+char *ip;
+        {
+        int ret=0;
+        struct sockaddr_in server;
+        int s= -1,i;
+        if (!sock_init()) return(0);
+        memset((char *)&server,0,sizeof(server));
+        server.sin_family=AF_INET;
+        server.sin_port=htons((unsigned short)port);
+        if (ip == NULL)
+                server.sin_addr.s_addr=INADDR_ANY;
+        else
+                memcpy(&server.sin_addr.s_addr,ip,4);
+        s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+        if (s == INVALID_SOCKET) goto err;
+        if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+                {
+#ifndef WINDOWS
+                perror("bind");
+#endif
+                goto err;
+                }
+        /* Make it 128 for linux */
+        if (listen(s,128) == -1) goto err;
+        i=0;
+        *sock=s;
+        ret=1;
+err:
+        if ((ret == 0) && (s != -1))
+                {
+                SHUTDOWN(s);
+                }
+        return(ret);
+        }
+int init_server(sock,port)
+int *sock;
+int port;
+        {
+        return(init_server_long(sock, port, NULL));
+        }
+int do_accept(acc_sock, sock, host)
+int acc_sock;
+int *sock;
+char **host;
+        {
+        int ret,i;
+        struct hostent *h1,*h2;
+        static struct sockaddr_in from;
+        int len;
+/*      struct linger ling; */
+        if (!sock_init()) return(0);
+#ifndef WINDOWS
+redoit:
+#endif
+        memset((char *)&from,0,sizeof(from));
+        len=sizeof(from);
+        ret=accept(acc_sock,(struct sockaddr *)&from,&len);
+        if (ret == INVALID_SOCKET)
+                {
+#ifdef WINDOWS
+                i=WSAGetLastError();
+                BIO_printf(bio_err,"accept error %d\n",i);
+#else
+                if (errno == EINTR)
+                        {
+                        /*check_timeout(); */
+                        goto redoit;
+                        }
+                fprintf(stderr,"errno=%d ",errno);
+                perror("accept");
+#endif
+                return(0);
+                }
+/*
+        ling.l_onoff=1;
+        ling.l_linger=0;
+        i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
+        if (i < 0) { perror("linger"); return(0); }
+        i=0;
+        i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+        if (i < 0) { perror("keepalive"); return(0); }
+*/
+        if (host == NULL) goto end;
+#ifndef BIT_FIELD_LIMITS
+        /* I should use WSAAsyncGetHostByName() under windows */
+        h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
+                sizeof(from.sin_addr.s_addr),AF_INET);
+#else
+        h1=gethostbyaddr((char *)&from.sin_addr,
+                sizeof(struct in_addr),AF_INET);
+#endif
+        if (h1 == NULL)
+                {
+                BIO_printf(bio_err,"bad gethostbyaddr\n");
+                *host=NULL;
+                /* return(0); */
+                }
+        else
+                {
+                if ((*host=(char *)Malloc(strlen(h1->h_name)+1)) == NULL)
+                        {
+                        perror("Malloc");
+                        return(0);
+                        }
+                strcpy(*host,h1->h_name);
+                h2=GetHostByName(*host);
+                if (h2 == NULL)
+                        {
+                        BIO_printf(bio_err,"gethostbyname failure\n");
+                        return(0);
+                        }
+                i=0;
+                if (h2->h_addrtype != AF_INET)
+                        {
+                        BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+                        return(0);
+                        }
+                }
+end:
+        *sock=ret;
+        return(1);
+        }
+int extract_host_port(str,host_ptr,ip,port_ptr)
+char *str;
+char **host_ptr;
+unsigned char *ip;
+short *port_ptr;
+        {
+        char *h,*p;
+        h=str;
+        p=strchr(str,':');
+        if (p == NULL)
+                {
+                BIO_printf(bio_err,"no port defined\n");
+                return(0);
+                }
+        *(p++)='\0';
+        if ((ip != NULL) && !host_ip(str,ip))
+                goto err;
+        if (host_ptr != NULL) *host_ptr=h;
+        if (!extract_port(p,port_ptr))
+                goto err;
+        return(1);
+err:
+        return(0);
+        }
+int host_ip(str,ip)
+char *str;
+unsigned char ip[4];
+        {
+        unsigned int in[4]; 
+        int i;
+        if (sscanf(str,"%d.%d.%d.%d",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+                {
+                for (i=0; i<4; i++)
+                        if (in[i] > 255)
+                                {
+                                BIO_printf(bio_err,"invalid IP address\n");
+                                goto err;
+                                }
+                ip[0]=in[0];
+                ip[1]=in[1];
+                ip[2]=in[2];
+                ip[3]=in[3];
+                }
+        else
+                { /* do a gethostbyname */
+                struct hostent *he;
+                if (!sock_init()) return(0);
+                he=GetHostByName(str);
+                if (he == NULL)
+                        {
+                        BIO_printf(bio_err,"gethostbyname failure\n");
+                        goto err;
+                        }
+                /* cast to short because of win16 winsock definition */
+                if ((short)he->h_addrtype != AF_INET)
+                        {
+                        BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+                        return(0);
+                        }
+                ip[0]=he->h_addr_list[0][0];
+                ip[1]=he->h_addr_list[0][1];
+                ip[2]=he->h_addr_list[0][2];
+                ip[3]=he->h_addr_list[0][3];
+                }
+        return(1);
+err:
+        return(0);
+        }
+int extract_port(str,port_ptr)
+char *str;
+short *port_ptr;
+        {
+        int i;
+        struct servent *s;
+        i=atoi(str);
+        if (i != 0)
+                *port_ptr=(unsigned short)i;
+        else
+                {
+                s=getservbyname(str,"tcp");
+                if (s == NULL)
+                        {
+                        BIO_printf(bio_err,"getservbyname failure for %s\n",str);
+                        return(0);
+                        }
+                *port_ptr=ntohs((unsigned short)s->s_port);
+                }
+        return(1);
+        }
+#define GHBN_NUM        4
+static struct ghbn_cache_st
+        {
+        char name[128];
+        struct hostent ent;
+        unsigned long order;
+        } ghbn_cache[GHBN_NUM];
+static unsigned long ghbn_hits=0L;
+static unsigned long ghbn_miss=0L;
+static struct hostent *GetHostByName(name)
+char *name;
+        {
+        struct hostent *ret;
+        int i,lowi=0;
+        unsigned long low= (unsigned long)-1;
+        for (i=0; i<GHBN_NUM; i++)
+                {
+                if (low > ghbn_cache[i].order)
+                        {
+                        low=ghbn_cache[i].order;
+                        lowi=i;
+                        }
+                if (ghbn_cache[i].order > 0)
+                        {
+                        if (strncmp(name,ghbn_cache[i].name,128) == 0)
+                                break;
+                        }
+                }
+        if (i == GHBN_NUM) /* no hit*/
+                {
+                ghbn_miss++;
+                ret=gethostbyname(name);
+                if (ret == NULL) return(NULL);
+                /* else add to cache */
+                strncpy(ghbn_cache[lowi].name,name,128);
+                memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
+                ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
+                return(ret);
+                }
+        else
+                {
+                ghbn_hits++;
+                ret= &(ghbn_cache[i].ent);
+                ghbn_cache[i].order=ghbn_miss+ghbn_hits;
+                return(ret);
+                }
+        }
+#ifndef MSDOS
+int spawn(argc, argv, in, out)
+int argc;
+char **argv;
+int *in;
+int *out;
+        {
+        int pid;
+#define CHILD_READ      p1[0]
+#define CHILD_WRITE     p2[1]
+#define PARENT_READ     p2[0]
+#define PARENT_WRITE    p1[1]
+        int p1[2],p2[2];
+        if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
+        if ((pid=fork()) == 0)
+                { /* child */
+                if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
+                        perror("dup2");
+                if (dup2(CHILD_WRITE,fileno(stderr)) < 0)
+                        perror("dup2");
+                if (dup2(CHILD_READ,fileno(stdin)) < 0)
+                        perror("dup2");
+                close(CHILD_READ); 
+                close(CHILD_WRITE);
+                close(PARENT_READ);
+                close(PARENT_WRITE);
+                execvp(argv[0],argv);
+                perror("child");
+                exit(1);
+                }
+        /* parent */
+        *in= PARENT_READ;
+        *out=PARENT_WRITE;
+        close(CHILD_READ);
+        close(CHILD_WRITE);
+        return(pid);
+        }
+#endif /* MSDOS */
+#ifdef undef
+        /* Turn on synchronous sockets so that we can do a WaitForMultipleObjects
+         * on sockets */
+        {
+        SOCKET s;
+        int optionValue = SO_SYNCHRONOUS_NONALERT;
+        int err;
+        err = setsockopt( 
+            INVALID_SOCKET, 
+            SOL_SOCKET, 
+            SO_OPENTYPE, 
+            (char *)&optionValue, 
+            sizeof(optionValue));
+        if (err != NO_ERROR) {
+        /* failed for some reason... */
+                BIO_printf(bio_err, "failed to setsockopt(SO_OPENTYPE, SO_SYNCHRONOUS_ALERT) - %d\n",
+                        WSAGetLastError());
+                }
+        }
+#endif
diff --git a/src/lib/libssl/src/apps/s_time.c b/src/lib/libssl/src/apps/s_time.c
new file mode 100644
index 0000000000..7571c208d4
--- /dev/null
+++ b/src/lib/libssl/src/apps/s_time.c
@@ -0,0 +1,703 @@
+/* apps/s_time.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#define NO_SHUTDOWN
+/*-----------------------------------------
+   cntime - SSL client connection timer program
+   Written and donated by Larry Streepy <streepy@healthcare.com>
+  -----------------------------------------*/
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef NO_STDIO
+#define APPS_WIN16
+#endif
+#include "x509.h"
+#include "ssl.h"
+#include "pem.h"
+#define USE_SOCKETS
+#include "apps.h"
+#include "s_apps.h"
+#include "err.h"
+#ifdef WIN32_STUFF
+#include "winmain.h"
+#include "wintext.h"
+#endif
+#ifndef MSDOS
+#define TIMES
+#endif
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef _AIX
+#include <sys/select.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+/* The following if from times(3) man page.  It may need to be changed
+*/
+#ifndef HZ
+#ifndef CLK_TCK
+#ifndef VMS
+#define HZ      100.0
+#else /* VMS */
+#define HZ      100.0
+#endif
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+#undef PROG
+#define PROG s_time_main
+#define ioctl ioctlsocket
+#define SSL_CONNECT_NAME        "localhost:4433"
+/*#define TEST_CERT "client.pem" */ /* no default cert. */
+#undef BUFSIZZ
+#define BUFSIZZ 1024*10
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+#define max(a,b) (((a) > (b)) ? (a) : (b))
+#undef SECONDS
+#define SECONDS 30
+extern int verify_depth;
+extern int verify_error;
+#ifndef NOPROTO
+static void s_time_usage(void);
+static int parseArgs( int argc, char **argv );
+static SSL *doConnection( SSL *scon );
+static void s_time_init(void);
+#else
+static void s_time_usage();
+static int parseArgs();
+static SSL *doConnection();
+static void s_time_init();
+#endif
+/***********************************************************************
+ * Static data declarations
+ */
+/* static char *port=PORT_STR;*/
+static char *host=SSL_CONNECT_NAME;
+static char *t_cert_file=NULL;
+static char *t_key_file=NULL;
+static char *CApath=NULL;
+static char *CAfile=NULL;
+static char *tm_cipher=NULL;
+static int tm_verify = SSL_VERIFY_NONE;
+static int maxTime = SECONDS;
+static SSL_CTX *tm_ctx=NULL;
+static SSL_METHOD *s_time_meth=NULL;
+static char *s_www_path=NULL;
+static long bytes_read=0; 
+static int st_bugs=0;
+static int perform=0;
+#ifdef FIONBIO
+static int t_nbio=0;
+#endif
+#ifdef WIN32
+static int exitNow = 0;         /* Set when it's time to exit main */
+#endif
+static void s_time_init()
+        {
+        host=SSL_CONNECT_NAME;
+        t_cert_file=NULL;
+        t_key_file=NULL;
+        CApath=NULL;
+        CAfile=NULL;
+        tm_cipher=NULL;
+        tm_verify = SSL_VERIFY_NONE;
+        maxTime = SECONDS;
+        tm_ctx=NULL;
+        s_time_meth=NULL;
+        s_www_path=NULL;
+        bytes_read=0; 
+        st_bugs=0;
+        perform=0;
+#ifdef FIONBIO
+        t_nbio=0;
+#endif
+#ifdef WIN32
+        exitNow = 0;            /* Set when it's time to exit main */
+#endif
+        }
+/***********************************************************************
+ * usage - display usage message
+ */
+static void s_time_usage()
+{
+        static char umsg[] = "\
+-time arg     - max number of seconds to collect data, default %d\n\
+-verify arg   - turn on peer certificate verification, arg == depth\n\
+-cert arg     - certificate file to use, PEM format assumed\n\
+-key arg      - RSA file to use, PEM format assumed, in cert file if\n\
+                not specified but cert fill is.\n\
+-CApath arg   - PEM format directory of CA's\n\
+-CAfile arg   - PEM format file of CA's\n\
+-cipher       - prefered cipher to use, play with 'ssleay ciphers'\n\n";
+        printf( "usage: client <args>\n\n" );
+        printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
+#ifdef FIONBIO
+        printf("-nbio         - Run with non-blocking IO\n");
+        printf("-ssl2         - Just use SSLv2\n");
+        printf("-ssl3         - Just use SSLv3\n");
+        printf("-bugs         - Turn on SSL bug compatability\n");
+        printf("-new          - Just time new connections\n");
+        printf("-reuse        - Just time connection reuse\n");
+        printf("-www page     - Retrieve 'page' from the site\n");
+#endif
+        printf( umsg,SECONDS );
+}
+/***********************************************************************
+ * parseArgs - Parse command line arguments and initialize data
+ *
+ * Returns 0 if ok, -1 on bad args
+ */
+static int parseArgs(argc,argv)
+int argc;
+char **argv;
+{
+    int badop = 0;
+    verify_depth=0;
+    verify_error=X509_V_OK;
+#ifdef FIONBIO
+    t_nbio=0;
+#endif
+        apps_startup();
+        s_time_init();
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+    argc--;
+    argv++;
+    while (argc >= 1) {
+        if (strcmp(*argv,"-connect") == 0)
+                {
+                if (--argc < 1) goto bad;
+                host= *(++argv);
+                }
+#if 0
+        else if( strcmp(*argv,"-host") == 0)
+                {
+                if (--argc < 1) goto bad;
+                host= *(++argv);
+                }
+        else if( strcmp(*argv,"-port") == 0)
+                {
+                if (--argc < 1) goto bad;
+                port= *(++argv);
+                }
+#endif
+        else if (strcmp(*argv,"-reuse") == 0)
+                perform=2;
+        else if (strcmp(*argv,"-new") == 0)
+                perform=1;
+        else if( strcmp(*argv,"-verify") == 0) {
+            tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
+            if (--argc < 1) goto bad;
+            verify_depth=atoi(*(++argv));
+            BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+        } else if( strcmp(*argv,"-cert") == 0) {
+            if (--argc < 1) goto bad;
+            t_cert_file= *(++argv);
+        } else if( strcmp(*argv,"-key") == 0) {
+            if (--argc < 1) goto bad;
+            t_key_file= *(++argv);
+        } else if( strcmp(*argv,"-CApath") == 0) {
+            if (--argc < 1) goto bad;
+            CApath= *(++argv);
+        } else if( strcmp(*argv,"-CAfile") == 0) {
+            if (--argc < 1) goto bad;
+            CAfile= *(++argv);
+        } else if( strcmp(*argv,"-cipher") == 0) {
+            if (--argc < 1) goto bad;
+            tm_cipher= *(++argv);
+        }
+#ifdef FIONBIO
+        else if(strcmp(*argv,"-nbio") == 0) {
+            t_nbio=1;
+        }
+#endif
+        else if(strcmp(*argv,"-www") == 0)
+                {
+                if (--argc < 1) goto bad;
+                s_www_path= *(++argv);
+                }
+        else if(strcmp(*argv,"-bugs") == 0)
+            st_bugs=1;
+#ifndef NO_SSL2
+        else if(strcmp(*argv,"-ssl2") == 0)
+            s_time_meth=SSLv2_client_method();
+#endif
+#ifndef NO_SSL3
+        else if(strcmp(*argv,"-ssl3") == 0)
+            s_time_meth=SSLv3_client_method();
+#endif
+        else if( strcmp(*argv,"-time") == 0) {
+            if (--argc < 1) goto bad;
+            maxTime= atoi(*(++argv));
+        }
+        else {
+            BIO_printf(bio_err,"unknown option %s\n",*argv);
+            badop=1;
+            break;
+        }
+        argc--;
+        argv++;
+    }
+    if (perform == 0) perform=3;
+    if(badop) {
+bad:
+                s_time_usage();
+                return -1;
+    }
+        return 0;                       /* Valid args */
+}
+/***********************************************************************
+ * TIME - time functions
+ */
+#define START   0
+#define STOP    1
+static double tm_Time_F(s)
+int s;
+        {
+        static double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if(s == START) {
+                times(&tstart);
+                return(0);
+        } else {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+        }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if(s == START) {
+                ftime(&tstart);
+                return(0);
+        } else {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret == 0.0)?1e-6:ret);
+        }
+#endif
+}
+/***********************************************************************
+ * MAIN - main processing area for client
+ *                      real name depends on MONOLITH
+ */
+int
+MAIN(argc,argv)
+int argc;
+char **argv;
+        {
+        double totalTime = 0.0;
+        int nConn = 0;
+        SSL *scon=NULL;
+        long finishtime=0;
+        int ret=1,i;
+        MS_STATIC char buf[1024*8];
+        int ver;
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+        s_time_meth=SSLv23_client_method();
+#elif !defined(NO_SSL3)
+        s_time_meth=SSLv3_client_method();
+#elif !defined(NO_SSL2)
+        s_time_meth=SSLv2_client_method();
+#endif
+        /* parse the command line arguments */
+        if( parseArgs( argc, argv ) < 0 )
+                goto end;
+        SSLeay_add_ssl_algorithms();
+        if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
+        SSL_CTX_set_quiet_shutdown(tm_ctx,1);
+        if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
+        SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
+        if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) 
+                goto end;
+        SSL_load_error_strings();
+        if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(tm_ctx)))
+                {
+                /* BIO_printf(bio_err,"error seting default verify locations\n"); */
+                ERR_print_errors(bio_err);
+                /* goto end; */
+                }
+        if (tm_cipher == NULL)
+                tm_cipher = getenv("SSL_CIPHER");
+        if (tm_cipher == NULL ) {
+                fprintf( stderr, "No CIPHER specified\n" );
+/*              EXIT(1); */
+        }
+        if (!(perform & 1)) goto next;
+        printf( "Collecting connection statistics for %d seconds\n", maxTime );
+        /* Loop and time how long it takes to make connections */
+        bytes_read=0;
+        finishtime=(long)time(NULL)+maxTime;
+        tm_Time_F(START);
+        for (;;)
+                {
+                if (finishtime < time(NULL)) break;
+#ifdef WIN32_STUFF
+                if( flushWinMsgs(0) == -1 )
+                        goto end;
+                if( waitingToDie || exitNow )           /* we're dead */
+                        goto end;
+#endif
+                if( (scon = doConnection( NULL )) == NULL )
+                        goto end;
+                if (s_www_path != NULL)
+                        {
+                        sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+                        SSL_write(scon,buf,strlen(buf));
+                        while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
+                                bytes_read+=i;
+                        }
+#ifdef NO_SHUTDOWN
+                SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+                SSL_shutdown(scon);
+#endif
+                SHUTDOWN2(SSL_get_fd(scon));
+                nConn += 1;
+                if (SSL_session_reused(scon))
+                        ver='r';
+                else
+                        {
+                        ver=SSL_version(scon);
+                        if (ver == TLS1_VERSION)
+                                ver='t';
+                        else if (ver == SSL3_VERSION)
+                                ver='3';
+                        else if (ver == SSL2_VERSION)
+                                ver='2';
+                        else
+                                ver='*';
+                        }
+                fputc(ver,stdout);
+                fflush(stdout);
+                SSL_free( scon );
+                scon=NULL;
+                }
+        totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+        i=(int)(time(NULL)-finishtime+maxTime);
+        printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+        printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+        /* Now loop and time connections using the same session id over and over */
+next:
+        if (!(perform & 2)) goto end;
+        printf( "\n\nNow timing with session id reuse.\n" );
+        /* Get an SSL object so we can reuse the session id */
+        if( (scon = doConnection( NULL )) == NULL )
+                {
+                fprintf( stderr, "Unable to get connection\n" );
+                goto end;
+                }
+        if (s_www_path != NULL)
+                {
+                sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+                SSL_write(scon,buf,strlen(buf));
+                while (SSL_read(scon,buf,sizeof(buf)) > 0)
+                        ;
+                }
+#ifdef NO_SHUTDOWN
+        SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+        SSL_shutdown(scon);
+#endif
+        SHUTDOWN2(SSL_get_fd(scon));
+        nConn = 0;
+        totalTime = 0.0;
+        finishtime=time(NULL)+maxTime;
+        printf( "starting\n" );
+        bytes_read=0;
+        tm_Time_F(START);
+                
+        for (;;)
+                {
+                if (finishtime < time(NULL)) break;
+#ifdef WIN32_STUFF
+                if( flushWinMsgs(0) == -1 )
+                        goto end;
+                if( waitingToDie || exitNow )   /* we're dead */
+                        goto end;
+#endif
+                if( (doConnection( scon )) == NULL )
+                        goto end;
+                if (s_www_path)
+                        {
+                        sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+                        SSL_write(scon,buf,strlen(buf));
+                        while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
+                                bytes_read+=i;
+                        }
+#ifdef NO_SHUTDOWN
+                SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+                SSL_shutdown(scon);
+#endif
+                SHUTDOWN2(SSL_get_fd(scon));
+        
+                nConn += 1;
+                if (SSL_session_reused(scon))
+                        ver='r';
+                else
+                        {
+                        ver=SSL_version(scon);
+                        if (ver == TLS1_VERSION)
+                                ver='t';
+                        else if (ver == SSL3_VERSION)
+                                ver='3';
+                        else if (ver == SSL2_VERSION)
+                                ver='2';
+                        else
+                                ver='*';
+                        }
+                fputc(ver,stdout);
+                fflush(stdout);
+                }
+        totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
+        printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+        printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+        ret=0;
+end:
+        if (scon != NULL) SSL_free(scon);
+        if (tm_ctx != NULL)
+                {
+                SSL_CTX_free(tm_ctx);
+                tm_ctx=NULL;
+                }
+        EXIT(ret);
+        }
+/***********************************************************************
+ * doConnection - make a connection
+ * Args:
+ *              scon    = earlier ssl connection for session id, or NULL
+ * Returns:
+ *              SSL *   = the connection pointer.
+ */
+static SSL *
+doConnection(scon)
+SSL *scon;
+        {
+        BIO *conn;
+        SSL *serverCon;
+        int width, i;
+        fd_set readfds;
+        if ((conn=BIO_new(BIO_s_connect())) == NULL)
+                return(NULL);
+/*      BIO_set_conn_port(conn,port);*/
+        BIO_set_conn_hostname(conn,host);
+        if (scon == NULL)
+                serverCon=(SSL *)SSL_new(tm_ctx);
+        else
+                {
+                serverCon=scon;
+                SSL_set_connect_state(serverCon);
+                }
+        SSL_set_bio(serverCon,conn,conn);
+#if 0
+        if( scon != NULL )
+                SSL_set_session(serverCon,SSL_get_session(scon));
+#endif
+        /* ok, lets connect */
+        for(;;) {
+                i=SSL_connect(serverCon);
+                if (BIO_sock_should_retry(i))
+                        {
+                        BIO_printf(bio_err,"DELAY\n");
+                        i=SSL_get_fd(serverCon);
+                        width=i+1;
+                        FD_ZERO(&readfds);
+                        FD_SET(i,&readfds);
+                        select(width,&readfds,NULL,NULL,NULL);
+                        continue;
+                        }
+                break;
+                }
+        if(i <= 0)
+                {
+                BIO_printf(bio_err,"ERROR\n");
+                if (verify_error != X509_V_OK)
+                        BIO_printf(bio_err,"verify error:%s\n",
+                                X509_verify_cert_error_string(verify_error));
+                else
+                        ERR_print_errors(bio_err);
+                if (scon == NULL)
+                        SSL_free(serverCon);
+                return NULL;
+                }
+        return serverCon;
+        }
diff --git a/src/lib/libssl/src/apps/server.pem b/src/lib/libssl/src/apps/server.pem
new file mode 100644
index 0000000000..eabb927036
--- /dev/null
+++ b/src/lib/libssl/src/apps/server.pem
@@ -0,0 +1,369 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
+MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
+Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
+mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
+xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
+irObpESxAZLySCmPPg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+notBefore=950413210656Z
+notAfter =970412210656Z
+-----BEGIN X509 CERTIFICATE-----
+MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
+ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
+VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
+MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
+3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
+YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
+hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
+dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
+zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
+-----END X509 CERTIFICATE-----
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
+-----BEGIN X509 CERTIFICATE-----
+MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
+LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
+MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
+b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
+EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
+bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
+ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
+hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
+ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
+bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
+fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
+R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
+Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
+-----END X509 CERTIFICATE-----
+-----BEGIN X509 CERTIFICATE-----
+MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
+bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
+BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
+BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
+ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
+ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
+H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
+WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
+MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
+LC7obsrHD8XAHG+ZRG==
+-----END X509 CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
+A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
+aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
+LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
+gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
+dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
+SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
+bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
+OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
+GJNMJ4L0AJ/ac+SmHZc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
+OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
+40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
+22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
+BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
+Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
+xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
+cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=941109235417Z
+notAfter =991231235417Z
+-----BEGIN X509 CERTIFICATE-----
+MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+-----END X509 CERTIFICATE-----
+subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+        /OU=Certification Services Division/CN=Thawte Server CA
+        /Email=server-certs@thawte.com
+issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+        /OU=Certification Services Division/CN=Thawte Server CA
+        /Email=server-certs@thawte.com
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
+hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
+N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
+ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
+bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
+aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
+F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
+Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
+KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
+SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
+7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
+qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
+QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
+NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
+A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
+FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
+Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
+G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
+c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
+jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
+w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
+GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
+3VZdLbCVIhNoEsysrxCpxcI=
+-----END CERTIFICATE-----
+Tims test GCI CA
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
+Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
+ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
+ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
+W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
+QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
+9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
+TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
+8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+-----END CERTIFICATE-----
+ subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+ issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+-----BEGIN CERTIFICATE-----
+MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
+YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
+MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
+YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
+SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
+U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
+RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
+3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
+z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
+hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
+YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
+LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
+KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
+Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
+ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
+dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
+IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
+ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
+TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
+LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
+BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
+53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
+2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
+p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+-----END CERTIFICATE-----
+ subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
+nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
+AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
+IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
+Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
+NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+-----END CERTIFICATE-----
+ subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
+9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
+IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
+O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
+g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
+yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/apps/server.srl b/src/lib/libssl/src/apps/server.srl
new file mode 100644
index 0000000000..8a0f05e166
--- /dev/null
+++ b/src/lib/libssl/src/apps/server.srl
@@ -0,0 +1 @@
+01
diff --git a/src/lib/libssl/src/apps/server2.pem b/src/lib/libssl/src/apps/server2.pem
new file mode 100644
index 0000000000..8bb664194e
--- /dev/null
+++ b/src/lib/libssl/src/apps/server2.pem
@@ -0,0 +1,376 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU0WhcNOTgwNjA5
+MTM1NzU0WjBkMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxJDAiBgNVBAMTG1NlcnZlciB0ZXN0IGNl
+cnQgKDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsxH1PBPm
+RkxrR11eV4bzNi4N9n11CI8nV29+ARlT1+qDe/mjVUvXlmsr1v/vf71G9GgqopSa
+6RXrICLVdk/FYYYzhPvl1M+OrjaXDFO8BzBAF1Lnz6c7aRZvGRJNrRSr2nZEkqDf
+JW9dY7r2VZEpD5QeuaRYUnuECkqeieB65GMCAwEAATANBgkqhkiG9w0BAQQFAAOB
+gQCWsOta6C0wiVzXz8wPmJKyTrurMlgUss2iSuW9366iwofZddsNg7FXniMzkIf6
+dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh
+8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
+S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
+pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
+AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
+dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
+bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
+Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
+zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
+6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
+QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
+dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
+0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
+nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+notBefore=950413210656Z
+notAfter =970412210656Z
+-----BEGIN X509 CERTIFICATE-----
+MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
+ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
+VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
+MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
+3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
+YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
+hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
+dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
+zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
+-----END X509 CERTIFICATE-----
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
+-----BEGIN X509 CERTIFICATE-----
+MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
+LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
+MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
+b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
+EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
+bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
+ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
+hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
+ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
+bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
+fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
+R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
+Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
+-----END X509 CERTIFICATE-----
+-----BEGIN X509 CERTIFICATE-----
+MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
+bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
+BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
+BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
+ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
+ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
+H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
+WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
+MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
+LC7obsrHD8XAHG+ZRG==
+-----END X509 CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
+A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
+aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
+LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
+gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
+dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
+SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
+bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
+OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
+GJNMJ4L0AJ/ac+SmHZc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
+OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
+40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
+22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
+BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
+Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
+xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
+cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=941109235417Z
+notAfter =991231235417Z
+-----BEGIN X509 CERTIFICATE-----
+MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+-----END X509 CERTIFICATE-----
+subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+        /OU=Certification Services Division/CN=Thawte Server CA
+        /Email=server-certs@thawte.com
+issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+        /OU=Certification Services Division/CN=Thawte Server CA
+        /Email=server-certs@thawte.com
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
+hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
+N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
+ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
+bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
+aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
+F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
+Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
+KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
+SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
+7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
+qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
+QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
+NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
+A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
+FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
+Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
+G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
+c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
+jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
+w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
+GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
+3VZdLbCVIhNoEsysrxCpxcI=
+-----END CERTIFICATE-----
+Tims test GCI CA
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
+Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
+ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
+ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
+W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
+QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
+9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
+TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
+8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+-----END CERTIFICATE-----
+ subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+ issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+-----BEGIN CERTIFICATE-----
+MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
+YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
+MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
+YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
+SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
+U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
+RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
+3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
+z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
+hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
+YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
+LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
+KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
+Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
+ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
+dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
+IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
+ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
+TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
+LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
+BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
+53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
+2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
+p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+-----END CERTIFICATE-----
+ subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
+nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
+AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
+IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
+Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
+NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+-----END CERTIFICATE-----
+ subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
+9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
+IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
+O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
+g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
+yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/apps/sess_id.c b/src/lib/libssl/src/apps/sess_id.c
new file mode 100644
index 0000000000..2fad36a495
--- /dev/null
+++ b/src/lib/libssl/src/apps/sess_id.c
@@ -0,0 +1,305 @@
+/* apps/sess_id.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "x509.h"
+#include "pem.h"
+#include "ssl.h"
+#undef PROG
+#define PROG    sess_id_main
+#define FORMAT_UNDEF    0
+#define FORMAT_ASN1     1
+#define FORMAT_TEXT     2
+#define FORMAT_PEM      3
+static char *sess_id_usage[]={
+"usage: crl args\n",
+"\n",
+" -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
+" -outform arg    - output format - default PEM\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -text           - print ssl session id details\n",
+" -cert           - output certificaet \n",
+" -noout          - no CRL output\n",
+NULL
+};
+#ifndef NOPROTO
+static SSL_SESSION *load_sess_id(char *file, int format);
+#else
+static SSL_SESSION *load_sess_id();
+#endif
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        SSL_SESSION *x=NULL;
+        int ret=1,i,num,badops=0;
+        BIO *out=NULL;
+        int informat,outformat;
+        char *infile=NULL,*outfile=NULL;
+        int cert=0,noout=0,text=0;
+        char **pp;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        informat=FORMAT_PEM;
+        outformat=FORMAT_PEM;
+        argc--;
+        argv++;
+        num=0;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-inform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        informat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-outform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outformat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-text") == 0)
+                        text= ++num;
+                else if (strcmp(*argv,"-cert") == 0)
+                        cert= ++num;
+                else if (strcmp(*argv,"-noout") == 0)
+                        noout= ++num;
+                else
+                        {
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+bad:
+                for (pp=sess_id_usage; (*pp != NULL); pp++)
+                        BIO_printf(bio_err,*pp);
+                goto end;
+                }
+        ERR_load_crypto_strings();
+        x=load_sess_id(infile,informat);
+        if (x == NULL) { goto end; }
+#ifdef undef
+        /* just testing for memory leaks :-) */
+        {
+        SSL_SESSION *s;
+        char buf[1024*10],*p;
+        int i;
+        s=SSL_SESSION_new();
+        p= &buf;
+        i=i2d_SSL_SESSION(x,&p);
+        p= &buf;
+        d2i_SSL_SESSION(&s,&p,(long)i);
+        p= &buf;
+        d2i_SSL_SESSION(&s,&p,(long)i);
+        p= &buf;
+        d2i_SSL_SESSION(&s,&p,(long)i);
+        SSL_SESSION_free(s);
+        }
+#endif
+        if (!noout || text)
+                {
+                out=BIO_new(BIO_s_file());
+                if (out == NULL)
+                        {
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                if (outfile == NULL)
+                        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+                else
+                        {
+                        if (BIO_write_filename(out,outfile) <= 0)
+                                {
+                                perror(outfile);
+                                goto end;
+                                }
+                        }
+                }
+        if (text)
+                {
+                SSL_SESSION_print(out,x);
+                if (cert)
+                        {
+                        if (x->peer == NULL)
+                                BIO_puts(out,"No certificate present\n");
+                        else
+                                X509_print(out,x->peer);
+                        }
+                }
+        if (!noout && !cert)
+                {
+                if      (outformat == FORMAT_ASN1)
+                        i=(int)i2d_SSL_SESSION_bio(out,x);
+                else if (outformat == FORMAT_PEM)
+                        i=PEM_write_bio_SSL_SESSION(out,x);
+                else    {
+                        BIO_printf(bio_err,"bad output format specified for outfile\n");
+                        goto end;
+                        }
+                if (!i) {
+                        BIO_printf(bio_err,"unable to write SSL_SESSION\n");
+                        goto end;
+                        }
+                }
+        else if (!noout && (x->peer != NULL)) /* just print the certificate */
+                {
+                if      (outformat == FORMAT_ASN1)
+                        i=(int)i2d_X509_bio(out,x->peer);
+                else if (outformat == FORMAT_PEM)
+                        i=PEM_write_bio_X509(out,x->peer);
+                else    {
+                        BIO_printf(bio_err,"bad output format specified for outfile\n");
+                        goto end;
+                        }
+                if (!i) {
+                        BIO_printf(bio_err,"unable to write X509\n");
+                        goto end;
+                        }
+                }
+        ret=0;
+end:
+        if (out != NULL) BIO_free(out);
+        if (x != NULL) SSL_SESSION_free(x);
+        EXIT(ret);
+        }
+static SSL_SESSION *load_sess_id(infile, format)
+char *infile;
+int format;
+        {
+        SSL_SESSION *x=NULL;
+        BIO *in=NULL;
+        in=BIO_new(BIO_s_file());
+        if (in == NULL)
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (infile == NULL)
+                BIO_set_fp(in,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(in,infile) <= 0)
+                        {
+                        perror(infile);
+                        goto end;
+                        }
+                }
+        if      (format == FORMAT_ASN1)
+                x=d2i_SSL_SESSION_bio(in,NULL);
+        else if (format == FORMAT_PEM)
+                x=PEM_read_bio_SSL_SESSION(in,NULL,NULL);
+        else    {
+                BIO_printf(bio_err,"bad input format specified for input crl\n");
+                goto end;
+                }
+        if (x == NULL)
+                {
+                BIO_printf(bio_err,"unable to load SSL_SESSION\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        
+end:
+        if (in != NULL) BIO_free(in);
+        return(x);
+        }
diff --git a/src/lib/libssl/src/apps/set/set-g-ca.pem b/src/lib/libssl/src/apps/set/set-g-ca.pem
new file mode 100644
index 0000000000..78499f0570
--- /dev/null
+++ b/src/lib/libssl/src/apps/set/set-g-ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgYCYUeg8NJ9kO1q3z6vGCkAmPRfu5+Nur0FyGF79MADMw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtQ
+Q0ExMDIxMTgyODEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJyi5V7l1HohY6hN/2N9x6mvWeMy8rD1
+6lfXjgmiuGmhpaszWYaalesMcS2OGuG8Lq3PkaSzpVzqASKfIOjxLMsdpYyYJRub
+vRPDWi3xd8wlp9xUwWHKqn+ki8mPo0yN4eONwZZ4rcZr6K+tWd+5EJZSjuENJoQ/
+SRRmGRzdcS7XAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMjIwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwICBDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBn19R2
+AgGvpJDmfXrHTDdCoYyMkaP2MPzw0hFRwh+wqnw0/pqUXa7MrLXMqtD3rUyOWaNR
+9fYpJZd0Bh/1OeIc2+U+VNfUovLLuZ8nNemdxyq2KMYnHtnh7UdO7atZ+PFLVu8x
+a+J2Mtj8MGy12CJNTJcjLSrJ/1f3AuVrwELjlQ==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/apps/set/set-m-ca.pem b/src/lib/libssl/src/apps/set/set-m-ca.pem
new file mode 100644
index 0000000000..0e74caff67
--- /dev/null
+++ b/src/lib/libssl/src/apps/set/set-m-ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgEGvcf5aUnufALdVMa/dmPdflq1CoORGeK5DUwbqhVYcw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtN
+Q0ExMDIxMTgyNzEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALuWwr63YrT1GIZpYKfIeiVFHESG/FZO
+7RAJKml/p12ZyZ7D5YPP4BBXVsa1H8e8arR1LKC4rdCArrtKKlBeBiMo9+NB+u35
+FnLnTmfzM4iZ2Syw35DXY8+Xn/LM7RJ1RG+vMNcTqpoUg7QPye7flq2Pt7vVROPn
+SZxPyVxmILe3AgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMjEwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIDCDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQApaj0W
+GgyR47URZEZ7z83yivvnVErqtodub/nR1fMgJ4bDC0ofjA0SzXBP1/3eDq9VkPuS
+EKUw9BpM2XrSUKhJ6F1CbBjWpM0M7GC1nTSxMxmV+XL+Ab/Gn2SwozUApWtht29/
+x9VLB8qsi6wN2aOsVdQMl5iVCjGQYfEkyuoIgA==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/apps/set/set_b_ca.pem b/src/lib/libssl/src/apps/set/set_b_ca.pem
new file mode 100644
index 0000000000..eba7d5cf54
--- /dev/null
+++ b/src/lib/libssl/src/apps/set/set_b_ca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1zCCAr+gAwIBAgIgYClSzXgB3u31VMarY+lXwPKU9DtoBMzaaivuVzV9a9kw
+DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
+ODI5MB4XDTk2MTAxNzAwMDAwMFoXDTk2MTExNjIzNTk1OVowRTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0JDQTEwMTcxMTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlBy
+b2R1Y3QgVHlwZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApPewvR0BwV02
+9E12ic48pMY/aMB6SkMEWPDx2hURr0DKYGJ6qMvzZn2pSfaVH1BqDtK6oK4Ye5Mj
+ItywwQIdXXO9Ut8+TLnvtzq9ByCJ0YThjZJBc7ZcpJxSV7QAoBON/lzxZuAVq3+L
+3uc39MgRwmBpRllZEpWrkojxs6166X0CAwEAAaOCAVcwggFTMFQGA1UdIwRNMEuh
+J6QlMCMxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtSQ0ExMDExMTgyOYIgVqenwCYv
+mmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYwDgYDVR0PAQH/BAQDAgEGMC4GA1Ud
+EAEB/wQkMCKADzE5OTYxMDE3MTc1NzAwWoEPMTk5NjExMTYyMzU5NTlaMBsGA1Ud
+IAEB/wQRMA8wDQYLYIZIAYb4RQEHAQEwEgYDVR0TAQH/BAgwBgEB/wIBATAPBgSG
+jW8DAQH/BAQDAgABMHkGBIaNbwcBAf8EbjBsMCQCAQAwCQYFKw4DAhoFAAQUMmY3
+NGIxYWY0ZmNjMDYwZjc2NzYTD3RlcnNlIHN0YXRlbWVudIAXaHR0cDovL3d3dy52
+ZXJpc2lnbi5jb22BGmdldHNldC1jZW50ZXJAdmVyaXNpZ24uY29tMA0GCSqGSIb3
+DQEBBQUAA4IBAQAWoMS8Aj2sO0LDxRoMcnWTKY8nd8Jw2vl2Mgsm+0qCvcndICM5
+43N0y9uHlP8WeCZULbFz95gTL8mfP/QTu4EctMUkQgRHJnx80f0XSF3HE/X6zBbI
+9rit/bF6yP1mhkdss/vGanReDpki7q8pLx+VIIcxWst/366HP3dW1Fb7ECW/WmVV
+VMN93f/xqk9I4sXchVZcVKQT3W4tzv+qQvugrEi1dSEkbAy1CITEAEGiaFhGUyCe
+WPox3guRXaEHoINNeajGrISe6d//alsz5EEroBoLnM2ryqWfLAtRsf4rjNzTgklw
+lbiz0fw7bNkXKp5ZVr0wlnOjQnoSM6dTI0AV
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/apps/set/set_c_ca.pem b/src/lib/libssl/src/apps/set/set_c_ca.pem
new file mode 100644
index 0000000000..48b2cbdc7c
--- /dev/null
+++ b/src/lib/libssl/src/apps/set/set_c_ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgOnl8J6lAYNDdTWtIojWCGnloNf4ufHjOZ4Fkxwg5xOsw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtD
+Q0ExMDIxMTYxNjEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANA3a9+U8oXU3Dv1wJf8g0A7HjCRZAXc
+Y8E4OLOdye5aUssxifCE05qTPVqHMXo6cnCYcfroMdURhjQlswyTGtjQybgUnXjp
+pchw+V4D1DkN0ThErrMCh9ZFSykC0lUhQTRLESvbIb4Gal/HMAFAF5sj0GoOFi2H
+RRj7gpzBIU3xAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMTAwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIEEDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBteLaZ
+u/TASC64UWPfhxYAUdys9DQ1pG/J1qPWNTkjOmpXFvW+7l/3nkxyRPgUoFNwx1e7
+XVVPr6zhy8LaaXppwfIZvVryzAUdbtijiUf/MO0hvV3w7e9NlCVProdU5H9EvCXr
+IV8rH8fdEkirIVyw0JGHkuWhkmtS1HEwai9vg==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/apps/set/set_d_ct.pem b/src/lib/libssl/src/apps/set/set_d_ct.pem
new file mode 100644
index 0000000000..9f8c7d8b08
--- /dev/null
+++ b/src/lib/libssl/src/apps/set/set_d_ct.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdjCCAt+gAwIBAgIgRU5t24v72xVDpZ4iHpyoOAQaQmfio1yhTZAOkBfT2uUw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0NDQTEwMjEx
+NjE2MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjQw
+MDAwMDBaFw05NjExMjMyMzU5NTlaMG4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdC
+cmFuZElEMSYwJAYDVQQLEx1Jc3N1aW5nIEZpbmFuY2lhbCBJbnN0aXR1dGlvbjEl
+MCMGA1UEAxMcR2lYb0t0VjViN1V0MHZKa2hkSG5RYmNzc2JrPTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDIUxgpNB1aoSW585WErtN8WInCRWCqDj3RGT2mJye0F4SM
+/iT5ywdWMasmw18vpEpDlMypfZnRkUAdfyHcRABVAgMBAAGjggFwMIIBbDB2BgNV
+HSMEbzBtoUmkRzBFMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLQkNBMTAxNzExMDQx
+IDAeBgNVBAMTF0JyYW5kIE5hbWU6UHJvZHVjdCBUeXBlgiA6eXwnqUBg0N1Na0ii
+NYIaeWg1/i58eM5ngWTHCDnE6zAOBgNVHQ8BAf8EBAMCB4AwLgYDVR0QAQH/BCQw
+IoAPMTk5NjEwMjQwMTA0MDBagQ8xOTk2MTEyMzIzNTk1OVowGAYDVR0gBBEwDzAN
+BgtghkgBhvhFAQcBATAMBgNVHRMBAf8EAjAAMA8GBIaNbwMBAf8EBAMCB4AweQYE
+ho1vBwEB/wRuMGwwJAIBADAJBgUrDgMCGgUABBQzOTgyMzk4NzIzNzg5MTM0OTc4
+MhMPdGVyc2Ugc3RhdGVtZW50gBdodHRwOi8vd3d3LnZlcmlzaWduLmNvbYEaZ2V0
+c2V0LWNlbnRlckB2ZXJpc2lnbi5jb20wDQYJKoZIhvcNAQEFBQADgYEAVHCjhxeD
+mIFSkm3DpQAq7pGfcAFPWvSM9I9bK8qeFT1M5YQ+5fbPqaWlNcQlGKIe3cHd4+0P
+ndL5lb6UBhhA0kTzEYA38+HtBxPe/lokCv0bYfyWY9asUmvfbUrTYta0yjN7ixnV
+UqvxxHQHOAwhf6bcc7xNHapOxloWzGUU0RQ=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/apps/set/set_root.pem b/src/lib/libssl/src/apps/set/set_root.pem
new file mode 100644
index 0000000000..8dd104f058
--- /dev/null
+++ b/src/lib/libssl/src/apps/set/set_root.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAk+gAwIBAgIgVqenwCYvmmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYw
+DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
+ODI5MB4XDTk2MTAxMjAwMDAwMFoXDTk2MTExMTIzNTk1OVowIzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC1JDQTEwMTExODI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAukca0PVUGFIYX7EyrShi+dVi9GTNzG0V2Wtdw6DqFzKfedba/KpE
+zqnRDV/wRZlBn3oXPS6kNCFiBPRV9mEFXI7y2W+q8/vPurjRDIXMsqQ+dAhKwf4q
+rofJBTiET4NUN0YTtpx6aYuoVubjiOgKdbqnUArxAWWP2Dkco17ipEYyUtd4sTAe
+/xKR02AHpbYGYPSHjMDS/nzUJ7uX4d51phs0rt7If48ExJSnDV/KoHMfm42mdmH2
+g23005qdHKY3UXeh10tZmb3QtGTSvF6OqpRZ+e9/ALklu7ZcIjqbb944ci4QWemb
+ZNWiDFrWWUoO1k942BI/iZ8Fh8pETYSDBQIDAQABo4GGMIGDMA4GA1UdDwEB/wQE
+AwIBBjAuBgNVHRABAf8EJDAigA8xOTk2MTAxMjAxMzQwMFqBDzE5OTYxMTExMjM1
+OTU5WjAbBgNVHSABAf8EETAPMA0GC2CGSAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYB
+Af8CAQIwEAYEho1vAwEB/wQFAwMHAIAwDQYJKoZIhvcNAQEFBQADggEBAK4tntea
+y+ws7PdULwfqAS5osaoNvw73uBn5lROTpx91uhQbJyf0oZ3XG9GUuHZBpqG9qmr9
+vIL40RsvRpNMYgaNHKTxF716yx6rZmruAYZsrE3SpV63tQJCckKLPSge2E5uDhSQ
+O8UjusG+IRT9fKMXUHLv4OmZPOQVOSl1qTCN2XoJFqEPtC3Y9P4YR4xHL0P2jb1l
+DLdIbruuh+6omH+0XUZd5fKnQZTTi6gjl0iunj3wGnkcqGZtwr3j87ONiB/8tDwY
+vz8ceII4YYdX12PrNzn+fu3R5rChvPW4/ah/SaYQ2VQ0AupaIF4xrNJ/gLYYw0YO
+bxCrVJLd8tu9WgA=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c
new file mode 100644
index 0000000000..0003934247
--- /dev/null
+++ b/src/lib/libssl/src/apps/speed.c
@@ -0,0 +1,1212 @@
+/* apps/speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* most of this code has been pilfered from my libdes speed.c program */
+#undef SECONDS
+#define SECONDS         3       
+#define RSA_SECONDS     10      
+#define DSA_SECONDS     10      
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#undef PROG
+#define PROG speed_main
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <math.h>
+#include "apps.h"
+#ifdef NO_STDIO
+#define APPS_WIN16
+#endif
+#include "crypto.h"
+#include "rand.h"
+#include "err.h"
+#ifndef MSDOS
+#define TIMES
+#endif
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#ifndef NO_DES
+#include "des.h"
+#endif
+#ifndef NO_MD2
+#include "md2.h"
+#endif
+#ifndef NO_MDC2
+#include "mdc2.h"
+#endif
+#ifndef NO_MD5
+#include "md5.h"
+#include "hmac.h"
+#include "evp.h"
+#endif
+#ifndef NO_SHA1
+#include "sha.h"
+#endif
+#ifndef NO_RMD160
+#include "ripemd.h"
+#endif
+#ifndef NO_RC4
+#include "rc4.h"
+#endif
+#ifndef NO_RC5
+#include "rc5.h"
+#endif
+#ifndef NO_RC2
+#include "rc2.h"
+#endif
+#ifndef NO_IDEA
+#include "idea.h"
+#endif
+#ifndef NO_BLOWFISH
+#include "blowfish.h"
+#endif
+#ifndef NO_CAST
+#include "cast.h"
+#endif
+#ifndef NO_RSA
+#include "rsa.h"
+#endif
+#include "x509.h"
+#include "./testrsa.h"
+#ifndef NO_DSA
+#include "./testdsa.h"
+#endif
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8+1)
+int run=0;
+#ifndef NOPROTO
+static double Time_F(int s);
+static void print_message(char *s,long num,int length);
+static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
+#else
+static double Time_F();
+static void print_message();
+static void pkey_print_message();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif 
+#ifndef NOPROTO
+static SIGRETTYPE sig_done(int sig);
+#else
+static SIGRETTYPE sig_done();
+#endif
+static SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+static double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret < 1e-3)?1e-3:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret < 0.001)?0.001:ret);
+                }
+#endif
+        }
+int MAIN(argc,argv)
+int argc;
+char **argv;
+        {
+        unsigned char *buf=NULL,*buf2=NULL;
+        int ret=1;
+#define ALGOR_NUM       14
+#define SIZE_NUM        5
+#define RSA_NUM         4
+#define DSA_NUM         3
+        long count,rsa_count;
+        int i,j,k,rsa_num,rsa_num2;
+#ifndef NO_MD2
+        unsigned char md2[MD2_DIGEST_LENGTH];
+#endif
+#ifndef NO_MDC2
+        unsigned char mdc2[MDC2_DIGEST_LENGTH];
+#endif
+#ifndef NO_MD5
+        unsigned char md5[MD5_DIGEST_LENGTH];
+        unsigned char hmac[MD5_DIGEST_LENGTH];
+#endif
+#ifndef NO_SHA1
+        unsigned char sha[SHA_DIGEST_LENGTH];
+#endif
+#ifndef NO_RMD160
+        unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+#endif
+#ifndef NO_RC4
+        RC4_KEY rc4_ks;
+#endif
+#ifndef NO_RC5
+        RC5_32_KEY rc5_ks;
+#endif
+#ifndef NO_RC2
+        RC2_KEY rc2_ks;
+#endif
+#ifndef NO_IDEA
+        IDEA_KEY_SCHEDULE idea_ks;
+#endif
+#ifndef NO_BLOWFISH
+        BF_KEY bf_ks;
+#endif
+#ifndef NO_CAST
+        CAST_KEY cast_ks;
+#endif
+        static unsigned char key16[16]=
+                {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+        unsigned char iv[8];
+#ifndef NO_DES
+        static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+        static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+        des_key_schedule sch,sch2,sch3;
+#endif
+#define D_MD2           0
+#define D_MDC2          1
+#define D_MD5           2
+#define D_HMAC          3
+#define D_SHA1          4
+#define D_RMD160        5
+#define D_RC4           6
+#define D_CBC_DES       7
+#define D_EDE3_DES      8
+#define D_CBC_IDEA      9
+#define D_CBC_RC2       10
+#define D_CBC_RC5       11
+#define D_CBC_BF        12
+#define D_CBC_CAST      13
+        double d,results[ALGOR_NUM][SIZE_NUM];
+        static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
+        long c[ALGOR_NUM][SIZE_NUM];
+        static char *names[ALGOR_NUM]={
+                "md2","mdc2","md5","hmac(md5)","sha1","rmd160","rc4",
+                "des cbc","des ede3","idea cbc",
+                "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
+#define R_DSA_512       0
+#define R_DSA_1024      1
+#define R_DSA_2048      2
+#define R_RSA_512       0
+#define R_RSA_1024      1
+#define R_RSA_2048      2
+#define R_RSA_4096      3
+        RSA *rsa_key[RSA_NUM];
+        long rsa_c[RSA_NUM][2];
+#ifndef NO_RSA
+        double rsa_results[RSA_NUM][2];
+        static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
+        static unsigned char *rsa_data[RSA_NUM]=
+                {test512,test1024,test2048,test4096};
+        static int rsa_data_length[RSA_NUM]={
+                sizeof(test512),sizeof(test1024),
+                sizeof(test2048),sizeof(test4096)};
+#endif
+#ifndef NO_DSA
+        DSA *dsa_key[DSA_NUM];
+        long dsa_c[DSA_NUM][2];
+        double dsa_results[DSA_NUM][2];
+        static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
+#endif
+        int rsa_doit[RSA_NUM];
+        int dsa_doit[DSA_NUM];
+        int doit[ALGOR_NUM];
+        int pr_header=0;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        for (i=0; i<RSA_NUM; i++)
+                rsa_key[i]=NULL;
+        if ((buf=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
+                {
+                BIO_printf(bio_err,"out of memory\n");
+                goto end;
+                }
+        if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
+                {
+                BIO_printf(bio_err,"out of memory\n");
+                goto end;
+                }
+        memset(c,0,sizeof(c));
+        memset(iv,0,sizeof(iv));
+        for (i=0; i<ALGOR_NUM; i++)
+                doit[i]=0;
+        for (i=0; i<RSA_NUM; i++)
+                rsa_doit[i]=0;
+        for (i=0; i<DSA_NUM; i++)
+                dsa_doit[i]=0;
+        
+        j=0;
+        argc--;
+        argv++;
+        while (argc)
+                {
+#ifndef NO_MD2
+                if      (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
+                else
+#endif
+#ifndef NO_MDC2
+                        if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
+                else
+#endif
+#ifndef NO_MD5
+                        if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
+                else
+#endif
+#ifndef NO_MD5
+                        if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
+                else
+#endif
+#ifndef NO_SHA1
+                        if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
+                else
+                        if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
+                else
+#endif
+#ifndef NO_RMD160
+                        if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
+                else
+                        if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
+                else
+                        if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
+                else
+#endif
+#ifndef NO_RC4
+                        if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
+                else 
+#endif
+#ifndef NO_DEF
+                        if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
+                else    if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
+                else
+#endif
+#ifndef NO_RSA
+#ifdef RSAref
+                        if (strcmp(*argv,"rsaref") == 0) 
+                        {
+                        RSA_set_default_method(RSA_PKCS1_RSAref());
+                        j--;
+                        }
+                else
+#endif
+                        if (strcmp(*argv,"ssleay") == 0) 
+                        {
+                        RSA_set_default_method(RSA_PKCS1_SSLeay());
+                        j--;
+                        }
+                else
+#endif /* !NO_RSA */
+                     if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
+                else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
+                else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;
+                else if (strcmp(*argv,"rsa512") == 0) rsa_doit[R_RSA_512]=2;
+                else if (strcmp(*argv,"rsa1024") == 0) rsa_doit[R_RSA_1024]=2;
+                else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;
+                else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;
+                else
+#ifndef NO_RC2
+                     if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;
+                else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
+                else
+#endif
+#ifndef NO_RC5
+                     if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
+                else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
+                else
+#endif
+#ifndef NO_IDEA
+                     if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
+                else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
+                else
+#endif
+#ifndef NO_BLOWFISH
+                     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
+                else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
+                else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
+                else
+#endif
+#ifndef NO_CAST
+                     if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
+                else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
+                else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
+                else
+#endif
+#ifndef NO_DES
+                        if (strcmp(*argv,"des") == 0)
+                        {
+                        doit[D_CBC_DES]=1;
+                        doit[D_EDE3_DES]=1;
+                        }
+                else
+#endif
+#ifndef NO_RSA
+                        if (strcmp(*argv,"rsa") == 0)
+                        {
+                        rsa_doit[R_RSA_512]=1;
+                        rsa_doit[R_RSA_1024]=1;
+                        rsa_doit[R_RSA_2048]=1;
+                        rsa_doit[R_RSA_4096]=1;
+                        }
+                else
+#endif
+#ifndef NO_DSA
+                        if (strcmp(*argv,"dsa") == 0)
+                        {
+                        dsa_doit[R_DSA_512]=1;
+                        dsa_doit[R_DSA_1024]=1;
+                        }
+                else
+#endif
+                        {
+                        BIO_printf(bio_err,"bad value, pick one of\n");
+                        BIO_printf(bio_err,"md2      mdc2       md5      hmac      sha1    rmd160\n");
+#ifndef NO_IDEA
+                        BIO_printf(bio_err,"idea-cbc ");
+#endif
+#ifndef NO_RC2
+                        BIO_printf(bio_err,"rc2-cbc  ");
+#endif
+#ifndef NO_RC5
+                        BIO_printf(bio_err,"rc5-cbc  ");
+#endif
+#ifndef NO_BLOWFISH
+                        BIO_printf(bio_err,"bf-cbc");
+#endif
+#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BLOWFISH) && !defined(NO_RC5)
+                        BIO_printf(bio_err,"\n");
+#endif
+                        BIO_printf(bio_err,"des-cbc  des-ede3 ");
+#ifndef NO_RC4
+                        BIO_printf(bio_err,"rc4");
+#endif
+#ifndef NO_RSA
+                        BIO_printf(bio_err,"\nrsa512   rsa1024  rsa2048  rsa4096\n");
+#endif
+#ifndef NO_DSA
+                        BIO_printf(bio_err,"\ndsa512   dsa1024  dsa2048\n");
+#endif
+                        BIO_printf(bio_err,"idea     rc2      des      rsa    blowfish\n");
+                        goto end;
+                        }
+                argc--;
+                argv++;
+                j++;
+                }
+        if (j == 0)
+                {
+                for (i=0; i<ALGOR_NUM; i++)
+                        doit[i]=1;
+                for (i=0; i<RSA_NUM; i++)
+                        rsa_doit[i]=1;
+                for (i=0; i<DSA_NUM; i++)
+                        dsa_doit[i]=1;
+                }
+        for (i=0; i<ALGOR_NUM; i++)
+                if (doit[i]) pr_header++;
+#ifndef TIMES
+        BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
+        BIO_printf(bio_err,"program when this computer is idle.\n");
+#endif
+#ifndef NO_RSA
+        for (i=0; i<RSA_NUM; i++)
+                {
+                unsigned char *p;
+                p=rsa_data[i];
+                rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
+                if (rsa_key[i] == NULL)
+                        {
+                        BIO_printf(bio_err,"internal error loading RSA key number %d\n",i);
+                        goto end;
+                        }
+#if 0
+                else
+                        {
+                        BIO_printf(bio_err,"Loaded RSA key, %d bit modulus and e= 0x",BN_num_bits(rsa_key[i]->n));
+                        BN_print(bio_err,rsa_key[i]->e);
+                        BIO_printf(bio_err,"\n");
+                        }
+#endif
+                }
+#endif
+#ifndef NO_DSA
+        dsa_key[0]=get_dsa512();
+        dsa_key[1]=get_dsa1024();
+        dsa_key[2]=get_dsa2048();
+#endif
+#ifndef NO_DES
+        des_set_key((C_Block *)key,sch);
+        des_set_key((C_Block *)key2,sch2);
+        des_set_key((C_Block *)key3,sch3);
+#endif
+#ifndef NO_IDEA
+        idea_set_encrypt_key(key16,&idea_ks);
+#endif
+#ifndef NO_RC4
+        RC4_set_key(&rc4_ks,16,key16);
+#endif
+#ifndef NO_RC2
+        RC2_set_key(&rc2_ks,16,key16,128);
+#endif
+#ifndef NO_RC5
+        RC5_32_set_key(&rc5_ks,16,key16,12);
+#endif
+#ifndef NO_BLOWFISH
+        BF_set_key(&bf_ks,16,key16);
+#endif
+#ifndef NO_CAST
+        CAST_set_key(&cast_ks,16,key16);
+#endif
+        memset(rsa_c,0,sizeof(rsa_c));
+#ifndef SIGALRM
+        BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
+        count=10;
+        do      {
+                long i;
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        des_ecb_encrypt((C_Block *)buf,(C_Block *)buf,
+                                &(sch[0]),DES_ENCRYPT);
+                d=Time_F(STOP);
+                } while (d <3);
+        c[D_MD2][0]=count/10;
+        c[D_MDC2][0]=count/10;
+        c[D_MD5][0]=count;
+        c[D_HMAC][0]=count;
+        c[D_SHA1][0]=count;
+        c[D_RMD160][0]=count;
+        c[D_RC4][0]=count*5;
+        c[D_CBC_DES][0]=count;
+        c[D_EDE3_DES][0]=count/3;
+        c[D_CBC_IDEA][0]=count;
+        c[D_CBC_RC2][0]=count;
+        c[D_CBC_RC5][0]=count;
+        c[D_CBC_BF][0]=count;
+        c[D_CBC_CAST][0]=count;
+        for (i=1; i<SIZE_NUM; i++)
+                {
+                c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
+                c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
+                c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
+                c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
+                c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
+                c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
+                }
+        for (i=1; i<SIZE_NUM; i++)
+                {
+                long l0,l1;
+                l0=(long)lengths[i-1];
+                l1=(long)lengths[i];
+                c[D_RC4][i]=c[D_RC4][i-1]*l0/l1;
+                c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1;
+                c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1;
+                c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1;
+                c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1;
+                c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
+                c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
+                c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
+                }
+        rsa_c[R_RSA_512][0]=count/2000;
+        rsa_c[R_RSA_512][1]=count/400;
+        for (i=1; i<RSA_NUM; i++)
+                {
+                rsa_c[i][0]=rsa_c[i-1][0]/8;
+                rsa_c[i][1]=rsa_c[i-1][1]/4;
+                if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))
+                        rsa_doit[i]=0;
+                else
+                        {
+                        if (rsa_c[i] == 0)
+                                {
+                                rsa_c[i][0]=1;
+                                rsa_c[i][1]=20;
+                                }
+                        }                               
+                }
+        dsa_c[R_DSA_512][0]=count/1000;
+        dsa_c[R_DSA_512][1]=count/1000/2;
+        for (i=1; i<DSA_NUM; i++)
+                {
+                dsa_c[i][0]=dsa_c[i-1][0]/4;
+                dsa_c[i][1]=dsa_c[i-1][1]/4;
+                if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))
+                        dsa_doit[i]=0;
+                else
+                        {
+                        if (dsa_c[i] == 0)
+                                {
+                                dsa_c[i][0]=1;
+                                dsa_c[i][1]=1;
+                                }
+                        }                               
+                }
+#define COND(d) (count < (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+#endif
+#ifndef NO_MD2
+        if (doit[D_MD2])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_MD2][j]); count++)
+                                MD2(buf,(unsigned long)lengths[j],&(md2[0]));
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_MD2],d);
+                        results[D_MD2][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+#ifndef NO_MDC2
+        if (doit[D_MDC2])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_MDC2][j]); count++)
+                                MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_MDC2],d);
+                        results[D_MDC2][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+#ifndef NO_MD5
+        if (doit[D_MD5])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_MD5][j]); count++)
+                                MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_MD5],d);
+                        results[D_MD5][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+#ifndef NO_MD5
+        if (doit[D_HMAC])
+                {
+                HMAC_CTX hctx;
+                HMAC_Init(&hctx,(unsigned char *)"This is a key...",
+                        16,EVP_md5());
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_HMAC][j]); count++)
+                                {
+                                HMAC_Init(&hctx,NULL,0,NULL);
+                                HMAC_Update(&hctx,buf,lengths[j]);
+                                HMAC_Final(&hctx,&(hmac[0]),NULL);
+                                }
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_HMAC],d);
+                        results[D_HMAC][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+#ifndef NO_SHA1
+        if (doit[D_SHA1])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_SHA1][j]); count++)
+                                SHA1(buf,(unsigned long)lengths[j],&(sha[0]));
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_SHA1],d);
+                        results[D_SHA1][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+#ifndef NO_RMD160
+        if (doit[D_RMD160])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_RMD160][j]); count++)
+                                RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_RMD160],d);
+                        results[D_RMD160][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+#ifndef NO_RC4
+        if (doit[D_RC4])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_RC4][j]); count++)
+                                RC4(&rc4_ks,(unsigned int)lengths[j],
+                                        buf,buf);
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_RC4],d);
+                        results[D_RC4][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+#ifndef NO_DES
+        if (doit[D_CBC_DES])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
+                                des_ncbc_encrypt((C_Block *)buf,
+                                        (C_Block *)buf,
+                                        (long)lengths[j],sch,
+                                        (C_Block *)&(iv[0]),DES_ENCRYPT);
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_CBC_DES],d);
+                        results[D_CBC_DES][j]=((double)count)/d*lengths[j];
+                        }
+                }
+        if (doit[D_EDE3_DES])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
+                                des_ede3_cbc_encrypt((C_Block *)buf,
+                                        (C_Block *)buf,
+                                        (long)lengths[j],sch,sch2,sch3,
+                                        (C_Block *)&(iv[0]),DES_ENCRYPT);
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_EDE3_DES],d);
+                        results[D_EDE3_DES][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+#ifndef NO_IDEA
+        if (doit[D_CBC_IDEA])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
+                                idea_cbc_encrypt(buf,buf,
+                                        (unsigned long)lengths[j],&idea_ks,
+                                        (unsigned char *)&(iv[0]),IDEA_ENCRYPT);
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_CBC_IDEA],d);
+                        results[D_CBC_IDEA][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+#ifndef NO_RC2
+        if (doit[D_CBC_RC2])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
+                                RC2_cbc_encrypt(buf,buf,
+                                        (unsigned long)lengths[j],&rc2_ks,
+                                        (unsigned char *)&(iv[0]),RC2_ENCRYPT);
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_CBC_RC2],d);
+                        results[D_CBC_RC2][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+#ifndef NO_RC5
+        if (doit[D_CBC_RC5])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
+                                RC5_32_cbc_encrypt(buf,buf,
+                                        (unsigned long)lengths[j],&rc5_ks,
+                                        (unsigned char *)&(iv[0]),RC5_ENCRYPT);
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_CBC_RC5],d);
+                        results[D_CBC_RC5][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+#ifndef NO_BLOWFISH
+        if (doit[D_CBC_BF])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
+                                BF_cbc_encrypt(buf,buf,
+                                        (unsigned long)lengths[j],&bf_ks,
+                                        (unsigned char *)&(iv[0]),BF_ENCRYPT);
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_CBC_BF],d);
+                        results[D_CBC_BF][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+#ifndef NO_CAST
+        if (doit[D_CBC_CAST])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
+                                CAST_cbc_encrypt(buf,buf,
+                                        (unsigned long)lengths[j],&cast_ks,
+                                        (unsigned char *)&(iv[0]),CAST_ENCRYPT);
+                        d=Time_F(STOP);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_CBC_CAST],d);
+                        results[D_CBC_CAST][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+        RAND_bytes(buf,30);
+#ifndef NO_RSA
+        for (j=0; j<RSA_NUM; j++)
+                {
+                if (!rsa_doit[j]) continue;
+                pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
+                        RSA_SECONDS);
+/*              RSA_blinding_on(rsa_key[j],NULL); */
+                Time_F(START);
+                for (count=0,run=1; COND(rsa_c[j][0]); count++)
+                        {
+                        rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j],
+                                RSA_PKCS1_PADDING);
+                        if (rsa_num <= 0)
+                                {
+                                BIO_printf(bio_err,"RSA private encrypt failure\n");
+                                ERR_print_errors(bio_err);
+                                count=1;
+                                break;
+                                }
+                        }
+                d=Time_F(STOP);
+                BIO_printf(bio_err,"%ld %d bit private RSA's in %.2fs\n",
+                        count,rsa_bits[j],d);
+                rsa_results[j][0]=d/(double)count;
+                rsa_count=count;
+#if 1
+                pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
+                        RSA_SECONDS);
+                Time_F(START);
+                for (count=0,run=1; COND(rsa_c[j][1]); count++)
+                        {
+                        rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j],
+                                RSA_PKCS1_PADDING);
+                        if (rsa_num2 <= 0)
+                                {
+                                BIO_printf(bio_err,"RSA public encrypt failure\n");
+                                ERR_print_errors(bio_err);
+                                count=1;
+                                break;
+                                }
+                        }
+                d=Time_F(STOP);
+                BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n",
+                        count,rsa_bits[j],d);
+                rsa_results[j][1]=d/(double)count;
+#endif
+                if (rsa_count <= 1)
+                        {
+                        /* if longer than 10s, don't do any more */
+                        for (j++; j<RSA_NUM; j++)
+                                rsa_doit[j]=0;
+                        }
+                }
+#endif
+        RAND_bytes(buf,20);
+#ifndef NO_DSA
+        for (j=0; j<DSA_NUM; j++)
+                {
+                unsigned int kk;
+                if (!dsa_doit[j]) continue;
+                DSA_generate_key(dsa_key[j]);
+/*              DSA_sign_setup(dsa_key[j],NULL); */
+                pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j],
+                        DSA_SECONDS);
+                Time_F(START);
+                for (count=0,run=1; COND(dsa_c[j][0]); count++)
+                        {
+                        rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+                                &kk,dsa_key[j]);
+                        if (rsa_num <= 0)
+                                {
+                                BIO_printf(bio_err,"DSA sign failure\n");
+                                ERR_print_errors(bio_err);
+                                count=1;
+                                break;
+                                }
+                        }
+                d=Time_F(STOP);
+                BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
+                        count,dsa_bits[j],d);
+                dsa_results[j][0]=d/(double)count;
+                rsa_count=count;
+                pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j],
+                        DSA_SECONDS);
+                Time_F(START);
+                for (count=0,run=1; COND(dsa_c[j][1]); count++)
+                        {
+                        rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+                                kk,dsa_key[j]);
+                        if (rsa_num2 <= 0)
+                                {
+                                BIO_printf(bio_err,"DSA verify failure\n");
+                                ERR_print_errors(bio_err);
+                                count=1;
+                                break;
+                                }
+                        }
+                d=Time_F(STOP);
+                BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
+                        count,dsa_bits[j],d);
+                dsa_results[j][1]=d/(double)count;
+                if (rsa_count <= 1)
+                        {
+                        /* if longer than 10s, don't do any more */
+                        for (j++; j<DSA_NUM; j++)
+                                dsa_doit[j]=0;
+                        }
+                }
+#endif
+        fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
+        fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));
+        printf("options:");
+        printf("%s ",BN_options());
+#ifndef NO_MD2
+        printf("%s ",MD2_options());
+#endif
+#ifndef NO_RC4
+        printf("%s ",RC4_options());
+#endif
+#ifndef NO_DES
+        printf("%s ",des_options());
+#endif
+#ifndef NO_IDEA
+        printf("%s ",idea_options());
+#endif
+#ifndef NO_BLOWFISH
+        printf("%s ",BF_options());
+#endif
+        fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
+        if (pr_header)
+                {
+                fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n"); 
+                fprintf(stdout,"type        ");
+                for (j=0;  j<SIZE_NUM; j++)
+                        fprintf(stdout,"%7d bytes",lengths[j]);
+                fprintf(stdout,"\n");
+                }
+        for (k=0; k<ALGOR_NUM; k++)
+                {
+                if (!doit[k]) continue;
+                fprintf(stdout,"%-13s",names[k]);
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        if (results[k][j] > 10000)
+                                fprintf(stdout," %11.2fk",results[k][j]/1e3);
+                        else
+                                fprintf(stdout," %11.2f ",results[k][j]);
+                        }
+                fprintf(stdout,"\n");
+                }
+#ifndef NO_RSA
+        j=1;
+        for (k=0; k<RSA_NUM; k++)
+                {
+                if (!rsa_doit[k]) continue;
+                if (j)
+                        {
+                        printf("%18ssign    verify    sign/s verify/s\n"," ");
+                        j=0;
+                        }
+                fprintf(stdout,"rsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
+                        rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
+                        1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
+                fprintf(stdout,"\n");
+                }
+#endif
+#ifndef NO_DSA
+        j=1;
+        for (k=0; k<DSA_NUM; k++)
+                {
+                if (!dsa_doit[k]) continue;
+                if (j)  {
+                        printf("%18ssign    verify    sign/s verify/s\n"," ");
+                        j=0;
+                        }
+                fprintf(stdout,"dsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
+                        dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
+                        1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
+                fprintf(stdout,"\n");
+                }
+#endif
+        ret=0;
+end:
+        if (buf != NULL) Free(buf);
+        if (buf2 != NULL) Free(buf2);
+#ifndef NO_RSA
+        for (i=0; i<RSA_NUM; i++)
+                if (rsa_key[i] != NULL)
+                        RSA_free(rsa_key[i]);
+#endif
+#ifndef NO_DSA
+        for (i=0; i<DSA_NUM; i++)
+                if (dsa_key[i] != NULL)
+                        DSA_free(dsa_key[i]);
+#endif
+        EXIT(ret);
+        }
+static void print_message(s,num,length)
+char *s;
+long num;
+int length;
+        {
+#ifdef SIGALRM
+        BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
+        BIO_flush(bio_err);
+        alarm(SECONDS);
+#else
+        BIO_printf(bio_err,"Doing %s %ld times on %d size blocks: ",s,num,length);
+        BIO_flush(bio_err);
+#endif
+#ifdef LINT
+        num=num;
+#endif
+        }
+static void pkey_print_message(str,str2,num,bits,tm)
+char *str;
+char *str2;
+long num;
+int bits;
+int tm;
+        {
+#ifdef SIGALRM
+        BIO_printf(bio_err,"Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
+        BIO_flush(bio_err);
+        alarm(RSA_SECONDS);
+#else
+        BIO_printf(bio_err,"Doing %ld %d bit %s %s's: ",num,bits,str,str2);
+        BIO_flush(bio_err);
+#endif
+#ifdef LINT
+        num=num;
+#endif
+        }
diff --git a/src/lib/libssl/src/apps/testCA.pem b/src/lib/libssl/src/apps/testCA.pem
new file mode 100644
index 0000000000..dcb710aa9d
--- /dev/null
+++ b/src/lib/libssl/src/apps/testCA.pem
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBBzCBsgIBADBNMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEX
+MBUGA1UEChMOTWluY29tIFB0eSBMdGQxEDAOBgNVBAMTB1RFU1QgQ0EwXDANBgkq
+hkiG9w0BAQEFAANLADBIAkEAzW9brgA8efT2ODB+NrsflJZj3KKqKsm4OrXTRqfL
+VETj1ws/zCXl42XJAxdWQMCP0liKfc9Ut4xi1qCVI7N07wIDAQABoAAwDQYJKoZI
+hvcNAQEEBQADQQBjZZ42Det9Uw0AFwJy4ufUEy5Cv74pxBp5SZnljgHY+Az0Hs2S
+uNkIegr2ITX5azKi9nOkg9ZmsmGG13FIjiC/
+-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/src/apps/testdsa.h b/src/lib/libssl/src/apps/testdsa.h
new file mode 100644
index 0000000000..8e8aea617a
--- /dev/null
+++ b/src/lib/libssl/src/apps/testdsa.h
@@ -0,0 +1,155 @@
+/* NOCW */
+#ifndef NOPROTO
+DSA *get_dsa512(void );
+DSA *get_dsa1024(void );
+DSA *get_dsa2048(void );
+#else
+DSA *get_dsa512();
+DSA *get_dsa1024();
+DSA *get_dsa2048();
+#endif
+static unsigned char dsa512_p[]={
+        0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
+        0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
+        0x62,0x50,0x33,0x4B,0x02,0x3C,0x52,0x30,0x03,0x8B,0x3B,0xF9,
+        0x5F,0xD1,0x24,0x06,0x4F,0x7B,0x4C,0xBA,0xAA,0x40,0x9B,0xFD,
+        0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66,
+        0xA2,0x76,0x7D,0x31,
+        };
+static unsigned char dsa512_q[]={
+        0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A,
+        0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F,
+        };
+static unsigned char dsa512_g[]={
+        0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49,
+        0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9,
+        0xBE,0x5B,0x5F,0xB7,0x10,0xD7,0x89,0xB7,0x8E,0x74,0xFB,0xCF,
+        0x29,0x1E,0xEB,0xA8,0x2C,0x54,0x51,0xB8,0x10,0xDE,0xA0,0xCE,
+        0x2F,0xCC,0x24,0x6B,0x90,0x77,0xDE,0xA2,0x68,0xA6,0x52,0x12,
+        0xA2,0x03,0x9D,0x20,
+        };
+DSA *get_dsa512()
+        {
+        DSA *dsa;
+        if ((dsa=DSA_new()) == NULL) return(NULL);
+        dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
+        dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
+        dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
+        if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+                return(NULL);
+        return(dsa);
+        }
+static unsigned char dsa1024_p[]={
+        0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
+        0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
+        0x86,0x96,0xB3,0x15,0xE0,0x53,0x2E,0x8F,0xE0,0x59,0x82,0x73,
+        0x90,0x3E,0x75,0x31,0x99,0x47,0x7A,0x52,0xFB,0x85,0xE4,0xD9,
+        0xA6,0x7B,0x38,0x9B,0x68,0x8A,0x84,0x9B,0x87,0xC6,0x1E,0xB5,
+        0x7E,0x86,0x4B,0x53,0x5B,0x59,0xCF,0x71,0x65,0x19,0x88,0x6E,
+        0xCE,0x66,0xAE,0x6B,0x88,0x36,0xFB,0xEC,0x28,0xDC,0xC2,0xD7,
+        0xA5,0xBB,0xE5,0x2C,0x39,0x26,0x4B,0xDA,0x9A,0x70,0x18,0x95,
+        0x37,0x95,0x10,0x56,0x23,0xF6,0x15,0xED,0xBA,0x04,0x5E,0xDE,
+        0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80,
+        0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49,
+        };
+static unsigned char dsa1024_q[]={
+        0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C,
+        0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,
+        };
+static unsigned char dsa1024_g[]={
+        0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46,
+        0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D,
+        0x98,0xBB,0x28,0x86,0x48,0xFC,0xDE,0x99,0x04,0x3F,0x5F,0x88,
+        0x0C,0x9C,0x73,0x24,0x0D,0x20,0x5D,0xB9,0x2A,0x9A,0x3F,0x18,
+        0x96,0x27,0xE4,0x62,0x87,0xC1,0x7B,0x74,0x62,0x53,0xFC,0x61,
+        0x27,0xA8,0x7A,0x91,0x09,0x9D,0xB6,0xF1,0x4D,0x9C,0x54,0x0F,
+        0x58,0x06,0xEE,0x49,0x74,0x07,0xCE,0x55,0x7E,0x23,0xCE,0x16,
+        0xF6,0xCA,0xDC,0x5A,0x61,0x01,0x7E,0xC9,0x71,0xB5,0x4D,0xF6,
+        0xDC,0x34,0x29,0x87,0x68,0xF6,0x5E,0x20,0x93,0xB3,0xDB,0xF5,
+        0xE4,0x09,0x6C,0x41,0x17,0x95,0x92,0xEB,0x01,0xB5,0x73,0xA5,
+        0x6A,0x7E,0xD8,0x32,0xED,0x0E,0x02,0xB8,
+        };
+DSA *get_dsa1024()
+        {
+        DSA *dsa;
+        if ((dsa=DSA_new()) == NULL) return(NULL);
+        dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
+        dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
+        dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
+        if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+                return(NULL);
+        return(dsa);
+        }
+static unsigned char dsa2048_p[]={
+        0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
+        0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
+        0xEB,0xF8,0xC4,0x13,0xD9,0xA0,0x5D,0x8B,0x5C,0x8E,0xDC,0xC2,
+        0x1D,0x0B,0x41,0x32,0xB0,0x1F,0xFE,0xEF,0x0C,0xC2,0xA2,0x7E,
+        0x68,0x5C,0x28,0x21,0xE9,0xF5,0xB1,0x58,0x12,0x63,0x4C,0x19,
+        0x4E,0xFF,0x02,0x4B,0x92,0xED,0xD2,0x07,0x11,0x4D,0x8C,0x58,
+        0x16,0x5C,0x55,0x8E,0xAD,0xA3,0x67,0x7D,0xB9,0x86,0x6E,0x0B,
+        0xE6,0x54,0x6F,0x40,0xAE,0x0E,0x67,0x4C,0xF9,0x12,0x5B,0x3C,
+        0x08,0x7A,0xF7,0xFC,0x67,0x86,0x69,0xE7,0x0A,0x94,0x40,0xBF,
+        0x8B,0x76,0xFE,0x26,0xD1,0xF2,0xA1,0x1A,0x84,0xA1,0x43,0x56,
+        0x28,0xBC,0x9A,0x5F,0xD7,0x3B,0x69,0x89,0x8A,0x36,0x2C,0x51,
+        0xDF,0x12,0x77,0x2F,0x57,0x7B,0xA0,0xAA,0xDD,0x7F,0xA1,0x62,
+        0x3B,0x40,0x7B,0x68,0x1A,0x8F,0x0D,0x38,0xBB,0x21,0x5D,0x18,
+        0xFC,0x0F,0x46,0xF7,0xA3,0xB0,0x1D,0x23,0xC3,0xD2,0xC7,0x72,
+        0x51,0x18,0xDF,0x46,0x95,0x79,0xD9,0xBD,0xB5,0x19,0x02,0x2C,
+        0x87,0xDC,0xE7,0x57,0x82,0x7E,0xF1,0x8B,0x06,0x3D,0x00,0xA5,
+        0x7B,0x6B,0x26,0x27,0x91,0x0F,0x6A,0x77,0xE4,0xD5,0x04,0xE4,
+        0x12,0x2C,0x42,0xFF,0xD2,0x88,0xBB,0xD3,0x92,0xA0,0xF9,0xC8,
+        0x51,0x64,0x14,0x5C,0xD8,0xF9,0x6C,0x47,0x82,0xB4,0x1C,0x7F,
+        0x09,0xB8,0xF0,0x25,0x83,0x1D,0x3F,0x3F,0x05,0xB3,0x21,0x0A,
+        0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE,
+        0xF8,0x68,0xCF,0x9B,
+        };
+static unsigned char dsa2048_q[]={
+        0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6,
+        0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,
+        };
+static unsigned char dsa2048_g[]={
+        0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5,
+        0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E,
+        0x90,0xBF,0x96,0xA6,0xAE,0x25,0x90,0x72,0xF5,0x8E,0x80,0x0C,
+        0x39,0x1C,0xD9,0xEC,0xBA,0x90,0x5B,0x3A,0xE8,0x58,0x6C,0x9E,
+        0x30,0x42,0x37,0x02,0x31,0x82,0xBC,0x6A,0xDF,0x6A,0x09,0x29,
+        0xE3,0xC0,0x46,0xD1,0xCB,0x85,0xEC,0x0C,0x30,0x5E,0xEA,0xC8,
+        0x39,0x8E,0x22,0x9F,0x22,0x10,0xD2,0x34,0x61,0x68,0x37,0x3D,
+        0x2E,0x4A,0x5B,0x9A,0xF5,0xC1,0x48,0xC6,0xF6,0xDC,0x63,0x1A,
+        0xD3,0x96,0x64,0xBA,0x34,0xC9,0xD1,0xA0,0xD1,0xAE,0x6C,0x2F,
+        0x48,0x17,0x93,0x14,0x43,0xED,0xF0,0x21,0x30,0x19,0xC3,0x1B,
+        0x5F,0xDE,0xA3,0xF0,0x70,0x78,0x18,0xE1,0xA8,0xE4,0xEE,0x2E,
+        0x00,0xA5,0xE4,0xB3,0x17,0xC8,0x0C,0x7D,0x6E,0x42,0xDC,0xB7,
+        0x46,0x00,0x36,0x4D,0xD4,0x46,0xAA,0x3D,0x3C,0x46,0x89,0x40,
+        0xBF,0x1D,0x84,0x77,0x0A,0x75,0xF3,0x87,0x1D,0x08,0x4C,0xA6,
+        0xD1,0xA9,0x1C,0x1E,0x12,0x1E,0xE1,0xC7,0x30,0x28,0x76,0xA5,
+        0x7F,0x6C,0x85,0x96,0x2B,0x6F,0xDB,0x80,0x66,0x26,0xAE,0xF5,
+        0x93,0xC7,0x8E,0xAE,0x9A,0xED,0xE4,0xCA,0x04,0xEA,0x3B,0x72,
+        0xEF,0xDC,0x87,0xED,0x0D,0xA5,0x4C,0x4A,0xDD,0x71,0x22,0x64,
+        0x59,0x69,0x4E,0x8E,0xBF,0x43,0xDC,0xAB,0x8E,0x66,0xBB,0x01,
+        0xB6,0xF4,0xE7,0xFD,0xD2,0xAD,0x9F,0x36,0xC1,0xA0,0x29,0x99,
+        0xD1,0x96,0x70,0x59,0x06,0x78,0x35,0xBD,0x65,0x55,0x52,0x9E,
+        0xF8,0xB2,0xE5,0x38,
+        };
+ 
+DSA *get_dsa2048()
+        {
+        DSA *dsa;
+ 
+        if ((dsa=DSA_new()) == NULL) return(NULL);
+        dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
+        dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
+        dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
+        if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+                return(NULL);
+        return(dsa);
+        }
diff --git a/src/lib/libssl/src/apps/testrsa.h b/src/lib/libssl/src/apps/testrsa.h
new file mode 100644
index 0000000000..9a0e811c73
--- /dev/null
+++ b/src/lib/libssl/src/apps/testrsa.h
@@ -0,0 +1,517 @@
+/* apps/testrsa.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+static unsigned char test512[]={
+        0x30,0x82,0x01,0x3a,0x02,0x01,0x00,0x02,0x41,0x00,
+        0xd6,0x33,0xb9,0xc8,0xfb,0x4f,0x3c,0x7d,0xc0,0x01,
+        0x86,0xd0,0xe7,0xa0,0x55,0xf2,0x95,0x93,0xcc,0x4f,
+        0xb7,0x5b,0x67,0x5b,0x94,0x68,0xc9,0x34,0x15,0xde,
+        0xa5,0x2e,0x1c,0x33,0xc2,0x6e,0xfc,0x34,0x5e,0x71,
+        0x13,0xb7,0xd6,0xee,0xd8,0xa5,0x65,0x05,0x72,0x87,
+        0xa8,0xb0,0x77,0xfe,0x57,0xf5,0xfc,0x5f,0x55,0x83,
+        0x87,0xdd,0x57,0x49,0x02,0x03,0x01,0x00,0x01,0x02,
+        0x41,0x00,0xa7,0xf7,0x91,0xc5,0x0f,0x84,0x57,0xdc,
+        0x07,0xf7,0x6a,0x7f,0x60,0x52,0xb3,0x72,0xf1,0x66,
+        0x1f,0x7d,0x97,0x3b,0x9e,0xb6,0x0a,0x8f,0x8c,0xcf,
+        0x42,0x23,0x00,0x04,0xd4,0x28,0x0e,0x1c,0x90,0xc4,
+        0x11,0x25,0x25,0xa5,0x93,0xa5,0x2f,0x70,0x02,0xdf,
+        0x81,0x9c,0x49,0x03,0xa0,0xf8,0x6d,0x54,0x2e,0x26,
+        0xde,0xaa,0x85,0x59,0xa8,0x31,0x02,0x21,0x00,0xeb,
+        0x47,0xd7,0x3b,0xf6,0xc3,0xdd,0x5a,0x46,0xc5,0xb9,
+        0x2b,0x9a,0xa0,0x09,0x8f,0xa6,0xfb,0xf3,0x78,0x7a,
+        0x33,0x70,0x9d,0x0f,0x42,0x6b,0x13,0x68,0x24,0xd3,
+        0x15,0x02,0x21,0x00,0xe9,0x10,0xb0,0xb3,0x0d,0xe2,
+        0x82,0x68,0x77,0x8a,0x6e,0x7c,0xda,0xbc,0x3e,0x53,
+        0x83,0xfb,0xd6,0x22,0xe7,0xb5,0xae,0x6e,0x80,0xda,
+        0x00,0x55,0x97,0xc1,0xd0,0x65,0x02,0x20,0x4c,0xf8,
+        0x73,0xb1,0x6a,0x49,0x29,0x61,0x1f,0x46,0x10,0x0d,
+        0xf3,0xc7,0xe7,0x58,0xd7,0x88,0x15,0x5e,0x94,0x9b,
+        0xbf,0x7b,0xa2,0x42,0x58,0x45,0x41,0x0c,0xcb,0x01,
+        0x02,0x20,0x12,0x11,0xba,0x31,0x57,0x9d,0x3d,0x11,
+        0x0e,0x5b,0x8c,0x2f,0x5f,0xe2,0x02,0x4f,0x05,0x47,
+        0x8c,0x15,0x8e,0xb3,0x56,0x3f,0xb8,0xfb,0xad,0xd4,
+        0xf4,0xfc,0x10,0xc5,0x02,0x20,0x18,0xa1,0x29,0x99,
+        0x5b,0xd9,0xc8,0xd4,0xfc,0x49,0x7a,0x2a,0x21,0x2c,
+        0x49,0xe4,0x4f,0xeb,0xef,0x51,0xf1,0xab,0x6d,0xfb,
+        0x4b,0x14,0xe9,0x4b,0x52,0xb5,0x82,0x2c,
+        };
+static unsigned char test1024[]={
+        0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,
+        0x00,0xdc,0x98,0x43,0xe8,0x3d,0x43,0x5b,0xe4,0x05,
+        0xcd,0xd0,0xa9,0x3e,0xcb,0x83,0x75,0xf6,0xb5,0xa5,
+        0x9f,0x6b,0xe9,0x34,0x41,0x29,0x18,0xfa,0x6a,0x55,
+        0x4d,0x70,0xfc,0xec,0xae,0x87,0x38,0x0a,0x20,0xa9,
+        0xc0,0x45,0x77,0x6e,0x57,0x60,0x57,0xf4,0xed,0x96,
+        0x22,0xcb,0x8f,0xe1,0x33,0x3a,0x17,0x1f,0xed,0x37,
+        0xa5,0x6f,0xeb,0xa6,0xbc,0x12,0x80,0x1d,0x53,0xbd,
+        0x70,0xeb,0x21,0x76,0x3e,0xc9,0x2f,0x1a,0x45,0x24,
+        0x82,0xff,0xcd,0x59,0x32,0x06,0x2e,0x12,0x3b,0x23,
+        0x78,0xed,0x12,0x3d,0xe0,0x8d,0xf9,0x67,0x4f,0x37,
+        0x4e,0x47,0x02,0x4c,0x2d,0xc0,0x4f,0x1f,0xb3,0x94,
+        0xe1,0x41,0x2e,0x2d,0x90,0x10,0xfc,0x82,0x91,0x8b,
+        0x0f,0x22,0xd4,0xf2,0xfc,0x2c,0xab,0x53,0x55,0x02,
+        0x03,0x01,0x00,0x01,0x02,0x81,0x80,0x2b,0xcc,0x3f,
+        0x8f,0x58,0xba,0x8b,0x00,0x16,0xf6,0xea,0x3a,0xf0,
+        0x30,0xd0,0x05,0x17,0xda,0xb0,0xeb,0x9a,0x2d,0x4f,
+        0x26,0xb0,0xd6,0x38,0xc1,0xeb,0xf5,0xd8,0x3d,0x1f,
+        0x70,0xf7,0x7f,0xf4,0xe2,0xcf,0x51,0x51,0x79,0x88,
+        0xfa,0xe8,0x32,0x0e,0x7b,0x2d,0x97,0xf2,0xfa,0xba,
+        0x27,0xc5,0x9c,0xd9,0xc5,0xeb,0x8a,0x79,0x52,0x3c,
+        0x64,0x34,0x7d,0xc2,0xcf,0x28,0xc7,0x4e,0xd5,0x43,
+        0x0b,0xd1,0xa6,0xca,0x6d,0x03,0x2d,0x72,0x23,0xbc,
+        0x6d,0x05,0xfa,0x16,0x09,0x2f,0x2e,0x5c,0xb6,0xee,
+        0x74,0xdd,0xd2,0x48,0x8e,0x36,0x0c,0x06,0x3d,0x4d,
+        0xe5,0x10,0x82,0xeb,0x6a,0xf3,0x4b,0x9f,0xd6,0xed,
+        0x11,0xb1,0x6e,0xec,0xf4,0xfe,0x8e,0x75,0x94,0x20,
+        0x2f,0xcb,0xac,0x46,0xf1,0x02,0x41,0x00,0xf9,0x8c,
+        0xa3,0x85,0xb1,0xdd,0x29,0xaf,0x65,0xc1,0x33,0xf3,
+        0x95,0xc5,0x52,0x68,0x0b,0xd4,0xf1,0xe5,0x0e,0x02,
+        0x9f,0x4f,0xfa,0x77,0xdc,0x46,0x9e,0xc7,0xa6,0xe4,
+        0x16,0x29,0xda,0xb0,0x07,0xcf,0x5b,0xa9,0x12,0x8a,
+        0xdd,0x63,0x0a,0xde,0x2e,0x8c,0x66,0x8b,0x8c,0xdc,
+        0x19,0xa3,0x7e,0xf4,0x3b,0xd0,0x1a,0x8c,0xa4,0xc2,
+        0xe1,0xd3,0x02,0x41,0x00,0xe2,0x4c,0x05,0xf2,0x04,
+        0x86,0x4e,0x61,0x43,0xdb,0xb0,0xb9,0x96,0x86,0x52,
+        0x2c,0xca,0x8d,0x7b,0xab,0x0b,0x13,0x0d,0x7e,0x38,
+        0x5b,0xe2,0x2e,0x7b,0x0e,0xe7,0x19,0x99,0x38,0xe7,
+        0xf2,0x21,0xbd,0x85,0x85,0xe3,0xfd,0x28,0x77,0x20,
+        0x31,0x71,0x2c,0xd0,0xff,0xfb,0x2e,0xaf,0x85,0xb4,
+        0x86,0xca,0xf3,0xbb,0xca,0xaa,0x0f,0x95,0x37,0x02,
+        0x40,0x0e,0x41,0x9a,0x95,0xe8,0xb3,0x59,0xce,0x4b,
+        0x61,0xde,0x35,0xec,0x38,0x79,0x9c,0xb8,0x10,0x52,
+        0x41,0x63,0xab,0x82,0xae,0x6f,0x00,0xa9,0xf4,0xde,
+        0xdd,0x49,0x0b,0x7e,0xb8,0xa5,0x65,0xa9,0x0c,0x8f,
+        0x8f,0xf9,0x1f,0x35,0xc6,0x92,0xb8,0x5e,0xb0,0x66,
+        0xab,0x52,0x40,0xc0,0xb6,0x36,0x6a,0x7d,0x80,0x46,
+        0x04,0x02,0xe5,0x9f,0x41,0x02,0x41,0x00,0xc0,0xad,
+        0xcc,0x4e,0x21,0xee,0x1d,0x24,0x91,0xfb,0xa7,0x80,
+        0x8d,0x9a,0xb6,0xb3,0x2e,0x8f,0xc2,0xe1,0x82,0xdf,
+        0x69,0x18,0xb4,0x71,0xff,0xa6,0x65,0xde,0xed,0x84,
+        0x8d,0x42,0xb7,0xb3,0x21,0x69,0x56,0x1c,0x07,0x60,
+        0x51,0x29,0x04,0xff,0x34,0x06,0xdd,0xb9,0x67,0x2c,
+        0x7c,0x04,0x93,0x0e,0x46,0x15,0xbb,0x2a,0xb7,0x1b,
+        0xe7,0x87,0x02,0x40,0x78,0xda,0x5d,0x07,0x51,0x0c,
+        0x16,0x7a,0x9f,0x29,0x20,0x84,0x0d,0x42,0xfa,0xd7,
+        0x00,0xd8,0x77,0x7e,0xb0,0xb0,0x6b,0xd6,0x5b,0x53,
+        0xb8,0x9b,0x7a,0xcd,0xc7,0x2b,0xb8,0x6a,0x63,0xa9,
+        0xfb,0x6f,0xa4,0x72,0xbf,0x4c,0x5d,0x00,0x14,0xba,
+        0xfa,0x59,0x88,0xed,0xe4,0xe0,0x8c,0xa2,0xec,0x14,
+        0x7e,0x2d,0xe2,0xf0,0x46,0x49,0x95,0x45,
+        };
+static unsigned char test2048[]={
+        0x30,0x82,0x04,0xa3,0x02,0x01,0x00,0x02,0x82,0x01,
+        0x01,0x00,0xc0,0xc0,0xce,0x3e,0x3c,0x53,0x67,0x3f,
+        0x4f,0xc5,0x2f,0xa4,0xc2,0x5a,0x2f,0x58,0xfd,0x27,
+        0x52,0x6a,0xe8,0xcf,0x4a,0x73,0x47,0x8d,0x25,0x0f,
+        0x5f,0x03,0x26,0x78,0xef,0xf0,0x22,0x12,0xd3,0xde,
+        0x47,0xb2,0x1c,0x0b,0x38,0x63,0x1a,0x6c,0x85,0x7a,
+        0x80,0xc6,0x8f,0xa0,0x41,0xaf,0x62,0xc4,0x67,0x32,
+        0x88,0xf8,0xa6,0x9c,0xf5,0x23,0x1d,0xe4,0xac,0x3f,
+        0x29,0xf9,0xec,0xe1,0x8b,0x26,0x03,0x2c,0xb2,0xab,
+        0xf3,0x7d,0xb5,0xca,0x49,0xc0,0x8f,0x1c,0xdf,0x33,
+        0x3a,0x60,0xda,0x3c,0xb0,0x16,0xf8,0xa9,0x12,0x8f,
+        0x64,0xac,0x23,0x0c,0x69,0x64,0x97,0x5d,0x99,0xd4,
+        0x09,0x83,0x9b,0x61,0xd3,0xac,0xf0,0xde,0xdd,0x5e,
+        0x9f,0x44,0x94,0xdb,0x3a,0x4d,0x97,0xe8,0x52,0x29,
+        0xf7,0xdb,0x94,0x07,0x45,0x90,0x78,0x1e,0x31,0x0b,
+        0x80,0xf7,0x57,0xad,0x1c,0x79,0xc5,0xcb,0x32,0xb0,
+        0xce,0xcd,0x74,0xb3,0xe2,0x94,0xc5,0x78,0x2f,0x34,
+        0x1a,0x45,0xf7,0x8c,0x52,0xa5,0xbc,0x8d,0xec,0xd1,
+        0x2f,0x31,0x3b,0xf0,0x49,0x59,0x5e,0x88,0x9d,0x15,
+        0x92,0x35,0x32,0xc1,0xe7,0x61,0xec,0x50,0x48,0x7c,
+        0xba,0x05,0xf9,0xf8,0xf8,0xa7,0x8c,0x83,0xe8,0x66,
+        0x5b,0xeb,0xfe,0xd8,0x4f,0xdd,0x6d,0x36,0xc0,0xb2,
+        0x90,0x0f,0xb8,0x52,0xf9,0x04,0x9b,0x40,0x2c,0x27,
+        0xd6,0x36,0x8e,0xc2,0x1b,0x44,0xf3,0x92,0xd5,0x15,
+        0x9e,0x9a,0xbc,0xf3,0x7d,0x03,0xd7,0x02,0x14,0x20,
+        0xe9,0x10,0x92,0xfd,0xf9,0xfc,0x8f,0xe5,0x18,0xe1,
+        0x95,0xcc,0x9e,0x60,0xa6,0xfa,0x38,0x4d,0x02,0x03,
+        0x01,0x00,0x01,0x02,0x82,0x01,0x00,0x00,0xc3,0xc3,
+        0x0d,0xb4,0x27,0x90,0x8d,0x4b,0xbf,0xb8,0x84,0xaa,
+        0xd0,0xb8,0xc7,0x5d,0x99,0xbe,0x55,0xf6,0x3e,0x7c,
+        0x49,0x20,0xcb,0x8a,0x8e,0x19,0x0e,0x66,0x24,0xac,
+        0xaf,0x03,0x33,0x97,0xeb,0x95,0xd5,0x3b,0x0f,0x40,
+        0x56,0x04,0x50,0xd1,0xe6,0xbe,0x84,0x0b,0x25,0xd3,
+        0x9c,0xe2,0x83,0x6c,0xf5,0x62,0x5d,0xba,0x2b,0x7d,
+        0x3d,0x7a,0x6c,0xe1,0xd2,0x0e,0x54,0x93,0x80,0x01,
+        0x91,0x51,0x09,0xe8,0x5b,0x8e,0x47,0xbd,0x64,0xe4,
+        0x0e,0x03,0x83,0x55,0xcf,0x5a,0x37,0xf0,0x25,0xb5,
+        0x7d,0x21,0xd7,0x69,0xdf,0x6f,0xc2,0xcf,0x10,0xc9,
+        0x8a,0x40,0x9f,0x7a,0x70,0xc0,0xe8,0xe8,0xc0,0xe6,
+        0x9a,0x15,0x0a,0x8d,0x4e,0x46,0xcb,0x7a,0xdb,0xb3,
+        0xcb,0x83,0x02,0xc4,0xf0,0xab,0xeb,0x02,0x01,0x0e,
+        0x23,0xfc,0x1d,0xc4,0xbd,0xd4,0xaa,0x5d,0x31,0x46,
+        0x99,0xce,0x9e,0xf8,0x04,0x75,0x10,0x67,0xc4,0x53,
+        0x47,0x44,0xfa,0xc2,0x25,0x73,0x7e,0xd0,0x8e,0x59,
+        0xd1,0xb2,0x5a,0xf4,0xc7,0x18,0x92,0x2f,0x39,0xab,
+        0xcd,0xa3,0xb5,0xc2,0xb9,0xc7,0xb9,0x1b,0x9f,0x48,
+        0xfa,0x13,0xc6,0x98,0x4d,0xca,0x84,0x9c,0x06,0xca,
+        0xe7,0x89,0x01,0x04,0xc4,0x6c,0xfd,0x29,0x59,0x35,
+        0xe7,0xf3,0xdd,0xce,0x64,0x59,0xbf,0x21,0x13,0xa9,
+        0x9f,0x0e,0xc5,0xff,0xbd,0x33,0x00,0xec,0xac,0x6b,
+        0x11,0xef,0x51,0x5e,0xad,0x07,0x15,0xde,0xb8,0x5f,
+        0xc6,0xb9,0xa3,0x22,0x65,0x46,0x83,0x14,0xdf,0xd0,
+        0xf1,0x44,0x8a,0xe1,0x9c,0x23,0x33,0xb4,0x97,0x33,
+        0xe6,0x6b,0x81,0x02,0x81,0x81,0x00,0xec,0x12,0xa7,
+        0x59,0x74,0x6a,0xde,0x3e,0xad,0xd8,0x36,0x80,0x50,
+        0xa2,0xd5,0x21,0x81,0x07,0xf1,0xd0,0x91,0xf2,0x6c,
+        0x12,0x2f,0x9d,0x1a,0x26,0xf8,0x30,0x65,0xdf,0xe8,
+        0xc0,0x9b,0x6a,0x30,0x98,0x82,0x87,0xec,0xa2,0x56,
+        0x87,0x62,0x6f,0xe7,0x9f,0xf6,0x56,0xe6,0x71,0x8f,
+        0x49,0x86,0x93,0x5a,0x4d,0x34,0x58,0xfe,0xd9,0x04,
+        0x13,0xaf,0x79,0xb7,0xad,0x11,0xd1,0x30,0x9a,0x14,
+        0x06,0xa0,0xfa,0xb7,0x55,0xdc,0x6c,0x5a,0x4c,0x2c,
+        0x59,0x56,0xf6,0xe8,0x9d,0xaf,0x0a,0x78,0x99,0x06,
+        0x06,0x9e,0xe7,0x9c,0x51,0x55,0x43,0xfc,0x3b,0x6c,
+        0x0b,0xbf,0x2d,0x41,0xa7,0xaf,0xb7,0xe0,0xe8,0x28,
+        0x18,0xb4,0x13,0xd1,0xe6,0x97,0xd0,0x9f,0x6a,0x80,
+        0xca,0xdd,0x1a,0x7e,0x15,0x02,0x81,0x81,0x00,0xd1,
+        0x06,0x0c,0x1f,0xe3,0xd0,0xab,0xd6,0xca,0x7c,0xbc,
+        0x7d,0x13,0x35,0xce,0x27,0xcd,0xd8,0x49,0x51,0x63,
+        0x64,0x0f,0xca,0x06,0x12,0xfc,0x07,0x3e,0xaf,0x61,
+        0x6d,0xe2,0x53,0x39,0x27,0xae,0xc3,0x11,0x9e,0x94,
+        0x01,0x4f,0xe3,0xf3,0x67,0xf9,0x77,0xf9,0xe7,0x95,
+        0x3a,0x6f,0xe2,0x20,0x73,0x3e,0xa4,0x7a,0x28,0xd4,
+        0x61,0x97,0xf6,0x17,0xa0,0x23,0x10,0x2b,0xce,0x84,
+        0x57,0x7e,0x25,0x1f,0xf4,0xa8,0x54,0xd2,0x65,0x94,
+        0xcc,0x95,0x0a,0xab,0x30,0xc1,0x59,0x1f,0x61,0x8e,
+        0xb9,0x6b,0xd7,0x4e,0xb9,0x83,0x43,0x79,0x85,0x11,
+        0xbc,0x0f,0xae,0x25,0x20,0x05,0xbc,0xd2,0x48,0xa1,
+        0x68,0x09,0x84,0xf6,0x12,0x9a,0x66,0xb9,0x2b,0xbb,
+        0x76,0x03,0x17,0x46,0x4e,0x97,0x59,0x02,0x81,0x80,
+        0x09,0x4c,0xfa,0xd6,0xe5,0x65,0x48,0x78,0x43,0xb5,
+        0x1f,0x00,0x93,0x2c,0xb7,0x24,0xe8,0xc6,0x7d,0x5a,
+        0x70,0x45,0x92,0xc8,0x6c,0xa3,0xcd,0xe1,0xf7,0x29,
+        0x40,0xfa,0x3f,0x5b,0x47,0x44,0x39,0xc1,0xe8,0x72,
+        0x9e,0x7a,0x0e,0xda,0xaa,0xa0,0x2a,0x09,0xfd,0x54,
+        0x93,0x23,0xaa,0x37,0x85,0x5b,0xcc,0xd4,0xf9,0xd8,
+        0xff,0xc1,0x61,0x0d,0xbd,0x7e,0x18,0x24,0x73,0x6d,
+        0x40,0x72,0xf1,0x93,0x09,0x48,0x97,0x6c,0x84,0x90,
+        0xa8,0x46,0x14,0x01,0x39,0x11,0xe5,0x3c,0x41,0x27,
+        0x32,0x75,0x24,0xed,0xa1,0xd9,0x12,0x29,0x8a,0x28,
+        0x71,0x89,0x8d,0xca,0x30,0xb0,0x01,0xc4,0x2f,0x82,
+        0x19,0x14,0x4c,0x70,0x1c,0xb8,0x23,0x2e,0xe8,0x90,
+        0x49,0x97,0x92,0x97,0x6b,0x7a,0x9d,0xb9,0x02,0x81,
+        0x80,0x0f,0x0e,0xa1,0x76,0xf6,0xa1,0x44,0x8f,0xaf,
+        0x7c,0x76,0xd3,0x87,0xbb,0xbb,0x83,0x10,0x88,0x01,
+        0x18,0x14,0xd1,0xd3,0x75,0x59,0x24,0xaa,0xf5,0x16,
+        0xa5,0xe9,0x9d,0xd1,0xcc,0xee,0xf4,0x15,0xd9,0xc5,
+        0x7e,0x27,0xe9,0x44,0x49,0x06,0x72,0xb9,0xfc,0xd3,
+        0x8a,0xc4,0x2c,0x36,0x7d,0x12,0x9b,0x5a,0xaa,0xdc,
+        0x85,0xee,0x6e,0xad,0x54,0xb3,0xf4,0xfc,0x31,0xa1,
+        0x06,0x3a,0x70,0x57,0x0c,0xf3,0x95,0x5b,0x3e,0xe8,
+        0xfd,0x1a,0x4f,0xf6,0x78,0x93,0x46,0x6a,0xd7,0x31,
+        0xb4,0x84,0x64,0x85,0x09,0x38,0x89,0x92,0x94,0x1c,
+        0xbf,0xe2,0x3c,0x2a,0xe0,0xff,0x99,0xa3,0xf0,0x2b,
+        0x31,0xc2,0x36,0xcd,0x60,0xbf,0x9d,0x2d,0x74,0x32,
+        0xe8,0x9c,0x93,0x6e,0xbb,0x91,0x7b,0xfd,0xd9,0x02,
+        0x81,0x81,0x00,0xa2,0x71,0x25,0x38,0xeb,0x2a,0xe9,
+        0x37,0xcd,0xfe,0x44,0xce,0x90,0x3f,0x52,0x87,0x84,
+        0x52,0x1b,0xae,0x8d,0x22,0x94,0xce,0x38,0xe6,0x04,
+        0x88,0x76,0x85,0x9a,0xd3,0x14,0x09,0xe5,0x69,0x9a,
+        0xff,0x58,0x92,0x02,0x6a,0x7d,0x7c,0x1e,0x2c,0xfd,
+        0xa8,0xca,0x32,0x14,0x4f,0x0d,0x84,0x0d,0x37,0x43,
+        0xbf,0xe4,0x5d,0x12,0xc8,0x24,0x91,0x27,0x8d,0x46,
+        0xd9,0x54,0x53,0xe7,0x62,0x71,0xa8,0x2b,0x71,0x41,
+        0x8d,0x75,0xf8,0x3a,0xa0,0x61,0x29,0x46,0xa6,0xe5,
+        0x82,0xfa,0x3a,0xd9,0x08,0xfa,0xfc,0x63,0xfd,0x6b,
+        0x30,0xbc,0xf4,0x4e,0x9e,0x8c,0x25,0x0c,0xb6,0x55,
+        0xe7,0x3c,0xd4,0x4e,0x0b,0xfd,0x8b,0xc3,0x0e,0x1d,
+        0x9c,0x44,0x57,0x8f,0x1f,0x86,0xf7,0xd5,0x1b,0xe4,
+        0x95,
+        };
+static unsigned char test4096[]={
+        0x30,0x82,0x09,0x29,0x02,0x01,0x00,0x02,0x82,0x02,
+        0x01,0x00,0xc0,0x71,0xac,0x1a,0x13,0x88,0x82,0x43,
+        0x3b,0x51,0x57,0x71,0x8d,0xb6,0x2b,0x82,0x65,0x21,
+        0x53,0x5f,0x28,0x29,0x4f,0x8d,0x7c,0x8a,0xb9,0x44,
+        0xb3,0x28,0x41,0x4f,0xd3,0xfa,0x6a,0xf8,0xb9,0x28,
+        0x50,0x39,0x67,0x53,0x2c,0x3c,0xd7,0xcb,0x96,0x41,
+        0x40,0x32,0xbb,0xeb,0x70,0xae,0x1f,0xb0,0x65,0xf7,
+        0x3a,0xd9,0x22,0xfd,0x10,0xae,0xbd,0x02,0xe2,0xdd,
+        0xf3,0xc2,0x79,0x3c,0xc6,0xfc,0x75,0xbb,0xaf,0x4e,
+        0x3a,0x36,0xc2,0x4f,0xea,0x25,0xdf,0x13,0x16,0x4b,
+        0x20,0xfe,0x4b,0x69,0x16,0xc4,0x7f,0x1a,0x43,0xa6,
+        0x17,0x1b,0xb9,0x0a,0xf3,0x09,0x86,0x28,0x89,0xcf,
+        0x2c,0xd0,0xd4,0x81,0xaf,0xc6,0x6d,0xe6,0x21,0x8d,
+        0xee,0xef,0xea,0xdc,0xb7,0xc6,0x3b,0x63,0x9f,0x0e,
+        0xad,0x89,0x78,0x23,0x18,0xbf,0x70,0x7e,0x84,0xe0,
+        0x37,0xec,0xdb,0x8e,0x9c,0x3e,0x6a,0x19,0xcc,0x99,
+        0x72,0xe6,0xb5,0x7d,0x6d,0xfa,0xe5,0xd3,0xe4,0x90,
+        0xb5,0xb2,0xb2,0x12,0x70,0x4e,0xca,0xf8,0x10,0xf8,
+        0xa3,0x14,0xc2,0x48,0x19,0xeb,0x60,0x99,0xbb,0x2a,
+        0x1f,0xb1,0x7a,0xb1,0x3d,0x24,0xfb,0xa0,0x29,0xda,
+        0xbd,0x1b,0xd7,0xa4,0xbf,0xef,0x60,0x2d,0x22,0xca,
+        0x65,0x98,0xf1,0xc4,0xe1,0xc9,0x02,0x6b,0x16,0x28,
+        0x2f,0xa1,0xaa,0x79,0x00,0xda,0xdc,0x7c,0x43,0xf7,
+        0x42,0x3c,0xa0,0xef,0x68,0xf7,0xdf,0xb9,0x69,0xfb,
+        0x8e,0x01,0xed,0x01,0x42,0xb5,0x4e,0x57,0xa6,0x26,
+        0xb8,0xd0,0x7b,0x56,0x6d,0x03,0xc6,0x40,0x8c,0x8c,
+        0x2a,0x55,0xd7,0x9c,0x35,0x00,0x94,0x93,0xec,0x03,
+        0xeb,0x22,0xef,0x77,0xbb,0x79,0x13,0x3f,0x15,0xa1,
+        0x8f,0xca,0xdf,0xfd,0xd3,0xb8,0xe1,0xd4,0xcc,0x09,
+        0x3f,0x3c,0x2c,0xdb,0xd1,0x49,0x7f,0x38,0x07,0x83,
+        0x6d,0xeb,0x08,0x66,0xe9,0x06,0x44,0x12,0xac,0x95,
+        0x22,0x90,0x23,0x67,0xd4,0x08,0xcc,0xf4,0xb7,0xdc,
+        0xcc,0x87,0xd4,0xac,0x69,0x35,0x4c,0xb5,0x39,0x36,
+        0xcd,0xa4,0xd2,0x95,0xca,0x0d,0xc5,0xda,0xc2,0xc5,
+        0x22,0x32,0x28,0x08,0xe3,0xd2,0x8b,0x38,0x30,0xdc,
+        0x8c,0x75,0x4f,0x6a,0xec,0x7a,0xac,0x16,0x3e,0xa8,
+        0xd4,0x6a,0x45,0xe1,0xa8,0x4f,0x2e,0x80,0x34,0xaa,
+        0x54,0x1b,0x02,0x95,0x7d,0x8a,0x6d,0xcc,0x79,0xca,
+        0xf2,0xa4,0x2e,0x8d,0xfb,0xfe,0x15,0x51,0x10,0x0e,
+        0x4d,0x88,0xb1,0xc7,0xf4,0x79,0xdb,0xf0,0xb4,0x56,
+        0x44,0x37,0xca,0x5a,0xc1,0x8c,0x48,0xac,0xae,0x48,
+        0x80,0x83,0x01,0x3f,0xde,0xd9,0xd3,0x2c,0x51,0x46,
+        0xb1,0x41,0xb6,0xc6,0x91,0x72,0xf9,0x83,0x55,0x1b,
+        0x8c,0xba,0xf3,0x73,0xe5,0x2c,0x74,0x50,0x3a,0xbe,
+        0xc5,0x2f,0xa7,0xb2,0x6d,0x8c,0x9e,0x13,0x77,0xa3,
+        0x13,0xcd,0x6d,0x8c,0x45,0xe1,0xfc,0x0b,0xb7,0x69,
+        0xe9,0x27,0xbc,0x65,0xc3,0xfa,0x9b,0xd0,0xef,0xfe,
+        0xe8,0x1f,0xb3,0x5e,0x34,0xf4,0x8c,0xea,0xfc,0xd3,
+        0x81,0xbf,0x3d,0x30,0xb2,0xb4,0x01,0xe8,0x43,0x0f,
+        0xba,0x02,0x23,0x42,0x76,0x82,0x31,0x73,0x91,0xed,
+        0x07,0x46,0x61,0x0d,0x39,0x83,0x40,0xce,0x7a,0xd4,
+        0xdb,0x80,0x2c,0x1f,0x0d,0xd1,0x34,0xd4,0x92,0xe3,
+        0xd4,0xf1,0xc2,0x01,0x02,0x03,0x01,0x00,0x01,0x02,
+        0x82,0x02,0x01,0x00,0x97,0x6c,0xda,0x6e,0xea,0x4f,
+        0xcf,0xaf,0xf7,0x4c,0xd9,0xf1,0x90,0x00,0x77,0xdb,
+        0xf2,0x97,0x76,0x72,0xb9,0xb7,0x47,0xd1,0x9c,0xdd,
+        0xcb,0x4a,0x33,0x6e,0xc9,0x75,0x76,0xe6,0xe4,0xa5,
+        0x31,0x8c,0x77,0x13,0xb4,0x29,0xcd,0xf5,0x52,0x17,
+        0xef,0xf3,0x08,0x00,0xe3,0xbd,0x2e,0xbc,0xd4,0x52,
+        0x88,0xe9,0x30,0x75,0x0b,0x02,0xf5,0xcd,0x89,0x0c,
+        0x6c,0x57,0x19,0x27,0x3d,0x1e,0x85,0xb4,0xc1,0x2f,
+        0x1d,0x92,0x00,0x5c,0x76,0x29,0x4b,0xa4,0xe1,0x12,
+        0xb3,0xc8,0x09,0xfe,0x0e,0x78,0x72,0x61,0xcb,0x61,
+        0x6f,0x39,0x91,0x95,0x4e,0xd5,0x3e,0xc7,0x8f,0xb8,
+        0xf6,0x36,0xfe,0x9c,0x93,0x9a,0x38,0x25,0x7a,0xf4,
+        0x4a,0x12,0xd4,0xa0,0x13,0xbd,0xf9,0x1d,0x12,0x3e,
+        0x21,0x39,0xfb,0x72,0xe0,0x05,0x3d,0xc3,0xe5,0x50,
+        0xa8,0x5d,0x85,0xa3,0xea,0x5f,0x1c,0xb2,0x3f,0xea,
+        0x6d,0x03,0x91,0x55,0xd8,0x19,0x0a,0x21,0x12,0x16,
+        0xd9,0x12,0xc4,0xe6,0x07,0x18,0x5b,0x26,0xa4,0xae,
+        0xed,0x2b,0xb7,0xa6,0xed,0xf8,0xad,0xec,0x77,0xe6,
+        0x7f,0x4f,0x76,0x00,0xc0,0xfa,0x15,0x92,0xb4,0x2c,
+        0x22,0xc2,0xeb,0x6a,0xad,0x14,0x05,0xb2,0xe5,0x8a,
+        0x9e,0x85,0x83,0xcc,0x04,0xf1,0x56,0x78,0x44,0x5e,
+        0xde,0xe0,0x60,0x1a,0x65,0x79,0x31,0x23,0x05,0xbb,
+        0x01,0xff,0xdd,0x2e,0xb7,0xb3,0xaa,0x74,0xe0,0xa5,
+        0x94,0xaf,0x4b,0xde,0x58,0x0f,0x55,0xde,0x33,0xf6,
+        0xe3,0xd6,0x34,0x36,0x57,0xd6,0x79,0x91,0x2e,0xbe,
+        0x3b,0xd9,0x4e,0xb6,0x9d,0x21,0x5c,0xd3,0x48,0x14,
+        0x7f,0x4a,0xc4,0x60,0xa9,0x29,0xf8,0x53,0x7f,0x88,
+        0x11,0x2d,0xb5,0xc5,0x2d,0x6f,0xee,0x85,0x0b,0xf7,
+        0x8d,0x9a,0xbe,0xb0,0x42,0xf2,0x2e,0x71,0xaf,0x19,
+        0x31,0x6d,0xec,0xcd,0x6f,0x2b,0x23,0xdf,0xb4,0x40,
+        0xaf,0x2c,0x0a,0xc3,0x1b,0x7d,0x7d,0x03,0x1d,0x4b,
+        0xf3,0xb5,0xe0,0x85,0xd8,0xdf,0x91,0x6b,0x0a,0x69,
+        0xf7,0xf2,0x69,0x66,0x5b,0xf1,0xcf,0x46,0x7d,0xe9,
+        0x70,0xfa,0x6d,0x7e,0x75,0x4e,0xa9,0x77,0xe6,0x8c,
+        0x02,0xf7,0x14,0x4d,0xa5,0x41,0x8f,0x3f,0xc1,0x62,
+        0x1e,0x71,0x5e,0x38,0xb4,0xd6,0xe6,0xe1,0x4b,0xc2,
+        0x2c,0x30,0x83,0x81,0x6f,0x49,0x2e,0x96,0xe6,0xc9,
+        0x9a,0xf7,0x5d,0x09,0xa0,0x55,0x02,0xa5,0x3a,0x25,
+        0x23,0xd0,0x92,0xc3,0xa3,0xe3,0x0e,0x12,0x2f,0x4d,
+        0xef,0xf3,0x55,0x5a,0xbe,0xe6,0x19,0x86,0x31,0xab,
+        0x75,0x9a,0xd3,0xf0,0x2c,0xc5,0x41,0x92,0xd9,0x1f,
+        0x5f,0x11,0x8c,0x75,0x1c,0x63,0xd0,0x02,0x80,0x2c,
+        0x68,0xcb,0x93,0xfb,0x51,0x73,0x49,0xb4,0x60,0xda,
+        0xe2,0x26,0xaf,0xa9,0x46,0x12,0xb8,0xec,0x50,0xdd,
+        0x12,0x06,0x5f,0xce,0x59,0xe6,0xf6,0x1c,0xe0,0x54,
+        0x10,0xad,0xf6,0xcd,0x98,0xcc,0x0f,0xfb,0xcb,0x41,
+        0x14,0x9d,0xed,0xe4,0xb4,0x74,0x5f,0x09,0x60,0xc7,
+        0x12,0xf6,0x7b,0x3c,0x8f,0xa7,0x20,0xbc,0xe4,0xb1,
+        0xef,0xeb,0xa4,0x93,0xc5,0x06,0xca,0x9a,0x27,0x9d,
+        0x87,0xf3,0xde,0xca,0xe5,0xe7,0xf6,0x1c,0x01,0x65,
+        0x5b,0xfb,0x19,0x79,0x6e,0x08,0x26,0xc5,0xc8,0x28,
+        0x0e,0xb6,0x3b,0x07,0x08,0xc1,0x02,0x82,0x01,0x01,
+        0x00,0xe8,0x1c,0x73,0xa6,0xb8,0xe0,0x0e,0x6d,0x8d,
+        0x1b,0xb9,0x53,0xed,0x58,0x94,0xe6,0x1d,0x60,0x14,
+        0x5c,0x76,0x43,0xc4,0x58,0x19,0xc4,0x24,0xe8,0xbc,
+        0x1b,0x3b,0x0b,0x13,0x24,0x45,0x54,0x0e,0xcc,0x37,
+        0xf0,0xe0,0x63,0x7d,0xc3,0xf7,0xfb,0x81,0x74,0x81,
+        0xc4,0x0f,0x1a,0x21,0x48,0xaf,0xce,0xc1,0xc4,0x94,
+        0x18,0x06,0x44,0x8d,0xd3,0xd2,0x22,0x2d,0x2d,0x3e,
+        0x5a,0x31,0xdc,0x95,0x8e,0xf4,0x41,0xfc,0x58,0xc9,
+        0x40,0x92,0x17,0x5f,0xe3,0xda,0xac,0x9e,0x3f,0x1c,
+        0x2a,0x6b,0x58,0x5f,0x48,0x78,0x20,0xb1,0xaf,0x24,
+        0x9b,0x3c,0x20,0x8b,0x93,0x25,0x9e,0xe6,0x6b,0xbc,
+        0x13,0x42,0x14,0x6c,0x36,0x31,0xff,0x7a,0xd1,0xc1,
+        0x1a,0x26,0x14,0x7f,0xa9,0x76,0xa7,0x0c,0xf8,0xcc,
+        0xed,0x07,0x6a,0xd2,0xdf,0x62,0xee,0x0a,0x7c,0x84,
+        0xcb,0x49,0x90,0xb2,0x03,0x0d,0xa2,0x82,0x06,0x77,
+        0xf1,0xcd,0x67,0xf2,0x47,0x21,0x02,0x3f,0x43,0x21,
+        0xf0,0x46,0x30,0x62,0x51,0x72,0xb1,0xe7,0x48,0xc6,
+        0x67,0x12,0xcd,0x9e,0xd6,0x15,0xe5,0x21,0xed,0xfa,
+        0x8f,0x30,0xa6,0x41,0xfe,0xb6,0xfa,0x8f,0x34,0x14,
+        0x19,0xe8,0x11,0xf7,0xa5,0x77,0x3e,0xb7,0xf9,0x39,
+        0x07,0x8c,0x67,0x2a,0xab,0x7b,0x08,0xf8,0xb0,0x06,
+        0xa8,0xea,0x2f,0x8f,0xfa,0xcc,0xcc,0x40,0xce,0xf3,
+        0x70,0x4f,0x3f,0x7f,0xe2,0x0c,0xea,0x76,0x4a,0x35,
+        0x4e,0x47,0xad,0x2b,0xa7,0x97,0x5d,0x74,0x43,0x97,
+        0x90,0xd2,0xfb,0xd9,0xf9,0x96,0x01,0x33,0x05,0xed,
+        0x7b,0x03,0x05,0xad,0xf8,0x49,0x03,0x02,0x82,0x01,
+        0x01,0x00,0xd4,0x40,0x17,0x66,0x10,0x92,0x95,0xc8,
+        0xec,0x62,0xa9,0x7a,0xcb,0x93,0x8e,0xe6,0x53,0xd4,
+        0x80,0x48,0x27,0x4b,0x41,0xce,0x61,0xdf,0xbf,0x94,
+        0xa4,0x3d,0x71,0x03,0x0b,0xed,0x25,0x71,0x98,0xa4,
+        0xd6,0xd5,0x4a,0x57,0xf5,0x6c,0x1b,0xda,0x21,0x7d,
+        0x35,0x45,0xb3,0xf3,0x6a,0xd9,0xd3,0x43,0xe8,0x5c,
+        0x54,0x1c,0x83,0x1b,0xb4,0x5f,0xf2,0x97,0x24,0x2e,
+        0xdc,0x40,0xde,0x92,0x23,0x59,0x8e,0xbc,0xd2,0xa1,
+        0xf2,0xe0,0x4c,0xdd,0x0b,0xd1,0xe7,0xae,0x65,0xbc,
+        0xb5,0xf5,0x5b,0x98,0xe9,0xd7,0xc2,0xb7,0x0e,0x55,
+        0x71,0x0e,0x3c,0x0a,0x24,0x6b,0xa6,0xe6,0x14,0x61,
+        0x11,0xfd,0x33,0x42,0x99,0x2b,0x84,0x77,0x74,0x92,
+        0x91,0xf5,0x79,0x79,0xcf,0xad,0x8e,0x04,0xef,0x80,
+        0x1e,0x57,0xf4,0x14,0xf5,0x35,0x09,0x74,0xb2,0x13,
+        0x71,0x58,0x6b,0xea,0x32,0x5d,0xf3,0xd3,0x76,0x48,
+        0x39,0x10,0x23,0x84,0x9d,0xbe,0x92,0x77,0x4a,0xed,
+        0x70,0x3e,0x1a,0xa2,0x6c,0xb3,0x81,0x00,0xc3,0xc9,
+        0xe4,0x52,0xc8,0x24,0x88,0x0c,0x41,0xad,0x87,0x5a,
+        0xea,0xa3,0x7a,0x85,0x1c,0x5e,0x31,0x7f,0xc3,0x35,
+        0xc6,0xfa,0x10,0xc8,0x75,0x10,0xc4,0x96,0x99,0xe7,
+        0xfe,0x01,0xb4,0x74,0xdb,0xb4,0x11,0xc3,0xc8,0x8c,
+        0xf6,0xf7,0x3b,0x66,0x50,0xfc,0xdb,0xeb,0xca,0x47,
+        0x85,0x89,0xe1,0x65,0xd9,0x62,0x34,0x3c,0x70,0xd8,
+        0x2e,0xb4,0x2f,0x65,0x3c,0x4a,0xa6,0x2a,0xe7,0xc7,
+        0xd8,0x41,0x8f,0x8a,0x43,0xbf,0x42,0xf2,0x4d,0xbc,
+        0xfc,0x9e,0x27,0x95,0xfb,0x75,0xff,0xab,0x02,0x82,
+        0x01,0x00,0x41,0x2f,0x44,0x57,0x6d,0x12,0x17,0x5b,
+        0x32,0xc6,0xb7,0x6c,0x57,0x7a,0x8a,0x0e,0x79,0xef,
+        0x72,0xa8,0x68,0xda,0x2d,0x38,0xe4,0xbb,0x8d,0xf6,
+        0x02,0x65,0xcf,0x56,0x13,0xe1,0x1a,0xcb,0x39,0x80,
+        0xa6,0xb1,0x32,0x03,0x1e,0xdd,0xbb,0x35,0xd9,0xac,
+        0x43,0x89,0x31,0x08,0x90,0x92,0x5e,0x35,0x3d,0x7b,
+        0x9c,0x6f,0x86,0xcb,0x17,0xdd,0x85,0xe4,0xed,0x35,
+        0x08,0x8e,0xc1,0xf4,0x05,0xd8,0x68,0xc6,0x63,0x3c,
+        0xf7,0xff,0xf7,0x47,0x33,0x39,0xc5,0x3e,0xb7,0x0e,
+        0x58,0x35,0x9d,0x81,0xea,0xf8,0x6a,0x2c,0x1c,0x5a,
+        0x68,0x78,0x64,0x11,0x6b,0xc1,0x3e,0x4e,0x7a,0xbd,
+        0x84,0xcb,0x0f,0xc2,0xb6,0x85,0x1d,0xd3,0x76,0xc5,
+        0x93,0x6a,0x69,0x89,0x56,0x34,0xdc,0x4a,0x9b,0xbc,
+        0xff,0xa8,0x0d,0x6e,0x35,0x9c,0x60,0xa7,0x23,0x30,
+        0xc7,0x06,0x64,0x39,0x8b,0x94,0x89,0xee,0xba,0x7f,
+        0x60,0x8d,0xfa,0xb6,0x97,0x76,0xdc,0x51,0x4a,0x3c,
+        0xeb,0x3a,0x14,0x2c,0x20,0x60,0x69,0x4a,0x86,0xfe,
+        0x8c,0x21,0x84,0x49,0x54,0xb3,0x20,0xe1,0x01,0x7f,
+        0x58,0xdf,0x7f,0xb5,0x21,0x51,0x8c,0x47,0x9f,0x91,
+        0xeb,0x97,0x3e,0xf2,0x54,0xcf,0x16,0x46,0xf9,0xd9,
+        0xb6,0xe7,0x64,0xc9,0xd0,0x54,0xea,0x2f,0xa1,0xcf,
+        0xa5,0x7f,0x28,0x8d,0x84,0xec,0xd5,0x39,0x03,0x76,
+        0x5b,0x2d,0x8e,0x43,0xf2,0x01,0x24,0xc9,0x6f,0xc0,
+        0xf5,0x69,0x6f,0x7d,0xb5,0x85,0xd2,0x5f,0x7f,0x78,
+        0x40,0x07,0x7f,0x09,0x15,0xb5,0x1f,0x28,0x65,0x10,
+        0xe4,0x19,0xa8,0xc6,0x9e,0x8d,0xdc,0xcb,0x02,0x82,
+        0x01,0x00,0x13,0x01,0xee,0x56,0x80,0x93,0x70,0x00,
+        0x7f,0x52,0xd2,0x94,0xa1,0x98,0x84,0x4a,0x92,0x25,
+        0x4c,0x9b,0xa9,0x91,0x2e,0xc2,0x79,0xb7,0x5c,0xe3,
+        0xc5,0xd5,0x8e,0xc2,0x54,0x16,0x17,0xad,0x55,0x9b,
+        0x25,0x76,0x12,0x63,0x50,0x22,0x2f,0x58,0x58,0x79,
+        0x6b,0x04,0xe3,0xf9,0x9f,0x8f,0x04,0x41,0x67,0x94,
+        0xa5,0x1f,0xac,0x8a,0x15,0x9c,0x26,0x10,0x6c,0xf8,
+        0x19,0x57,0x61,0xd7,0x3a,0x7d,0x31,0xb0,0x2d,0x38,
+        0xbd,0x94,0x62,0xad,0xc4,0xfa,0x36,0x42,0x42,0xf0,
+        0x24,0x67,0x65,0x9d,0x8b,0x0b,0x7c,0x6f,0x82,0x44,
+        0x1a,0x8c,0xc8,0xc9,0xab,0xbb,0x4c,0x45,0xfc,0x7b,
+        0x38,0xee,0x30,0xe1,0xfc,0xef,0x8d,0xbc,0x58,0xdf,
+        0x2b,0x5d,0x0d,0x54,0xe0,0x49,0x4d,0x97,0x99,0x8f,
+        0x22,0xa8,0x83,0xbe,0x40,0xbb,0x50,0x2e,0x78,0x28,
+        0x0f,0x95,0x78,0x8c,0x8f,0x98,0x24,0x56,0xc2,0x97,
+        0xf3,0x2c,0x43,0xd2,0x03,0x82,0x66,0x81,0x72,0x5f,
+        0x53,0x16,0xec,0xb1,0xb1,0x04,0x5e,0x40,0x20,0x48,
+        0x7b,0x3f,0x02,0x97,0x6a,0xeb,0x96,0x12,0x21,0x35,
+        0xfe,0x1f,0x47,0xc0,0x95,0xea,0xc5,0x8a,0x08,0x84,
+        0x4f,0x5e,0x63,0x94,0x60,0x0f,0x71,0x5b,0x7f,0x4a,
+        0xec,0x4f,0x60,0xc6,0xba,0x4a,0x24,0xf1,0x20,0x8b,
+        0xa7,0x2e,0x3a,0xce,0x8d,0xe0,0x27,0x1d,0xb5,0x8e,
+        0xb4,0x21,0xc5,0xe2,0xa6,0x16,0x0a,0x51,0x83,0x55,
+        0x88,0xd1,0x30,0x11,0x63,0xd5,0xd7,0x8d,0xae,0x16,
+        0x12,0x82,0xc4,0x85,0x00,0x4e,0x27,0x83,0xa5,0x7c,
+        0x90,0x2e,0xe5,0xa2,0xa3,0xd3,0x4c,0x63,0x02,0x82,
+        0x01,0x01,0x00,0x86,0x08,0x98,0x98,0xa5,0x00,0x05,
+        0x39,0x77,0xd9,0x66,0xb3,0xcf,0xca,0xa0,0x71,0xb3,
+        0x50,0xce,0x3d,0xb1,0x93,0x95,0x35,0xc4,0xd4,0x2e,
+        0x90,0xdf,0x0f,0xfc,0x60,0xc1,0x94,0x68,0x61,0x43,
+        0xca,0x9a,0x23,0x4a,0x1e,0x45,0x72,0x99,0xb5,0x1e,
+        0x61,0x8d,0x77,0x0f,0xa0,0xbb,0xd7,0x77,0xb4,0x2a,
+        0x15,0x11,0x88,0x2d,0xb3,0x56,0x61,0x5e,0x6a,0xed,
+        0xa4,0x46,0x4a,0x3f,0x50,0x11,0xd6,0xba,0xb6,0xd7,
+        0x95,0x65,0x53,0xc3,0xa1,0x8f,0xe0,0xa3,0xf5,0x1c,
+        0xfd,0xaf,0x6e,0x43,0xd7,0x17,0xa7,0xd3,0x81,0x1b,
+        0xa4,0xdf,0xe0,0x97,0x8a,0x46,0x03,0xd3,0x46,0x0e,
+        0x83,0x48,0x4e,0xd2,0x02,0xcb,0xc0,0xad,0x79,0x95,
+        0x8c,0x96,0xba,0x40,0x34,0x11,0x71,0x5e,0xe9,0x11,
+        0xf9,0xc5,0x4a,0x5e,0x91,0x9d,0xf5,0x92,0x4f,0xeb,
+        0xc6,0x70,0x02,0x2d,0x3d,0x04,0xaa,0xe9,0x3a,0x8e,
+        0xd5,0xa8,0xad,0xf7,0xce,0x0d,0x16,0xb2,0xec,0x0a,
+        0x9c,0xf5,0x94,0x39,0xb9,0x8a,0xfc,0x1e,0xf9,0xcc,
+        0xf2,0x5f,0x21,0x31,0x74,0x72,0x6b,0x64,0xae,0x35,
+        0x61,0x8d,0x0d,0xcb,0xe7,0xda,0x39,0xca,0xf3,0x21,
+        0x66,0x0b,0x95,0xd7,0x0a,0x7c,0xca,0xa1,0xa9,0x5a,
+        0xe8,0xac,0xe0,0x71,0x54,0xaf,0x28,0xcf,0xd5,0x70,
+        0x89,0xe0,0xf3,0x9e,0x43,0x6c,0x8d,0x7b,0x99,0x01,
+        0x68,0x4d,0xa1,0x45,0x46,0x0c,0x43,0xbc,0xcc,0x2c,
+        0xdd,0xc5,0x46,0xc8,0x4e,0x0e,0xbe,0xed,0xb9,0x26,
+        0xab,0x2e,0xdb,0xeb,0x8f,0xff,0xdb,0xb0,0xc6,0x55,
+        0xaf,0xf8,0x2a,0x91,0x9d,0x50,0x44,0x21,0x17,
+        };
diff --git a/src/lib/libssl/src/apps/verify.c b/src/lib/libssl/src/apps/verify.c
new file mode 100644
index 0000000000..8cd675ff0a
--- /dev/null
+++ b/src/lib/libssl/src/apps/verify.c
@@ -0,0 +1,240 @@
+/* apps/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "x509.h"
+#include "pem.h"
+#undef PROG
+#define PROG    verify_main
+#ifndef NOPROTO
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
+static int check(X509_STORE *ctx,char *file);
+#else
+static int MS_CALLBACK cb();
+static int check();
+#endif
+static int v_verbose=0;
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        int i,ret=1;
+        char *CApath=NULL,*CAfile=NULL;
+        X509_STORE *cert_ctx=NULL;
+        X509_LOOKUP *lookup=NULL;
+        cert_ctx=X509_STORE_new();
+        if (cert_ctx == NULL) goto end;
+        X509_STORE_set_verify_cb_func(cert_ctx,cb);
+        ERR_load_crypto_strings();
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        argc--;
+        argv++;
+        for (;;)
+                {
+                if (argc >= 1)
+                        {
+                        if (strcmp(*argv,"-CApath") == 0)
+                                {
+                                if (argc-- < 1) goto end;
+                                CApath= *(++argv);
+                                }
+                        else if (strcmp(*argv,"-CAfile") == 0)
+                                {
+                                if (argc-- < 1) goto end;
+                                CAfile= *(++argv);
+                                }
+                        else if (strcmp(*argv,"-help") == 0)
+                                goto end;
+                        else if (strcmp(*argv,"-verbose") == 0)
+                                v_verbose=1;
+                        else if (argv[0][0] == '-')
+                                goto end;
+                        else
+                                break;
+                        argc--;
+                        argv++;
+                        }
+                else
+                        break;
+                }
+        lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
+        if (lookup == NULL) abort();
+        if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
+                X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+                
+        lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
+        if (lookup == NULL) abort();
+        if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
+                X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+        if (argc < 1) check(cert_ctx,NULL);
+        else
+                for (i=0; i<argc; i++)
+                        check(cert_ctx,argv[i]);
+        ret=0;
+end:
+        if (ret == 1)
+                BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n");
+        if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
+        EXIT(ret);
+        }
+static int check(ctx,file)
+X509_STORE *ctx;
+char *file;
+        {
+        X509 *x=NULL;
+        BIO *in=NULL;
+        int i=0,ret=0;
+        X509_STORE_CTX csc;
+        in=BIO_new(BIO_s_file());
+        if (in == NULL)
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (file == NULL)
+                BIO_set_fp(in,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(in,file) <= 0)
+                        {
+                        perror(file);
+                        goto end;
+                        }
+                }
+        x=PEM_read_bio_X509(in,NULL,NULL);
+        if (x == NULL)
+                {
+                fprintf(stdout,"%s: unable to load certificate file\n",
+                        (file == NULL)?"stdin":file);
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
+        X509_STORE_CTX_init(&csc,ctx,x,NULL);
+        i=X509_verify_cert(&csc);
+        X509_STORE_CTX_cleanup(&csc);
+        ret=0;
+end:
+        if (i)
+                {
+                fprintf(stdout,"OK\n");
+                ret=1;
+                }
+        else
+                ERR_print_errors(bio_err);
+        if (x != NULL) X509_free(x);
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+static int MS_CALLBACK cb(ok,ctx)
+int ok;
+X509_STORE_CTX *ctx;
+        {
+        char buf[256];
+        if (!ok)
+                {
+                /* since we are just checking the certificates, it is
+                 * ok if they are self signed. */
+                if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+                        ok=1;
+                else
+                        {
+                        X509_NAME_oneline(
+                                X509_get_subject_name(ctx->current_cert),buf,256);
+                        printf("%s\n",buf);
+                        printf("error %d at %d depth lookup:%s\n",ctx->error,
+                                ctx->error_depth,
+                                X509_verify_cert_error_string(ctx->error));
+                        if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED)
+                                ok=1;
+                        }
+                }
+        if (!v_verbose)
+                ERR_clear_error();
+        return(ok);
+        }
diff --git a/src/lib/libssl/src/apps/version.c b/src/lib/libssl/src/apps/version.c
new file mode 100644
index 0000000000..fcf1f08cfb
--- /dev/null
+++ b/src/lib/libssl/src/apps/version.c
@@ -0,0 +1,129 @@
+/* apps/version.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "evp.h"
+#include "crypto.h"
+#undef PROG
+#define PROG    version_main
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        int i,ret=0;
+        int cflags=0,version=0,date=0,options=0;
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+        if (argc == 1) version=1;
+        for (i=1; i<argc; i++)
+                {
+                if (strcmp(argv[i],"-v") == 0)
+                        version=1;      
+                else if (strcmp(argv[i],"-b") == 0)
+                        date=1;
+                else if (strcmp(argv[i],"-f") == 0)
+                        cflags=1;
+                else if (strcmp(argv[i],"-o") == 0)
+                        options=1;
+                else if (strcmp(argv[i],"-a") == 0)
+                        date=version=cflags=options=1;
+                else
+                        {
+                        BIO_printf(bio_err,"usage:version [-a] [-v] [-b] [-o] [-f]\n");
+                        ret=1;
+                        goto end;
+                        }
+                }
+        if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION));
+        if (date)    printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
+        if (options) 
+                {
+                printf("options:");
+                printf("%s ",BN_options());
+#ifndef NO_MD2
+                printf("%s ",MD2_options());
+#endif
+#ifndef NO_RC4
+                printf("%s ",RC4_options());
+#endif
+#ifndef NO_DES
+                printf("%s ",des_options());
+#endif
+#ifndef NO_IDEA
+                printf("%s ",idea_options());
+#endif
+#ifndef NO_BLOWFISH
+                printf("%s ",BF_options());
+#endif
+                printf("\n");
+                }
+        if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+end:
+        EXIT(ret);
+        }
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
new file mode 100644
index 0000000000..f5e8be1068
--- /dev/null
+++ b/src/lib/libssl/src/apps/x509.c
@@ -0,0 +1,1044 @@
+/* apps/x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef NO_STDIO
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include "bio.h"
+#include "asn1.h"
+#include "err.h"
+#include "bn.h"
+#include "evp.h"
+#include "x509.h"
+#include "objects.h"
+#include "pem.h"
+#undef PROG
+#define PROG x509_main
+#undef POSTFIX
+#define POSTFIX ".srl"
+#define DEF_DAYS        30
+#define FORMAT_UNDEF    0
+#define FORMAT_ASN1     1
+#define FORMAT_TEXT     2
+#define FORMAT_PEM      3
+#define CERT_HDR        "certificate"
+static char *x509_usage[]={
+"usage: x509 args\n",
+" -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
+" -outform arg    - output format - default PEM (one of DER, NET or PEM\n",
+" -keyform arg    - private key format - default PEM\n",
+" -CAform arg     - CA format - default PEM\n",
+" -CAkeyform arg  - CA key format - default PEM\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -serial         - print serial number value\n",
+" -hash           - print hash value\n",
+" -subject        - print subject DN\n",
+" -issuer         - print issuer DN\n",
+" -startdate      - notBefore field\n",
+" -enddate        - notAfter field\n",
+" -dates          - both Before and After dates\n",
+" -modulus        - print the RSA key modulus\n",
+" -fingerprint    - print the certificate fingerprint\n",
+" -noout          - no certificate output\n",
+" -days arg       - How long till expiry of a signed certificate - def 30 days\n",
+" -signkey arg    - self sign cert with arg\n",
+" -x509toreq      - output a certification request object\n",
+" -req            - input is a certificate request, sign and output.\n",
+" -CA arg         - set the CA certificate, must be PEM format.\n",
+" -CAkey arg      - set the CA key, must be PEM format\n",
+"                   missing, it is asssumed to be in the CA file.\n",
+" -CAcreateserial - create serial number file if it does not exist\n",
+" -CAserial       - serial file\n",
+" -text           - print the certitificate in text form\n",
+" -C              - print out C code forms\n",
+" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
+NULL
+};
+#ifndef NOPROTO
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
+static EVP_PKEY *load_key(char *file, int format);
+static X509 *load_cert(char *file, int format);
+static int sign (X509 *x, EVP_PKEY *pkey,int days,EVP_MD *digest);
+static int x509_certify (X509_STORE *ctx,char *CAfile, EVP_MD *digest,X509 *x,
+        X509 *xca, EVP_PKEY *pkey,char *serial, int create, int days);
+#else
+static int MS_CALLBACK callb();
+static EVP_PKEY *load_key();
+static X509 *load_cert();
+static int sign ();
+static int x509_certify ();
+#endif
+static int reqfile=0;
+int MAIN(argc, argv)
+int argc;
+char **argv;
+        {
+        int ret=1;
+        X509_REQ *req=NULL;
+        X509 *x=NULL,*xca=NULL;
+        EVP_PKEY *Upkey=NULL,*CApkey=NULL;
+        int i,num,badops=0;
+        BIO *out=NULL;
+        BIO *STDout=NULL;
+        int informat,outformat,keyformat,CAformat,CAkeyformat;
+        char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
+        char *CAkeyfile=NULL,*CAserial=NULL;
+        int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
+        int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
+        int C=0;
+        int x509req=0,days=DEF_DAYS,modulus=0;
+        char **pp;
+        X509_STORE *ctx=NULL;
+        X509_REQ *rq=NULL;
+        int fingerprint=0;
+        char buf[256];
+        EVP_MD *md_alg,*digest=EVP_md5();
+        reqfile=0;
+        apps_startup();
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+        informat=FORMAT_PEM;
+        outformat=FORMAT_PEM;
+        keyformat=FORMAT_PEM;
+        CAformat=FORMAT_PEM;
+        CAkeyformat=FORMAT_PEM;
+        ctx=X509_STORE_new();
+        if (ctx == NULL) goto end;
+        X509_STORE_set_verify_cb_func(ctx,callb);
+        argc--;
+        argv++;
+        num=0;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-inform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        informat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-outform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outformat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-keyform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        keyformat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-req") == 0)
+                        reqfile=1;
+                else if (strcmp(*argv,"-CAform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CAformat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-CAkeyform") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CAformat=str2fmt(*(++argv));
+                        }
+                else if (strcmp(*argv,"-days") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        days=atoi(*(++argv));
+                        if (days == 0)
+                                {
+                                BIO_printf(bio_err,"bad number of days\n");
+                                goto bad;
+                                }
+                        }
+                else if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-signkey") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        keyfile= *(++argv);
+                        sign_flag= ++num;
+                        }
+                else if (strcmp(*argv,"-CA") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CAfile= *(++argv);
+                        CA_flag= ++num;
+                        }
+                else if (strcmp(*argv,"-CAkey") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CAkeyfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-CAserial") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CAserial= *(++argv);
+                        }
+                else if (strcmp(*argv,"-C") == 0)
+                        C= ++num;
+                else if (strcmp(*argv,"-serial") == 0)
+                        serial= ++num;
+                else if (strcmp(*argv,"-modulus") == 0)
+                        modulus= ++num;
+                else if (strcmp(*argv,"-x509toreq") == 0)
+                        x509req= ++num;
+                else if (strcmp(*argv,"-text") == 0)
+                        text= ++num;
+                else if (strcmp(*argv,"-hash") == 0)
+                        hash= ++num;
+                else if (strcmp(*argv,"-subject") == 0)
+                        subject= ++num;
+                else if (strcmp(*argv,"-issuer") == 0)
+                        issuer= ++num;
+                else if (strcmp(*argv,"-fingerprint") == 0)
+                        fingerprint= ++num;
+                else if (strcmp(*argv,"-dates") == 0)
+                        {
+                        startdate= ++num;
+                        enddate= ++num;
+                        }
+                else if (strcmp(*argv,"-startdate") == 0)
+                        startdate= ++num;
+                else if (strcmp(*argv,"-enddate") == 0)
+                        enddate= ++num;
+                else if (strcmp(*argv,"-noout") == 0)
+                        noout= ++num;
+                else if (strcmp(*argv,"-CAcreateserial") == 0)
+                        CA_createserial= ++num;
+                else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+                        {
+                        /* ok */
+                        digest=md_alg;
+                        }
+                else
+                        {
+                        BIO_printf(bio_err,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+bad:
+                for (pp=x509_usage; (*pp != NULL); pp++)
+                        BIO_printf(bio_err,*pp);
+                goto end;
+                }
+        ERR_load_crypto_strings();
+        if (!X509_STORE_set_default_paths(ctx))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))
+                { CAkeyfile=CAfile; }
+        else if ((CA_flag) && (CAkeyfile == NULL))
+                {
+                BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n");
+                goto end;
+                }
+        if (reqfile)
+                {
+                EVP_PKEY *pkey;
+                X509_CINF *ci;
+                BIO *in;
+                if (!sign_flag && !CA_flag)
+                        {
+                        BIO_printf(bio_err,"We need a private key to sign with\n");
+                        goto end;
+                        }
+                in=BIO_new(BIO_s_file());
+                if (in == NULL)
+                        {
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                if (infile == NULL)
+                        BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);
+                else
+                        {
+                        if (BIO_read_filename(in,infile) <= 0)
+                                {
+                                perror(infile);
+                                goto end;
+                                }
+                        }
+                req=PEM_read_bio_X509_REQ(in,NULL,NULL);
+                BIO_free(in);
+                if (req == NULL) { perror(infile); goto end; }
+                if (    (req->req_info == NULL) ||
+                        (req->req_info->pubkey == NULL) ||
+                        (req->req_info->pubkey->public_key == NULL) ||
+                        (req->req_info->pubkey->public_key->data == NULL))
+                        {
+                        BIO_printf(bio_err,"The certificate request appears to corrupted\n");
+                        BIO_printf(bio_err,"It does not contain a public key\n");
+                        goto end;
+                        }
+                if ((pkey=X509_REQ_get_pubkey(req)) == NULL)
+                        {
+                        BIO_printf(bio_err,"error unpacking public key\n");
+                        goto end;
+                        }
+                i=X509_REQ_verify(req,pkey);
+                if (i < 0)
+                        {
+                        BIO_printf(bio_err,"Signature verification error\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                if (i == 0)
+                        {
+                        BIO_printf(bio_err,"Signature did not match the certificate request\n");
+                        goto end;
+                        }
+                else
+                        BIO_printf(bio_err,"Signature ok\n");
+                
+                X509_NAME_oneline(req->req_info->subject,buf,256);
+                BIO_printf(bio_err,"subject=%s\n",buf);
+                if ((x=X509_new()) == NULL) goto end;
+                ci=x->cert_info;
+                if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
+                if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
+                if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
+                X509_gmtime_adj(X509_get_notBefore(x),0);
+                X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+                X509_PUBKEY_free(ci->key);
+                ci->key=req->req_info->pubkey;
+                req->req_info->pubkey=NULL;
+                }
+        else
+                x=load_cert(infile,informat);
+        if (x == NULL) goto end;
+        if (CA_flag)
+                {
+                xca=load_cert(CAfile,CAformat);
+                if (xca == NULL) goto end;
+                }
+        if (!noout || text)
+                {
+                OBJ_create("2.99999.3",
+                        "SET.ex3","SET x509v3 extension 3");
+                out=BIO_new(BIO_s_file());
+                if (out == NULL)
+                        {
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                if (outfile == NULL)
+                        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+                else
+                        {
+                        if (BIO_write_filename(out,outfile) <= 0)
+                                {
+                                perror(outfile);
+                                goto end;
+                                }
+                        }
+                }
+        if (num)
+                {
+                for (i=1; i<=num; i++)
+                        {
+                        if (issuer == i)
+                                {
+                                X509_NAME_oneline(X509_get_issuer_name(x),
+                                        buf,256);
+                                fprintf(stdout,"issuer= %s\n",buf);
+                                }
+                        else if (subject == i) 
+                                {
+                                X509_NAME_oneline(X509_get_subject_name(x),
+                                        buf,256);
+                                fprintf(stdout,"subject=%s\n",buf);
+                                }
+                        else if (serial == i)
+                                {
+                                fprintf(stdout,"serial=");
+                                i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
+                                fprintf(stdout,"\n");
+                                }
+                        else if (hash == i)
+                                {
+                                fprintf(stdout,"%08lx\n",
+                                        X509_subject_name_hash(x));
+                                }
+                        else
+#ifndef NO_RSA
+                                if (modulus == i)
+                                {
+                                EVP_PKEY *pkey;
+                                pkey=X509_get_pubkey(x);
+                                if (pkey == NULL)
+                                        {
+                                        fprintf(stdout,"Modulus=unavailable\n");
+                                        ERR_print_errors(bio_err);
+                                        goto end;
+                                        }
+                                fprintf(stdout,"Modulus=");
+                                if (pkey->type == EVP_PKEY_RSA)
+                                        BN_print(STDout,pkey->pkey.rsa->n);
+                                else
+                                        fprintf(stdout,"Wrong Algorithm type");
+                                fprintf(stdout,"\n");
+                                }
+                        else
+#endif
+                                if (C == i)
+                                {
+                                unsigned char *d;
+                                char *m;
+                                int y,z;
+                                X509_NAME_oneline(X509_get_subject_name(x),
+                                        buf,256);
+                                printf("/* subject:%s */\n",buf);
+                                m=X509_NAME_oneline(
+                                        X509_get_issuer_name(x),buf,256);
+                                printf("/* issuer :%s */\n",buf);
+                                z=i2d_X509(x,NULL);
+                                m=Malloc(z);
+                                d=(unsigned char *)m;
+                                z=i2d_X509_NAME(X509_get_subject_name(x),&d);
+                                printf("unsigned char XXX_subject_name[%d]={\n",z);
+                                d=(unsigned char *)m;
+                                for (y=0; y<z; y++)
+                                        {
+                                        printf("0x%02X,",d[y]);
+                                        if ((y & 0x0f) == 0x0f) printf("\n");
+                                        }
+                                if (y%16 != 0) printf("\n");
+                                printf("};\n");
+                                z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d);
+                                printf("unsigned char XXX_public_key[%d]={\n",z);
+                                d=(unsigned char *)m;
+                                for (y=0; y<z; y++)
+                                        {
+                                        printf("0x%02X,",d[y]);
+                                        if ((y & 0x0f) == 0x0f) printf("\n");
+                                        }
+                                if (y%16 != 0) printf("\n");
+                                printf("};\n");
+                                z=i2d_X509(x,&d);
+                                printf("unsigned char XXX_certificate[%d]={\n",z);
+                                d=(unsigned char *)m;
+                                for (y=0; y<z; y++)
+                                        {
+                                        printf("0x%02X,",d[y]);
+                                        if ((y & 0x0f) == 0x0f) printf("\n");
+                                        }
+                                if (y%16 != 0) printf("\n");
+                                printf("};\n");
+                                Free(m);
+                                }
+                        else if (text == i)
+                                {
+                                X509_print(out,x);
+                                }
+                        else if (startdate == i)
+                                {
+                                BIO_puts(STDout,"notBefore=");
+                                ASN1_UTCTIME_print(STDout,X509_get_notBefore(x));
+                                BIO_puts(STDout,"\n");
+                                }
+                        else if (enddate == i)
+                                {
+                                BIO_puts(STDout,"notAfter=");
+                                ASN1_UTCTIME_print(STDout,X509_get_notAfter(x));
+                                BIO_puts(STDout,"\n");
+                                }
+                        else if (fingerprint == i)
+                                {
+                                int j;
+                                unsigned int n;
+                                unsigned char md[EVP_MAX_MD_SIZE];
+                                if (!X509_digest(x,EVP_md5(),md,&n))
+                                        {
+                                        BIO_printf(bio_err,"out of memory\n");
+                                        goto end;
+                                        }
+                                fprintf(stdout,"MD5 Fingerprint=");
+                                for (j=0; j<(int)n; j++)
+                                        {
+                                        fprintf(stdout,"%02X%c",md[j],
+                                                (j+1 == (int)n)
+                                                ?'\n':':');
+                                        }
+                                }
+                        /* should be in the library */
+                        else if ((sign_flag == i) && (x509req == 0))
+                                {
+                                BIO_printf(bio_err,"Getting Private key\n");
+                                if (Upkey == NULL)
+                                        {
+                                        Upkey=load_key(keyfile,keyformat);
+                                        if (Upkey == NULL) goto end;
+                                        }
+#ifndef NO_DSA
+                                if (Upkey->type == EVP_PKEY_DSA)
+                                        digest=EVP_dss1();
+#endif
+                                if (!sign(x,Upkey,days,digest)) goto end;
+                                }
+                        else if (CA_flag == i)
+                                {
+                                BIO_printf(bio_err,"Getting CA Private Key\n");
+                                if (CAkeyfile != NULL)
+                                        {
+                                        CApkey=load_key(CAkeyfile,CAkeyformat);
+                                        if (CApkey == NULL) goto end;
+                                        }
+#ifndef NO_DSA
+                                if (CApkey->type == EVP_PKEY_DSA)
+                                        digest=EVP_dss1();
+#endif
+                                if (!x509_certify(ctx,CAfile,digest,x,xca,
+                                        CApkey,
+                                        CAserial,CA_createserial,days))
+                                        goto end;
+                                }
+                        else if (x509req == i)
+                                {
+                                EVP_PKEY *pk;
+                                BIO_printf(bio_err,"Getting request Private Key\n");
+                                if (keyfile == NULL)
+                                        {
+                                        BIO_printf(bio_err,"no request key file specified\n");
+                                        goto end;
+                                        }
+                                else
+                                        {
+                                        pk=load_key(keyfile,FORMAT_PEM);
+                                        if (pk == NULL) goto end;
+                                        }
+                                BIO_printf(bio_err,"Generating certificate request\n");
+                                rq=X509_to_X509_REQ(x,pk,EVP_md5());
+                                EVP_PKEY_free(pk);
+                                if (rq == NULL)
+                                        {
+                                        ERR_print_errors(bio_err);
+                                        goto end;
+                                        }
+                                if (!noout)
+                                        {
+                                        X509_REQ_print(out,rq);
+                                        PEM_write_bio_X509_REQ(out,rq);
+                                        }
+                                noout=1;
+                                }
+                        }
+                }
+        if (noout)
+                {
+                ret=0;
+                goto end;
+                }
+        if      (outformat == FORMAT_ASN1)
+                i=i2d_X509_bio(out,x);
+        else if (outformat == FORMAT_PEM)
+                i=PEM_write_bio_X509(out,x);
+        else if (outformat == FORMAT_NETSCAPE)
+                {
+                ASN1_HEADER ah;
+                ASN1_OCTET_STRING os;
+                os.data=(unsigned char *)CERT_HDR;
+                os.length=strlen(CERT_HDR);
+                ah.header= &os;
+                ah.data=(char *)x;
+                ah.meth=X509_asn1_meth();
+                /* no macro for this one yet */
+                i=ASN1_i2d_bio(i2d_ASN1_HEADER,out,(unsigned char *)&ah);
+                }
+        else    {
+                BIO_printf(bio_err,"bad output format specified for outfile\n");
+                goto end;
+                }
+        if (!i) {
+                BIO_printf(bio_err,"unable to write certificate\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        ret=0;
+end:
+        OBJ_cleanup();
+        if (out != NULL) BIO_free(out);
+        if (STDout != NULL) BIO_free(STDout);
+        if (ctx != NULL) X509_STORE_free(ctx);
+        if (req != NULL) X509_REQ_free(req);
+        if (x != NULL) X509_free(x);
+        if (xca != NULL) X509_free(xca);
+        if (Upkey != NULL) EVP_PKEY_free(Upkey);
+        if (CApkey != NULL) EVP_PKEY_free(CApkey);
+        if (rq != NULL) X509_REQ_free(rq);
+        EXIT(ret);
+        }
+static int x509_certify(ctx,CAfile,digest,x,xca,pkey,serialfile,create,days)
+X509_STORE *ctx;
+char *CAfile;
+EVP_MD *digest;
+X509 *x;
+X509 *xca;
+EVP_PKEY *pkey;
+char *serialfile;
+int create;
+int days;
+        {
+        int ret=0;
+        BIO *io=NULL;
+        MS_STATIC char buf2[1024];
+        char *buf=NULL,*p;
+        BIGNUM *serial=NULL;
+        ASN1_INTEGER *bs=NULL,bs2;
+        X509_STORE_CTX xsc;
+        EVP_PKEY *upkey;
+        EVP_PKEY_copy_parameters(X509_get_pubkey(xca),pkey);
+        X509_STORE_CTX_init(&xsc,ctx,x,NULL);
+        buf=(char *)Malloc(EVP_PKEY_size(pkey)*2+
+                ((serialfile == NULL)
+                        ?(strlen(CAfile)+strlen(POSTFIX)+1)
+                        :(strlen(serialfile)))+1);
+        if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
+        if (serialfile == NULL)
+                {
+                strcpy(buf,CAfile);
+                for (p=buf; *p; p++)
+                        if (*p == '.')
+                                {
+                                *p='\0';
+                                break;
+                                }
+                strcat(buf,POSTFIX);
+                }
+        else
+                strcpy(buf,serialfile);
+        serial=BN_new();
+        bs=ASN1_INTEGER_new();
+        if ((serial == NULL) || (bs == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        io=BIO_new(BIO_s_file());
+        if (io == NULL)
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        
+        if (BIO_read_filename(io,buf) <= 0)
+                {
+                if (!create)
+                        {
+                        perror(buf);
+                        goto end;
+                        }
+                else
+                        {
+                        ASN1_INTEGER_set(bs,0);
+                        BN_zero(serial);
+                        }
+                }
+        else 
+                {
+                if (!a2i_ASN1_INTEGER(io,bs,buf2,1024))
+                        {
+                        BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                else
+                        {
+                        serial=BN_bin2bn(bs->data,bs->length,serial);
+                        if (serial == NULL)
+                                {
+                                BIO_printf(bio_err,"error converting bin 2 bn");
+                                goto end;
+                                }
+                        }
+                }
+        if (!BN_add_word(serial,1))
+                { BIO_printf(bio_err,"add_word failure\n"); goto end; }
+        bs2.data=(unsigned char *)buf2;
+        bs2.length=BN_bn2bin(serial,bs2.data);
+        if (BIO_write_filename(io,buf) <= 0)
+                {
+                BIO_printf(bio_err,"error attempting to write serial number file\n");
+                perror(buf);
+                goto end;
+                }
+        i2a_ASN1_INTEGER(io,&bs2);
+        BIO_puts(io,"\n");
+        BIO_free(io);
+        io=NULL;
+        
+        if (!X509_STORE_add_cert(ctx,x)) goto end;
+        /* NOTE: this certificate can/should be self signed, unless it was
+         * a certificate request in which case it is not. */
+        X509_STORE_CTX_set_cert(&xsc,x);
+        if (!reqfile && !X509_verify_cert(&xsc))
+                goto end;
+        if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;
+        if (!X509_set_serialNumber(x,bs)) goto end;
+        if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL)
+                goto end;
+        /* hardwired expired */
+        if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+                goto end;
+        /* don't save DSA parameters in child if parent has them
+         * and the parents and the childs are the same. */
+        upkey=X509_get_pubkey(x);
+        if (!EVP_PKEY_missing_parameters(pkey) &&
+                (EVP_PKEY_cmp_parameters(pkey,upkey) == 0))
+                {
+                EVP_PKEY_save_parameters(upkey,0);
+                /* Force a re-write */
+                X509_set_pubkey(x,upkey);
+                }
+        if (!X509_sign(x,pkey,digest)) goto end;
+        ret=1;
+end:
+        X509_STORE_CTX_cleanup(&xsc);
+        if (!ret)
+                ERR_print_errors(bio_err);
+        if (buf != NULL) Free(buf);
+        if (bs != NULL) ASN1_INTEGER_free(bs);
+        if (io != NULL) BIO_free(io);
+        if (serial != NULL) BN_free(serial);
+        return(ret);
+        }
+static int MS_CALLBACK callb(ok, ctx)
+int ok;
+X509_STORE_CTX *ctx;
+        {
+        char buf[256];
+        int err;
+        X509 *err_cert;
+        /* it is ok to use a self signed certificate
+         * This case will catch both the initial ok == 0 and the
+         * final ok == 1 calls to this function */
+        err=X509_STORE_CTX_get_error(ctx);
+        if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+                return(1);
+        /* BAD we should have gotten an error.  Normally if everything
+         * worked X509_STORE_CTX_get_error(ctx) will still be set to
+         * DEPTH_ZERO_SELF_.... */
+        if (ok)
+                {
+                printf("error with certificate to be certified - should be self signed\n");
+                return(0);
+                }
+        else
+                {
+                err_cert=X509_STORE_CTX_get_current_cert(ctx);
+                X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+                printf("%s\n",buf);
+                printf("error with certificate - error %d at depth %d\n%s\n",
+                        err,X509_STORE_CTX_get_error_depth(ctx),
+                        X509_verify_cert_error_string(err));
+                return(1);
+                }
+        }
+static EVP_PKEY *load_key(file, format)
+char *file;
+int format;
+        {
+        BIO *key=NULL;
+        EVP_PKEY *pkey=NULL;
+        if (file == NULL)
+                {
+                BIO_printf(bio_err,"no keyfile specified\n");
+                goto end;
+                }
+        key=BIO_new(BIO_s_file());
+        if (key == NULL)
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (BIO_read_filename(key,file) <= 0)
+                {
+                perror(file);
+                goto end;
+                }
+#ifndef NO_RSA
+        if      (format == FORMAT_ASN1)
+                {
+                RSA *rsa;
+                rsa=d2i_RSAPrivateKey_bio(key,NULL);
+                if (rsa != NULL)
+                        {
+                        if ((pkey=EVP_PKEY_new()) != NULL)
+                                EVP_PKEY_assign_RSA(pkey,rsa);
+                        else
+                                RSA_free(rsa);
+                        }
+                }
+        else
+#endif
+                if (format == FORMAT_PEM)
+                {
+                pkey=PEM_read_bio_PrivateKey(key,NULL,NULL);
+                }
+        else
+                {
+                BIO_printf(bio_err,"bad input format specified for key\n");
+                goto end;
+                }
+end:
+        if (key != NULL) BIO_free(key);
+        if (pkey == NULL)
+                BIO_printf(bio_err,"unable to load Private Key\n");
+        return(pkey);
+        }
+static X509 *load_cert(file, format)
+char *file;
+int format;
+        {
+        ASN1_HEADER *ah=NULL;
+        BUF_MEM *buf=NULL;
+        X509 *x=NULL;
+        BIO *cert;
+        if ((cert=BIO_new(BIO_s_file())) == NULL)
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (file == NULL)
+                BIO_set_fp(cert,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(cert,file) <= 0)
+                        {
+                        perror(file);
+                        goto end;
+                        }
+                }
+        if      (format == FORMAT_ASN1)
+                x=d2i_X509_bio(cert,NULL);
+        else if (format == FORMAT_NETSCAPE)
+                {
+                unsigned char *p,*op;
+                int size=0,i;
+                /* We sort of have to do it this way because it is sort of nice
+                 * to read the header first and check it, then
+                 * try to read the certificate */
+                buf=BUF_MEM_new();
+                for (;;)
+                        {
+                        if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
+                                goto end;
+                        i=BIO_read(cert,&(buf->data[size]),1024*10);
+                        size+=i;
+                        if (i == 0) break;
+                        if (i < 0)
+                                {
+                                perror("reading certificate");
+                                goto end;
+                                }
+                        }
+                p=(unsigned char *)buf->data;
+                op=p;
+                /* First load the header */
+                if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
+                        goto end;
+                if ((ah->header == NULL) || (ah->header->data == NULL) ||
+                        (strncmp(CERT_HDR,(char *)ah->header->data,
+                        ah->header->length) != 0))
+                        {
+                        BIO_printf(bio_err,"Error reading header on certificate\n");
+                        goto end;
+                        }
+                /* header is ok, so now read the object */
+                p=op;
+                ah->meth=X509_asn1_meth();
+                if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
+                        goto end;
+                x=(X509 *)ah->data;
+                ah->data=NULL;
+                }
+        else if (format == FORMAT_PEM)
+                x=PEM_read_bio_X509(cert,NULL,NULL);
+        else    {
+                BIO_printf(bio_err,"bad input format specified for input cert\n");
+                goto end;
+                }
+end:
+        if (x == NULL)
+                {
+                BIO_printf(bio_err,"unable to load certificate\n");
+                ERR_print_errors(bio_err);
+                }
+        if (ah != NULL) ASN1_HEADER_free(ah);
+        if (cert != NULL) BIO_free(cert);
+        if (buf != NULL) BUF_MEM_free(buf);
+        return(x);
+        }
+/* self sign */
+static int sign(x, pkey, days, digest)
+X509 *x;
+EVP_PKEY *pkey;
+int days;
+EVP_MD *digest;
+        {
+        EVP_PKEY_copy_parameters(X509_get_pubkey(x),pkey);
+        EVP_PKEY_save_parameters(X509_get_pubkey(x),1);
+        if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
+        if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
+        /* Lets just make it 12:00am GMT, Jan 1 1970 */
+        /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
+        /* 28 days to be certified */
+        if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+                goto err;
+        if (!X509_set_pubkey(x,pkey)) goto err;
+        if (!X509_sign(x,pkey,digest)) goto err;
+        return(1);
+err:
+        ERR_print_errors(bio_err);
+        return(0);
+        }
diff --git a/src/lib/libssl/src/bugs/MS b/src/lib/libssl/src/bugs/MS
new file mode 100644
index 0000000000..a1dcfb90de
--- /dev/null
+++ b/src/lib/libssl/src/bugs/MS
@@ -0,0 +1,7 @@
+If you use the function that does an fopen inside the DLL, it's malloc
+will be used and when the function is then written inside, more
+hassles
+....
+think about it.
diff --git a/src/lib/libssl/src/bugs/SSLv3 b/src/lib/libssl/src/bugs/SSLv3
new file mode 100644
index 0000000000..2e22a65cdd
--- /dev/null
+++ b/src/lib/libssl/src/bugs/SSLv3
@@ -0,0 +1,41 @@
+So far...
+ssl3.netscape.com:443 does not support client side dynamic
+session-renegotiation.
+ssl3.netscape.com:444 (asks for client cert) sends out all the CA RDN
+in an invalid format (the outer sequence is removed).
+Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
+challenge but then appears to only use 16 bytes when generating the
+encryption keys.  Using 16 bytes is ok but it should be ok to use 32.
+According to the SSLv3 spec, one should use 32 bytes for the challenge
+when opperating in SSLv2/v3 compatablity mode, but as mentioned above,
+this breaks this server so 16 bytes is the way to go.
+www.microsoft.com - when talking SSLv2, if session-id reuse is
+performed, the session-id passed back in the server-finished message
+is different from the one decided upon.
+ssl3.netscape.com:443, first a connection is established with RC4-MD5.
+If it is then resumed, we end up using DES-CBC3-SHA.  It should be
+RC4-MD5 according to 7.6.1.3, 'cipher_suite'.
+Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.
+It only really shows up when connecting via SSLv2/v3 then reconnecting
+via SSLv3. The cipher list changes....
+NEW INFORMATION.  Try connecting with a cipher list of just
+DES-CBC-SHA:RC4-MD5.  For some weird reason, each new connection uses
+RC4-MD5, but a re-connect tries to use DES-CBC-SHA.  So netscape, when
+doing a re-connect, always takes the first cipher in the cipher list.
+If we accept a netscape connection, demand a client cert, have a
+non-self-sighed CA which does not have it's CA in netscape, and the
+browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta
+Netscape browsers do not really notice the server sending a
+close notify message.  I was sending one, and then some invalid data.
+netscape complained of an invalid mac. (a fork()ed child doing a
+SSL_shutdown() and still sharing the socket with its parent).
+Netscape, when using export ciphers, will accept a 1024 bit temporary
+RSA key.  It is supposed to only accept 512.
diff --git a/src/lib/libssl/src/bugs/VC16.bug b/src/lib/libssl/src/bugs/VC16.bug
new file mode 100644
index 0000000000..7815bb5c77
--- /dev/null
+++ b/src/lib/libssl/src/bugs/VC16.bug
@@ -0,0 +1,18 @@
+Microsoft (R) C/C++ Optimizing Compiler Version 8.00c
+Compile with /O2 chokes the compiler on these files
+crypto\md\md5_dgst.c            warning '@(#)reg86.c:1.26', line 1110
+crypto\des\ofb64ede.c           warning '@(#)grammar.c:1.147', line 168
+crypto\des\ofb64enc.c           warning '@(#)grammar.c:1.147', line 168
+crypto\des\qud_cksm.c           warning '@(#)grammar.c:1.147', line 168
+crypto\rc2\rc2ofb64.c           warning '@(#)grammar.c:1.147', line 168
+crypto\objects\obj_dat.c        warning '@(#)grammar.c:1.147', line 168
+                                fatal   '@(#)grammar.c:1.147', line 168
+crypto\objects\obj_lib.c        warning '@(#)grammar.c:1.147', line 168
+                                fatal   '@(#)grammar.c:1.147', line 168
+ssl\ssl_auth.c                  warning '@(#)grammar.c:1.147', line 168
+                                fatal   '@(#)grammar.c:1.147', line 168
+Turning on /G3 with build flags that worked fine for /G2 came up with
+divide by zero errors in 'normal' code in speed.c :-(
diff --git a/src/lib/libssl/src/bugs/alpha.c b/src/lib/libssl/src/bugs/alpha.c
new file mode 100644
index 0000000000..701d6a7c74
--- /dev/null
+++ b/src/lib/libssl/src/bugs/alpha.c
@@ -0,0 +1,91 @@
+/* bugs/alpha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* while not exactly a bug (ASN1 C leaves this undefined) it is
+ * something to watch out for.  This was fine on linux/NT/Solaris but not
+ * Alpha */
+/* it is basically an example of
+ * func(*(a++),*(a++))
+ * which parameter is evaluated first?  It is not defined in ASN1 C.
+ */
+#include <stdio.h>
+#define TYPE    unsigned int
+void func(a,b)
+TYPE *a;
+TYPE b;
+        {
+        printf("%ld -1 == %ld\n",a[0],b);
+        }
+main()
+        {
+        TYPE data[5]={1L,2L,3L,4L,5L};
+        TYPE *p;
+        int i;
+        p=data;
+        for (i=0; i<4; i++)
+                {
+                func(p,*(p++));
+                }
+        }
diff --git a/src/lib/libssl/src/bugs/dggccbug.c b/src/lib/libssl/src/bugs/dggccbug.c
new file mode 100644
index 0000000000..30e07a60ea
--- /dev/null
+++ b/src/lib/libssl/src/bugs/dggccbug.c
@@ -0,0 +1,45 @@
+/* NOCW */
+/* dggccbug.c */
+/* bug found by Eric Young (eay@cryptsoft.com) - May 1995 */
+#include <stdio.h>
+/* There is a bug in
+ * gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14 1994)
+ * as shipped with DGUX 5.4R3.10 that can be bypassed by defining
+ * DG_GCC_BUG in my code.
+ * The bug manifests itself by the vaule of a pointer that is
+ * used only by reference, not having it's value change when it is used
+ * to check for exiting the loop.  Probably caused by there being 2
+ * copies of the valiable, one in a register and one being an address
+ * that is passed. */
+/* compare the out put from
+ * gcc dggccbug.c; ./a.out
+ * and
+ * gcc -O dggccbug.c; ./a.out
+ * compile with -DFIXBUG to remove the bug when optimising.
+ */
+void inc(a)
+int *a;
+        {
+        (*a)++;
+        }
+main()
+        {
+        int p=0;
+#ifdef FIXBUG
+        int dummy;
+#endif
+        while (p<3)
+                {
+                fprintf(stderr,"%08X\n",p);
+                inc(&p);
+#ifdef FIXBUG
+                dummy+=p;
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/bugs/sgiccbug.c b/src/lib/libssl/src/bugs/sgiccbug.c
new file mode 100644
index 0000000000..48bd0605df
--- /dev/null
+++ b/src/lib/libssl/src/bugs/sgiccbug.c
@@ -0,0 +1,55 @@
+/* NOCW */
+/* sgibug.c */
+/* bug found by Eric Young (eay@mincom.oz.au) May 95 */
+#include <stdio.h>
+/* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are
+ * the only versions of IRIX I have access to.
+ * defining FIXBUG removes the bug.
+ */
+ 
+/* Compare the output from
+ * cc sgiccbug.c; ./a.out
+ * and
+ * cc -O sgiccbug.c; ./a.out
+ */
+static unsigned long a[4]={0x01234567,0x89ABCDEF,0xFEDCBA98,0x76543210};
+static unsigned long b[4]={0x89ABCDEF,0xFEDCBA98,0x76543210,0x01234567};
+static unsigned long c[4]={0x77777778,0x8ACF1357,0x88888888,0x7530ECA9};
+main()
+        {
+        unsigned long r[4];
+        sub(r,a,b);
+        fprintf(stderr,"input a= %08X %08X %08X %08X\n",a[3],a[2],a[1],a[0]);
+        fprintf(stderr,"input b= %08X %08X %08X %08X\n",b[3],b[2],b[1],b[0]);
+        fprintf(stderr,"output = %08X %08X %08X %08X\n",r[3],r[2],r[1],r[0]);
+        fprintf(stderr,"correct= %08X %08X %08X %08X\n",c[3],c[2],c[1],c[0]);
+        }
+int sub(r,a,b)
+unsigned long *r,*a,*b;
+        {
+        register unsigned long t1,t2,*ap,*bp,*rp;
+        int i,carry;
+#ifdef FIXBUG
+        unsigned long dummy;
+#endif
+        ap=a;
+        bp=b;
+        rp=r;
+        carry=0;
+        for (i=0; i<4; i++)
+                {
+                t1= *(ap++);
+                t2= *(bp++);
+                t1=(t1-t2);
+#ifdef FIXBUG
+                dummy=t1;
+#endif
+                *(rp++)=t1&0xffffffff;
+                }
+        }
diff --git a/src/lib/libssl/src/bugs/sslref.dif b/src/lib/libssl/src/bugs/sslref.dif
new file mode 100644
index 0000000000..0aa92bfe6d
--- /dev/null
+++ b/src/lib/libssl/src/bugs/sslref.dif
@@ -0,0 +1,26 @@
+The February 9th, 1995 version of the SSL document differs from
+https://www.netscape.com in the following ways.
+=====
+The key material for generating a SSL_CK_DES_64_CBC_WITH_MD5 key is
+KEY-MATERIAL-0 = MD5[MASTER-KEY,"0",CHALLENGE,CONNECTION-ID]
+not
+KEY-MATERIAL-0 = MD5[MASTER-KEY,CHALLENGE,CONNECTION-ID]
+as specified in the documentation.
+=====
+From the section 2.6 Server Only Protocol Messages
+If the SESSION-ID-HIT flag is non-zero then the CERTIFICATE-TYPE,
+CERTIFICATE-LENGTH and CIPHER-SPECS-LENGTH fields will be zero. 
+This is not true for https://www.netscape.com.  The CERTIFICATE-TYPE
+is returned as 1.
+=====
+I have not tested the following but it is reported by holtzman@mit.edu.
+SSLref clients wait to recieve a server-verify before they send a
+client-finished.  Besides this not being evident from the examples in
+2.2.1, it makes more sense to always send all packets you can before
+reading.  SSLeay was waiting in the server to recieve a client-finish
+before sending the server-verify :-).  I have changed SSLeay to send a
+server-verify before trying to read the client-finished.
diff --git a/src/lib/libssl/src/bugs/stream.c b/src/lib/libssl/src/bugs/stream.c
new file mode 100644
index 0000000000..50a3884995
--- /dev/null
+++ b/src/lib/libssl/src/bugs/stream.c
@@ -0,0 +1,131 @@
+/* bugs/stream.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "rc4.h"
+#ifdef NO_DES
+#include <des.h>
+#else
+#include "des.h"
+#endif
+/* show how stream ciphers are not very good.  The mac has no affect
+ * on RC4 while it does for cfb DES
+ */
+main()
+        {
+        fprintf(stderr,"rc4\n");
+        rc4();
+        fprintf(stderr,"cfb des\n");
+        des();
+        }
+int des()
+        {
+        des_key_schedule ks;
+        des_cblock iv,key;
+        int num;
+        static char *keystr="01234567";
+        static char *in1="0123456789ABCEDFdata 12345";
+        static char *in2="9876543210abcdefdata 12345";
+        unsigned char out[100];
+        int i;
+        des_set_key((des_cblock *)keystr,ks);
+        num=0;
+        memset(iv,0,8);
+        des_cfb64_encrypt(in1,out,26,ks,(des_cblock *)iv,&num,1);
+        for (i=0; i<26; i++)
+                fprintf(stderr,"%02X ",out[i]);
+        fprintf(stderr,"\n");
+        num=0;
+        memset(iv,0,8);
+        des_cfb64_encrypt(in2,out,26,ks,(des_cblock *)iv,&num,1);
+        for (i=0; i<26; i++)
+                fprintf(stderr,"%02X ",out[i]);
+        fprintf(stderr,"\n");
+        }
+int rc4()
+        {
+        static char *keystr="0123456789abcdef";
+        RC4_KEY key;
+        unsigned char in[100],out[100];
+        int i;
+        RC4_set_key(&key,16,keystr);
+        in[0]='\0';
+        strcpy(in,"0123456789ABCEDFdata 12345");
+        RC4(key,26,in,out);
+        for (i=0; i<26; i++)
+                fprintf(stderr,"%02X ",out[i]);
+        fprintf(stderr,"\n");
+        RC4_set_key(&key,16,keystr);
+        in[0]='\0';
+        strcpy(in,"9876543210abcdefdata 12345");
+        RC4(key,26,in,out);
+        for (i=0; i<26; i++)
+                fprintf(stderr,"%02X ",out[i]);
+        fprintf(stderr,"\n");
+        }
diff --git a/src/lib/libssl/src/certs/thawteCb.pem b/src/lib/libssl/src/certs/thawteCb.pem
new file mode 100644
index 0000000000..27df192f0d
--- /dev/null
+++ b/src/lib/libssl/src/certs/thawteCb.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
+MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
+MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
+DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
+dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
+DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
+yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
+L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
+EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
+7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
+QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
+qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/thawteCp.pem b/src/lib/libssl/src/certs/thawteCp.pem
new file mode 100644
index 0000000000..51285e33c2
--- /dev/null
+++ b/src/lib/libssl/src/certs/thawteCp.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
+dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
+MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
+MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
+A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
+cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
+VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
+ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
+uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
+hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
+pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/vsign1.pem b/src/lib/libssl/src/certs/vsign1.pem
new file mode 100644
index 0000000000..08c70f2674
--- /dev/null
+++ b/src/lib/libssl/src/certs/vsign1.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
+Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
+ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
+ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
+W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
+QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
+9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
+TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
+8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/vsign3.pem b/src/lib/libssl/src/certs/vsign3.pem
new file mode 100644
index 0000000000..e6e31879c1
--- /dev/null
+++ b/src/lib/libssl/src/certs/vsign3.pem
@@ -0,0 +1,16 @@
+ subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
+nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
+AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
+IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
+Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
+NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config
new file mode 100644
index 0000000000..7643930ee0
--- /dev/null
+++ b/src/lib/libssl/src/config
@@ -0,0 +1,327 @@
+#!/bin/sh
+#
+# config - this is a merge of minarch and GuessOS from the Apache Group
+#          which then automatically runs Configure from SSLeay after
+#          mapping the Apache names for OSs into SSLeay names
+#
+# 16-Sep-97 tjh         first cut of merged version
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+# Original Apache Group comments on GuessOS
+# Simple OS/Platform guesser. Similar to config.guess but
+# much, much smaller. Since it was developed for use with
+# Apache, it follows under Apache's regular licensing
+# with one specific addition: Any changes or additions
+# to this script should be Emailed to the Apache
+# group (apache@apache.org) in general and to
+# Jim Jagielski (jim@jaguNET.com) in specific.
+#
+# Be as similar to the output of config.guess/config.sub
+# as possible.
+# First get uname entries that we use below
+MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
+RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
+SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
+VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
+# Now test for ISC and SCO, since it is has a braindamaged uname.
+#
+# We need to work around FreeBSD 1.1.5.1 
+(
+XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
+if [ "x$XREL" != "x" ]; then
+    if [ -f /etc/kconfig ]; then
+        case "$XREL" in
+            4.0|4.1)
+                    echo "${MACHINE}-whatever-isc4"; exit 0
+                ;;
+        esac
+    else
+        case "$XREL" in
+            3.2v4.2)
+                echo "whatever-whatever-sco3"; exit 0
+                ;;
+            3.2v5.0*)
+                echo "whatever-whatever-sco5"; exit 0
+                ;;
+            4.2MP)
+                if [ "x$VERSION" = "x2.1.1" ]; then
+                    echo "${MACHINE}-whatever-unixware211"; exit 0
+                else
+                    echo "${MACHINE}-whatever-unixware2"; exit 0
+                fi
+                ;;
+            4.2)
+                echo "whatever-whatever-unixware1"; exit 0
+                ;;
+        esac
+    fi
+fi
+# Now we simply scan though... In most cases, the SYSTEM info is enough
+#
+case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+    A/UX:*)
+        echo "m68k-apple-aux3"; exit 0
+        ;;
+    AIX:*)
+        echo "${MACHINE}-ibm-aix"; exit 0
+        ;;
+    dgux:*)
+        echo "${MACHINE}-dg-dgux"; exit 0
+        ;;
+    HI-UX:*)
+        echo "${MACHINE}-hi-hiux"; exit 0
+        ;;
+    HP-UX:*)
+        HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+        case "$HPUXVER" in
+            10.*)
+                echo "${MACHINE}-hp-hpux10."; exit 0
+                ;;
+            *)
+                echo "${MACHINE}-hp-hpux"; exit 0
+                ;;
+        esac
+        ;;
+    IRIX:*)
+        echo "${MACHINE}-sgi-irix"; exit 0
+        ;;
+    IRIX64:*)
+        echo "${MACHINE}-sgi-irix64"; exit 0
+        ;;
+    Linux:[2-9].*)
+        echo "${MACHINE}-whatever-linux2"; exit 0
+        ;;
+    Linux:1.*)
+        echo "${MACHINE}-whatever-linux1"; exit 0
+        ;;
+    LynxOS:*)
+        echo "${MACHINE}-lynx-lynxos"; exit 0
+        ;;
+    BSD/386:*:*:*486*|BSD/OS:*:*:*:*486*)
+        echo "i486-whatever-bsdi"; exit 0
+        ;;
+    BSD/386:*|BSD/OS:*)
+        echo "${MACHINE}-whatever-bsdi"; exit 0
+        ;;
+    FreeBSD:*:*:*486*)
+        echo "i486-whatever-freebsd"; exit 0
+        ;;
+    FreeBSD:*)
+        echo "${MACHINE}-whatever-freebsd"; exit 0
+        ;;
+    NetBSD:*:*:*486*)
+        echo "i486-whatever-netbsd"; exit 0
+        ;;
+    NetBSD:*)
+        echo "${MACHINE}-whatever-netbsd"; exit 0
+        ;;
+    OpenBSD:*)
+        echo "${MACHINE}-whatever-openbsd"; exit 0
+        ;;
+    OSF1:*:*:*alpha*)
+        echo "${MACHINE}-dec-osf"; exit 0
+        ;;
+    QNX:*)
+        case "$VERSION" in
+            423)
+                echo "${MACHINE}-qssl-qnx32"
+                ;;
+            *)
+                echo "${MACHINE}-qssl-qnx"
+                ;;
+        esac
+        exit 0
+        ;;
+    Paragon*:*:*:*)
+        echo "i860-intel-osf1"; exit 0
+        ;;
+    SunOS:5.*)
+        echo "${MACHINE}-sun-solaris2"; exit 0
+        ;;
+    SunOS:*)
+        echo "${MACHINE}-sun-sunos4"; exit 0
+        ;;
+    UNIX_System_V:4.*:*)
+        echo "${MACHINE}-whatever-sysv4"; exit 0
+        ;;
+    *:4*:R4*:m88k)
+        echo "${MACHINE}-whatever-sysv4"; exit 0
+        ;;
+    DYNIX/ptx:4*:*)
+        echo "${MACHINE}-whatever-sysv4"; exit 0
+        ;;
+    *:4.0:3.0:3[34]?? | *:4.0:3.0:3[34]??,*)
+        echo "i486-ncr-sysv4"; exit 0
+        ;;
+    ULTRIX:*)
+        echo "${MACHINE}-unknown-ultrix"; exit 0
+        ;;
+    SINIX*)
+        echo "${MACHINE}-sni-sysv4"; exit 0
+        ;;
+    machten:*)
+       echo "${MACHINE}-tenon-${SYSTEM}"; exit 0;
+       ;;
+    library:*)
+        echo "${MACHINE}-ncr-sysv4"; exit 0
+        ;;
+    ConvexOS:*:11.0:*)
+        echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
+        ;;
+esac
+#
+# Ugg. These are all we can determine by what we know about
+# the output of uname. Be more creative:
+#
+# Do the Apollo stuff first. Here, we just simply assume
+# that the existance of the /usr/apollo directory is proof
+# enough
+if [ -d /usr/apollo ]; then
+    echo "whatever-apollo-whatever"
+    exit 0
+fi
+# Now NeXT
+ISNEXT=`hostinfo 2>/dev/null`
+case "$ISNEXT" in
+    *NeXT*)
+        echo "whatever-next-nextstep"; exit 0
+        ;;
+esac
+# At this point we gone through all the one's
+# we know of: Punt
+echo "${MACHINE}-whatever-${SYSTEM}|${RELEASE}|${VERSION}" 
+exit 0
+) 2>/dev/null | (
+# ---------------------------------------------------------------------------
+# this is where the translation occurs into SSLeay terms
+# ---------------------------------------------------------------------------
+PREFIX=""
+SUFFIX=""
+VERBOSE="false"
+TEST="false"
+# pick up any command line args to config
+for i
+do
+case "$i" in 
+-d*) PREFIX="debug-";;
+-v*) VERBOSE="true";;
+-n*|-t*) TEST="true";;
+esac
+done
+# figure out if gcc is available and if so we use it otherwise
+# we fallback to whatever cc does on the system
+GCCVER=`gcc -v 2>&1`
+if [ $? = "0" ]; then
+  CC=gcc
+else
+  CC=cc
+fi
+# read the output of the embedded GuessOS 
+read GUESSOS
+if [ "$VERBOSE" = "true" ]; then
+  echo GUESSOS $GUESSOS
+fi
+# now map the output into SSLeay terms ... really should hack into the
+# script above so we end up with values in vars but that would take
+# more time that I want to waste at the moment
+case "$GUESSOS" in
+  *-*-linux2) OUT="linux-elf" ;;
+  *-*-linux) OUT="linux-aout" ;;
+  sun4*-sun-solaris2) OUT="solaris-sparc-$CC" ;;
+  *86*-sun-solaris2) OUT="solaris-x86-$CC" ;;
+  *-*-sunos4) OUT="sunos-$CC" ;;
+  *-freebsd) OUT="FreeBSD" ;;
+  *86*-*-netbsd) OUT="NetBSD-x86" ;;
+  sun3*-*-netbsd) OUT="NetBSD-m68" ;;
+  *-*-netbsd) OUT="NetBSD-sparc" ;;
+  *86*-*-openbsd) OUT="OpenBSD-x86" ;;
+  alpha*-*-openbsd) OUT="OpenBSD-alpha" ;;
+  *-*-openbsd) OUT="OpenBSD-bigendian" ;;
+  *-*-osf) OUT="alpha-$CC" ;;
+  *-*-unixware*) OUT="unixware-2.0" ;;
+  *-sni-sysv4) OUT="SINIX" ;;
+  # these are all covered by the catchall below
+  # *-hpux) OUT="hpux-$CC" ;;
+  # *-aix) OUT="aix-$CC" ;;
+  # *-dgux) OUT="dgux" ;;
+  *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
+esac
+if [ -z "$OUT" ]; then
+  OUT="$CC"
+fi
+# run Configure to check to see if we need to specify the 
+# compiler for the platform ... in which case we add it on
+# the end ... otherwise we leave it off
+./Configure 2>&1 | grep '$OUT-$CC' > /dev/null
+if [ $? = "0" ]; then
+  OUT="$OUT-$CC"
+fi
+OUT="$PREFIX$OUT"
+# at this point we have the answer ... which we could check again
+# and then fallback to a vanilla SSLeay build but then this script
+# wouldn't get updated
+echo Configuring for $OUT
+if [ "$TEST" = "true" ]; then
+  echo ./Configure -DNO_IDEA $OUT
+else
+  ./Configure -DNO_IDEA $OUT
+fi
+)
diff --git a/src/lib/libssl/src/crypto/Makefile b/src/lib/libssl/src/crypto/Makefile
new file mode 100644
index 0000000000..eb49323ad5
--- /dev/null
+++ b/src/lib/libssl/src/crypto/Makefile
@@ -0,0 +1,133 @@
+LIB=    crypto
+CFLAGS+= -DNO_IDEA -DTERMIOS -DL_ENDIAN -DANSI_SOURCE 
+CFLAGS+= -I${.CURDIR}/../include
+SRCS+=  cryptlib.c mem.c cversion.c ex_data.c cpt_err.c                 
+CFLAGS+= -I${.CURDIR}/md2
+SRCS+=  md2_dgst.c md2_one.c                                    
+CFLAGS+= -I${.CURDIR}/md5
+SRCS+=  md5_dgst.c md5_one.c                                    
+CFLAGS+= -I${.CURDIR}/sha
+SRCS+=  sha_dgst.c sha1dgst.c sha_one.c sha1_one.c      
+CFLAGS+= -I${.CURDIR}/mdc2
+SRCS+=  mdc2dgst.c mdc2_one.c                                   
+CFLAGS+= -I${.CURDIR}/hmac
+SRCS+=  hmac.c                                                  
+CFLAGS+= -I${.CURDIR}/ripemd
+SRCS+=  rmd_dgst.c rmd_one.c                            
+CFLAGS+= -I${.CURDIR}/des
+SRCS+=  set_key.c ecb_enc.c cbc_enc.c ecb3_enc.c        
+SRCS+=  cfb64enc.c cfb64ede.c cfb_enc.c ofb64ede.c      
+SRCS+=  enc_read.c enc_writ.c ofb64enc.c ofb_enc.c      
+SRCS+=  str2key.c pcbc_enc.c qud_cksm.c rand_key.c      
+SRCS+=  read2pwd.c fcrypt.c xcbc_enc.c read_pwd.c       
+SRCS+=  rpc_enc.c cbc_cksm.c supp.c                             
+CFLAGS+= -I${.CURDIR}/rc2
+SRCS+=  rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c       
+SRCS+=  rc2ofb64.c                                                      
+CFLAGS+= -I${.CURDIR}/rc4
+SRCS+=  rc4_skey.c                                                      
+CFLAGS+= -I${.CURDIR}/rc5
+SRCS+=  rc5_skey.c rc5_ecb.c rc5cfb64.c rc5cfb64.c      
+SRCS+=  rc5ofb64.c                                                      
+CFLAGS+= -I${.CURDIR}/idea
+SRCS+=  i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c             
+SRCS+=  i_skey.c                                                        
+CFLAGS+= -I${.CURDIR}/bf
+SRCS+=  bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c                
+CFLAGS+= -I${.CURDIR}/cast
+SRCS+=  c_skey.c c_ecb.c c_cfb64.c c_ofb64.c    
+CFLAGS+= -I${.CURDIR}/bn
+SRCS+=  bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c    
+SRCS+=  bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c
+SRCS+=  bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c
+SRCS+=  bn_sqr.c bn_recp.c bn_mont.c bn_mpi.c           
+CFLAGS+= -I${.CURDIR}/rsa
+SRCS+=  rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c        
+SRCS+=  rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c        
+SRCS+=  rsa_none.c                                                      
+CFLAGS+= -I${.CURDIR}/dsa
+SRCS+=  dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c         
+SRCS+=  dsa_sign.c dsa_err.c                                    
+CFLAGS+= -I${.CURDIR}/dh
+SRCS+=  dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c  
+CFLAGS+= -I${.CURDIR}/buffer
+SRCS+=  buffer.c buf_err.c                              
+CFLAGS+= -I${.CURDIR}/bio
+SRCS+=  bio_lib.c bio_cb.c bio_err.c bss_mem.c          
+SRCS+=  bss_null.c bss_fd.c bss_file.c bss_sock.c       
+SRCS+=  bss_conn.c bf_null.c bf_buff.c 
+SRCS+=  b_print.c b_dump.c b_sock.c bss_acpt.c          
+SRCS+=  bf_nbio.c                                                       
+CFLAGS+= -I${.CURDIR}/stack
+SRCS+=  stack.c                                                 
+CFLAGS+= -I${.CURDIR}/lhash
+SRCS+=  lhash.c lh_stats.c                                      
+CFLAGS+= -I${.CURDIR}/rand
+SRCS+=  md_rand.c randfile.c                                    
+CFLAGS+= -I${.CURDIR}/err
+SRCS+=  err.c err_all.c err_prn.c                               
+CFLAGS+= -I${.CURDIR}/objects
+SRCS+=  obj_dat.c obj_lib.c obj_err.c
+CFLAGS+= -I${.CURDIR}/evp
+SRCS+=  encode.c digest.c evp_enc.c evp_key.c           
+SRCS+=  e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c         
+SRCS+=  e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c         
+SRCS+=  e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c           
+SRCS+=  e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c     
+SRCS+=  e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c     
+SRCS+=  e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c      
+SRCS+=  e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c        
+SRCS+=  e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c       
+SRCS+=  m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c        
+SRCS+=  m_dss1.c m_mdc2.c m_ripemd.c p_open.c           
+SRCS+=  p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c
+SRCS+=  p_dec.c bio_md.c bio_b64.c bio_enc.c            
+SRCS+=  evp_err.c e_null.c c_all.c evp_lib.c
+CFLAGS+= -I${.CURDIR}/pem
+SRCS+=  pem_sign.c pem_seal.c pem_info.c pem_lib.c      
+SRCS+=  pem_all.c pem_err.c                                     
+CFLAGS+= -I${.CURDIR}/asn1
+SRCS+=  a_object.c a_bitstr.c a_utctm.c a_int.c 
+SRCS+=  a_octet.c a_print.c a_type.c a_set.c    
+SRCS+=  a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c  
+SRCS+=  a_digest.c a_verify.c x_algor.c x_val.c 
+SRCS+=  x_pubkey.c x_sig.c x_req.c x_attrib.c   
+SRCS+=  x_name.c x_cinf.c x_x509.c x_crl.c              
+SRCS+=  x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c 
+SRCS+=  d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c     
+SRCS+=  d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c         
+SRCS+=  i2d_pu.c i2d_pr.c t_req.c t_x509.c              
+SRCS+=  t_pkey.c p7_i_s.c p7_signi.c p7_signd.c 
+SRCS+=  p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c        
+SRCS+=  p7_s_e.c p7_enc.c p7_lib.c f_int.c              
+SRCS+=  f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c       
+SRCS+=  d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c    
+SRCS+=  a_bool.c x_exten.c asn1_par.c asn1_lib.c        
+SRCS+=  asn1_err.c a_meth.c a_bytes.c evp_asn1.c        
+CFLAGS+= -I${.CURDIR}/x509
+SRCS+=  x509_def.c x509_d2.c x509_r2x.c x509_cmp.c      
+SRCS+=  x509_obj.c x509_req.c x509_vfy.c x509_set.c     
+SRCS+=  x509rset.c x509_err.c x509name.c x509_v3.c      
+SRCS+=  x509_ext.c x509pack.c x509type.c x509_lu.c      
+SRCS+=  x_all.c x509_txt.c by_file.c by_dir.c   
+SRCS+=  v3_net.c v3_x509.c                                      
+CFLAGS+= -I${.CURDIR}/conf
+SRCS+=  conf.c conf_err.c                                       
+CFLAGS+= -I${.CURDIR}/txt_db
+SRCS+=  txt_db.c                                                        
+CFLAGS+= -I${.CURDIR}/pkcs7
+SRCS+=  pk7_lib.c pkcs7err.c pk7_doit.c
+.PATH:  ${.CURDIR}/md2 ${.CURDIR}/md5 ${.CURDIR}/sha ${.CURDIR}/mdc2    \
+        ${.CURDIR}/hmac ${.CURDIR}/ripemd ${.CURDIR}/des  ${.CURDIR}/rc2 \
+        ${.CURDIR}/rc4 ${.CURDIR}/rc5 ${.CURDIR}/idea ${.CURDIR}/bf    \
+        ${.CURDIR}/cast ${.CURDIR}/bn  ${.CURDIR}/rsa ${.CURDIR}/dsa   \
+        ${.CURDIR}/dh ${.CURDIR}/buffer ${.CURDIR}/bio ${.CURDIR}/stack \
+        ${.CURDIR}/lhash ${.CURDIR}/rand ${.CURDIR}/err ${.CURDIR}/objects \
+        ${.CURDIR}/evp ${.CURDIR}/pem ${.CURDIR}/asn1  ${.CURDIR}/asn1 \
+        ${.CURDIR}/x509 ${.CURDIR}/conf txt_db/txt_db.c ${.CURDIR}/pkcs7 \
+        ${.CURDIR}/txt_db
+.include <bsd.lib.mk>
diff --git a/src/lib/libssl/src/crypto/asn1/a_bitstr.c b/src/lib/libssl/src/crypto/asn1/a_bitstr.c
new file mode 100644
index 0000000000..2c10120651
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_bitstr.c
@@ -0,0 +1,204 @@
+/* crypto/asn1/a_bitstr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1.h"
+/* ASN1err(ASN1_F_ASN1_STRING_NEW,ASN1_R_STRING_TOO_SHORT);
+ * ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,ASN1_R_EXPECTING_A_BIT_STRING);
+ */
+int i2d_ASN1_BIT_STRING(a,pp)
+ASN1_BIT_STRING *a;
+unsigned char **pp;
+        {
+        int ret,j,r,bits;
+        unsigned char *p,*d;
+        if (a == NULL) return(0);
+        /* our bit strings are always a multiple of 8 :-) */
+        bits=0;
+        ret=1+a->length;
+        r=ASN1_object_size(0,ret,V_ASN1_BIT_STRING);
+        if (pp == NULL) return(r);
+        p= *pp;
+        ASN1_put_object(&p,0,ret,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
+        if (bits == 0)
+                j=0;
+        else    j=8-bits;
+        *(p++)=(unsigned char)j;
+        d=a->data;
+        memcpy(p,d,a->length);
+        p+=a->length;
+        if (a->length > 0) p[-1]&=(0xff<<j);
+        *pp=p;
+        return(r);
+        }
+ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(a, pp, length)
+ASN1_BIT_STRING **a;
+unsigned char **pp;
+long length;
+        {
+        ASN1_BIT_STRING *ret=NULL;
+        unsigned char *p,*s;
+        long len;
+        int inf,tag,xclass;
+        int i;
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=ASN1_BIT_STRING_new()) == NULL) return(NULL);
+                }
+        else
+                ret=(*a);
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80)
+                {
+                i=ASN1_R_BAD_OBJECT_HEADER;
+                goto err;
+                }
+        if (tag != V_ASN1_BIT_STRING)
+                {
+                i=ASN1_R_EXPECTING_A_BIT_STRING;
+                goto err;
+                }
+        if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
+        i= *(p++);
+        if (len-- > 1) /* using one because of the bits left byte */
+                {
+                s=(unsigned char *)Malloc((int)len);
+                if (s == NULL)
+                        {
+                        i=ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+                memcpy(s,p,(int)len);
+                s[len-1]&=(0xff<<i);
+                p+=len;
+                }
+        else
+                s=NULL;
+        ret->length=(int)len;
+        if (ret->data != NULL) Free((char *)ret->data);
+        ret->data=s;
+        ret->type=V_ASN1_BIT_STRING;
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_BIT_STRING_free(ret);
+        return(NULL);
+        }
+/* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
+ */
+int ASN1_BIT_STRING_set_bit(a,n,value)
+ASN1_BIT_STRING *a;
+int n;
+int value;
+        {
+        int w,v,iv;
+        unsigned char *c;
+        w=n/8;
+        v=1<<(7-(n&0x07));
+        iv= ~v;
+        if (a == NULL) return(0);
+        if ((a->length < (w+1)) || (a->data == NULL))
+                {
+                if (!value) return(1); /* Don't need to set */
+                if (a->data == NULL)
+                        c=(unsigned char *)Malloc(w+1);
+                else
+                        c=(unsigned char *)Realloc(a->data,w+1);
+                if (c == NULL) return(0);
+                a->data=c;
+                a->length=w+1;
+                c[w]=0;
+                }
+        a->data[w]=((a->data[w])&iv)|v;
+        while ((a->length > 0) && (a->data[a->length-1] == 0))
+                a->length--;
+        return(1);
+        }
+int ASN1_BIT_STRING_get_bit(a,n)
+ASN1_BIT_STRING *a;
+int n;
+        {
+        int w,v;
+        w=n/8;
+        v=1<<(7-(n&0x07));
+        if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL))
+                return(0);
+        return((a->data[w]&v) != 0);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_bool.c b/src/lib/libssl/src/crypto/asn1/a_bool.c
new file mode 100644
index 0000000000..41a95aa278
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_bool.c
@@ -0,0 +1,121 @@
+/* crypto/asn1/a_bool.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1.h"
+/* ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,ASN1_R_EXPECTING_A_BOOLEAN);
+ * ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+ */
+int i2d_ASN1_BOOLEAN(a,pp)
+int a;
+unsigned char **pp;
+        {
+        int r;
+        unsigned char *p;
+        r=ASN1_object_size(0,1,V_ASN1_BOOLEAN);
+        if (pp == NULL) return(r);
+        p= *pp;
+        ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL);
+        *(p++)= (unsigned char)a;
+        *pp=p;
+        return(r);
+        }
+int d2i_ASN1_BOOLEAN(a, pp, length)
+int *a;
+unsigned char **pp;
+long length;
+        {
+        int ret= -1;
+        unsigned char *p;
+        long len;
+        int inf,tag,xclass;
+        int i=0;
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80)
+                {
+                i=ASN1_R_BAD_OBJECT_HEADER;
+                goto err;
+                }
+        if (tag != V_ASN1_BOOLEAN)
+                {
+                i=ASN1_R_EXPECTING_A_BOOLEAN;
+                goto err;
+                }
+        if (len != 1)
+                {
+                i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
+                goto err;
+                }
+        ret= (int)*(p++);
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_bytes.c b/src/lib/libssl/src/crypto/asn1/a_bytes.c
new file mode 100644
index 0000000000..14168d61ad
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_bytes.c
@@ -0,0 +1,346 @@
+/* crypto/asn1/a_bytes.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+/* ASN1err(ASN1_F_ASN1_TYPE_NEW,ASN1_R_ERROR_STACK);
+ * ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,ASN1_R_ERROR_STACK);
+ * ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,ASN1_R_WRONG_TYPE);
+ * ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,ASN1_R_WRONG_TAG);
+ */
+static unsigned long tag2bit[32]={
+0,      0,      0,      B_ASN1_BIT_STRING,      /* tags  0 -  3 */
+B_ASN1_OCTET_STRING,    0,      0,              B_ASN1_UNKNOWN,/* tags  4- 7 */
+B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags  8-11 */
+B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 12-15 */
+0,      0,      B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
+B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
+0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
+        };
+#ifndef NOPROTO
+static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c);
+#else
+static int asn1_collate_primative();
+#endif
+/* type is a 'bitmap' of acceptable string types to be accepted.
+ */
+ASN1_STRING *d2i_ASN1_type_bytes(a, pp, length, type)
+ASN1_STRING **a;
+unsigned char **pp;
+long length;
+int type;
+        {
+        ASN1_STRING *ret=NULL;
+        unsigned char *p,*s;
+        long len;
+        int inf,tag,xclass;
+        int i=0;
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80) goto err;
+        if (tag >= 32)
+                {
+                i=ASN1_R_TAG_VALUE_TOO_HIGH;;
+                goto err;
+                }
+        if (!(tag2bit[tag] & type))
+                {
+                i=ASN1_R_WRONG_TYPE;
+                goto err;
+                }
+        /* If a bit-string, exit early */
+        if (tag == V_ASN1_BIT_STRING)
+                return(d2i_ASN1_BIT_STRING(a,pp,length));
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
+                }
+        else
+                ret=(*a);
+        if (len != 0)
+                {
+                s=(unsigned char *)Malloc((int)len+1);
+                if (s == NULL)
+                        {
+                        i=ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+                memcpy(s,p,(int)len);
+                s[len]='\0';
+                p+=len;
+                }
+        else
+                s=NULL;
+        if (ret->data != NULL) Free((char *)ret->data);
+        ret->length=(int)len;
+        ret->data=s;
+        ret->type=tag;
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_STRING_free(ret);
+        return(NULL);
+        }
+int i2d_ASN1_bytes(a, pp, tag, xclass)
+ASN1_STRING *a;
+unsigned char **pp;
+int tag;
+int xclass;
+        {
+        int ret,r,constructed;
+        unsigned char *p;
+        if (a == NULL)  return(0);
+        if (tag == V_ASN1_BIT_STRING)
+                return(i2d_ASN1_BIT_STRING(a,pp));
+                
+        ret=a->length;
+        r=ASN1_object_size(0,ret,tag);
+        if (pp == NULL) return(r);
+        p= *pp;
+        if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
+                constructed=1;
+        else
+                constructed=0;
+        ASN1_put_object(&p,constructed,ret,tag,xclass);
+        memcpy(p,a->data,a->length);
+        p+=a->length;
+        *pp= p;
+        return(r);
+        }
+ASN1_STRING *d2i_ASN1_bytes(a, pp, length, Ptag, Pclass)
+ASN1_STRING **a;
+unsigned char **pp;
+long length;
+int Ptag;
+int Pclass;
+        {
+        ASN1_STRING *ret=NULL;
+        unsigned char *p,*s;
+        long len;
+        int inf,tag,xclass;
+        int i=0;
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
+                }
+        else
+                ret=(*a);
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80)
+                {
+                i=ASN1_R_BAD_OBJECT_HEADER;
+                goto err;
+                }
+        if (tag != Ptag)
+                {
+                i=ASN1_R_WRONG_TAG;
+                goto err;
+                }
+        if (inf & V_ASN1_CONSTRUCTED)
+                {
+                ASN1_CTX c;
+                c.pp=pp;
+                c.p=p;
+                c.inf=inf;
+                c.slen=len;
+                c.tag=Ptag;
+                c.xclass=Pclass;
+                c.max=(length == 0)?0:(p+length);
+                if (!asn1_collate_primative(ret,&c)) 
+                        goto err; 
+                else
+                        {
+                        p=c.p;
+                        }
+                }
+        else
+                {
+                if (len != 0)
+                        {
+                        if ((ret->length < len) || (ret->data == NULL))
+                                {
+                                if (ret->data != NULL) Free((char *)ret->data);
+                                s=(unsigned char *)Malloc((int)len);
+                                if (s == NULL)
+                                        {
+                                        i=ERR_R_MALLOC_FAILURE;
+                                        goto err;
+                                        }
+                                }
+                        else
+                                s=ret->data;
+                        memcpy(s,p,(int)len);
+                        p+=len;
+                        }
+                else
+                        {
+                        s=NULL;
+                        if (ret->data != NULL) Free((char *)ret->data);
+                        }
+                ret->length=(int)len;
+                ret->data=s;
+                ret->type=Ptag;
+                }
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_STRING_free(ret);
+        ASN1err(ASN1_F_D2I_ASN1_BYTES,i);
+        return(NULL);
+        }
+/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapes
+ * them into the one struture that is then returned */
+/* There have been a few bug fixes for this function from
+ * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
+static int asn1_collate_primative(a,c)
+ASN1_STRING *a;
+ASN1_CTX *c;
+        {
+        ASN1_STRING *os=NULL;
+        BUF_MEM b;
+        int num;
+        b.length=0;
+        b.max=0;
+        b.data=NULL;
+        if (a == NULL)
+                {
+                c->error=ERR_R_PASSED_NULL_PARAMETER;
+                goto err;
+                }
+        num=0;
+        for (;;)
+                {
+                if (c->inf & 1)
+                        {
+                        c->eos=ASN1_check_infinite_end(&c->p,
+                                (long)(c->max-c->p));
+                        if (c->eos) break;
+                        }
+                else
+                        {
+                        if (c->slen <= 0) break;
+                        }
+                c->q=c->p;
+                if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
+                        == NULL)
+                        {
+                        c->error=ERR_R_ASN1_LIB;
+                        goto err;
+                        }
+                if (!BUF_MEM_grow(&b,num+os->length))
+                        {
+                        c->error=ERR_R_BUF_LIB;
+                        goto err;
+                        }
+                memcpy(&(b.data[num]),os->data,os->length);
+                if (!(c->inf & 1))
+                        c->slen-=(c->p-c->q);
+                num+=os->length;
+                }
+        if (!asn1_Finish(c)) goto err;
+        a->length=num;
+        if (a->data != NULL) Free(a->data);
+        a->data=(unsigned char *)b.data;
+        if (os != NULL) ASN1_STRING_free(os);
+        return(1);
+err:
+        ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,c->error);
+        if (os != NULL) ASN1_STRING_free(os);
+        if (b.data != NULL) Free(b.data);
+        return(0);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c b/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c
new file mode 100644
index 0000000000..d952836a91
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c
@@ -0,0 +1,201 @@
+/* crypto/asn1/a_d2i_fp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "asn1_mac.h"
+#define HEADER_SIZE   8
+#ifndef NO_FP_API
+char *ASN1_d2i_fp(xnew,d2i,in,x)
+char *(*xnew)();
+char *(*d2i)();
+FILE *in;
+unsigned char **x;
+        {
+        BIO *b;
+        char *ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
+                return(NULL);
+                }
+        BIO_set_fp(b,in,BIO_NOCLOSE);
+        ret=ASN1_d2i_bio(xnew,d2i,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+char *ASN1_d2i_bio(xnew,d2i,in,x)
+char *(*xnew)();
+char *(*d2i)();
+BIO *in;
+unsigned char **x;
+        {
+        BUF_MEM *b;
+        unsigned char *p;
+        int i;
+        char *ret=NULL;
+        ASN1_CTX c;
+        int want=HEADER_SIZE;
+        int eos=0;
+        int off=0;
+        int len=0;
+        b=BUF_MEM_new();
+        if (b == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ERR_clear_error();
+        for (;;)
+                {
+                if (want >= (len-off))
+                        {
+                        want-=(len-off);
+                        if (!BUF_MEM_grow(b,len+want))
+                                {
+                                ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        i=BIO_read(in,&(b->data[len]),want);
+                        if ((i < 0) && ((len-off) == 0))
+                                {
+                                ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
+                                goto err;
+                                }
+                        if (i > 0)
+                                len+=i;
+                        }
+                /* else data already loaded */
+                p=(unsigned char *)&(b->data[off]);
+                c.p=p;
+                c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),
+                        len-off);
+                if (c.inf & 0x80)
+                        {
+                        unsigned long e;
+                        e=ERR_GET_REASON(ERR_peek_error());
+                        if (e != ASN1_R_TOO_LONG)
+                                goto err;
+                        else
+                                ERR_get_error(); /* clear error */
+                        }
+                i=c.p-p;/* header length */
+                off+=i; /* end of data */
+                if (c.inf & 1)
+                        {
+                        /* no data body so go round again */
+                        eos++;
+                        want=HEADER_SIZE;
+                        }
+                else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
+                        {
+                        /* eos value, so go back and read another header */
+                        eos--;
+                        if (eos <= 0)
+                                break;
+                        else
+                                want=HEADER_SIZE;
+                        }
+                else 
+                        {
+                        /* suck in c.slen bytes of data */
+                        want=(int)c.slen;
+                        if (want > (len-off))
+                                {
+                                want-=(len-off);
+                                if (!BUF_MEM_grow(b,len+want))
+                                        {
+                                        ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                i=BIO_read(in,&(b->data[len]),want);
+                                if (i <= 0)
+                                        {
+                                        ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
+                                        goto err;
+                                        }
+                                len+=i;
+                                }
+                        off+=(int)c.slen;
+                        if (eos <= 0)
+                                {
+                                break;
+                                }
+                        else
+                                want=HEADER_SIZE;
+                        }
+                }
+        p=(unsigned char *)b->data;
+        ret=d2i(x,&p,off);
+err:
+        if (b != NULL) BUF_MEM_free(b);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_digest.c b/src/lib/libssl/src/crypto/asn1/a_digest.c
new file mode 100644
index 0000000000..8ddb65b0dc
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_digest.c
@@ -0,0 +1,91 @@
+/* crypto/asn1/a_digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "x509.h"
+#include "buffer.h"
+int ASN1_digest(i2d,type,data,md,len)
+int (*i2d)();
+EVP_MD *type;
+char *data;
+unsigned char *md;
+unsigned int *len;
+        {
+        EVP_MD_CTX ctx;
+        int i;
+        unsigned char *str,*p;
+        i=i2d(data,NULL);
+        if ((str=(unsigned char *)Malloc(i)) == NULL) return(0);
+        p=str;
+        i2d(data,&p);
+        EVP_DigestInit(&ctx,type);
+        EVP_DigestUpdate(&ctx,str,i);
+        EVP_DigestFinal(&ctx,md,len);
+        Free(str);
+        return(1);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_dup.c b/src/lib/libssl/src/crypto/asn1/a_dup.c
new file mode 100644
index 0000000000..961b4cb069
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_dup.c
@@ -0,0 +1,86 @@
+/* crypto/asn1/a_dup.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#define READ_CHUNK   2048
+char *ASN1_dup(i2d,d2i,x)
+int (*i2d)();
+char *(*d2i)();
+char *x;
+        {
+        unsigned char *b,*p;
+        long i;
+        char *ret;
+        if (x == NULL) return(NULL);
+        i=(long)i2d(x,NULL);
+        b=(unsigned char *)Malloc((unsigned int)i+10);
+        if (b == NULL)
+                { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+        p= b;
+        i=i2d(x,&p);
+        p= b;
+        ret=d2i(NULL,&p,i);
+        Free((char *)b);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_hdr.c b/src/lib/libssl/src/crypto/asn1/a_hdr.c
new file mode 100644
index 0000000000..4fb7a5fa75
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_hdr.c
@@ -0,0 +1,130 @@
+/* crypto/asn1/a_hdr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "asn1.h"
+/*
+ * ASN1err(ASN1_F_D2I_ASN1_HEADER,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_I2D_ASN1_HEADER,ASN1_R_BAD_GET_OBJECT);
+ * ASN1err(ASN1_F_I2D_ASN1_HEADER,ASN1_R_BAD_GET_OBJECT);
+ * ASN1err(ASN1_F_ASN1_HEADER_NEW,ASN1_R_BAD_GET_OBJECT);
+ */
+int i2d_ASN1_HEADER(a,pp)
+ASN1_HEADER *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->header,       i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(a->data,         a->meth->i2d);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->header,       i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(a->data,         a->meth->i2d);
+        M_ASN1_I2D_finish();
+        }
+ASN1_HEADER *d2i_ASN1_HEADER(a,pp,length)
+ASN1_HEADER **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->header,d2i_ASN1_OCTET_STRING);
+        if (ret->meth != NULL)
+                {
+                M_ASN1_D2I_get(ret->data,ret->meth->d2i);
+                }
+        else
+                {
+                if (a != NULL) (*a)=ret;
+                return(ret);
+                }
+        M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);
+        }
+ASN1_HEADER *ASN1_HEADER_new()
+        {
+        ASN1_HEADER *ret=NULL;
+        M_ASN1_New_Malloc(ret,ASN1_HEADER);
+        M_ASN1_New(ret->header,ASN1_OCTET_STRING_new);
+        ret->meth=NULL;
+        ret->data=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
+        }
+void ASN1_HEADER_free(a)
+ASN1_HEADER *a;
+        {
+        if (a == NULL) return;
+        ASN1_OCTET_STRING_free(a->header);
+        if (a->meth != NULL)
+                a->meth->destroy(a->data);
+        Free((char *)a);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_i2d_fp.c b/src/lib/libssl/src/crypto/asn1/a_i2d_fp.c
new file mode 100644
index 0000000000..66c3df68d5
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_i2d_fp.c
@@ -0,0 +1,119 @@
+/* crypto/asn1/a_i2d_fp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "asn1_mac.h"
+#ifndef NO_FP_API
+int ASN1_i2d_fp(i2d,out,x)
+int (*i2d)();
+FILE *out;
+unsigned char *x;
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,out,BIO_NOCLOSE);
+        ret=ASN1_i2d_bio(i2d,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int ASN1_i2d_bio(i2d,out,x)
+int (*i2d)();
+BIO *out;
+unsigned char *x;
+        {
+        char *b;
+        unsigned char *p;
+        int i,j=0,n,ret=1;
+        n=i2d(x,NULL);
+        b=(char *)Malloc(n);
+        if (b == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        p=(unsigned char *)b;
+        i2d(x,&p);
+        
+        for (;;)
+                {
+                i=BIO_write(out,&(b[j]),n);
+                if (i == n) break;
+                if (i <= 0)
+                        {
+                        ret=0;
+                        break;
+                        }
+                j+=i;
+                n-=i;
+                }
+        Free((char *)b);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_int.c b/src/lib/libssl/src/crypto/asn1/a_int.c
new file mode 100644
index 0000000000..df79cf99bb
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_int.c
@@ -0,0 +1,305 @@
+/* crypto/asn1/a_int.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1.h"
+/* ASN1err(ASN1_F_D2I_ASN1_INTEGER,ASN1_R_EXPECTING_AN_INTEGER);
+ */
+int i2d_ASN1_INTEGER(a,pp)
+ASN1_INTEGER *a;
+unsigned char **pp;
+        {
+        int pad=0,ret,r,i,t;
+        unsigned char *p,*pt,*n,pb=0;
+        if ((a == NULL) || (a->data == NULL)) return(0);
+        t=a->type;
+        if (a->length == 0)
+                ret=1;
+        else
+                {
+                ret=a->length;
+                i=a->data[0];
+                if ((t == V_ASN1_INTEGER) && (i > 127))
+                        {
+                        pad=1;
+                        pb=0;
+                        }
+                else if ((t == V_ASN1_NEG_INTEGER) && (i>128))
+                        {
+                        pad=1;
+                        pb=0xFF;
+                        }
+                ret+=pad;
+                }
+        r=ASN1_object_size(0,ret,V_ASN1_INTEGER);
+        if (pp == NULL) return(r);
+        p= *pp;
+        ASN1_put_object(&p,0,ret,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
+        if (pad) *(p++)=pb;
+        if (a->length == 0)
+                *(p++)=0;
+        else if (t == V_ASN1_INTEGER)
+                {
+                memcpy(p,a->data,(unsigned int)a->length);
+                p+=a->length;
+                }
+        else
+                {
+                n=a->data;
+                pt=p;
+                for (i=a->length; i>0; i--)
+                        *(p++)= (*(n++)^0xFF)+1;
+                if (!pad) *pt|=0x80;
+                }
+        *pp=p;
+        return(r);
+        }
+ASN1_INTEGER *d2i_ASN1_INTEGER(a, pp, length)
+ASN1_INTEGER **a;
+unsigned char **pp;
+long length;
+        {
+        ASN1_INTEGER *ret=NULL;
+        unsigned char *p,*to,*s;
+        long len;
+        int inf,tag,xclass;
+        int i;
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=ASN1_INTEGER_new()) == NULL) return(NULL);
+                ret->type=V_ASN1_INTEGER;
+                }
+        else
+                ret=(*a);
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80)
+                {
+                i=ASN1_R_BAD_OBJECT_HEADER;
+                goto err;
+                }
+        if (tag != V_ASN1_INTEGER)
+                {
+                i=ASN1_R_EXPECTING_AN_INTEGER;
+                goto err;
+                }
+        /* We must Malloc stuff, even for 0 bytes otherwise it
+         * signifies a missing NULL parameter. */
+        s=(unsigned char *)Malloc((int)len+1);
+        if (s == NULL)
+                {
+                i=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+        to=s;
+        if (*p & 0x80) /* a negative number */
+                {
+                ret->type=V_ASN1_NEG_INTEGER;
+                if (*p == 0xff)
+                        {
+                        p++;
+                        len--;
+                        }
+                for (i=(int)len; i>0; i--)
+                        *(to++)= (*(p++)^0xFF)+1;
+                }
+        else
+                {
+                ret->type=V_ASN1_INTEGER;
+                if ((*p == 0) && (len != 1))
+                        {
+                        p++;
+                        len--;
+                        }
+                memcpy(s,p,(int)len);
+                p+=len;
+                }
+        if (ret->data != NULL) Free((char *)ret->data);
+        ret->data=s;
+        ret->length=(int)len;
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_INTEGER_free(ret);
+        return(NULL);
+        }
+int ASN1_INTEGER_set(a,v)
+ASN1_INTEGER *a;
+long v;
+        {
+        int i,j,k;
+        unsigned char buf[sizeof(long)+1];
+        long d;
+        a->type=V_ASN1_INTEGER;
+        if (a->length < (sizeof(long)+1))
+                {
+                if (a->data != NULL)
+                        Free((char *)a->data);
+                if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
+                        memset((char *)a->data,0,sizeof(long)+1);
+                }
+        if (a->data == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        d=v;
+        if (d < 0)
+                {
+                d= -d;
+                a->type=V_ASN1_NEG_INTEGER;
+                }
+        for (i=0; i<sizeof(long); i++)
+                {
+                if (d == 0) break;
+                buf[i]=(int)d&0xff;
+                d>>=8;
+                }
+        j=0;
+        if (v < 0) a->data[j++]=0;
+        for (k=i-1; k >=0; k--)
+                a->data[j++]=buf[k];
+        a->length=j;
+        return(1);
+        }
+long ASN1_INTEGER_get(a)
+ASN1_INTEGER *a;
+        {
+        int neg=0,i;
+        long r=0;
+        if (a == NULL) return(0L);
+        i=a->type;
+        if (i == V_ASN1_NEG_INTEGER)
+                neg=1;
+        else if (i != V_ASN1_INTEGER)
+                return(0);
+        
+        if (a->length > sizeof(long))
+                {
+                /* hmm... a bit ugly */
+                return(0xffffffffL);
+                }
+        if (a->data == NULL)
+                return(0);
+        for (i=0; i<a->length; i++)
+                {
+                r<<=8;
+                r|=(unsigned char)a->data[i];
+                }
+        if (neg) r= -r;
+        return(r);
+        }
+ASN1_INTEGER *BN_to_ASN1_INTEGER(bn,ai)
+BIGNUM *bn;
+ASN1_INTEGER *ai;
+        {
+        ASN1_INTEGER *ret;
+        int len,j;
+        if (ai == NULL)
+                ret=ASN1_INTEGER_new();
+        else
+                ret=ai;
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ASN1_R_ERROR_STACK);
+                goto err;
+                }
+        ret->type=V_ASN1_INTEGER;
+        j=BN_num_bits(bn);
+        len=((j == 0)?0:((j/8)+1));
+        ret->data=(unsigned char *)Malloc(len+4);
+        ret->length=BN_bn2bin(bn,ret->data);
+        return(ret);
+err:
+        if (ret != ai) ASN1_INTEGER_free(ret);
+        return(NULL);
+        }
+BIGNUM *ASN1_INTEGER_to_BN(ai,bn)
+ASN1_INTEGER *ai;
+BIGNUM *bn;
+        {
+        BIGNUM *ret;
+        if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
+                ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_meth.c b/src/lib/libssl/src/crypto/asn1/a_meth.c
new file mode 100644
index 0000000000..513625c305
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_meth.c
@@ -0,0 +1,84 @@
+/* crypto/asn1/a_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "x509.h"
+static  ASN1_METHOD ia5string_meth={
+        (int (*)())     i2d_ASN1_IA5STRING,
+        (char *(*)())   d2i_ASN1_IA5STRING,
+        (char *(*)())   ASN1_STRING_new,
+        (void (*)())    ASN1_STRING_free};
+static  ASN1_METHOD bit_string_meth={
+        (int (*)())     i2d_ASN1_BIT_STRING,
+        (char *(*)())   d2i_ASN1_BIT_STRING,
+        (char *(*)())   ASN1_STRING_new,
+        (void (*)())    ASN1_STRING_free};
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth()
+        {
+        return(&ia5string_meth);
+        }
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth()
+        {
+        return(&bit_string_meth);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_object.c b/src/lib/libssl/src/crypto/asn1/a_object.c
new file mode 100644
index 0000000000..5a7eeef8d8
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_object.c
@@ -0,0 +1,389 @@
+/* crypto/asn1/a_object.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "asn1.h"
+#include "objects.h"
+/* ASN1err(ASN1_F_ASN1_OBJECT_NEW,ASN1_R_EXPECTING_AN_OBJECT); 
+ * ASN1err(ASN1_F_D2I_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER); 
+ * ASN1err(ASN1_F_I2T_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER);
+ */
+int i2d_ASN1_OBJECT(a, pp)
+ASN1_OBJECT *a;
+unsigned char **pp;
+        {
+        unsigned char *p;
+        if ((a == NULL) || (a->data == NULL)) return(0);
+        if (pp == NULL)
+                return(ASN1_object_size(0,a->length,V_ASN1_OBJECT));
+        p= *pp;
+        ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
+        memcpy(p,a->data,a->length);
+        p+=a->length;
+        *pp=p;
+        return(a->length);
+        }
+int a2d_ASN1_OBJECT(out,olen,buf,num)
+unsigned char *out;
+int olen;
+char *buf;
+int num;
+        {
+        int i,first,len=0,c;
+        char tmp[24],*p;
+        unsigned long l;
+        if (num == 0)
+                return(0);
+        else if (num == -1)
+                num=strlen(buf);
+        p=buf;
+        c= *(p++);
+        num--;
+        if ((c >= '0') && (c <= '2'))
+                {
+                first=(c-'0')*40;
+                }
+        else
+                {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE);
+                goto err;
+                }
+        if (num <= 0)
+                {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER);
+                goto err;
+                }
+        c= *(p++);
+        num--;
+        for (;;)
+                {
+                if (num <= 0) break;
+                if ((c != '.') && (c != ' '))
+                        {
+                        ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR);
+                        goto err;
+                        }
+                l=0;
+                for (;;)
+                        {
+                        if (num <= 0) break;
+                        num--;
+                        c= *(p++);
+                        if ((c == ' ') || (c == '.'))
+                                break;
+                        if ((c < '0') || (c > '9'))
+                                {
+                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
+                                goto err;
+                                }
+                        l=l*10L+(long)(c-'0');
+                        }
+                if (len == 0)
+                        {
+                        if ((first < 2) && (l >= 40))
+                                {
+                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
+                                goto err;
+                                }
+                        l+=(long)first;
+                        }
+                i=0;
+                for (;;)
+                        {
+                        tmp[i++]=(unsigned char)l&0x7f;
+                        l>>=7L;
+                        if (l == 0L) break;
+                        }
+                if (out != NULL)
+                        {
+                        if (len+i > olen)
+                                {
+                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL);
+                                goto err;
+                                }
+                        while (--i > 0)
+                                out[len++]=tmp[i]|0x80;
+                        out[len++]=tmp[0];
+                        }
+                else
+                        len+=i;
+                }
+        return(len);
+err:
+        return(0);
+        }
+int i2t_ASN1_OBJECT(buf,buf_len,a)
+char *buf;
+int buf_len;
+ASN1_OBJECT *a;
+        {
+        int i,idx=0,n=0,len,nid;
+        unsigned long l;
+        unsigned char *p;
+        char *s;
+        char tbuf[32];
+        if (buf_len <= 0) return(0);
+        if ((a == NULL) || (a->data == NULL))
+                {
+                buf[0]='\0';
+                return(0);
+                }
+        nid=OBJ_obj2nid(a);
+        if (nid == NID_undef)
+                {
+                len=a->length;
+                p=a->data;
+                idx=0;
+                l=0;
+                while (idx < a->length)
+                        {
+                        l|=(p[idx]&0x7f);
+                        if (!(p[idx] & 0x80)) break;
+                        l<<=7L;
+                        idx++;
+                        }
+                idx++;
+                i=(int)(l/40);
+                if (i > 2) i=2;
+                l-=(long)(i*40);
+                sprintf(tbuf,"%d.%ld",i,l);
+                i=strlen(tbuf);
+                strncpy(buf,tbuf,buf_len);
+                buf_len-=i;
+                buf+=i;
+                n+=i;
+                l=0;
+                for (; idx<len; idx++)
+                        {
+                        l|=p[idx]&0x7f;
+                        if (!(p[idx] & 0x80))
+                                {
+                                sprintf(tbuf,".%ld",l);
+                                i=strlen(tbuf);
+                                if (buf_len > 0)
+                                        strncpy(buf,tbuf,buf_len);
+                                buf_len-=i;
+                                buf+=i;
+                                n+=i;
+                                l=0;
+                                }
+                        l<<=7L;
+                        }
+                }
+        else
+                {
+                s=(char *)OBJ_nid2ln(nid);
+                if (s == NULL)
+                        s=(char *)OBJ_nid2sn(nid);
+                strncpy(buf,s,buf_len);
+                n=strlen(s);
+                }
+        buf[buf_len-1]='\0';
+        return(n);
+        }
+int i2a_ASN1_OBJECT(bp,a)
+BIO *bp;
+ASN1_OBJECT *a;
+        {
+        char buf[80];
+        int i;
+        if ((a == NULL) || (a->data == NULL))
+                return(BIO_write(bp,"NULL",4));
+        i=i2t_ASN1_OBJECT(buf,80,a);
+        if (i > 80) i=80;
+        BIO_write(bp,buf,i);
+        return(i);
+        }
+ASN1_OBJECT *d2i_ASN1_OBJECT(a, pp, length)
+ASN1_OBJECT **a;
+unsigned char **pp;
+long length; 
+        {
+        ASN1_OBJECT *ret=NULL;
+        unsigned char *p;
+        long len;
+        int tag,xclass;
+        int inf,i;
+        /* only the ASN1_OBJECTs from the 'table' will have values
+         * for ->sn or ->ln */
+        if ((a == NULL) || ((*a) == NULL) ||
+                !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+                {
+                if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
+                }
+        else    ret=(*a);
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80)
+                {
+                i=ASN1_R_BAD_OBJECT_HEADER;
+                goto err;
+                }
+        if (tag != V_ASN1_OBJECT)
+                {
+                i=ASN1_R_EXPECTING_AN_OBJECT;
+                goto err;
+                }
+        if ((ret->data == NULL) || (ret->length < len))
+                {
+                if (ret->data != NULL) Free((char *)ret->data);
+                ret->data=(unsigned char *)Malloc((int)len);
+                ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+                if (ret->data == NULL)
+                        { i=ERR_R_MALLOC_FAILURE; goto err; }
+                }
+        memcpy(ret->data,p,(int)len);
+        ret->length=(int)len;
+        ret->sn=NULL;
+        ret->ln=NULL;
+        /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
+        p+=len;
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_OBJECT_free(ret);
+        return(NULL);
+        }
+ASN1_OBJECT *ASN1_OBJECT_new()
+        {
+        ASN1_OBJECT *ret;
+        ret=(ASN1_OBJECT *)Malloc(sizeof(ASN1_OBJECT));
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->length=0;
+        ret->data=NULL;
+        ret->nid=0;
+        ret->sn=NULL;
+        ret->ln=NULL;
+        ret->flags=ASN1_OBJECT_FLAG_DYNAMIC;
+        return(ret);
+        }
+void ASN1_OBJECT_free(a)
+ASN1_OBJECT *a;
+        {
+        if (a == NULL) return;
+        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
+                {
+                if (a->sn != NULL) Free(a->sn);
+                if (a->ln != NULL) Free(a->ln);
+                a->sn=a->ln=NULL;
+                }
+        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
+                {
+                if (a->data != NULL) Free(a->data);
+                a->data=NULL;
+                a->length=0;
+                }
+        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
+                Free((char *)a);
+        }
+ASN1_OBJECT *ASN1_OBJECT_create(nid,data,len,sn,ln)
+int nid;
+unsigned char *data;
+int len;
+char *sn,*ln;
+        {
+        ASN1_OBJECT o;
+        o.sn=sn;
+        o.ln=ln;
+        o.data=data;
+        o.nid=nid;
+        o.length=len;
+        o.flags=ASN1_OBJECT_FLAG_DYNAMIC|
+                ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+        return(OBJ_dup(&o));
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_octet.c b/src/lib/libssl/src/crypto/asn1/a_octet.c
new file mode 100644
index 0000000000..be3f172a8c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_octet.c
@@ -0,0 +1,90 @@
+/* crypto/asn1/a_octet.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1.h"
+/* ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ASN1_R_EXPECTING_AN_OCTET_STRING);
+ */
+int i2d_ASN1_OCTET_STRING(a, pp)
+ASN1_OCTET_STRING *a;
+unsigned char **pp;
+        {
+        return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+                V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL));
+        }
+ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(a, pp, length)
+ASN1_OCTET_STRING **a;
+unsigned char **pp;
+long length;
+        {
+        ASN1_OCTET_STRING *ret=NULL;
+        ret=(ASN1_OCTET_STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
+                pp,length,V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL);
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ASN1_R_ERROR_STACK);
+                return(NULL);
+                }
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_print.c b/src/lib/libssl/src/crypto/asn1/a_print.c
new file mode 100644
index 0000000000..3023361dee
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_print.c
@@ -0,0 +1,161 @@
+/* crypto/asn1/a_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1.h"
+/* ASN1err(ASN1_F_D2I_ASN1_PRINT_TYPE,ASN1_R_WRONG_PRINTABLE_TYPE);
+ * ASN1err(ASN1_F_D2I_ASN1_PRINT_TYPE,ASN1_R_TAG_VALUE_TOO_HIGH);
+ */
+int i2d_ASN1_IA5STRING(a,pp)
+ASN1_IA5STRING *a;
+unsigned char **pp;
+        { return(M_i2d_ASN1_IA5STRING(a,pp)); }
+ASN1_IA5STRING *d2i_ASN1_IA5STRING(a,pp,l)
+ASN1_IA5STRING **a;
+unsigned char **pp;
+long l;
+        { return(M_d2i_ASN1_IA5STRING(a,pp,l)); }
+ASN1_T61STRING *d2i_ASN1_T61STRING(a,pp,l)
+ASN1_T61STRING **a;
+unsigned char **pp;
+long l;
+        { return(M_d2i_ASN1_T61STRING(a,pp,l)); }
+ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(a,pp,l)
+ASN1_PRINTABLESTRING **a;
+unsigned char **pp;
+long l;
+        { return(M_d2i_ASN1_PRINTABLESTRING(a,pp,l)); }
+int i2d_ASN1_PRINTABLE(a,pp)
+ASN1_STRING *a;
+unsigned char **pp;
+        { return(M_i2d_ASN1_PRINTABLE(a,pp)); }
+ASN1_STRING *d2i_ASN1_PRINTABLE(a,pp,l)
+ASN1_STRING **a;
+unsigned char **pp;
+long l;
+        { return(M_d2i_ASN1_PRINTABLE(a,pp,l)); }
+int ASN1_PRINTABLE_type(s,len)
+unsigned char *s;
+int len;
+        {
+        int c;
+        int ia5=0;
+        int t61=0;
+        if (len <= 0) len= -1;
+        if (s == NULL) return(V_ASN1_PRINTABLESTRING);
+        while ((*s) && (len-- != 0))
+                {
+                c= *(s++);
+                if (!(  ((c >= 'a') && (c <= 'z')) ||
+                        ((c >= 'A') && (c <= 'Z')) ||
+                        (c == ' ') ||
+                        ((c >= '0') && (c <= '9')) ||
+                        (c == ' ') || (c == '\'') ||
+                        (c == '(') || (c == ')') ||
+                        (c == '+') || (c == ',') ||
+                        (c == '-') || (c == '.') ||
+                        (c == '/') || (c == ':') ||
+                        (c == '=') || (c == '?')))
+                        ia5=1;
+                if (c&0x80)
+                        t61=1;
+                }
+        if (t61) return(V_ASN1_T61STRING);
+        if (ia5) return(V_ASN1_IA5STRING);
+        return(V_ASN1_PRINTABLESTRING);
+        }
+int ASN1_UNIVERSALSTRING_to_string(s)
+ASN1_UNIVERSALSTRING *s;
+        {
+        int i;
+        unsigned char *p;
+        if (s->type != V_ASN1_UNIVERSALSTRING) return(0);
+        if ((s->length%4) != 0) return(0);
+        p=s->data;
+        for (i=0; i<s->length; i+=4)
+                {
+                if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
+                        break;
+                else
+                        p+=4;
+                }
+        if (i < s->length) return(0);
+        p=s->data;
+        for (i=3; i<s->length; i+=4)
+                {
+                *(p++)=s->data[i];
+                }
+        *(p)='\0';
+        s->length/=4;
+        s->type=ASN1_PRINTABLE_type(s->data,s->length);
+        return(1);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_set.c b/src/lib/libssl/src/crypto/asn1/a_set.c
new file mode 100644
index 0000000000..17c49946cf
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_set.c
@@ -0,0 +1,149 @@
+/* crypto/asn1/a_set.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+/* ASN1err(ASN1_F_ASN1_TYPE_NEW,ERR_R_MALLOC_FAILURE);
+ */
+int i2d_ASN1_SET(a,pp,func,ex_tag,ex_class)
+STACK *a;
+unsigned char **pp;
+int (*func)();
+int ex_tag;
+int ex_class;
+        {
+        int ret=0,r;
+        int i;
+        unsigned char *p;
+        if (a == NULL) return(0);
+        for (i=sk_num(a)-1; i>=0; i--)
+                ret+=func(sk_value(a,i),NULL);
+        r=ASN1_object_size(1,ret,ex_tag);
+        if (pp == NULL) return(r);
+        p= *pp;
+        ASN1_put_object(&p,1,ret,ex_tag,ex_class);
+        for (i=0; i<sk_num(a); i++)
+                func(sk_value(a,i),&p);
+        *pp=p;
+        return(r);
+        }
+STACK *d2i_ASN1_SET(a,pp,length,func,ex_tag,ex_class)
+STACK **a;
+unsigned char **pp;
+long length;
+char *(*func)();
+int ex_tag;
+int ex_class;
+        {
+        ASN1_CTX c;
+        STACK *ret=NULL;
+        if ((a == NULL) || ((*a) == NULL))
+                { if ((ret=sk_new(NULL)) == NULL) goto err; }
+        else
+                ret=(*a);
+        c.p= *pp;
+        c.max=(length == 0)?0:(c.p+length);
+        c.inf=ASN1_get_object(&c.p,&c.slen,&c.tag,&c.xclass,c.max-c.p);
+        if (c.inf & 0x80) goto err;
+        if (ex_class != c.xclass)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_CLASS);
+                goto err;
+                }
+        if (ex_tag != c.tag)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_TAG);
+                goto err;
+                }
+        if ((c.slen+c.p) > c.max)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR);
+                goto err;
+                }
+        /* check for infinite constructed - it can be as long
+         * as the amount of data passed to us */
+        if (c.inf == (V_ASN1_CONSTRUCTED+1))
+                c.slen=length+ *pp-c.p;
+        c.max=c.p+c.slen;
+        while (c.p < c.max)
+                {
+                char *s;
+                if (M_ASN1_D2I_end_sequence()) break;
+                if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) goto err;
+                if (!sk_push(ret,s)) goto err;
+                }
+        if (a != NULL) (*a)=ret;
+        *pp=c.p;
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret))) sk_free(ret);
+        return(NULL);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_sign.c b/src/lib/libssl/src/crypto/asn1/a_sign.c
new file mode 100644
index 0000000000..02188e68c4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_sign.c
@@ -0,0 +1,147 @@
+/* crypto/asn1/a_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "evp.h"
+#include "x509.h"
+#include "objects.h"
+#include "buffer.h"
+#include "pem.h"
+int ASN1_sign(i2d,algor1,algor2,signature,data,pkey,type)
+int (*i2d)();
+X509_ALGOR *algor1;
+X509_ALGOR *algor2;
+ASN1_BIT_STRING *signature;
+char *data;
+EVP_PKEY *pkey;
+EVP_MD *type;
+        {
+        EVP_MD_CTX ctx;
+        unsigned char *p,*buf_in=NULL,*buf_out=NULL;
+        int i,inl=0,outl=0,outll=0;
+        X509_ALGOR *a;
+        for (i=0; i<2; i++)
+                {
+                if (i == 0)
+                        a=algor1;
+                else
+                        a=algor2;
+                if (a == NULL) continue;
+                if (    (a->parameter == NULL) || 
+                        (a->parameter->type != V_ASN1_NULL))
+                        {
+                        ASN1_TYPE_free(a->parameter);
+                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+                        a->parameter->type=V_ASN1_NULL;
+                        }
+                ASN1_OBJECT_free(a->algorithm);
+                a->algorithm=OBJ_nid2obj(type->pkey_type);
+                if (a->algorithm == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+                        goto err;
+                        }
+                if (a->algorithm->length == 0)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        goto err;
+                        }
+                }
+        inl=i2d(data,NULL);
+        buf_in=(unsigned char *)Malloc((unsigned int)inl);
+        outll=outl=EVP_PKEY_size(pkey);
+        buf_out=(unsigned char *)Malloc((unsigned int)outl);
+        if ((buf_in == NULL) || (buf_out == NULL))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p=buf_in;
+        i2d(data,&p);
+        EVP_SignInit(&ctx,type);
+        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+                        (unsigned int *)&outl,pkey))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+                goto err;
+                }
+        if (signature->data != NULL) Free((char *)signature->data);
+        signature->data=buf_out;
+        buf_out=NULL;
+        signature->length=outl;
+err:
+        memset(&ctx,0,sizeof(ctx));
+        if (buf_in != NULL)
+                { memset((char *)buf_in,0,(unsigned int)inl); Free((char *)buf_in); }
+        if (buf_out != NULL)
+                { memset((char *)buf_out,0,outll); Free((char *)buf_out); }
+        return(outl);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_type.c b/src/lib/libssl/src/crypto/asn1/a_type.c
new file mode 100644
index 0000000000..7c0004084c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_type.c
@@ -0,0 +1,325 @@
+/* crypto/asn1/a_type.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+/* ASN1err(ASN1_F_ASN1_TYPE_NEW,ASN1_R_ERROR_STACK);
+ * ASN1err(ASN1_F_D2I_ASN1_BYTES,ASN1_R_ERROR_STACK);
+ * ASN1err(ASN1_F_D2I_ASN1_BYTES,ASN1_R_WRONG_TAG);
+ * ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,ASN1_R_WRONG_TAG);
+ */
+#ifndef NOPROTO
+static void ASN1_TYPE_component_free(ASN1_TYPE *a);
+#else
+static void ASN1_TYPE_component_free();
+#endif
+int i2d_ASN1_TYPE(a,pp)
+ASN1_TYPE *a;
+unsigned char **pp;
+        {
+        int r=0;
+        if (a == NULL) return(0);
+        switch (a->type)
+                {
+        case V_ASN1_NULL:
+                if (pp != NULL)
+                        ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL);
+                r=2;
+                break;
+        case V_ASN1_INTEGER:
+        case V_ASN1_NEG_INTEGER:
+                r=i2d_ASN1_INTEGER(a->value.integer,pp);
+                break;
+        case V_ASN1_BIT_STRING:
+                r=i2d_ASN1_BIT_STRING(a->value.bit_string,pp);
+                break;
+        case V_ASN1_OCTET_STRING:
+                r=i2d_ASN1_OCTET_STRING(a->value.octet_string,pp);
+                break;
+        case V_ASN1_OBJECT:
+                r=i2d_ASN1_OBJECT(a->value.object,pp);
+                break;
+        case V_ASN1_PRINTABLESTRING:
+                r=M_i2d_ASN1_PRINTABLESTRING(a->value.printablestring,pp);
+                break;
+        case V_ASN1_T61STRING:
+                r=M_i2d_ASN1_T61STRING(a->value.t61string,pp);
+                break;
+        case V_ASN1_IA5STRING:
+                r=M_i2d_ASN1_IA5STRING(a->value.ia5string,pp);
+                break;
+        case V_ASN1_GENERALSTRING:
+                r=M_i2d_ASN1_GENERALSTRING(a->value.generalstring,pp);
+                break;
+        case V_ASN1_UNIVERSALSTRING:
+                r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp);
+                break;
+        case V_ASN1_BMPSTRING:
+                r=M_i2d_ASN1_BMPSTRING(a->value.bmpstring,pp);
+                break;
+        case V_ASN1_UTCTIME:
+                r=i2d_ASN1_UTCTIME(a->value.utctime,pp);
+                break;
+        case V_ASN1_SET:
+        case V_ASN1_SEQUENCE:
+                if (a->value.set == NULL)
+                        r=0;
+                else
+                        {
+                        r=a->value.set->length;
+                        if (pp != NULL)
+                                {
+                                memcpy(*pp,a->value.set->data,r);
+                                *pp+=r;
+                                }
+                        }
+                break;
+                }
+        return(r);
+        }
+ASN1_TYPE *d2i_ASN1_TYPE(a,pp,length)
+ASN1_TYPE **a;
+unsigned char **pp;
+long length;
+        {
+        ASN1_TYPE *ret=NULL;
+        unsigned char *q,*p,*max;
+        int inf,tag,xclass;
+        long len;
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=ASN1_TYPE_new()) == NULL) goto err;
+                }
+        else
+                ret=(*a);
+        p= *pp;
+        q=p;
+        max=(p+length);
+        inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
+        if (inf & 0x80) goto err;
+        
+        ASN1_TYPE_component_free(ret);
+        switch (tag)
+                {
+        case V_ASN1_NULL:
+                p=q;
+                ret->value.ptr=NULL;
+                break;
+        case V_ASN1_INTEGER:
+                if ((ret->value.integer=
+                        d2i_ASN1_INTEGER(NULL,&p,max-p)) == NULL)
+                        goto err;
+                break;
+        case V_ASN1_BIT_STRING:
+                if ((ret->value.bit_string=
+                        d2i_ASN1_BIT_STRING(NULL,&p,max-p)) == NULL)
+                        goto err;
+                break;
+        case V_ASN1_OCTET_STRING:
+                if ((ret->value.octet_string=
+                        d2i_ASN1_OCTET_STRING(NULL,&p,max-p)) == NULL)
+                        goto err;
+                break;
+        case V_ASN1_OBJECT:
+                if ((ret->value.object=
+                        d2i_ASN1_OBJECT(NULL,&p,max-p)) == NULL)
+                        goto err;
+                break;
+        case V_ASN1_PRINTABLESTRING:
+                if ((ret->value.printablestring=
+                        d2i_ASN1_PRINTABLESTRING(NULL,&p,max-p)) == NULL)
+                        goto err;
+                break;
+        case V_ASN1_T61STRING:
+                if ((ret->value.t61string=
+                        M_d2i_ASN1_T61STRING(NULL,&p,max-p)) == NULL)
+                        goto err;
+                break;
+        case V_ASN1_IA5STRING:
+                if ((ret->value.ia5string=
+                        M_d2i_ASN1_IA5STRING(NULL,&p,max-p)) == NULL)
+                        goto err;
+                break;
+        case V_ASN1_GENERALSTRING:
+                if ((ret->value.generalstring=
+                        M_d2i_ASN1_GENERALSTRING(NULL,&p,max-p)) == NULL)
+                        goto err;
+                break;
+        case V_ASN1_UNIVERSALSTRING:
+                if ((ret->value.universalstring=
+                        M_d2i_ASN1_UNIVERSALSTRING(NULL,&p,max-p)) == NULL)
+                        goto err;
+                break;
+        case V_ASN1_BMPSTRING:
+                if ((ret->value.bmpstring=
+                        M_d2i_ASN1_BMPSTRING(NULL,&p,max-p)) == NULL)
+                        goto err;
+                break;
+        case V_ASN1_UTCTIME:
+                if ((ret->value.utctime=
+                        d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL)
+                        goto err;
+                break;
+        case V_ASN1_SET:
+        case V_ASN1_SEQUENCE:
+                /* Sets and sequences are left complete */
+                if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
+                ret->value.set->type=tag;
+                len+=(q-p);
+                if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
+                p+=len;
+                break;
+        default:
+                ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE);
+                goto err;
+                }
+        ret->type=tag;
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_TYPE_free(ret);
+        return(NULL);
+        }
+ASN1_TYPE *ASN1_TYPE_new()
+        {
+        ASN1_TYPE *ret=NULL;
+        M_ASN1_New_Malloc(ret,ASN1_TYPE);
+        ret->type= -1;
+        ret->value.ptr=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_ASN1_TYPE_NEW);
+        }
+void ASN1_TYPE_free(a)
+ASN1_TYPE *a;
+        {
+        if (a == NULL) return;
+        ASN1_TYPE_component_free(a);
+        Free((char *)(char *)a);
+        }
+int ASN1_TYPE_get(a)
+ASN1_TYPE *a;
+        {
+        if (a->value.ptr != NULL)
+                return(a->type);
+        else
+                return(0);
+        }
+void ASN1_TYPE_set(a,type,value)
+ASN1_TYPE *a;
+int type;
+char *value;
+        {
+        if (a->value.ptr != NULL)
+                ASN1_TYPE_component_free(a);
+        a->type=type;
+        a->value.ptr=value;
+        }
+static void ASN1_TYPE_component_free(a)
+ASN1_TYPE *a;
+        {
+        if (a == NULL) return;
+        if (a->value.ptr != NULL)
+                {
+                switch (a->type)
+                        {
+                case V_ASN1_OBJECT:
+                        ASN1_OBJECT_free(a->value.object);
+                        break;
+                case V_ASN1_INTEGER:
+                case V_ASN1_NEG_INTEGER:
+                case V_ASN1_BIT_STRING:
+                case V_ASN1_OCTET_STRING:
+                case V_ASN1_PRINTABLESTRING:
+                case V_ASN1_T61STRING:
+                case V_ASN1_IA5STRING:
+                case V_ASN1_UNIVERSALSTRING:
+                case V_ASN1_GENERALSTRING:
+                case V_ASN1_UTCTIME:
+                case V_ASN1_SET:
+                case V_ASN1_SEQUENCE:
+                        ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
+                        break;
+                default:
+                        /* MEMORY LEAK */
+                        break;
+                        }
+                a->type=0;
+                a->value.ptr=NULL;
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_utctm.c b/src/lib/libssl/src/crypto/asn1/a_utctm.c
new file mode 100644
index 0000000000..17a7abbb67
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_utctm.c
@@ -0,0 +1,212 @@
+/* crypto/asn1/a_utctm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "asn1.h"
+/* ASN1err(ASN1_F_ASN1_UTCTIME_NEW,ASN1_R_UTCTIME_TOO_LONG);
+ * ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_EXPECTING_A_UTCTIME);
+ */
+int i2d_ASN1_UTCTIME(a,pp)
+ASN1_UTCTIME *a;
+unsigned char **pp;
+        {
+        return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+                V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
+        }
+ASN1_UTCTIME *d2i_ASN1_UTCTIME(a, pp, length)
+ASN1_UTCTIME **a;
+unsigned char **pp;
+long length;
+        {
+        ASN1_UTCTIME *ret=NULL;
+        ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+                V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_ERROR_STACK);
+                return(NULL);
+                }
+        if (!ASN1_UTCTIME_check(ret))
+                {
+                ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
+                goto err;
+                }
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_UTCTIME_free(ret);
+        return(NULL);
+        }
+int ASN1_UTCTIME_check(d)
+ASN1_UTCTIME *d;
+        {
+        static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
+        static int max[8]={99,12,31,23,59,59,12,59};
+        char *a;
+        int n,i,l,o;
+        if (d->type != V_ASN1_UTCTIME) return(0);
+        l=d->length;
+        a=(char *)d->data;
+        o=0;
+        if (l < 11) goto err;
+        for (i=0; i<6; i++)
+                {
+                if ((i == 5) && ((a[o] == 'Z') ||
+                        (a[o] == '+') || (a[o] == '-')))
+                        { i++; break; }
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n= a[o]-'0';
+                if (++o > l) goto err;
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n=(n*10)+ a[o]-'0';
+                if (++o > l) goto err;
+                if ((n < min[i]) || (n > max[i])) goto err;
+                }
+        if (a[o] == 'Z')
+                o++;
+        else if ((a[o] == '+') || (a[o] == '-'))
+                {
+                o++;
+                if (o+4 > l) goto err;
+                for (i=6; i<8; i++)
+                        {
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n= a[o]-'0';
+                        o++;
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n=(n*10)+ a[o]-'0';
+                        if ((n < min[i]) || (n > max[i])) goto err;
+                        o++;
+                        }
+                }
+        return(o == l);
+err:
+        return(0);
+        }
+int ASN1_UTCTIME_set_string(s,str)
+ASN1_UTCTIME *s;
+char *str;
+        {
+        ASN1_UTCTIME t;
+        t.type=V_ASN1_UTCTIME;
+        t.length=strlen(str);
+        t.data=(unsigned char *)str;
+        if (ASN1_UTCTIME_check(&t))
+                {
+                if (s != NULL)
+                        {
+                        ASN1_STRING_set((ASN1_STRING *)s,
+                                (unsigned char *)str,t.length);
+                        }
+                return(1);
+                }
+        else
+                return(0);
+        }
+ASN1_UTCTIME *ASN1_UTCTIME_set(s, t)
+ASN1_UTCTIME *s;
+time_t t;
+        {
+        char *p;
+        struct tm *ts;
+#if defined(THREADS)
+        struct tm data;
+#endif
+        if (s == NULL)
+                s=ASN1_UTCTIME_new();
+        if (s == NULL)
+                return(NULL);
+#if defined(THREADS)
+        ts=(struct tm *)gmtime_r(&t,&data);
+#else
+        ts=(struct tm *)gmtime(&t);
+#endif
+        p=(char *)s->data;
+        if ((p == NULL) || (s->length < 14))
+                {
+                p=Malloc(20);
+                if (p == NULL) return(NULL);
+                if (s->data != NULL)
+                        Free(s->data);
+                s->data=(unsigned char *)p;
+                }
+        sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+                ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+        s->length=strlen(p);
+        s->type=V_ASN1_UTCTIME;
+        return(s);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_verify.c b/src/lib/libssl/src/crypto/asn1/a_verify.c
new file mode 100644
index 0000000000..03fc63dbef
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_verify.c
@@ -0,0 +1,121 @@
+/* crypto/asn1/a_verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "x509.h"
+#include "objects.h"
+#include "buffer.h"
+#include "evp.h"
+#include "pem.h"
+int ASN1_verify(i2d,a,signature,data,pkey)
+int (*i2d)();
+X509_ALGOR *a;
+ASN1_BIT_STRING *signature;
+char *data;
+EVP_PKEY *pkey;
+        {
+        EVP_MD_CTX ctx;
+        EVP_MD *type;
+        unsigned char *p,*buf_in=NULL;
+        int ret= -1,i,inl;
+        i=OBJ_obj2nid(a->algorithm);
+        type=EVP_get_digestbyname(OBJ_nid2sn(i));
+        if (type == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+                goto err;
+                }
+        
+        inl=i2d(data,NULL);
+        buf_in=(unsigned char *)Malloc((unsigned int)inl);
+        if (buf_in == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p=buf_in;
+        i2d(data,&p);
+        EVP_VerifyInit(&ctx,type);
+        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+        memset(buf_in,0,(unsigned int)inl);
+        Free((char *)buf_in);
+        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+                        (unsigned int)signature->length,pkey) <= 0)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+                ret=0;
+                goto err;
+                }
+        /* we don't need to zero the 'ctx' because we just checked
+         * public information */
+        /* memset(&ctx,0,sizeof(ctx)); */
+        ret=1;
+err:
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h
new file mode 100644
index 0000000000..9793db365d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/asn1.h
@@ -0,0 +1,859 @@
+/* crypto/asn1/asn1.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_ASN1_H
+#define HEADER_ASN1_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include <time.h>
+#include "bn.h"
+#include "stack.h"
+#define V_ASN1_UNIVERSAL                0x00
+#define V_ASN1_APPLICATION              0x40
+#define V_ASN1_CONTEXT_SPECIFIC         0x80
+#define V_ASN1_PRIVATE                  0xc0
+#define V_ASN1_CONSTRUCTED              0x20
+#define V_ASN1_PRIMATIVE_TAG            0x1f
+#define V_ASN1_APP_CHOOSE               -2      /* let the recipent choose */
+#define V_ASN1_UNDEF                    -1
+#define V_ASN1_EOC                      0
+#define V_ASN1_BOOLEAN                  1       /**/
+#define V_ASN1_INTEGER                  2
+#define V_ASN1_NEG_INTEGER              (2+0x100)
+#define V_ASN1_BIT_STRING               3
+#define V_ASN1_OCTET_STRING             4
+#define V_ASN1_NULL                     5
+#define V_ASN1_OBJECT                   6
+#define V_ASN1_OBJECT_DESCRIPTOR        7
+#define V_ASN1_EXTERNAL                 8
+#define V_ASN1_REAL                     9
+#define V_ASN1_ENUMERATED               10      /* microsoft weirdness */
+#define V_ASN1_SEQUENCE                 16
+#define V_ASN1_SET                      17
+#define V_ASN1_NUMERICSTRING            18      /**/
+#define V_ASN1_PRINTABLESTRING          19
+#define V_ASN1_T61STRING                20
+#define V_ASN1_TELETEXSTRING            20      /* alias */
+#define V_ASN1_VIDEOTEXSTRING           21      /**/
+#define V_ASN1_IA5STRING                22
+#define V_ASN1_UTCTIME                  23
+#define V_ASN1_GENERALIZEDTIME          24      /**/
+#define V_ASN1_GRAPHICSTRING            25      /**/
+#define V_ASN1_ISO64STRING              26      /**/
+#define V_ASN1_VISIBLESTRING            26      /* alias */
+#define V_ASN1_GENERALSTRING            27      /**/
+#define V_ASN1_UNIVERSALSTRING          28      /**/
+#define V_ASN1_BMPSTRING                30
+/* For use with d2i_ASN1_type_bytes() */
+#define B_ASN1_NUMERICSTRING    0x0001
+#define B_ASN1_PRINTABLESTRING  0x0002
+#define B_ASN1_T61STRING        0x0004
+#define B_ASN1_VIDEOTEXSTRING   0x0008
+#define B_ASN1_IA5STRING        0x0010
+#define B_ASN1_GRAPHICSTRING    0x0020
+#define B_ASN1_ISO64STRING      0x0040
+#define B_ASN1_GENERALSTRING    0x0080
+#define B_ASN1_UNIVERSALSTRING  0x0100
+#define B_ASN1_OCTET_STRING     0x0200
+#define B_ASN1_BIT_STRING       0x0400
+#define B_ASN1_BMPSTRING        0x0800
+#define B_ASN1_UNKNOWN          0x1000
+#ifndef DEBUG
+#define ASN1_INTEGER            ASN1_STRING
+#define ASN1_BIT_STRING         ASN1_STRING
+#define ASN1_OCTET_STRING       ASN1_STRING
+#define ASN1_PRINTABLESTRING    ASN1_STRING
+#define ASN1_T61STRING          ASN1_STRING
+#define ASN1_IA5STRING          ASN1_STRING
+#define ASN1_UTCTIME            ASN1_STRING
+#define ASN1_GENERALIZEDTIME    ASN1_STRING
+#define ASN1_GENERALSTRING      ASN1_STRING
+#define ASN1_UNIVERSALSTRING    ASN1_STRING
+#define ASN1_BMPSTRING          ASN1_STRING
+#else
+typedef struct asn1_integer_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        } ASN1_INTEGER;
+typedef struct asn1_bit_string_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        } ASN1_BIT_STRING;
+typedef struct asn1_octet_string_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        } ASN1_OCTET_STRING;
+typedef struct asn1_printablestring_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        } ASN1_PRINTABLESTRING;
+typedef struct asn1_t61string_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        } ASN1_T61STRING;
+typedef struct asn1_ia5string_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        } ASN1_IA5STRING;
+typedef struct asn1_generalstring_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        } ASN1_GENERALSTRING;
+typedef struct asn1_universalstring_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        } ASN1_UNIVERSALSTRING;
+typedef struct asn1_bmpstring_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        } ASN1_BMPSTRING;
+typedef struct asn1_utctime_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        } ASN1_UTCTIME;
+typedef struct asn1_generalizedtime_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        } ASN1_GENERALIZEDTIME;
+#endif
+typedef struct asn1_ctx_st
+        {
+        unsigned char *p;/* work char pointer */
+        int eos;        /* end of sequence read for indefinite encoding */
+        int error;      /* error code to use when returning an error */
+        int inf;        /* constructed if 0x20, indefinite is 0x21 */
+        int tag;        /* tag from last 'get object' */
+        int xclass;     /* class from last 'get object' */
+        long slen;      /* length of last 'get object' */
+        unsigned char *max; /* largest value of p alowed */
+        unsigned char *q;/* temporary variable */
+        unsigned char **pp;/* variable */
+        } ASN1_CTX;
+/* These are used internally in the ASN1_OBJECT to keep track of
+ * whether the names and data need to be free()ed */
+#define ASN1_OBJECT_FLAG_DYNAMIC         0x01   /* internal use */
+#define ASN1_OBJECT_FLAG_CRITICAL        0x02   /* critical x509v3 object id */
+#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04   /* internal use */
+#define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08   /* internal use */
+typedef struct asn1_object_st
+        {
+        char *sn,*ln;
+        int nid;
+        int length;
+        unsigned char *data;
+        int flags;      /* Should we free this one */
+        } ASN1_OBJECT;
+/* This is the base type that holds just about everything :-) */
+typedef struct asn1_string_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        } ASN1_STRING;
+typedef struct asn1_type_st
+        {
+        int type;
+        union   {
+                char *ptr;
+                ASN1_STRING *           asn1_string;
+                ASN1_OBJECT *           object;
+                ASN1_INTEGER *          integer;
+                ASN1_BIT_STRING *       bit_string;
+                ASN1_OCTET_STRING *     octet_string;
+                ASN1_PRINTABLESTRING *  printablestring;
+                ASN1_T61STRING *        t61string;
+                ASN1_IA5STRING *        ia5string;
+                ASN1_GENERALSTRING *    generalstring;
+                ASN1_BMPSTRING *        bmpstring;
+                ASN1_UNIVERSALSTRING *  universalstring;
+                ASN1_UTCTIME *          utctime;
+                ASN1_GENERALIZEDTIME *  generalizedtime;
+                /* set and sequence are left complete and still
+                 * contain the set or sequence bytes */
+                ASN1_STRING *           set;
+                ASN1_STRING *           sequence;
+                } value;
+        } ASN1_TYPE;
+typedef struct asn1_method_st
+        {
+        int (*i2d)();
+        char *(*d2i)();
+        char *(*create)();
+        void (*destroy)();
+        } ASN1_METHOD;
+/* This is used when parsing some Netscape objects */
+typedef struct asn1_header_st
+        {
+        ASN1_OCTET_STRING *header;
+        char *data;
+        ASN1_METHOD *meth;
+        } ASN1_HEADER;
+#define ASN1_STRING_length(x)   ((x)->length)
+#define ASN1_STRING_type(x)     ((x)->type)
+#define ASN1_STRING_data(x)     ((x)->data)
+/* Macros for string operations */
+#define ASN1_BIT_STRING_new()   (ASN1_BIT_STRING *)\
+                ASN1_STRING_type_new(V_ASN1_BIT_STRING)
+#define ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
+                ASN1_STRING_dup((ASN1_STRING *)a)
+#define ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
+                (ASN1_STRING *)a,(ASN1_STRING *)b)
+#define ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
+/* i2d_ASN1_BIT_STRING() is a function */
+/* d2i_ASN1_BIT_STRING() is a function */
+#define ASN1_INTEGER_new()      (ASN1_INTEGER *)\
+                ASN1_STRING_type_new(V_ASN1_INTEGER)
+#define ASN1_INTEGER_free(a)            ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define ASN1_INTEGER_cmp(a,b)   ASN1_STRING_cmp(\
+                (ASN1_STRING *)a,(ASN1_STRING *)b)
+/* ASN1_INTEGER_set() is a function, also see BN_to_ASN1_INTEGER() */
+/* ASN1_INTEGER_get() is a function, also see ASN1_INTEGER_to_BN() */
+/* i2d_ASN1_INTEGER() is a function */
+/* d2i_ASN1_INTEGER() is a function */
+#define ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\
+                ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
+#define ASN1_OCTET_STRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
+                ASN1_STRING_dup((ASN1_STRING *)a)
+#define ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
+                (ASN1_STRING *)a,(ASN1_STRING *)b)
+#define ASN1_OCTET_STRING_set(a,b,c)    ASN1_STRING_set((ASN1_STRING *)a,b,c)
+#define ASN1_OCTET_STRING_print(a,b)    ASN1_STRING_print(a,(ASN1_STRING *)b)
+#define M_i2d_ASN1_OCTET_STRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
+                V_ASN1_OCTET_STRING)
+/* d2i_ASN1_OCTET_STRING() is a function */
+#define ASN1_PRINTABLE_new()    ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define ASN1_PRINTABLE_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+                pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
+                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_T61STRING| \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_BIT_STRING| \
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UNKNOWN)
+#define ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING_STRING *)\
+                ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+#define ASN1_PRINTABLESTRING_free(a)    ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
+                V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
+                (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
+#define ASN1_T61STRING_new()    (ASN1_T61STRING_STRING *)\
+                ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define ASN1_T61STRING_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_T61STRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
+                V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_T61STRING(a,pp,l) \
+                (ASN1_T61STRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
+#define ASN1_IA5STRING_new()    (ASN1_IA5STRING *)\
+                ASN1_STRING_type_new(V_ASN1_IA5STRING)
+#define ASN1_IA5STRING_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_IA5STRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_IA5STRING(a,pp,l) \
+                (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
+                        B_ASN1_IA5STRING)
+#define ASN1_UTCTIME_new()      (ASN1_UTCTIME *)\
+                ASN1_STRING_type_new(V_ASN1_UTCTIME)
+#define ASN1_UTCTIME_free(a)    ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+/* i2d_ASN1_UTCTIME() is a function */
+/* d2i_ASN1_UTCTIME() is a function */
+/* ASN1_UTCTIME_set() is a function */
+/* ASN1_UTCTIME_check() is a function */
+#define ASN1_GENERALIZEDTIME_new()      (ASN1_GENERALIZEDTIME *)\
+                ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
+#define ASN1_GENERALIZEDTIME_free(a)    ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_GENERALIZEDTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup(\
+        (ASN1_STRING *)a)
+/* DOES NOT EXIST YET i2d_ASN1_GENERALIZEDTIME() is a function */
+/* DOES NOT EXIST YET d2i_ASN1_GENERALIZEDTIME() is a function */
+/* DOES NOT EXIST YET ASN1_GENERALIZEDTIME_set() is a function */
+/* DOES NOT EXIST YET ASN1_GENERALIZEDTIME_check() is a function */
+#define ASN1_GENERALSTRING_new()        (ASN1_GENERALSTRING *)\
+                ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
+#define ASN1_GENERALSTRING_free(a)      ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_GENERALSTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
+                (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
+#define ASN1_UNIVERSALSTRING_new()      (ASN1_UNIVERSALSTRING *)\
+                ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
+#define ASN1_UNIVERSALSTRING_free(a)    ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
+                (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
+#define ASN1_BMPSTRING_new()    (ASN1_BMPSTRING *)\
+                ASN1_STRING_type_new(V_ASN1_BMPSTRING)
+#define ASN1_BMPSTRING_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_BMPSTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_BMPSTRING(a,pp,l) \
+                (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
+#ifndef NOPROTO
+ASN1_TYPE *     ASN1_TYPE_new(void );
+void            ASN1_TYPE_free(ASN1_TYPE *a);
+int             i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp);
+ASN1_TYPE *     d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length);
+int ASN1_TYPE_get(ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, char *value);
+ASN1_OBJECT *   ASN1_OBJECT_new(void );
+void            ASN1_OBJECT_free(ASN1_OBJECT *a);
+int             i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
+ASN1_OBJECT *   d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
+                        long length);
+ASN1_STRING *   ASN1_STRING_new(void );
+void            ASN1_STRING_free(ASN1_STRING *a);
+ASN1_STRING *   ASN1_STRING_dup(ASN1_STRING *a);
+ASN1_STRING *   ASN1_STRING_type_new(int type );
+int             ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+int             ASN1_STRING_set(ASN1_STRING *str,unsigned char *data, int len);
+int             i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
+ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
+                        long length);
+int             ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
+int             ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
+int             i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
+int             d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
+int             i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
+                        long length);
+int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
+int             i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp);
+ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
+                        unsigned char **pp,long length);
+int i2d_ASN1_PRINTABLE(ASN1_STRING *a,unsigned char **pp);
+ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a,
+        unsigned char **pp, long l);
+ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
+        unsigned char **pp, long l);
+ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a,
+        unsigned char **pp, long l);
+int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a,unsigned char **pp);
+ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a,
+        unsigned char **pp, long l);
+int             i2d_ASN1_UTCTIME(ASN1_UTCTIME *a,unsigned char **pp);
+ASN1_UTCTIME *  d2i_ASN1_UTCTIME(ASN1_UTCTIME **a,unsigned char **pp,
+                        long length);
+int             i2d_ASN1_SET(STACK *a, unsigned char **pp,
+                        int (*func)(), int ex_tag, int ex_class);
+STACK *         d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
+                        char *(*func)(), int ex_tag, int ex_class);
+#ifdef HEADER_BIO_H
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
+int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
+int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
+#endif
+int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
+int a2d_ASN1_OBJECT(unsigned char *out,int olen, char *buf, int num);
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
+        char *sn, char *ln);
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+/* General */
+/* given a string, return the correct type, max is the maximum length */
+int ASN1_PRINTABLE_type(unsigned char *s, int max);
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
+        long length, int Ptag, int Pclass);
+/* type is one or more of the B_ASN1_ values. */
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp,
+                long length,int type);
+/* PARSING */
+int asn1_Finish(ASN1_CTX *c);
+/* SPECIALS */
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
+        int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p,long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+        int tag, int xclass);
+int ASN1_object_size(int constructed, int length, int tag);
+/* Used to implement other functions */
+char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
+#ifndef NO_FP_API
+char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
+int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
+#endif
+#ifdef HEADER_BIO_H
+char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
+int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
+int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
+int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
+int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
+#endif
+/* Used to load and write netscape format cert/key */
+int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,unsigned char **pp, long length);
+ASN1_HEADER *ASN1_HEADER_new(void );
+void ASN1_HEADER_free(ASN1_HEADER *a);
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+void ERR_load_ASN1_strings(void);
+/* Not used that much at this point, except for the first two */
+ASN1_METHOD *X509_asn1_meth(void);
+ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
+        unsigned char *data, int len);
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,
+        unsigned char *data, int max_len);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
+        unsigned char *data, int len);
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
+        unsigned char *data, int max_len);
+#else
+ASN1_TYPE *     ASN1_TYPE_new();
+void            ASN1_TYPE_free();
+int             i2d_ASN1_TYPE();
+ASN1_TYPE *     d2i_ASN1_TYPE();
+int ASN1_TYPE_get();
+void ASN1_TYPE_set();
+ASN1_OBJECT *   ASN1_OBJECT_new();
+void            ASN1_OBJECT_free();
+int             i2d_ASN1_OBJECT();
+ASN1_OBJECT *   d2i_ASN1_OBJECT();
+ASN1_STRING *   ASN1_STRING_new();
+void            ASN1_STRING_free();
+ASN1_STRING *   ASN1_STRING_dup();
+ASN1_STRING *   ASN1_STRING_type_new();
+int             ASN1_STRING_cmp();
+int             ASN1_STRING_set();
+int             i2d_ASN1_BIT_STRING();
+ASN1_BIT_STRING *d2i_ASN1_BIT_STRING();
+int             ASN1_BIT_STRING_set_bit();
+int             ASN1_BIT_STRING_get_bit();
+int             i2d_ASN1_BOOLEAN();
+int             d2i_ASN1_BOOLEAN();
+int             i2d_ASN1_INTEGER();
+ASN1_INTEGER *d2i_ASN1_INTEGER();
+int ASN1_UTCTIME_check();
+ASN1_UTCTIME *ASN1_UTCTIME_set();
+int ASN1_UTCTIME_set_string();
+int             i2d_ASN1_OCTET_STRING();
+ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING();
+int i2d_ASN1_PRINTABLE();
+ASN1_STRING *d2i_ASN1_PRINTABLE();
+ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING();
+ASN1_T61STRING *d2i_ASN1_T61STRING();
+int i2d_ASN1_IA5STRING();
+ASN1_IA5STRING *d2i_ASN1_IA5STRING();
+int             i2d_ASN1_UTCTIME();
+ASN1_UTCTIME *  d2i_ASN1_UTCTIME();
+int             i2d_ASN1_SET();
+STACK *         d2i_ASN1_SET();
+int a2d_ASN1_OBJECT();
+ASN1_OBJECT *ASN1_OBJECT_create();
+int ASN1_INTEGER_set();
+long ASN1_INTEGER_get();
+ASN1_INTEGER *BN_to_ASN1_INTEGER();
+BIGNUM *ASN1_INTEGER_to_BN();
+int ASN1_PRINTABLE_type();
+int i2d_ASN1_bytes();
+ASN1_STRING *d2i_ASN1_bytes();
+ASN1_STRING *d2i_ASN1_type_bytes();
+int asn1_Finish();
+int ASN1_get_object();
+int ASN1_check_infinite_end();
+void ASN1_put_object();
+int ASN1_object_size();
+char *ASN1_dup();
+#ifndef NO_FP_API
+char *ASN1_d2i_fp();
+int ASN1_i2d_fp();
+#endif
+char *ASN1_d2i_bio();
+int ASN1_i2d_bio();
+int ASN1_UTCTIME_print();
+int ASN1_STRING_print();
+int ASN1_parse();
+int i2a_ASN1_INTEGER();
+int a2i_ASN1_INTEGER();
+int i2a_ASN1_OBJECT();
+int i2t_ASN1_OBJECT();
+int a2i_ASN1_STRING();
+int i2a_ASN1_STRING();
+int i2d_ASN1_HEADER();
+ASN1_HEADER *d2i_ASN1_HEADER();
+ASN1_HEADER *ASN1_HEADER_new();
+void ASN1_HEADER_free();
+void ERR_load_ASN1_strings();
+ASN1_METHOD *X509_asn1_meth();
+ASN1_METHOD *RSAPrivateKey_asn1_meth();
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth();
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth();
+int ASN1_UNIVERSALSTRING_to_string();
+int ASN1_TYPE_set_octetstring();
+int ASN1_TYPE_get_octetstring();
+int ASN1_TYPE_set_int_octetstring();
+int ASN1_TYPE_get_int_octetstring();
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the ASN1 functions. */
+/* Function codes. */
+#define ASN1_F_A2D_ASN1_OBJECT                           100
+#define ASN1_F_A2I_ASN1_INTEGER                          101
+#define ASN1_F_A2I_ASN1_STRING                           102
+#define ASN1_F_ASN1_COLLATE_PRIMATIVE                    103
+#define ASN1_F_ASN1_D2I_BIO                              104
+#define ASN1_F_ASN1_D2I_FP                               105
+#define ASN1_F_ASN1_DUP                                  106
+#define ASN1_F_ASN1_GET_OBJECT                           107
+#define ASN1_F_ASN1_HEADER_NEW                           108
+#define ASN1_F_ASN1_I2D_BIO                              109
+#define ASN1_F_ASN1_I2D_FP                               110
+#define ASN1_F_ASN1_INTEGER_SET                          111
+#define ASN1_F_ASN1_INTEGER_TO_BN                        112
+#define ASN1_F_ASN1_OBJECT_NEW                           113
+#define ASN1_F_ASN1_SIGN                                 114
+#define ASN1_F_ASN1_STRING_NEW                           115
+#define ASN1_F_ASN1_STRING_TYPE_NEW                      116
+#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             117
+#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 118
+#define ASN1_F_ASN1_TYPE_NEW                             119
+#define ASN1_F_ASN1_UTCTIME_NEW                          120
+#define ASN1_F_ASN1_VERIFY                               121
+#define ASN1_F_BN_TO_ASN1_INTEGER                        122
+#define ASN1_F_D2I_ASN1_BIT_STRING                       123
+#define ASN1_F_D2I_ASN1_BMPSTRING                        124
+#define ASN1_F_D2I_ASN1_BOOLEAN                          125
+#define ASN1_F_D2I_ASN1_BYTES                            126
+#define ASN1_F_D2I_ASN1_HEADER                           127
+#define ASN1_F_D2I_ASN1_INTEGER                          128
+#define ASN1_F_D2I_ASN1_OBJECT                           129
+#define ASN1_F_D2I_ASN1_OCTET_STRING                     130
+#define ASN1_F_D2I_ASN1_PRINT_TYPE                       131
+#define ASN1_F_D2I_ASN1_SET                              132
+#define ASN1_F_D2I_ASN1_TYPE                             133
+#define ASN1_F_D2I_ASN1_TYPE_BYTES                       134
+#define ASN1_F_D2I_ASN1_UTCTIME                          135
+#define ASN1_F_D2I_DHPARAMS                              136
+#define ASN1_F_D2I_DSAPARAMS                             137
+#define ASN1_F_D2I_DSAPRIVATEKEY                         138
+#define ASN1_F_D2I_DSAPUBLICKEY                          139
+#define ASN1_F_D2I_NETSCAPE_PKEY                         140
+#define ASN1_F_D2I_NETSCAPE_RSA                          141
+#define ASN1_F_D2I_NETSCAPE_RSA_2                        142
+#define ASN1_F_D2I_NETSCAPE_SPKAC                        143
+#define ASN1_F_D2I_NETSCAPE_SPKI                         144
+#define ASN1_F_D2I_PKCS7                                 145
+#define ASN1_F_D2I_PKCS7_DIGEST                          146
+#define ASN1_F_D2I_PKCS7_ENCRYPT                         147
+#define ASN1_F_D2I_PKCS7_ENC_CONTENT                     148
+#define ASN1_F_D2I_PKCS7_ENVELOPE                        149
+#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL               150
+#define ASN1_F_D2I_PKCS7_RECIP_INFO                      151
+#define ASN1_F_D2I_PKCS7_SIGNED                          152
+#define ASN1_F_D2I_PKCS7_SIGNER_INFO                     153
+#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE                   154
+#define ASN1_F_D2I_PRIVATEKEY                            155
+#define ASN1_F_D2I_PUBLICKEY                             156
+#define ASN1_F_D2I_RSAPRIVATEKEY                         157
+#define ASN1_F_D2I_RSAPUBLICKEY                          158
+#define ASN1_F_D2I_X509                                  159
+#define ASN1_F_D2I_X509_ALGOR                            160
+#define ASN1_F_D2I_X509_ATTRIBUTE                        161
+#define ASN1_F_D2I_X509_CINF                             162
+#define ASN1_F_D2I_X509_CRL                              163
+#define ASN1_F_D2I_X509_CRL_INFO                         164
+#define ASN1_F_D2I_X509_EXTENSION                        165
+#define ASN1_F_D2I_X509_KEY                              166
+#define ASN1_F_D2I_X509_NAME                             167
+#define ASN1_F_D2I_X509_NAME_ENTRY                       168
+#define ASN1_F_D2I_X509_PKEY                             169
+#define ASN1_F_D2I_X509_PUBKEY                           170
+#define ASN1_F_D2I_X509_REQ                              171
+#define ASN1_F_D2I_X509_REQ_INFO                         172
+#define ASN1_F_D2I_X509_REVOKED                          173
+#define ASN1_F_D2I_X509_SIG                              174
+#define ASN1_F_D2I_X509_VAL                              175
+#define ASN1_F_I2D_ASN1_HEADER                           176
+#define ASN1_F_I2D_DHPARAMS                              177
+#define ASN1_F_I2D_DSAPARAMS                             178
+#define ASN1_F_I2D_DSAPRIVATEKEY                         179
+#define ASN1_F_I2D_DSAPUBLICKEY                          180
+#define ASN1_F_I2D_NETSCAPE_RSA                          181
+#define ASN1_F_I2D_PKCS7                                 182
+#define ASN1_F_I2D_PRIVATEKEY                            183
+#define ASN1_F_I2D_PUBLICKEY                             184
+#define ASN1_F_I2D_RSAPRIVATEKEY                         185
+#define ASN1_F_I2D_RSAPUBLICKEY                          186
+#define ASN1_F_I2D_X509_ATTRIBUTE                        187
+#define ASN1_F_I2T_ASN1_OBJECT                           188
+#define ASN1_F_NETSCAPE_PKEY_NEW                         189
+#define ASN1_F_NETSCAPE_SPKAC_NEW                        190
+#define ASN1_F_NETSCAPE_SPKI_NEW                         191
+#define ASN1_F_PKCS7_DIGEST_NEW                          192
+#define ASN1_F_PKCS7_ENCRYPT_NEW                         193
+#define ASN1_F_PKCS7_ENC_CONTENT_NEW                     194
+#define ASN1_F_PKCS7_ENVELOPE_NEW                        195
+#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW               196
+#define ASN1_F_PKCS7_NEW                                 197
+#define ASN1_F_PKCS7_RECIP_INFO_NEW                      198
+#define ASN1_F_PKCS7_SIGNED_NEW                          199
+#define ASN1_F_PKCS7_SIGNER_INFO_NEW                     200
+#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW                   201
+#define ASN1_F_X509_ALGOR_NEW                            202
+#define ASN1_F_X509_ATTRIBUTE_NEW                        203
+#define ASN1_F_X509_CINF_NEW                             204
+#define ASN1_F_X509_CRL_INFO_NEW                         205
+#define ASN1_F_X509_CRL_NEW                              206
+#define ASN1_F_X509_DHPARAMS_NEW                         207
+#define ASN1_F_X509_EXTENSION_NEW                        208
+#define ASN1_F_X509_INFO_NEW                             209
+#define ASN1_F_X509_KEY_NEW                              210
+#define ASN1_F_X509_NAME_ENTRY_NEW                       211
+#define ASN1_F_X509_NAME_NEW                             212
+#define ASN1_F_X509_NEW                                  213
+#define ASN1_F_X509_PKEY_NEW                             214
+#define ASN1_F_X509_PUBKEY_NEW                           215
+#define ASN1_F_X509_REQ_INFO_NEW                         216
+#define ASN1_F_X509_REQ_NEW                              217
+#define ASN1_F_X509_REVOKED_NEW                          218
+#define ASN1_F_X509_SIG_NEW                              219
+#define ASN1_F_X509_VAL_FREE                             220
+#define ASN1_F_X509_VAL_NEW                              221
+/* Reason codes. */
+#define ASN1_R_BAD_CLASS                                 100
+#define ASN1_R_BAD_GET_OBJECT                            101
+#define ASN1_R_BAD_OBJECT_HEADER                         102
+#define ASN1_R_BAD_PASSWORD_READ                         103
+#define ASN1_R_BAD_PKCS7_CONTENT                         104
+#define ASN1_R_BAD_PKCS7_TYPE                            105
+#define ASN1_R_BAD_TAG                                   106
+#define ASN1_R_BAD_TYPE                                  107
+#define ASN1_R_BN_LIB                                    108
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   109
+#define ASN1_R_BUFFER_TOO_SMALL                          110
+#define ASN1_R_DATA_IS_WRONG                             111
+#define ASN1_R_DECODING_ERROR                            112
+#define ASN1_R_ERROR_STACK                               113
+#define ASN1_R_EXPECTING_AN_INTEGER                      114
+#define ASN1_R_EXPECTING_AN_OBJECT                       115
+#define ASN1_R_EXPECTING_AN_OCTET_STRING                 116
+#define ASN1_R_EXPECTING_A_BIT_STRING                    117
+#define ASN1_R_EXPECTING_A_BOOLEAN                       118
+#define ASN1_R_EXPECTING_A_SEQUENCE                      119
+#define ASN1_R_EXPECTING_A_UTCTIME                       120
+#define ASN1_R_FIRST_NUM_TOO_LARGE                       121
+#define ASN1_R_HEADER_TOO_LONG                           122
+#define ASN1_R_INVALID_DIGIT                             123
+#define ASN1_R_INVALID_SEPARATOR                         124
+#define ASN1_R_INVALID_TIME_FORMAT                       125
+#define ASN1_R_IV_TOO_LARGE                              126
+#define ASN1_R_LENGTH_ERROR                              127
+#define ASN1_R_LENGTH_MISMATCH                           128
+#define ASN1_R_MISSING_EOS                               129
+#define ASN1_R_MISSING_SECOND_NUMBER                     130
+#define ASN1_R_NON_HEX_CHARACTERS                        131
+#define ASN1_R_NOT_ENOUGH_DATA                           132
+#define ASN1_R_ODD_NUMBER_OF_CHARS                       133
+#define ASN1_R_PARSING                                   134
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING                135
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE                   136
+#define ASN1_R_SHORT_LINE                                137
+#define ASN1_R_STRING_TOO_SHORT                          138
+#define ASN1_R_TAG_VALUE_TOO_HIGH                        139
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 140
+#define ASN1_R_TOO_LONG                                  141
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                  142
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY          143
+#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE                    144
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          145
+#define ASN1_R_UNKNOWN_OBJECT_TYPE                       146
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   147
+#define ASN1_R_UNSUPPORTED_CIPHER                        148
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM          149
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               150
+#define ASN1_R_UTCTIME_TOO_LONG                          151
+#define ASN1_R_WRONG_PRINTABLE_TYPE                      152
+#define ASN1_R_WRONG_TAG                                 153
+#define ASN1_R_WRONG_TYPE                                154
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_err.c b/src/lib/libssl/src/crypto/asn1/asn1_err.c
new file mode 100644
index 0000000000..03c2858e7d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/asn1_err.c
@@ -0,0 +1,266 @@
+/* lib/asn1/asn1_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "asn1.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA ASN1_str_functs[]=
+        {
+{ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0),  "a2d_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),  "a2i_ASN1_STRING"},
+{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMATIVE,0),   "ASN1_COLLATE_PRIMATIVE"},
+{ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),     "ASN1_d2i_bio"},
+{ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),      "ASN1_d2i_fp"},
+{ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"},
+{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),  "ASN1_get_object"},
+{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),  "ASN1_HEADER_new"},
+{ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),     "ASN1_i2d_bio"},
+{ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0),      "ASN1_i2d_fp"},
+{ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"},
+{ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),       "ASN1_INTEGER_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0),  "ASN1_OBJECT_new"},
+{ERR_PACK(0,ASN1_F_ASN1_SIGN,0),        "ASN1_SIGN"},
+{ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0),  "ASN1_STRING_new"},
+{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),     "ASN1_STRING_type_new"},
+{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),    "ASN1_TYPE_get_int_octetstring"},
+{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),        "ASN1_TYPE_get_octetstring"},
+{ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0),    "ASN1_TYPE_new"},
+{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0), "ASN1_UTCTIME_NEW"},
+{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),      "ASN1_VERIFY"},
+{ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),       "BN_to_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),      "d2i_ASN1_BIT_STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),       "D2I_ASN1_BMPSTRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0),   "d2i_ASN1_bytes"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0),  "d2i_ASN1_HEADER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "d2i_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0),  "d2i_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_OCTET_STRING,0),    "d2i_ASN1_OCTET_STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_PRINT_TYPE,0),      "D2I_ASN1_PRINT_TYPE"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0),     "d2i_ASN1_SET"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE,0),    "d2i_ASN1_TYPE"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0),      "d2i_ASN1_type_bytes"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "d2i_ASN1_UTCTIME"},
+{ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0),     "D2I_DHPARAMS"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0),    "D2I_DSAPARAMS"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0),        "D2I_DSAPRIVATEKEY"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0), "D2I_DSAPUBLICKEY"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_PKEY,0),        "D2I_NETSCAPE_PKEY"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "D2I_NETSCAPE_RSA"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),       "D2I_NETSCAPE_RSA_2"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),       "D2I_NETSCAPE_SPKAC"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),        "D2I_NETSCAPE_SPKI"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7,0),        "D2I_PKCS7"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0), "D2I_PKCS7_DIGEST"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0),        "D2I_PKCS7_ENCRYPT"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENC_CONTENT,0),    "D2I_PKCS7_ENC_CONTENT"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENVELOPE,0),       "D2I_PKCS7_ENVELOPE"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,0),      "D2I_PKCS7_ISSUER_AND_SERIAL"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_RECIP_INFO,0),     "D2I_PKCS7_RECIP_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0), "D2I_PKCS7_SIGNED"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0),    "D2I_PKCS7_SIGNER_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0),  "D2I_PKCS7_SIGN_ENVELOPE"},
+{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),   "D2I_PRIVATEKEY"},
+{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),    "D2I_PUBLICKEY"},
+{ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),        "D2I_RSAPRIVATEKEY"},
+{ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0), "D2I_RSAPUBLICKEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"},
+{ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),   "D2I_X509_ALGOR"},
+{ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),       "D2I_X509_ATTRIBUTE"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),    "D2I_X509_CINF"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CRL,0),     "D2I_X509_CRL"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CRL_INFO,0),        "D2I_X509_CRL_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_X509_EXTENSION,0),       "D2I_X509_EXTENSION"},
+{ERR_PACK(0,ASN1_F_D2I_X509_KEY,0),     "D2I_X509_KEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),    "D2I_X509_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME_ENTRY,0),      "D2I_X509_NAME_ENTRY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),    "D2I_X509_PKEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_PUBKEY,0),  "D2I_X509_PUBKEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REQ,0),     "D2I_X509_REQ"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REQ_INFO,0),        "D2I_X509_REQ_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0), "D2I_X509_REVOKED"},
+{ERR_PACK(0,ASN1_F_D2I_X509_SIG,0),     "D2I_X509_SIG"},
+{ERR_PACK(0,ASN1_F_D2I_X509_VAL,0),     "D2I_X509_VAL"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0),  "i2d_ASN1_HEADER"},
+{ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0),     "I2D_DHPARAMS"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0),    "I2D_DSAPARAMS"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPRIVATEKEY,0),        "I2D_DSAPRIVATEKEY"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPUBLICKEY,0), "I2D_DSAPUBLICKEY"},
+{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "I2D_NETSCAPE_RSA"},
+{ERR_PACK(0,ASN1_F_I2D_PKCS7,0),        "I2D_PKCS7"},
+{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),   "I2D_PRIVATEKEY"},
+{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),    "I2D_PUBLICKEY"},
+{ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0),        "I2D_RSAPRIVATEKEY"},
+{ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0), "I2D_RSAPUBLICKEY"},
+{ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0),       "I2D_X509_ATTRIBUTE"},
+{ERR_PACK(0,ASN1_F_I2T_ASN1_OBJECT,0),  "i2t_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),        "NETSCAPE_PKEY_NEW"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),       "NETSCAPE_SPKAC_NEW"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),        "NETSCAPE_SPKI_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0), "PKCS7_DIGEST_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),        "PKCS7_ENCRYPT_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),    "PKCS7_ENC_CONTENT_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENVELOPE_NEW,0),       "PKCS7_ENVELOPE_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,0),      "PKCS7_ISSUER_AND_SERIAL_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_NEW,0),        "PKCS7_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_RECIP_INFO_NEW,0),     "PKCS7_RECIP_INFO_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0), "PKCS7_SIGNED_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),    "PKCS7_SIGNER_INFO_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0),  "PKCS7_SIGN_ENVELOPE_NEW"},
+{ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),   "X509_ALGOR_NEW"},
+{ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),       "X509_ATTRIBUTE_NEW"},
+{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),    "X509_CINF_NEW"},
+{ERR_PACK(0,ASN1_F_X509_CRL_INFO_NEW,0),        "X509_CRL_INFO_NEW"},
+{ERR_PACK(0,ASN1_F_X509_CRL_NEW,0),     "X509_CRL_NEW"},
+{ERR_PACK(0,ASN1_F_X509_DHPARAMS_NEW,0),        "X509_DHPARAMS_NEW"},
+{ERR_PACK(0,ASN1_F_X509_EXTENSION_NEW,0),       "X509_EXTENSION_NEW"},
+{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),    "X509_INFO_NEW"},
+{ERR_PACK(0,ASN1_F_X509_KEY_NEW,0),     "X509_KEY_NEW"},
+{ERR_PACK(0,ASN1_F_X509_NAME_ENTRY_NEW,0),      "X509_NAME_ENTRY_NEW"},
+{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),    "X509_NAME_NEW"},
+{ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_NEW"},
+{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),    "X509_PKEY_NEW"},
+{ERR_PACK(0,ASN1_F_X509_PUBKEY_NEW,0),  "X509_PUBKEY_NEW"},
+{ERR_PACK(0,ASN1_F_X509_REQ_INFO_NEW,0),        "X509_REQ_INFO_NEW"},
+{ERR_PACK(0,ASN1_F_X509_REQ_NEW,0),     "X509_REQ_NEW"},
+{ERR_PACK(0,ASN1_F_X509_REVOKED_NEW,0), "X509_REVOKED_NEW"},
+{ERR_PACK(0,ASN1_F_X509_SIG_NEW,0),     "X509_SIG_NEW"},
+{ERR_PACK(0,ASN1_F_X509_VAL_FREE,0),    "X509_VAL_FREE"},
+{ERR_PACK(0,ASN1_F_X509_VAL_NEW,0),     "X509_VAL_NEW"},
+{0,NULL},
+        };
+static ERR_STRING_DATA ASN1_str_reasons[]=
+        {
+{ASN1_R_BAD_CLASS                        ,"bad class"},
+{ASN1_R_BAD_GET_OBJECT                   ,"bad get object"},
+{ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
+{ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
+{ASN1_R_BAD_PKCS7_CONTENT                ,"bad pkcs7 content"},
+{ASN1_R_BAD_PKCS7_TYPE                   ,"bad pkcs7 type"},
+{ASN1_R_BAD_TAG                          ,"bad tag"},
+{ASN1_R_BAD_TYPE                         ,"bad type"},
+{ASN1_R_BN_LIB                           ,"bn lib"},
+{ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
+{ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
+{ASN1_R_DATA_IS_WRONG                    ,"data is wrong"},
+{ASN1_R_DECODING_ERROR                   ,"decoding error"},
+{ASN1_R_ERROR_STACK                      ,"error stack"},
+{ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
+{ASN1_R_EXPECTING_AN_OBJECT              ,"expecting an object"},
+{ASN1_R_EXPECTING_AN_OCTET_STRING        ,"expecting an octet string"},
+{ASN1_R_EXPECTING_A_BIT_STRING           ,"expecting a bit string"},
+{ASN1_R_EXPECTING_A_BOOLEAN              ,"expecting a boolean"},
+{ASN1_R_EXPECTING_A_SEQUENCE             ,"expecting a sequence"},
+{ASN1_R_EXPECTING_A_UTCTIME              ,"expecting a utctime"},
+{ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
+{ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
+{ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
+{ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
+{ASN1_R_INVALID_TIME_FORMAT              ,"invalid time format"},
+{ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
+{ASN1_R_LENGTH_ERROR                     ,"length error"},
+{ASN1_R_LENGTH_MISMATCH                  ,"length mismatch"},
+{ASN1_R_MISSING_EOS                      ,"missing eos"},
+{ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
+{ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
+{ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
+{ASN1_R_ODD_NUMBER_OF_CHARS              ,"odd number of chars"},
+{ASN1_R_PARSING                          ,"parsing"},
+{ASN1_R_PRIVATE_KEY_HEADER_MISSING       ,"private key header missing"},
+{ASN1_R_SECOND_NUMBER_TOO_LARGE          ,"second number too large"},
+{ASN1_R_SHORT_LINE                       ,"short line"},
+{ASN1_R_STRING_TOO_SHORT                 ,"string too short"},
+{ASN1_R_TAG_VALUE_TOO_HIGH               ,"tag value too high"},
+{ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
+{ASN1_R_TOO_LONG                         ,"too long"},
+{ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
+{ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
+{ASN1_R_UNKNOWN_ATTRIBUTE_TYPE           ,"unknown attribute type"},
+{ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
+{ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
+{ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE          ,"unknown public key type"},
+{ASN1_R_UNSUPPORTED_CIPHER               ,"unsupported cipher"},
+{ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
+{ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE      ,"unsupported public key type"},
+{ASN1_R_UTCTIME_TOO_LONG                 ,"utctime too long"},
+{ASN1_R_WRONG_PRINTABLE_TYPE             ,"wrong printable type"},
+{ASN1_R_WRONG_TAG                        ,"wrong tag"},
+{ASN1_R_WRONG_TYPE                       ,"wrong type"},
+{0,NULL},
+        };
+#endif
+void ERR_load_ASN1_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
+                ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
new file mode 100644
index 0000000000..ff30b25836
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -0,0 +1,444 @@
+/* crypto/asn1/asn1_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1.h"
+#include "asn1_mac.h"
+#ifndef NOPROTO
+static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
+static void asn1_put_length(unsigned char **pp, int length);
+#else
+static int asn1_get_length();
+static void asn1_put_length();
+#endif
+char *ASN1_version="ASN1 part of SSLeay 0.9.0b 29-Jun-1998";
+int ASN1_check_infinite_end(p,len)
+unsigned char **p;
+long len;
+        {
+        /* If there is 0 or 1 byte left, the length check should pick
+         * things up */
+        if (len <= 0)
+                return(1);
+        else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0))
+                {
+                (*p)+=2;
+                return(1);
+                }
+        return(0);
+        }
+int ASN1_get_object(pp, plength, ptag, pclass, omax)
+unsigned char **pp;
+long *plength;
+int *ptag;
+int *pclass;
+long omax;
+        {
+        int i,ret;
+        long l;
+        unsigned char *p= *pp;
+        int tag,xclass,inf;
+        long max=omax;
+        if (!max) goto err;
+        ret=(*p&V_ASN1_CONSTRUCTED);
+        xclass=(*p&V_ASN1_PRIVATE);
+        i= *p&V_ASN1_PRIMATIVE_TAG;
+        if (i == V_ASN1_PRIMATIVE_TAG)
+                {               /* high-tag */
+                p++;
+                if (--max == 0) goto err;
+                l=0;
+                while (*p&0x80)
+                        {
+                        l<<=7L;
+                        l|= *(p++)&0x7f;
+                        if (--max == 0) goto err;
+                        }
+                l<<=7L;
+                l|= *(p++)&0x7f;
+                tag=(int)l;
+                }
+        else
+                { 
+                tag=i;
+                p++;
+                if (--max == 0) goto err;
+                }
+        *ptag=tag;
+        *pclass=xclass;
+        if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
+#ifdef undef
+        fprintf(stderr,"p=%d + *plength=%d > omax=%d + *pp=%d  (%d > %d)\n", 
+                p,*plength,omax,*pp,(p+ *plength),omax+ *pp);
+#endif
+        if ((p+ *plength) > (omax+ *pp))
+                {
+                ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
+                /* Set this so that even if things are not long enough
+                 * the values are set correctly */
+                ret|=0x80;
+                }
+        *pp=p;
+        return(ret+inf);
+err:
+        ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG);
+        return(0x80);
+        }
+static int asn1_get_length(pp,inf,rl,max)
+unsigned char **pp;
+int *inf;
+long *rl;
+int max;
+        {
+        unsigned char *p= *pp;
+        long ret=0;
+        int i;
+        if (max-- < 1) return(0);
+        if (*p == 0x80)
+                {
+                *inf=1;
+                ret=0;
+                p++;
+                }
+        else
+                {
+                *inf=0;
+                i= *p&0x7f;
+                if (*(p++) & 0x80)
+                        {
+                        if (max-- == 0) return(0);
+                        while (i-- > 0)
+                                {
+                                ret<<=8L;
+                                ret|= *(p++);
+                                if (max-- == 0) return(0);
+                                }
+                        }
+                else
+                        ret=i;
+                }
+        *pp=p;
+        *rl=ret;
+        return(1);
+        }
+/* class 0 is constructed
+ * constructed == 2 for indefinitle length constructed */
+void ASN1_put_object(pp,constructed,length,tag,xclass)
+unsigned char **pp;
+int constructed;
+int length;
+int tag;
+int xclass;
+        {
+        unsigned char *p= *pp;
+        int i;
+        i=(constructed)?V_ASN1_CONSTRUCTED:0;
+        i|=(xclass&V_ASN1_PRIVATE);
+        if (tag < 31)
+                *(p++)=i|(tag&V_ASN1_PRIMATIVE_TAG);
+        else
+                {
+                *(p++)=i|V_ASN1_PRIMATIVE_TAG;
+                while (tag > 0x7f)
+                        {
+                        *(p++)=(tag&0x7f)|0x80;
+                        tag>>=7;
+                        }
+                *(p++)=(tag&0x7f);
+                }
+        if ((constructed == 2) && (length == 0))
+                *(p++)=0x80; /* der_put_length would output 0 instead */
+        else
+                asn1_put_length(&p,length);
+        *pp=p;
+        }
+static void asn1_put_length(pp, length)
+unsigned char **pp;
+int length;
+        {
+        unsigned char *p= *pp;
+        int i,l;
+        if (length <= 127)
+                *(p++)=(unsigned char)length;
+        else
+                {
+                l=length;
+                for (i=0; l > 0; i++)
+                        l>>=8;
+                *(p++)=i|0x80;
+                l=i;
+                while (i-- > 0)
+                        {
+                        p[i]=length&0xff;
+                        length>>=8;
+                        }
+                p+=l;
+                }
+        *pp=p;
+        }
+int ASN1_object_size(constructed, length, tag)
+int constructed;
+int length;
+int tag;
+        {
+        int ret;
+        ret=length;
+        ret++;
+        if (tag >= 31)
+                {
+                while (tag > 0)
+                        {
+                        tag>>=7;
+                        ret++;
+                        }
+                }
+        if ((length == 0) && (constructed == 2))
+                ret+=2;
+        ret++;
+        if (length > 127)
+                {
+                while (length > 0)
+                        {
+                        length>>=8;
+                        ret++;
+                        }
+                }
+        return(ret);
+        }
+int asn1_Finish(c)
+ASN1_CTX *c;
+        {
+        if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
+                {
+                if (!ASN1_check_infinite_end(&c->p,c->slen))
+                        {
+                        c->error=ASN1_R_MISSING_EOS;
+                        return(0);
+                        }
+                }
+        if (    ((c->slen != 0) && !(c->inf & 1)) ||
+                ((c->slen < 0) && (c->inf & 1)))
+                {
+                c->error=ASN1_R_LENGTH_MISMATCH;
+                return(0);
+                }
+        return(1);
+        }
+int asn1_GetSequence(c,length)
+ASN1_CTX *c;
+long *length;
+        {
+        unsigned char *q;
+        q=c->p;
+        c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass),
+                *length);
+        if (c->inf & 0x80)
+                {
+                c->error=ASN1_R_BAD_GET_OBJECT;
+                return(0);
+                }
+        if (c->tag != V_ASN1_SEQUENCE)
+                {
+                c->error=ASN1_R_EXPECTING_A_SEQUENCE;
+                return(0);
+                }
+        (*length)-=(c->p-q);
+        if (c->max && (*length < 0))
+                {
+                c->error=ASN1_R_LENGTH_MISMATCH;
+                return(0);
+                }
+        if (c->inf == (1|V_ASN1_CONSTRUCTED))
+                c->slen= *length+ *(c->pp)-c->p;
+        c->eos=0;
+        return(1);
+        }
+ASN1_STRING *ASN1_STRING_dup(str)
+ASN1_STRING *str;
+        {
+        ASN1_STRING *ret;
+        if (str == NULL) return(NULL);
+        if ((ret=ASN1_STRING_type_new(str->type)) == NULL)
+                return(NULL);
+        if (!ASN1_STRING_set(ret,str->data,str->length))
+                {
+                ASN1_STRING_free(ret);
+                return(NULL);
+                }
+        return(ret);
+        }
+int ASN1_STRING_set(str,data,len)
+ASN1_STRING *str;
+unsigned char *data;
+int len;
+        {
+        char *c;
+        if (len < 0)
+                {
+                if (data == NULL)
+                        return(0);
+                else
+                        len=strlen((char *)data);
+                }
+        if ((str->length < len) || (str->data == NULL))
+                {
+                c=(char *)str->data;
+                if (c == NULL)
+                        str->data=(unsigned char *)Malloc(len+1);
+                else
+                        str->data=(unsigned char *)Realloc(c,len+1);
+                if (str->data == NULL)
+                        {
+                        str->data=(unsigned char *)c;
+                        return(0);
+                        }
+                }
+        str->length=len;
+        if (data != NULL)
+                {
+                memcpy(str->data,data,len);
+                /* an alowance for strings :-) */
+                str->data[len]='\0';
+                }
+        return(1);
+        }
+ASN1_STRING *ASN1_STRING_new()
+        {
+        return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+        }
+ASN1_STRING *ASN1_STRING_type_new(type)
+int type;
+        {
+        ASN1_STRING *ret;
+        ret=(ASN1_STRING *)Malloc(sizeof(ASN1_STRING));
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->length=0;
+        ret->type=type;
+        ret->data=NULL;
+        return(ret);
+        }
+void ASN1_STRING_free(a)
+ASN1_STRING *a;
+        {
+        if (a == NULL) return;
+        if (a->data != NULL) Free((char *)a->data);
+        Free((char *)a);
+        }
+int ASN1_STRING_cmp(a,b)
+ASN1_STRING *a,*b;
+        {
+        int i;
+        i=(a->length-b->length);
+        if (i == 0)
+                {
+                i=memcmp(a->data,b->data,a->length);
+                if (i == 0)
+                        return(a->type-b->type);
+                else
+                        return(i);
+                }
+        else
+                return(i);
+        }
+void asn1_add_error(address,offset)
+unsigned char *address;
+int offset;
+        {
+        char buf1[16],buf2[16];
+        sprintf(buf1,"%lu",(unsigned long)address);
+        sprintf(buf2,"%d",offset);
+        ERR_add_error_data(4,"address=",buf1," offset=",buf2);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_mac.h b/src/lib/libssl/src/crypto/asn1/asn1_mac.h
new file mode 100644
index 0000000000..4fba70e4bb
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/asn1_mac.h
@@ -0,0 +1,321 @@
+/* crypto/asn1/asn1_mac.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_ASN1_MAC_H
+#define HEADER_ASN1_MAC_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "asn1.h"
+#include "x509.h"
+#include "pkcs7.h"
+#define M_ASN1_D2I_vars(a,type,func) \
+        ASN1_CTX c; \
+        type ret=NULL; \
+        \
+        c.pp=pp; \
+        c.error=ASN1_R_ERROR_STACK; \
+        if ((a == NULL) || ((*a) == NULL)) \
+                { if ((ret=(type)func()) == NULL) goto err; } \
+        else    ret=(*a);
+#define M_ASN1_D2I_Init() \
+        c.p= *pp; \
+        c.max=(length == 0)?0:(c.p+length);
+#define M_ASN1_D2I_Finish_2(a) \
+        if (!asn1_Finish(&c)) goto err; \
+        *pp=c.p; \
+        if (a != NULL) (*a)=ret; \
+        return(ret);
+#define M_ASN1_D2I_Finish(a,func,e) \
+        M_ASN1_D2I_Finish_2(a); \
+err:\
+        ASN1err((e),c.error); \
+        asn1_add_error(*pp,(int)(c.q- *pp)); \
+        if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
+        return(NULL)
+#define M_ASN1_D2I_start_sequence() \
+        if (!asn1_GetSequence(&c,&length)) goto err;
+#define M_ASN1_D2I_end_sequence() \
+        (((c.inf&1) == 0)?(c.slen <= 0): \
+                (c.eos=ASN1_check_infinite_end(&c.p,c.slen)))
+#define M_ASN1_D2I_get(b,func) \
+        c.q=c.p; \
+        if (func(&(b),&c.p,c.slen) == NULL) goto err; \
+        c.slen-=(c.p-c.q);
+#define M_ASN1_D2I_get_opt(b,func,type) \
+        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
+                == (V_ASN1_UNIVERSAL|(type)))) \
+                { \
+                M_ASN1_D2I_get(b,func); \
+                }
+#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
+        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
+                (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
+                { \
+                unsigned char tmp; \
+                tmp=M_ASN1_next; \
+                M_ASN1_next=(tmp& ~V_ASN1_PRIMATIVE_TAG)|type; \
+                M_ASN1_D2I_get(b,func); \
+                M_ASN1_next_prev=tmp; \
+                }
+#define M_ASN1_D2I_get_set(r,func) \
+                M_ASN1_D2I_get_imp_set(r,func,V_ASN1_SET,V_ASN1_UNIVERSAL);
+#define M_ASN1_D2I_get_IMP_set_opt(b,func,tag) \
+        if ((c.slen != 0) && \
+                (M_ASN1_next == \
+                (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+                { \
+                M_ASN1_D2I_get_imp_set(b,func,tag,V_ASN1_CONTEXT_SPECIFIC); \
+                }
+#define M_ASN1_D2I_get_seq(r,func) \
+                M_ASN1_D2I_get_imp_set(r,func,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+#define M_ASN1_D2I_get_seq_opt(r,func) \
+        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+                V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+                { M_ASN1_D2I_get_seq(r,func); }
+#define M_ASN1_D2I_get_IMP_set(r,func,x) \
+                M_ASN1_D2I_get_imp_set(r,func,x,V_ASN1_CONTEXT_SPECIFIC);
+#define M_ASN1_D2I_get_imp_set(r,func,a,b) \
+        c.q=c.p; \
+        if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,a,b) == NULL) \
+                goto err; \
+        c.slen-=(c.p-c.q);
+#define M_ASN1_D2I_get_set_strings(r,func,a,b) \
+        c.q=c.p; \
+        if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
+                goto err; \
+        c.slen-=(c.p-c.q);
+#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
+        if ((c.slen != 0L) && (M_ASN1_next == \
+                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+                { \
+                int Tinf,Ttag,Tclass; \
+                long Tlen; \
+                \
+                c.q=c.p; \
+                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+                if (Tinf & 0x80) \
+                        { c.error=ASN1_R_BAD_OBJECT_HEADER; goto err; } \
+                if (func(&(r),&c.p,Tlen) == NULL) \
+                        goto err; \
+                c.slen-=(c.p-c.q); \
+                }
+#define M_ASN1_D2I_get_EXP_set_opt(r,func,tag,b) \
+        if ((c.slen != 0) && (M_ASN1_next == \
+                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+                { \
+                int Tinf,Ttag,Tclass; \
+                long Tlen; \
+                \
+                c.q=c.p; \
+                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+                if (Tinf & 0x80) \
+                        { c.error=ASN1_R_BAD_OBJECT_HEADER; goto err; } \
+                if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
+                        b,V_ASN1_UNIVERSAL) == NULL) \
+                        goto err; \
+                c.slen-=(c.p-c.q); \
+                }
+/* New macros */
+#define M_ASN1_New_Malloc(ret,type) \
+        if ((ret=(type *)Malloc(sizeof(type))) == NULL) goto err2;
+#define M_ASN1_New(arg,func) \
+        if (((arg)=func()) == NULL) return(NULL)
+#define M_ASN1_New_Error(a) \
+/*      err:    ASN1err((a),ASN1_R_ERROR_STACK); \
+                return(NULL);*/ \
+        err2:   ASN1err((a),ERR_R_MALLOC_FAILURE); \
+                return(NULL)
+#define M_ASN1_next             (*c.p)
+#define M_ASN1_next_prev        (*c.q)
+/*************************************************/
+#define M_ASN1_I2D_vars(a)      int r=0,ret=0; \
+                                unsigned char *p; \
+                                if (a == NULL) return(0)
+/* Length Macros */
+#define M_ASN1_I2D_len(a,f)     ret+=f(a,NULL)
+#define M_ASN1_I2D_len_IMP_opt(a,f)     if (a != NULL) M_ASN1_I2D_len(a,f)
+#define M_ASN1_I2D_len_SET(a,f) \
+                ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL);
+#define M_ASN1_I2D_len_SEQ(a,f) \
+                ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+#define M_ASN1_I2D_len_SEQ_opt(a,f) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        M_ASN1_I2D_len_SEQ(a,f);
+#define M_ASN1_I2D_len_IMP_set(a,f,x) \
+                ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC);
+#define M_ASN1_I2D_len_IMP_set_opt(a,f,x) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC);
+#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
+                if (a != NULL)\
+                        { \
+                        v=f(a,NULL); \
+                        ret+=ASN1_object_size(1,v,mtag); \
+                        }
+#define M_ASN1_I2D_len_EXP_set_opt(a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_num(a) != 0))\
+                        { \
+                        v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL); \
+                        ret+=ASN1_object_size(1,v,mtag); \
+                        }
+/* Put Macros */
+#define M_ASN1_I2D_put(a,f)     f(a,&p)
+#define M_ASN1_I2D_put_IMP_opt(a,f,t)   \
+                if (a != NULL) \
+                        { \
+                        unsigned char *q=p; \
+                        f(a,&p); \
+                        *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
+                        }
+#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
+                        V_ASN1_UNIVERSAL)
+#define M_ASN1_I2D_put_IMP_set(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+                        V_ASN1_CONTEXT_SPECIFIC)
+#define M_ASN1_I2D_put_SEQ(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
+                        V_ASN1_UNIVERSAL)
+#define M_ASN1_I2D_put_SEQ_opt(a,f) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        M_ASN1_I2D_put_SEQ(a,f);
+#define M_ASN1_I2D_put_IMP_set_opt(a,f,x) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC); }
+#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
+                if (a != NULL) \
+                        { \
+                        ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
+                        f(a,&p); \
+                        }
+#define M_ASN1_I2D_put_EXP_set_opt(a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        { \
+                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+                        i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL); \
+                        }
+#define M_ASN1_I2D_seq_total() \
+                r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
+                if (pp == NULL) return(r); \
+                p= *pp; \
+                ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
+#define M_ASN1_I2D_INF_seq_start(tag,ctx) \
+                *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
+                *(p++)=0x80
+#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
+#define M_ASN1_I2D_finish()     *pp=p; \
+                                return(r);
+#ifndef NOPROTO
+int asn1_GetSequence(ASN1_CTX *c, long *length);
+void asn1_add_error(unsigned char *address,int offset);
+#else 
+int asn1_GetSequence();
+void asn1_add_error();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_par.c b/src/lib/libssl/src/crypto/asn1/asn1_par.c
new file mode 100644
index 0000000000..3906227d21
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/asn1_par.c
@@ -0,0 +1,393 @@
+/* crypto/asn1/asn1_par.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "objects.h"
+#include "x509.h"
+#ifndef NOPROTO
+static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
+        int indent);
+static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
+        int offset, int depth, int indent);
+#else
+static int asn1_print_info();
+static int asn1_parse2();
+#endif
+static int asn1_print_info(bp, tag, xclass, constructed,indent)
+BIO *bp;
+int tag;
+int xclass;
+int constructed;
+int indent;
+        {
+        static char *fmt="%-18s";
+        static char *fmt2="%2d %-15s";
+        char *p,str[128],*p2=NULL;
+        if (constructed & V_ASN1_CONSTRUCTED)
+                p="cons: ";
+        else
+                p="prim: ";
+        if (BIO_write(bp,p,6) < 6) goto err;
+        if (indent)
+                {
+                if (indent > 128) indent=128;
+                memset(str,' ',indent);
+                if (BIO_write(bp,str,indent) < indent) goto err;
+                }
+        p=str;
+        if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
+                sprintf(str,"priv [ %d ] ",tag);
+        else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
+                sprintf(str,"cont [ %d ]",tag);
+        else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
+                sprintf(str,"appl [ %d ]",tag);
+        else if ((tag == V_ASN1_EOC) /* && (xclass == V_ASN1_UNIVERSAL) */)
+                p="EOC";
+        else if (tag == V_ASN1_BOOLEAN)
+                p="BOOLEAN";
+        else if (tag == V_ASN1_INTEGER)
+                p="INTEGER";
+        else if (tag == V_ASN1_BIT_STRING)
+                p="BIT STRING";
+        else if (tag == V_ASN1_OCTET_STRING)
+                p="OCTET STRING";
+        else if (tag == V_ASN1_NULL)
+                p="NULL";
+        else if (tag == V_ASN1_OBJECT)
+                p="OBJECT";
+        else if (tag == V_ASN1_SEQUENCE)
+                p="SEQUENCE";
+        else if (tag == V_ASN1_SET)
+                p="SET";
+        else if (tag == V_ASN1_PRINTABLESTRING)
+                p="PRINTABLESTRING";
+        else if (tag == V_ASN1_T61STRING)
+                p="T61STRING";
+        else if (tag == V_ASN1_IA5STRING)
+                p="IA5STRING";
+        else if (tag == V_ASN1_UTCTIME)
+                p="UTCTIME";
+        /* extras */
+        else if (tag == V_ASN1_NUMERICSTRING)
+                p="NUMERICSTRING";
+        else if (tag == V_ASN1_VIDEOTEXSTRING)
+                p="VIDEOTEXSTRING";
+        else if (tag == V_ASN1_GENERALIZEDTIME)
+                p="GENERALIZEDTIME";
+        else if (tag == V_ASN1_GRAPHICSTRING)
+                p="GRAPHICSTRING";
+        else if (tag == V_ASN1_ISO64STRING)
+                p="ISO64STRING";
+        else if (tag == V_ASN1_GENERALSTRING)
+                p="GENERALSTRING";
+        else if (tag == V_ASN1_UNIVERSALSTRING)
+                p="UNIVERSALSTRING";
+        else if (tag == V_ASN1_BMPSTRING)
+                p="BMPSTRING";
+        else
+                p2="(unknown)";
+                
+        if (p2 != NULL)
+                {
+                if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
+                }
+        else
+                {
+                if (BIO_printf(bp,fmt,p) <= 0) goto err;
+                }
+        return(1);
+err:
+        return(0);
+        }
+int ASN1_parse(bp, pp, len, indent)
+BIO *bp;
+unsigned char *pp;
+long len;
+int indent;
+        {
+        return(asn1_parse2(bp,&pp,len,0,0,indent));
+        }
+static int asn1_parse2(bp, pp, length, offset, depth, indent)
+BIO *bp;
+unsigned char **pp;
+long length;
+int offset;
+int depth;
+int indent;
+        {
+        unsigned char *p,*ep,*tot,*op,*opp;
+        long len;
+        int tag,xclass,ret=0;
+        int nl,hl,j,r;
+        ASN1_OBJECT *o=NULL;
+        ASN1_OCTET_STRING *os=NULL;
+        /* ASN1_BMPSTRING *bmp=NULL;*/
+        p= *pp;
+        tot=p+length;
+        op=p-1;
+        while ((p < tot) && (op < p))
+                {
+                op=p;
+                j=ASN1_get_object(&p,&len,&tag,&xclass,length);
+#ifdef LINT
+                j=j;
+#endif
+                if (j & 0x80)
+                        {
+                        if (BIO_write(bp,"Error in encoding\n",18) <= 0)
+                                goto end;
+                        ret=0;
+                        goto end;
+                        }
+                hl=(p-op);
+                length-=hl;
+                /* if j == 0x21 it is a constructed indefinite length object */
+                if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))
+                        <= 0) goto end;
+                if (j != (V_ASN1_CONSTRUCTED | 1))
+                        {
+                        if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",
+                                depth,(long)hl,len) <= 0)
+                                goto end;
+                        }
+                else
+                        {
+                        if (BIO_printf(bp,"d=%-2d hl=%ld l=inf  ",
+                                depth,(long)hl) <= 0)
+                                goto end;
+                        }
+                if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))
+                        goto end;
+                if (j & V_ASN1_CONSTRUCTED)
+                        {
+                        ep=p+len;
+                        if (BIO_write(bp,"\n",1) <= 0) goto end;
+                        if (len > length)
+                                {
+                                BIO_printf(bp,
+                                        "length is greater than %ld\n",length);
+                                ret=0;
+                                goto end;
+                                }
+                        if ((j == 0x21) && (len == 0))
+                                {
+                                for (;;)
+                                        {
+                                        r=asn1_parse2(bp,&p,(long)(tot-p),
+                                                offset+(p - *pp),depth+1,
+                                                indent);
+                                        if (r == 0) { ret=0; goto end; }
+                                        if ((r == 2) || (p >= tot)) break;
+                                        }
+                                }
+                        else
+                                while (p < ep)
+                                        {
+                                        r=asn1_parse2(bp,&p,(long)len,
+                                                offset+(p - *pp),depth+1,
+                                                indent);
+                                        if (r == 0) { ret=0; goto end; }
+                                        }
+                        }
+                else if (xclass != 0)
+                        {
+                        p+=len;
+                        if (BIO_write(bp,"\n",1) <= 0) goto end;
+                        }
+                else
+                        {
+                        nl=0;
+                        if (    (tag == V_ASN1_PRINTABLESTRING) ||
+                                (tag == V_ASN1_T61STRING) ||
+                                (tag == V_ASN1_IA5STRING) ||
+                                (tag == V_ASN1_UTCTIME))
+                                {
+                                if (BIO_write(bp,":",1) <= 0) goto end;
+                                if ((len > 0) &&
+                                        BIO_write(bp,(char *)p,(int)len)
+                                        != (int)len)
+                                        goto end;
+                                }
+                        else if (tag == V_ASN1_OBJECT)
+                                {
+                                opp=op;
+                                if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
+                                        {
+                                        if (BIO_write(bp,":",1) <= 0) goto end;
+                                        i2a_ASN1_OBJECT(bp,o);
+                                        }
+                                else
+                                        {
+                                        if (BIO_write(bp,":BAD OBJECT",11) <= 0)
+                                                goto end;
+                                        }
+                                }
+                        else if (tag == V_ASN1_BOOLEAN)
+                                {
+                                int ii;
+                                opp=op;
+                                ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
+                                if (ii < 0)
+                                        {
+                                        if (BIO_write(bp,"Bad boolean\n",12))
+                                                goto end;
+                                        }
+                                BIO_printf(bp,":%d",ii);
+                                }
+                        else if (tag == V_ASN1_BMPSTRING)
+                                {
+                                /* do the BMP thang */
+                                }
+                        else if (tag == V_ASN1_OCTET_STRING)
+                                {
+                                int i,printable=1;
+                                opp=op;
+                                os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
+                                if (os != NULL)
+                                        {
+                                        opp=os->data;
+                                        for (i=0; i<os->length; i++)
+                                                {
+                                                if ((   (opp[i] < ' ') &&
+                                                        (opp[i] != '\n') &&
+                                                        (opp[i] != '\r') &&
+                                                        (opp[i] != '\t')) ||
+                                                        (opp[i] > '~'))
+                                                        {
+                                                        printable=0;
+                                                        break;
+                                                        }
+                                                }
+                                        if (printable && (os->length > 0))
+                                                {
+                                                if (BIO_write(bp,":",1) <= 0)
+                                                        goto end;
+                                                if (BIO_write(bp,(char *)opp,
+                                                        os->length) <= 0)
+                                                        goto end;
+                                                }
+                                        ASN1_OCTET_STRING_free(os);
+                                        os=NULL;
+                                        }
+                                }
+                        else if (tag == V_ASN1_INTEGER)
+                                {
+                                ASN1_INTEGER *bs;
+                                int i;
+                                opp=op;
+                                bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);
+                                if (bs != NULL)
+                                        {
+                                        if (BIO_write(bp,":",1) <= 0) goto end;
+                                        if (bs->type == V_ASN1_NEG_INTEGER)
+                                                if (BIO_write(bp,"-",1) <= 0)
+                                                        goto end;
+                                        for (i=0; i<bs->length; i++)
+                                                {
+                                                if (BIO_printf(bp,"%02X",
+                                                        bs->data[i]) <= 0)
+                                                        goto end;
+                                                }
+                                        if (bs->length == 0)
+                                                {
+                                                if (BIO_write(bp,"00",2) <= 0)
+                                                        goto end;
+                                                }
+                                        }
+                                else
+                                        {
+                                        if (BIO_write(bp,"BAD INTEGER",11) <= 0)
+                                                goto end;
+                                        }
+                                ASN1_INTEGER_free(bs);
+                                }
+                        if (!nl) 
+                                {
+                                if (BIO_write(bp,"\n",1) <= 0) goto end;
+                                }
+                        p+=len;
+                        if ((tag == V_ASN1_EOC) && (xclass == 0))
+                                {
+                                ret=2; /* End of sequence */
+                                goto end;
+                                }
+                        }
+                length-=len;
+                }
+        ret=1;
+end:
+        if (o != NULL) ASN1_OBJECT_free(o);
+        if (os != NULL) ASN1_OCTET_STRING_free(os);
+        *pp=p;
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/d2i_pr.c b/src/lib/libssl/src/crypto/asn1/d2i_pr.c
new file mode 100644
index 0000000000..b9eaa9629b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/d2i_pr.c
@@ -0,0 +1,117 @@
+/* crypto/asn1/d2i_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+EVP_PKEY *d2i_PrivateKey(type,a,pp,length)
+int type;
+EVP_PKEY **a;
+unsigned char **pp;
+long length;
+        {
+        EVP_PKEY *ret;
+        if ((a == NULL) || (*a == NULL))
+                {
+                if ((ret=EVP_PKEY_new()) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB);
+                        return(NULL);
+                        }
+                }
+        else    ret= *a;
+        ret->save_type=type;
+        ret->type=EVP_PKEY_type(type);
+        switch (ret->type)
+                {
+#ifndef NO_RSA
+        case EVP_PKEY_RSA:
+                if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,pp,length)) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                break;
+#endif
+#ifndef NO_DSA
+        case EVP_PKEY_DSA:
+                if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,pp,length)) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                break;
+#endif
+        default:
+                ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+                goto err;
+                break;
+                }
+        if (a != NULL) (*a)=ret;
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
+        return(NULL);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/d2i_pu.c b/src/lib/libssl/src/crypto/asn1/d2i_pu.c
new file mode 100644
index 0000000000..5d6192f1e5
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/d2i_pu.c
@@ -0,0 +1,117 @@
+/* crypto/asn1/d2i_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+EVP_PKEY *d2i_PublicKey(type,a,pp,length)
+int type;
+EVP_PKEY **a;
+unsigned char **pp;
+long length;
+        {
+        EVP_PKEY *ret;
+        if ((a == NULL) || (*a == NULL))
+                {
+                if ((ret=EVP_PKEY_new()) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
+                        return(NULL);
+                        }
+                }
+        else    ret= *a;
+        ret->save_type=type;
+        ret->type=EVP_PKEY_type(type);
+        switch (ret->type)
+                {
+#ifndef NO_RSA
+        case EVP_PKEY_RSA:
+                if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,pp,length)) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                break;
+#endif
+#ifndef NO_DSA
+        case EVP_PKEY_DSA:
+                if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,pp,length)) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                break;
+#endif
+        default:
+                ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+                goto err;
+                break;
+                }
+        if (a != NULL) (*a)=ret;
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
+        return(NULL);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/evp_asn1.c b/src/lib/libssl/src/crypto/asn1/evp_asn1.c
new file mode 100644
index 0000000000..ebe34a3362
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/evp_asn1.c
@@ -0,0 +1,193 @@
+/* crypto/asn1/evp_asn1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1.h"
+#include "asn1_mac.h"
+int ASN1_TYPE_set_octetstring(a,data,len)
+ASN1_TYPE *a;
+unsigned char *data;
+int len;
+        {
+        ASN1_STRING *os;
+        if ((os=ASN1_OCTET_STRING_new()) == NULL) return(0);
+        if (!ASN1_OCTET_STRING_set(os,data,len)) return(0);
+        ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,(char *)os);
+        return(1);
+        }
+int ASN1_TYPE_get_octetstring(a,data,max_len)
+ASN1_TYPE *a;
+unsigned char *data;
+int max_len; /* for returned value */
+        {
+        int ret,num;
+        unsigned char *p;
+        if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL))
+                {
+                ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
+                return(-1);
+                }
+        p=ASN1_STRING_data(a->value.octet_string);
+        ret=ASN1_STRING_length(a->value.octet_string);
+        if (ret < max_len)
+                num=ret;
+        else
+                num=max_len;
+        memcpy(data,p,num);
+        return(ret);
+        }
+int ASN1_TYPE_set_int_octetstring(a,num,data,len)
+ASN1_TYPE *a;
+long num;
+unsigned char *data;
+int len;
+        {
+        int n,size;
+        ASN1_OCTET_STRING os,*osp;
+        ASN1_INTEGER in;
+        unsigned char *p;
+        unsigned char buf[32]; /* when they have 256bit longs, 
+                                * I'll be in trouble */
+        in.data=buf;
+        in.length=32;
+        os.data=data;
+        os.type=V_ASN1_OCTET_STRING;
+        os.length=len;
+        ASN1_INTEGER_set(&in,num);
+        n =  i2d_ASN1_INTEGER(&in,NULL);
+        n+=M_i2d_ASN1_OCTET_STRING(&os,NULL);
+        size=ASN1_object_size(1,n,V_ASN1_SEQUENCE);
+        if ((osp=ASN1_STRING_new()) == NULL) return(0);
+        /* Grow the 'string' */
+        ASN1_STRING_set(osp,NULL,size);
+        ASN1_STRING_length(osp)=size;
+        p=ASN1_STRING_data(osp);
+        ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+          i2d_ASN1_INTEGER(&in,&p);
+        M_i2d_ASN1_OCTET_STRING(&os,&p);
+        ASN1_TYPE_set(a,V_ASN1_SEQUENCE,(char *)osp);
+        return(1);
+        }
+/* we return the actual length... */
+int ASN1_TYPE_get_int_octetstring(a,num,data,max_len)
+ASN1_TYPE *a;
+long *num;
+unsigned char *data;
+int max_len; /* for returned value */
+        {
+        int ret= -1,n;
+        ASN1_INTEGER *ai=NULL;
+        ASN1_OCTET_STRING *os=NULL;
+        unsigned char *p;
+        long length;
+        ASN1_CTX c;
+        if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL))
+                {
+                goto err;
+                }
+        p=ASN1_STRING_data(a->value.sequence);
+        length=ASN1_STRING_length(a->value.sequence);
+        c.pp= &p;
+        c.p=p;
+        c.max=p+length;
+        c.error=ASN1_R_DATA_IS_WRONG;
+        M_ASN1_D2I_start_sequence();
+        c.q=c.p;
+        if ((ai=d2i_ASN1_INTEGER(NULL,&c.p,c.slen)) == NULL) goto err;
+        c.slen-=(c.p-c.q);
+        c.q=c.p;
+        if ((os=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) goto err;
+        c.slen-=(c.p-c.q);
+        if (!M_ASN1_D2I_end_sequence()) goto err;
+        if (num != NULL)
+                *num=ASN1_INTEGER_get(ai);
+        ret=ASN1_STRING_length(os);
+        if (max_len > ret)
+                n=ret;
+        else
+                n=max_len;
+        if (data != NULL)
+                memcpy(data,ASN1_STRING_data(os),n);
+        if (0)
+                {
+err:
+                ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
+                }
+        if (os != NULL) ASN1_OCTET_STRING_free(os);
+        if (ai != NULL) ASN1_INTEGER_free(ai);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/f_int.c b/src/lib/libssl/src/crypto/asn1/f_int.c
new file mode 100644
index 0000000000..4817c45cb7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/f_int.c
@@ -0,0 +1,211 @@
+/* crypto/asn1/f_int.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "x509.h"
+int i2a_ASN1_INTEGER(bp, a)
+BIO *bp;
+ASN1_INTEGER *a;
+        {
+        int i,n=0;
+        static char *h="0123456789ABCDEF";
+        char buf[2];
+        if (a == NULL) return(0);
+        if (a->length == 0)
+                {
+                if (BIO_write(bp,"00",2) != 2) goto err;
+                n=2;
+                }
+        else
+                {
+                for (i=0; i<a->length; i++)
+                        {
+                        if ((i != 0) && (i%35 == 0))
+                                {
+                                if (BIO_write(bp,"\\\n",2) != 2) goto err;
+                                n+=2;
+                                }
+                        buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+                        buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+                        if (BIO_write(bp,buf,2) != 2) goto err;
+                        n+=2;
+                        }
+                }
+        return(n);
+err:
+        return(-1);
+        }
+int a2i_ASN1_INTEGER(bp,bs,buf,size)
+BIO *bp;
+ASN1_INTEGER *bs;
+char *buf;
+int size;
+        {
+        int ret=0;
+        int i,j,k,m,n,again,bufsize;
+        unsigned char *s=NULL,*sp;
+        unsigned char *bufp;
+        int num=0,slen=0,first=1;
+        bs->type=V_ASN1_INTEGER;
+        bufsize=BIO_gets(bp,buf,size);
+        for (;;)
+                {
+                if (bufsize < 1) goto err_sl;
+                i=bufsize;
+                if (buf[i-1] == '\n') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                if (buf[i-1] == '\r') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                again=(buf[i-1] == '\\');
+                for (j=0; j<i; j++)
+                        {
+                        if (!(  ((buf[j] >= '0') && (buf[j] <= '9')) ||
+                                ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                                ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+                                {
+                                i=j;
+                                break;
+                                }
+                        }
+                buf[i]='\0';
+                /* We have now cleared all the crap off the end of the
+                 * line */
+                if (i < 2) goto err_sl;
+                bufp=(unsigned char *)buf;
+                if (first)
+                        {
+                        first=0;
+                        if ((bufp[0] == '0') && (buf[1] == '0'))
+                                {
+                                bufp+=2;
+                                i-=2;
+                                }
+                        }
+                k=0;
+                i-=again;
+                if (i%2 != 0)
+                        {
+                        ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS);
+                        goto err;
+                        }
+                i/=2;
+                if (num+i > slen)
+                        {
+                        if (s == NULL)
+                                sp=(unsigned char *)Malloc(
+                                        (unsigned int)num+i*2);
+                        else
+                                sp=(unsigned char *)Realloc(s,
+                                        (unsigned int)num+i*2);
+                        if (sp == NULL)
+                                {
+                                ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+                                if (s != NULL) Free((char *)s);
+                                goto err;
+                                }
+                        s=sp;
+                        slen=num+i*2;
+                        }
+                for (j=0; j<i; j++,k+=2)
+                        {
+                        for (n=0; n<2; n++)
+                                {
+                                m=bufp[k+n];
+                                if ((m >= '0') && (m <= '9'))
+                                        m-='0';
+                                else if ((m >= 'a') && (m <= 'f'))
+                                        m=m-'a'+10;
+                                else if ((m >= 'A') && (m <= 'F'))
+                                        m=m-'A'+10;
+                                else
+                                        {
+                                        ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS);
+                                        goto err;
+                                        }
+                                s[num+j]<<=4;
+                                s[num+j]|=m;
+                                }
+                        }
+                num+=i;
+                if (again)
+                        bufsize=BIO_gets(bp,buf,size);
+                else
+                        break;
+                }
+        bs->length=num;
+        bs->data=s;
+        ret=1;
+err:
+        if (0)
+                {
+err_sl:
+                ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE);
+                }
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/f_string.c b/src/lib/libssl/src/crypto/asn1/f_string.c
new file mode 100644
index 0000000000..ab2837824e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/f_string.c
@@ -0,0 +1,210 @@
+/* crypto/asn1/f_string.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "x509.h"
+int i2a_ASN1_STRING(bp, a, type)
+BIO *bp;
+ASN1_STRING *a;
+int type;
+        {
+        int i,n=0;
+        static char *h="0123456789ABCDEF";
+        char buf[2];
+        if (a == NULL) return(0);
+        if (a->length == 0)
+                {
+                if (BIO_write(bp,"0",1) != 1) goto err;
+                n=1;
+                }
+        else
+                {
+                for (i=0; i<a->length; i++)
+                        {
+                        if ((i != 0) && (i%35 == 0))
+                                {
+                                if (BIO_write(bp,"\\\n",2) != 2) goto err;
+                                n+=2;
+                                }
+                        buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+                        buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+                        if (BIO_write(bp,buf,2) != 2) goto err;
+                        n+=2;
+                        }
+                }
+        return(n);
+err:
+        return(-1);
+        }
+int a2i_ASN1_STRING(bp,bs,buf,size)
+BIO *bp;
+ASN1_STRING *bs;
+char *buf;
+int size;
+        {
+        int ret=0;
+        int i,j,k,m,n,again,bufsize;
+        unsigned char *s=NULL,*sp;
+        unsigned char *bufp;
+        int num=0,slen=0,first=1;
+        bufsize=BIO_gets(bp,buf,size);
+        for (;;)
+                {
+                if (bufsize < 1)
+                        {
+                        if (first)
+                                break;
+                        else
+                                goto err_sl;
+                        }
+                first=0;
+                i=bufsize;
+                if (buf[i-1] == '\n') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                if (buf[i-1] == '\r') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                again=(buf[i-1] == '\\');
+                for (j=i-1; j>0; j--)
+                        {
+                        if (!(  ((buf[j] >= '0') && (buf[j] <= '9')) ||
+                                ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                                ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+                                {
+                                i=j;
+                                break;
+                                }
+                        }
+                buf[i]='\0';
+                /* We have now cleared all the crap off the end of the
+                 * line */
+                if (i < 2) goto err_sl;
+                bufp=(unsigned char *)buf;
+                k=0;
+                i-=again;
+                if (i%2 != 0)
+                        {
+                        ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS);
+                        goto err;
+                        }
+                i/=2;
+                if (num+i > slen)
+                        {
+                        if (s == NULL)
+                                sp=(unsigned char *)Malloc(
+                                        (unsigned int)num+i*2);
+                        else
+                                sp=(unsigned char *)Realloc(s,
+                                        (unsigned int)num+i*2);
+                        if (sp == NULL)
+                                {
+                                ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
+                                if (s != NULL) Free((char *)s);
+                                goto err;
+                                }
+                        s=sp;
+                        slen=num+i*2;
+                        }
+                for (j=0; j<i; j++,k+=2)
+                        {
+                        for (n=0; n<2; n++)
+                                {
+                                m=bufp[k+n];
+                                if ((m >= '0') && (m <= '9'))
+                                        m-='0';
+                                else if ((m >= 'a') && (m <= 'f'))
+                                        m=m-'a'+10;
+                                else if ((m >= 'A') && (m <= 'F'))
+                                        m=m-'A'+10;
+                                else
+                                        {
+                                        ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS);
+                                        goto err;
+                                        }
+                                s[num+j]<<=4;
+                                s[num+j]|=m;
+                                }
+                        }
+                num+=i;
+                if (again)
+                        bufsize=BIO_gets(bp,buf,size);
+                else
+                        break;
+                }
+        bs->length=num;
+        bs->data=s;
+        ret=1;
+err:
+        if (0)
+                {
+err_sl:
+                ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE);
+                }
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_pr.c b/src/lib/libssl/src/crypto/asn1/i2d_pr.c
new file mode 100644
index 0000000000..b6b821d73c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/i2d_pr.c
@@ -0,0 +1,86 @@
+/* crypto/asn1/i2d_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "evp.h"
+#include "objects.h"
+int i2d_PrivateKey(a,pp)
+EVP_PKEY *a;
+unsigned char **pp;
+        {
+#ifndef NO_RSA
+        if (a->type == EVP_PKEY_RSA)
+                {
+                return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
+                }
+        else
+#endif
+#ifndef NO_DSA
+        if (a->type == EVP_PKEY_DSA)
+                {
+                return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
+                }
+#endif
+        ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        return(-1);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_pu.c b/src/lib/libssl/src/crypto/asn1/i2d_pu.c
new file mode 100644
index 0000000000..1b854252b7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/i2d_pu.c
@@ -0,0 +1,84 @@
+/* crypto/asn1/i2d_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "evp.h"
+#include "objects.h"
+int i2d_PublicKey(a,pp)
+EVP_PKEY *a;
+unsigned char **pp;
+        {
+        switch (a->type)
+                {
+#ifndef NO_RSA
+        case EVP_PKEY_RSA:
+                return(i2d_RSAPublicKey(a->pkey.rsa,pp));
+#endif
+#ifndef NO_DSA
+        case EVP_PKEY_DSA:
+                return(i2d_DSAPublicKey(a->pkey.dsa,pp));
+#endif
+        default:
+                ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+                return(-1);
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/n_pkey.c b/src/lib/libssl/src/crypto/asn1/n_pkey.c
new file mode 100644
index 0000000000..5110c91bec
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/n_pkey.c
@@ -0,0 +1,365 @@
+/* crypto/asn1/n_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "rsa.h"
+#include "objects.h"
+#include "asn1_mac.h"
+#include "evp.h"
+#include "x509.h"
+#ifndef NO_RC4
+typedef struct netscape_pkey_st
+        {
+        ASN1_INTEGER *version;
+        X509_ALGOR *algor;
+        ASN1_OCTET_STRING *private_key;
+        } NETSCAPE_PKEY;
+/*
+ * ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
+ * ASN1err(ASN1_F_D2I_NETSCAPE_PKEY,ASN1_R_DECODING_ERROR);
+ * ASN1err(ASN1_F_NETSCAPE_PKEY_NEW,ASN1_R_DECODING_ERROR);
+ */
+#ifndef NOPROTO
+static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp);
+static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, long length);
+static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
+static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
+#else
+static int i2d_NETSCAPE_PKEY();
+static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY();
+static NETSCAPE_PKEY *NETSCAPE_PKEY_new();
+static void NETSCAPE_PKEY_free();
+#endif
+int i2d_Netscape_RSA(a,pp,cb)
+RSA *a;
+unsigned char **pp;
+int (*cb)();
+        {
+        int i,j,l[6];
+        NETSCAPE_PKEY *pkey;
+        unsigned char buf[256],*zz;
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        EVP_CIPHER_CTX ctx;
+        X509_ALGOR *alg=NULL;
+        ASN1_OCTET_STRING os,os2;
+        M_ASN1_I2D_vars(a);
+        if (a == NULL) return(0);
+#ifdef WIN32
+        r=r; /* shut the damn compiler up :-) */
+#endif
+        os.data=os2.data=NULL;
+        if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
+        if (!ASN1_INTEGER_set(pkey->version,0)) goto err;
+        if (pkey->algor->algorithm != NULL)
+                ASN1_OBJECT_free(pkey->algor->algorithm);
+        pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+        if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+        pkey->algor->parameter->type=V_ASN1_NULL;
+        l[0]=i2d_RSAPrivateKey(a,NULL);
+        pkey->private_key->length=l[0];
+        os2.length=i2d_NETSCAPE_PKEY(pkey,NULL);
+        l[1]=i2d_ASN1_OCTET_STRING(&os2,NULL);
+        if ((alg=X509_ALGOR_new()) == NULL) goto err;
+        if (alg->algorithm != NULL)
+                ASN1_OBJECT_free(alg->algorithm);
+        alg->algorithm=OBJ_nid2obj(NID_rc4);
+        if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
+        alg->parameter->type=V_ASN1_NULL;
+        l[2]=i2d_X509_ALGOR(alg,NULL);
+        l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE);
+        os.data=(unsigned char *)"private-key";
+        os.length=11;
+        l[4]=i2d_ASN1_OCTET_STRING(&os,NULL);
+        l[5]=ASN1_object_size(1,l[4]+l[3],V_ASN1_SEQUENCE);
+        if (pp == NULL)
+                {
+                if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
+                if (alg != NULL) X509_ALGOR_free(alg);
+                return(l[5]);
+                }
+        if (pkey->private_key->data != NULL)
+                Free((char *)pkey->private_key->data);
+        if ((pkey->private_key->data=(unsigned char *)Malloc(l[0])) == NULL)
+                {
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        zz=pkey->private_key->data;
+        i2d_RSAPrivateKey(a,&zz);
+        if ((os2.data=(unsigned char *)Malloc(os2.length)) == NULL)
+                {
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        zz=os2.data;
+        i2d_NETSCAPE_PKEY(pkey,&zz);
+                
+        if (cb == NULL)
+                cb=EVP_read_pw_string;
+        i=cb(buf,256,"Enter Private Key password:",1);
+        if (i != 0)
+                {
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);
+                goto err;
+                }
+        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
+                strlen((char *)buf),1,key,NULL);
+        memset(buf,0,256);
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+        EVP_EncryptUpdate(&ctx,os2.data,&i,os2.data,os2.length);
+        EVP_EncryptFinal(&ctx,&(os2.data[i]),&j);
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        p= *pp;
+        ASN1_put_object(&p,1,l[4]+l[3],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+        i2d_ASN1_OCTET_STRING(&os,&p);
+        ASN1_put_object(&p,1,l[2]+l[1],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+        i2d_X509_ALGOR(alg,&p);
+        i2d_ASN1_OCTET_STRING(&os2,&p);
+        ret=l[5];
+err:
+        if (os2.data != NULL) Free((char *)os2.data);
+        if (alg != NULL) X509_ALGOR_free(alg);
+        if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
+        r=r;
+        return(ret);
+        }
+RSA *d2i_Netscape_RSA(a,pp,length,cb)
+RSA **a;
+unsigned char **pp;
+long length;
+int (*cb)();
+        {
+        RSA *ret=NULL;
+        ASN1_OCTET_STRING *os=NULL;
+        ASN1_CTX c;
+        c.pp=pp;
+        c.error=ASN1_R_DECODING_ERROR;
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
+        if ((os->length != 11) || (strncmp("private-key",
+                (char *)os->data,os->length) != 0))
+                {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+                ASN1_BIT_STRING_free(os);
+                goto err;
+                }
+        ASN1_BIT_STRING_free(os);
+        c.q=c.p;
+        if ((ret=d2i_Netscape_RSA_2(a,&c.p,c.slen,cb)) == NULL) goto err;
+        c.slen-=(c.p-c.q);
+        M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
+        }
+RSA *d2i_Netscape_RSA_2(a,pp,length,cb)
+RSA **a;
+unsigned char **pp;
+long length;
+int (*cb)();
+        {
+        NETSCAPE_PKEY *pkey=NULL;
+        RSA *ret=NULL;
+        int i,j;
+        unsigned char buf[256],*zz;
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        EVP_CIPHER_CTX ctx;
+        X509_ALGOR *alg=NULL;
+        ASN1_OCTET_STRING *os=NULL;
+        ASN1_CTX c;
+        c.error=ASN1_R_ERROR_STACK;
+        c.pp=pp;
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(alg,d2i_X509_ALGOR);
+        if (OBJ_obj2nid(alg->algorithm) != NID_rc4)
+                {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+                goto err;
+                }
+        M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
+        if (cb == NULL)
+                cb=EVP_read_pw_string;
+        i=cb(buf,256,"Enter Private Key password:",0);
+        if (i != 0)
+                {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_BAD_PASSWORD_READ);
+                goto err;
+                }
+        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
+                strlen((char *)buf),1,key,NULL);
+        memset(buf,0,256);
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+        EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
+        EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        os->length=i+j;
+        zz=os->data;
+        if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
+                {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+                goto err;
+                }
+                
+        zz=pkey->private_key->data;
+        if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
+                {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+                goto err;
+                }
+        if (!asn1_Finish(&c)) goto err;
+        *pp=c.p;
+err:
+        if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
+        if (os != NULL) ASN1_BIT_STRING_free(os);
+        if (alg != NULL) X509_ALGOR_free(alg);
+        return(ret);
+        }
+static int i2d_NETSCAPE_PKEY(a,pp)
+NETSCAPE_PKEY *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->version,      i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(a->algor,        i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->private_key,  i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->version,      i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(a->algor,        i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->private_key,  i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_finish();
+        }
+static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(a,pp,length)
+NETSCAPE_PKEY **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,NETSCAPE_PKEY *,NETSCAPE_PKEY_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+        M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->private_key,d2i_ASN1_OCTET_STRING);
+        M_ASN1_D2I_Finish(a,NETSCAPE_PKEY_free,ASN1_F_D2I_NETSCAPE_PKEY);
+        }
+static NETSCAPE_PKEY *NETSCAPE_PKEY_new()
+        {
+        NETSCAPE_PKEY *ret=NULL;
+        M_ASN1_New_Malloc(ret,NETSCAPE_PKEY);
+        M_ASN1_New(ret->version,ASN1_INTEGER_new);
+        M_ASN1_New(ret->algor,X509_ALGOR_new);
+        M_ASN1_New(ret->private_key,ASN1_OCTET_STRING_new);
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_NETSCAPE_PKEY_NEW);
+        }
+static void NETSCAPE_PKEY_free(a)
+NETSCAPE_PKEY *a;
+        {
+        if (a == NULL) return;
+        ASN1_INTEGER_free(a->version);
+        X509_ALGOR_free(a->algor);
+        ASN1_OCTET_STRING_free(a->private_key);
+        Free((char *)a);
+        }
+#endif /* NO_RC4 */
diff --git a/src/lib/libssl/src/crypto/asn1/t_pkey.c b/src/lib/libssl/src/crypto/asn1/t_pkey.c
new file mode 100644
index 0000000000..bc518d59a2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/t_pkey.c
@@ -0,0 +1,392 @@
+/* crypto/asn1/t_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "bn.h"
+#ifndef NO_RSA
+#include "rsa.h"
+#endif
+#ifndef NO_DH
+#include "dh.h"
+#endif
+#ifndef NO_DSA
+#include "dsa.h"
+#endif
+/* DHerr(DH_F_DHPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
+ * DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
+ */
+#ifndef NOPROTO
+static int print(BIO *fp,char *str,BIGNUM *num,
+                unsigned char *buf,int off);
+#else
+static int print();
+#endif
+#ifndef NO_RSA
+#ifndef NO_FP_API
+int RSA_print_fp(fp,x,off)
+FILE *fp;
+RSA *x;
+int off;
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=RSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int RSA_print(bp,x,off)
+BIO *bp;
+RSA *x;
+int off;
+        {
+        char str[128],*s;
+        unsigned char *m=NULL;
+        int i,ret=0;
+        i=RSA_size(x);
+        m=(unsigned char *)Malloc((unsigned int)i+10);
+        if (m == NULL)
+                {
+                RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (off)
+                {
+                if (off > 128) off=128;
+                memset(str,' ',off);
+                }
+        if (x->d != NULL)
+                {
+                if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+                if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
+                        <= 0) goto err;
+                }
+        if (x->d == NULL)
+                sprintf(str,"Modulus (%d bit):",BN_num_bits(x->n));
+        else
+                strcpy(str,"modulus:");
+        if (!print(bp,str,x->n,m,off)) goto err;
+        s=(x->d == NULL)?"Exponent:":"publicExponent:";
+        if (!print(bp,s,x->e,m,off)) goto err;
+        if (!print(bp,"privateExponent:",x->d,m,off)) goto err;
+        if (!print(bp,"prime1:",x->p,m,off)) goto err;
+        if (!print(bp,"prime2:",x->q,m,off)) goto err;
+        if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err;
+        if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err;
+        if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err;
+        ret=1;
+err:
+        if (m != NULL) Free((char *)m);
+        return(ret);
+        }
+#endif /* NO_RSA */
+#ifndef NO_DSA
+#ifndef NO_FP_API
+int DSA_print_fp(fp,x,off)
+FILE *fp;
+DSA *x;
+int off;
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int DSA_print(bp,x,off)
+BIO *bp;
+DSA *x;
+int off;
+        {
+        char str[128];
+        unsigned char *m=NULL;
+        int i,ret=0;
+        BIGNUM *bn=NULL;
+        if (x->p != NULL)
+                bn=x->p;
+        else if (x->priv_key != NULL)
+                bn=x->priv_key;
+        else if (x->pub_key != NULL)
+                bn=x->pub_key;
+                
+        /* larger than needed but what the hell :-) */
+        if (bn != NULL)
+                i=BN_num_bytes(bn)*2;
+        else
+                i=256;
+        m=(unsigned char *)Malloc((unsigned int)i+10);
+        if (m == NULL)
+                {
+                DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (off)
+                {
+                if (off > 128) off=128;
+                memset(str,' ',off);
+                }
+        if (x->priv_key != NULL)
+                {
+                if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+                if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
+                        <= 0) goto err;
+                }
+        if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off))
+                goto err;
+        if ((x->pub_key  != NULL) && !print(bp,"pub: ",x->pub_key,m,off))
+                goto err;
+        if ((x->p != NULL) && !print(bp,"P:   ",x->p,m,off)) goto err;
+        if ((x->q != NULL) && !print(bp,"Q:   ",x->q,m,off)) goto err;
+        if ((x->g != NULL) && !print(bp,"G:   ",x->g,m,off)) goto err;
+        ret=1;
+err:
+        if (m != NULL) Free((char *)m);
+        return(ret);
+        }
+#endif /* !NO_DSA */
+static int print(bp,number,num,buf,off)
+BIO *bp;
+char *number;
+BIGNUM *num;
+unsigned char *buf;
+int off;
+        {
+        int n,i;
+        char str[128],*neg;
+        if (num == NULL) return(1);
+        neg=(num->neg)?"-":"";
+        if (off)
+                {
+                if (off > 128) off=128;
+                memset(str,' ',off);
+                if (BIO_write(bp,str,off) <= 0) return(0);
+                }
+        if (BN_num_bytes(num) <= BN_BYTES)
+                {
+                if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
+                        (unsigned long)num->d[0],neg,(unsigned long)num->d[0])
+                        <= 0) return(0);
+                }
+        else
+                {
+                buf[0]=0;
+                if (BIO_printf(bp,"%s%s",number,
+                        (neg[0] == '-')?" (Negative)":"") <= 0)
+                        return(0);
+                n=BN_bn2bin(num,&buf[1]);
+        
+                if (buf[1] & 0x80)
+                        n++;
+                else    buf++;
+                for (i=0; i<n; i++)
+                        {
+                        if ((i%15) == 0)
+                                {
+                                str[0]='\n';
+                                memset(&(str[1]),' ',off+4);
+                                if (BIO_write(bp,str,off+1+4) <= 0) return(0);
+                                }
+                        if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
+                                <= 0) return(0);
+                        }
+                if (BIO_write(bp,"\n",1) <= 0) return(0);
+                }
+        return(1);
+        }
+#ifndef NO_DH
+#ifndef NO_FP_API
+int DHparams_print_fp(fp,x)
+FILE *fp;
+DH *x;
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DHparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int DHparams_print(bp,x)
+BIO *bp;
+DH *x;
+        {
+        unsigned char *m=NULL;
+        int reason=ERR_R_BUF_LIB,i,ret=0;
+        i=BN_num_bytes(x->p);
+        m=(unsigned char *)Malloc((unsigned int)i+10);
+        if (m == NULL)
+                {
+                reason=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+        if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n",
+                BN_num_bits(x->p)) <= 0)
+                goto err;
+        if (!print(bp,"prime:",x->p,m,4)) goto err;
+        if (!print(bp,"generator:",x->g,m,4)) goto err;
+        if (x->length != 0)
+                {
+                if (BIO_printf(bp,"    recomented-private-length: %d bits\n",
+                        (int)x->length) <= 0) goto err;
+                }
+        ret=1;
+        if (0)
+                {
+err:
+                DHerr(DH_F_DHPARAMS_PRINT,reason);
+                }
+        if (m != NULL) Free((char *)m);
+        return(ret);
+        }
+#endif
+#ifndef NO_DSA
+#ifndef NO_FP_API
+int DSAparams_print_fp(fp,x)
+FILE *fp;
+DSA *x;
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSAparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int DSAparams_print(bp,x)
+BIO *bp;
+DSA *x;
+        {
+        unsigned char *m=NULL;
+        int reason=ERR_R_BUF_LIB,i,ret=0;
+        i=BN_num_bytes(x->p);
+        m=(unsigned char *)Malloc((unsigned int)i+10);
+        if (m == NULL)
+                {
+                reason=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+        if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n",
+                BN_num_bits(x->p)) <= 0)
+                goto err;
+        if (!print(bp,"p:",x->p,m,4)) goto err;
+        if (!print(bp,"q:",x->q,m,4)) goto err;
+        if (!print(bp,"g:",x->g,m,4)) goto err;
+        ret=1;
+err:
+        if (m != NULL) Free((char *)m);
+        DSAerr(DSA_F_DSAPARAMS_PRINT,reason);
+        return(ret);
+        }
+#endif /* !NO_DSA */
diff --git a/src/lib/libssl/src/crypto/asn1/t_req.c b/src/lib/libssl/src/crypto/asn1/t_req.c
new file mode 100644
index 0000000000..7df749a48f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/t_req.c
@@ -0,0 +1,226 @@
+/* crypto/asn1/t_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "bn.h"
+#include "objects.h"
+#include "x509.h"
+#ifndef NO_FP_API
+int X509_REQ_print_fp(fp,x)
+FILE *fp;
+X509_REQ *x;
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_REQ_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int X509_REQ_print(bp,x)
+BIO *bp;
+X509_REQ *x;
+        {
+        unsigned long l;
+        int i,n;
+        char *s,*neg;
+        X509_REQ_INFO *ri;
+        EVP_PKEY *pkey;
+        STACK *sk;
+        char str[128];
+        ri=x->req_info;
+        sprintf(str,"Certificate Request:\n");
+        if (BIO_puts(bp,str) <= 0) goto err;
+        sprintf(str,"%4sData:\n","");
+        if (BIO_puts(bp,str) <= 0) goto err;
+        neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
+        l=0;
+        for (i=0; i<ri->version->length; i++)
+                { l<<=8; l+=ri->version->data[i]; }
+        sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
+        if (BIO_puts(bp,str) <= 0) goto err;
+        sprintf(str,"%8sSubject: ","");
+        if (BIO_puts(bp,str) <= 0) goto err;
+        X509_NAME_print(bp,ri->subject,16);
+        sprintf(str,"\n%8sSubject Public Key Info:\n","");
+        if (BIO_puts(bp,str) <= 0) goto err;
+        i=OBJ_obj2nid(ri->pubkey->algor->algorithm);
+        sprintf(str,"%12sPublic Key Algorithm: %s\n","",
+                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+        if (BIO_puts(bp,str) <= 0) goto err;
+        pkey=X509_REQ_get_pubkey(x);
+#ifndef NO_RSA
+        if (pkey->type == EVP_PKEY_RSA)
+                {
+                BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+                        BN_num_bits(pkey->pkey.rsa->n));
+                RSA_print(bp,pkey->pkey.rsa,16);
+                }
+        else 
+#endif
+#ifndef NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                {
+                BIO_printf(bp,"%12sDSA Public Key:\n","");
+                DSA_print(bp,pkey->pkey.dsa,16);
+                }
+        else
+#endif
+                BIO_printf(bp,"%12sUnknown Public Key:\n","");
+        /* may not be */
+        sprintf(str,"%8sAttributes:\n","");
+        if (BIO_puts(bp,str) <= 0) goto err;
+        sk=x->req_info->attributes;
+        if ((sk == NULL) || (sk_num(sk) == 0))
+                {
+                if (!x->req_info->req_kludge)
+                        {
+                        sprintf(str,"%12sa0:00\n","");
+                        if (BIO_puts(bp,str) <= 0) goto err;
+                        }
+                }
+        else
+                {
+                for (i=0; i<sk_num(sk); i++)
+                        {
+                        ASN1_TYPE *at;
+                        X509_ATTRIBUTE *a;
+                        ASN1_BIT_STRING *bs=NULL;
+                        ASN1_TYPE *t;
+                        int j,type=0,count=1,ii=0;
+                        a=(X509_ATTRIBUTE *)sk_value(sk,i);
+                        sprintf(str,"%12s","");
+                        if (BIO_puts(bp,str) <= 0) goto err;
+                        if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
+                        if (a->set)
+                                {
+                                ii=0;
+                                count=sk_num(a->value.set);
+get_next:
+                                at=(ASN1_TYPE *)sk_value(a->value.set,ii);
+                                type=at->type;
+                                bs=at->value.asn1_string;
+                                }
+                        else
+                                {
+                                t=a->value.single;
+                                type=t->type;
+                                bs=t->value.bit_string;
+                                }
+                        for (j=25-j; j>0; j--)
+                                if (BIO_write(bp," ",1) != 1) goto err;
+                        if (BIO_puts(bp,":") <= 0) goto err;
+                        if (    (type == V_ASN1_PRINTABLESTRING) ||
+                                (type == V_ASN1_T61STRING) ||
+                                (type == V_ASN1_IA5STRING))
+                                {
+                                if (BIO_write(bp,(char *)bs->data,bs->length)
+                                        != bs->length)
+                                        goto err;
+                                BIO_puts(bp,"\n");
+                                }
+                        else
+                                {
+                                BIO_puts(bp,"unable to print attribute\n");
+                                }
+                        if (++ii < count) goto get_next;
+                        }
+                }
+        i=OBJ_obj2nid(x->sig_alg->algorithm);
+        sprintf(str,"%4sSignature Algorithm: %s","",
+                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+        if (BIO_puts(bp,str) <= 0) goto err;
+        n=x->signature->length;
+        s=(char *)x->signature->data;
+        for (i=0; i<n; i++)
+                {
+                if ((i%18) == 0)
+                        {
+                        sprintf(str,"\n%8s","");
+                        if (BIO_puts(bp,str) <= 0) goto err;
+                        }
+                sprintf(str,"%02x%s",(unsigned char)s[i],((i+1) == n)?"":":");
+                if (BIO_puts(bp,str) <= 0) goto err;
+                }
+        if (BIO_puts(bp,"\n") <= 0) goto err;
+        return(1);
+err:
+        X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB);
+        return(0);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/t_x509.c b/src/lib/libssl/src/crypto/asn1/t_x509.c
new file mode 100644
index 0000000000..b10fbbb992
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/t_x509.c
@@ -0,0 +1,386 @@
+/* crypto/asn1/t_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "bn.h"
+#ifndef NO_RSA
+#include "rsa.h"
+#endif
+#ifndef NO_DSA
+#include "dsa.h"
+#endif
+#include "objects.h"
+#include "x509.h"
+#ifndef NO_FP_API
+int X509_print_fp(fp,x)
+FILE *fp;
+X509 *x;
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int X509_print(bp,x)
+BIO *bp;
+X509 *x;
+        {
+        long l;
+        int ret=0,i,j,n;
+        char *m=NULL,*s;
+        X509_CINF *ci;
+        ASN1_INTEGER *bs;
+        EVP_PKEY *pkey=NULL;
+        char *neg;
+        X509_EXTENSION *ex;
+        ASN1_STRING *str=NULL;
+        ci=x->cert_info;
+        if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
+        if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
+        l=X509_get_version(x);
+        if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
+        if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
+        bs=X509_get_serialNumber(x);
+        if (bs->length <= 4)
+                {
+                l=ASN1_INTEGER_get(bs);
+                if (l < 0)
+                        {
+                        l= -l;
+                        neg="-";
+                        }
+                else
+                        neg="";
+                if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
+                        goto err;
+                }
+        else
+                {
+                neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
+                if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
+                for (i=0; i<bs->length; i++)
+                        {
+                        if (BIO_printf(bp,"%02x%c",bs->data[i],
+                                ((i+1 == bs->length)?'\n':':')) <= 0)
+                                goto err;
+                        }
+                }
+        i=OBJ_obj2nid(ci->signature->algorithm);
+        if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
+                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
+                goto err;
+        if (BIO_write(bp,"        Issuer: ",16) <= 0) goto err;
+        if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
+        if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
+        if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
+        if (!ASN1_UTCTIME_print(bp,X509_get_notBefore(x))) goto err;
+        if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
+        if (!ASN1_UTCTIME_print(bp,X509_get_notAfter(x))) goto err;
+        if (BIO_write(bp,"\n        Subject: ",18) <= 0) goto err;
+        if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
+        if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
+                goto err;
+        i=OBJ_obj2nid(ci->key->algor->algorithm);
+        if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
+                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+        pkey=X509_get_pubkey(x);
+#ifndef NO_RSA
+        if (pkey->type == EVP_PKEY_RSA)
+                {
+                BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+                BN_num_bits(pkey->pkey.rsa->n));
+                RSA_print(bp,pkey->pkey.rsa,16);
+                }
+        else
+#endif
+#ifndef NO_DSA
+        if (pkey->type == EVP_PKEY_DSA)
+                {
+                BIO_printf(bp,"%12sDSA Public Key:\n","");
+                DSA_print(bp,pkey->pkey.dsa,16);
+                }
+        else
+#endif
+                BIO_printf(bp,"%12sDSA Public Key:\n","");
+        n=X509_get_ext_count(x);
+        if (n > 0)
+                {
+                BIO_printf(bp,"%8sX509v3 extensions:\n","");
+                for (i=0; i<n; i++)
+                        {
+                        int data_type,pack_type;
+                        ASN1_OBJECT *obj;
+                        ex=X509_get_ext(x,i);
+                        if (BIO_printf(bp,"%12s","") <= 0) goto err;
+                        obj=X509_EXTENSION_get_object(ex);
+                        i2a_ASN1_OBJECT(bp,obj);
+                        j=X509_EXTENSION_get_critical(ex);
+                        if (BIO_printf(bp,": %s\n%16s",j?"critical":"","") <= 0)
+                                goto err;
+                        pack_type=X509v3_pack_type_by_OBJ(obj);
+                        data_type=X509v3_data_type_by_OBJ(obj);
+                        
+                        if (pack_type == X509_EXT_PACK_STRING)
+                                {
+                                if (X509v3_unpack_string(
+                                        &str,data_type,
+                                        X509_EXTENSION_get_data(ex)) == NULL)
+                                        {
+                                        /* hmm... */
+                                        goto err;
+                                        }
+                                if (    (data_type == V_ASN1_IA5STRING) ||
+                                        (data_type == V_ASN1_PRINTABLESTRING) ||
+                                        (data_type == V_ASN1_T61STRING))
+                                        {
+                                        if (BIO_write(bp,(char *)str->data,
+                                                        str->length) <= 0)
+                                                goto err;
+                                        }
+                                else if (data_type == V_ASN1_BIT_STRING)
+                                        {
+                                        BIO_printf(bp,"0x");
+                                        for (j=0; j<str->length; j++)
+                                                {
+                                                BIO_printf(bp,"%02X",
+                                                        str->data[j]);
+                                                }
+                                        }
+                                }
+                        else
+                                {
+                                ASN1_OCTET_STRING_print(bp,ex->value);
+                                }
+                        if (BIO_write(bp,"\n",1) <= 0) goto err;
+                        }
+                }
+        i=OBJ_obj2nid(x->sig_alg->algorithm);
+        if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
+                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+        n=x->signature->length;
+        s=(char *)x->signature->data;
+        for (i=0; i<n; i++)
+                {
+                if ((i%18) == 0)
+                        if (BIO_write(bp,"\n        ",9) <= 0) goto err;
+                if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
+                        ((i+1) == n)?"":":") <= 0) goto err;
+                }
+        if (BIO_write(bp,"\n",1) != 1) goto err;
+        ret=1;
+err:
+        if (str != NULL) ASN1_STRING_free(str);
+        if (m != NULL) Free((char *)m);
+        return(ret);
+        }
+int ASN1_STRING_print(bp,v)
+BIO *bp;
+ASN1_STRING *v;
+        {
+        int i,n;
+        char buf[80],*p;;
+        if (v == NULL) return(0);
+        n=0;
+        p=(char *)v->data;
+        for (i=0; i<v->length; i++)
+                {
+                if ((p[i] > '~') || ((p[i] < ' ') &&
+                        (p[i] != '\n') && (p[i] != '\r')))
+                        buf[n]='.';
+                else
+                        buf[n]=p[i];
+                n++;
+                if (n >= 80)
+                        {
+                        if (BIO_write(bp,buf,n) <= 0)
+                                return(0);
+                        n=0;
+                        }
+                }
+        if (n > 0)
+                if (BIO_write(bp,buf,n) <= 0)
+                        return(0);
+        return(1);
+        }
+int ASN1_UTCTIME_print(bp,tm)
+BIO *bp;
+ASN1_UTCTIME *tm;
+        {
+        char *v;
+        int gmt=0;
+        static char *mon[12]={
+                "Jan","Feb","Mar","Apr","May","Jun",
+                "Jul","Aug","Sep","Oct","Nov","Dec"};
+        int i;
+        int y=0,M=0,d=0,h=0,m=0,s=0;
+        i=tm->length;
+        v=(char *)tm->data;
+        if (i < 10) goto err;
+        if (v[i-1] == 'Z') gmt=1;
+        for (i=0; i<10; i++)
+                if ((v[i] > '9') || (v[i] < '0')) goto err;
+        y= (v[0]-'0')*10+(v[1]-'0');
+        if (y < 50) y+=100;
+        M= (v[2]-'0')*10+(v[3]-'0');
+        if ((M > 12) || (M < 1)) goto err;
+        d= (v[4]-'0')*10+(v[5]-'0');
+        h= (v[6]-'0')*10+(v[7]-'0');
+        m=  (v[8]-'0')*10+(v[9]-'0');
+        if (    (v[10] >= '0') && (v[10] <= '9') &&
+                (v[11] >= '0') && (v[11] <= '9'))
+                s=  (v[10]-'0')*10+(v[11]-'0');
+        if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
+                mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0)
+                return(0);
+        else
+                return(1);
+err:
+        BIO_write(bp,"Bad time value",14);
+        return(0);
+        }
+int X509_NAME_print(bp,name,obase)
+BIO *bp;
+X509_NAME *name;
+int obase;
+        {
+        char *s,*c;
+        int ret=0,l,ll,i,first=1;
+        char buf[256];
+        ll=80-2-obase;
+        s=X509_NAME_oneline(name,buf,256);
+        s++; /* skip the first slash */
+        l=ll;
+        c=s;
+        for (;;)
+                {
+                if (    ((*s == '/') &&
+                                ((s[1] >= 'A') && (s[1] <= 'Z') && (
+                                        (s[2] == '=') ||
+                                        ((s[2] >= 'A') && (s[2] <= 'Z') &&
+                                        (s[3] == '='))
+                                 ))) ||
+                        (*s == '\0'))
+                        {
+                        if ((l <= 0) && !first)
+                                {
+                                first=0;
+                                if (BIO_write(bp,"\n",1) != 1) goto err;
+                                for (i=0; i<obase; i++)
+                                        {
+                                        if (BIO_write(bp," ",1) != 1) goto err;
+                                        }
+                                l=ll;
+                                }
+                        i=s-c;
+                        if (BIO_write(bp,c,i) != i) goto err;
+                        c+=i;
+                        c++;
+                        if (*s != '\0')
+                                {
+                                if (BIO_write(bp,", ",2) != 2) goto err;
+                                }
+                        l--;
+                        }
+                if (*s == '\0') break;
+                s++;
+                l--;
+                }
+        
+        ret=1;
+        if (0)
+                {
+err:
+                X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
+                }
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_algor.c b/src/lib/libssl/src/crypto/asn1/x_algor.c
new file mode 100644
index 0000000000..0ed2c87b64
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_algor.c
@@ -0,0 +1,126 @@
+/* crypto/asn1/x_algor.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+/*
+ * ASN1err(ASN1_F_D2I_X509_ALGOR,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_ALGOR_NEW,ASN1_R_EXPECTING_A_SEQUENCE);
+ * ASN1err(ASN1_F_D2I_X509_ALGOR,ASN1_R_LENGTH_MISMATCH);
+ */
+int i2d_X509_ALGOR(a,pp)
+X509_ALGOR *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->algorithm,i2d_ASN1_OBJECT);
+        if (a->parameter != NULL)
+                { M_ASN1_I2D_len(a->parameter,i2d_ASN1_TYPE); }
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->algorithm,i2d_ASN1_OBJECT);
+        if (a->parameter != NULL)
+                { M_ASN1_I2D_put(a->parameter,i2d_ASN1_TYPE); }
+        M_ASN1_I2D_finish();
+        }
+X509_ALGOR *d2i_X509_ALGOR(a,pp,length)
+X509_ALGOR **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,X509_ALGOR *,X509_ALGOR_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->algorithm,d2i_ASN1_OBJECT);
+        if (!M_ASN1_D2I_end_sequence())
+                { M_ASN1_D2I_get(ret->parameter,d2i_ASN1_TYPE); }
+        else
+                {
+                ASN1_TYPE_free(ret->parameter);
+                ret->parameter=NULL;
+                }
+        M_ASN1_D2I_Finish(a,X509_ALGOR_free,ASN1_F_D2I_X509_ALGOR);
+        }
+X509_ALGOR *X509_ALGOR_new()
+        {
+        X509_ALGOR *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_ALGOR);
+        M_ASN1_New(ret->algorithm,ASN1_OBJECT_new);
+        ret->parameter=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_ALGOR_NEW);
+        }
+void X509_ALGOR_free(a)
+X509_ALGOR *a;
+        {
+        if (a == NULL) return;
+        ASN1_OBJECT_free(a->algorithm);
+        ASN1_TYPE_free(a->parameter);
+        Free((char *)a);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_attrib.c b/src/lib/libssl/src/crypto/asn1/x_attrib.c
new file mode 100644
index 0000000000..e52ced8627
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_attrib.c
@@ -0,0 +1,152 @@
+/* crypto/asn1/x_attrib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "objects.h"
+#include "asn1_mac.h"
+/*
+ * ASN1err(ASN1_F_D2I_X509_ATTRIBUTE,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_ATTRIBUTE_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ * ASN1err(ASN1_F_I2D_X509_ATTRIBUTE,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ */
+/* sequence */
+int i2d_X509_ATTRIBUTE(a,pp)
+X509_ATTRIBUTE *a;
+unsigned char **pp;
+        {
+        int k=0;
+        int r=0,ret=0;
+        unsigned char **p=NULL;
+        if (a == NULL) return(0);
+        p=NULL;
+        for (;;)
+                {
+                if (k)
+                        {
+                        r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
+                        if (pp == NULL) return(r);
+                        p=pp;
+                        ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
+                                V_ASN1_UNIVERSAL);
+                        }
+                ret+=i2d_ASN1_OBJECT(a->object,p);
+                if (a->set)
+                        ret+=i2d_ASN1_SET(a->value.set,p,i2d_ASN1_TYPE,
+                                V_ASN1_SET,V_ASN1_UNIVERSAL);
+                else
+                        ret+=i2d_ASN1_TYPE(a->value.single,p);
+                if (k++) return(r);
+                }
+        }
+X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(a,pp,length)
+X509_ATTRIBUTE **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,X509_ATTRIBUTE *,X509_ATTRIBUTE_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
+        if ((c.slen != 0) &&
+                (M_ASN1_next == (V_ASN1_CONSTRUCTED|V_ASN1_UNIVERSAL|V_ASN1_SET)))
+                {
+                ret->set=1;
+                M_ASN1_D2I_get_set(ret->value.set,d2i_ASN1_TYPE);
+                }
+        else
+                {
+                ret->set=0;
+                M_ASN1_D2I_get(ret->value.single,d2i_ASN1_TYPE);
+                }
+        M_ASN1_D2I_Finish(a,X509_ATTRIBUTE_free,ASN1_F_D2I_X509_ATTRIBUTE);
+        }
+X509_ATTRIBUTE *X509_ATTRIBUTE_new()
+        {
+        X509_ATTRIBUTE *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_ATTRIBUTE);
+        M_ASN1_New(ret->object,ASN1_OBJECT_new);
+        ret->set=0;
+        ret->value.ptr=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_ATTRIBUTE_NEW);
+        }
+        
+void X509_ATTRIBUTE_free(a)
+X509_ATTRIBUTE *a;
+        {
+        if (a == NULL) return;
+        ASN1_OBJECT_free(a->object);
+        if (a->set)
+                sk_pop_free(a->value.set,ASN1_TYPE_free);
+        else
+                ASN1_TYPE_free(a->value.single);
+        Free((char *)a);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_crl.c b/src/lib/libssl/src/crypto/asn1/x_crl.c
new file mode 100644
index 0000000000..13acdab427
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_crl.c
@@ -0,0 +1,353 @@
+/* crypto/asn1/x_crl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "x509.h"
+/*
+ * ASN1err(ASN1_F_D2I_X509_CRL,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_X509_CRL_INFO,ASN1_R_EXPECTING_A_SEQUENCE);
+ * ASN1err(ASN1_F_D2I_X509_REVOKED,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_CRL_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_CRL_INFO_NEW,ASN1_R_EXPECTING_A_SEQUENCE);
+ * ASN1err(ASN1_F_X509_REVOKED_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+#ifndef NOPROTO
+static int X509_REVOKED_cmp(X509_REVOKED **a,X509_REVOKED **b);
+static int X509_REVOKED_seq_cmp(X509_REVOKED **a,X509_REVOKED **b);
+#else
+static int X509_REVOKED_cmp();
+static int X509_REVOKED_seq_cmp();
+#endif
+int i2d_X509_REVOKED(a,pp)
+X509_REVOKED *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_UTCTIME);
+        M_ASN1_I2D_len_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_UTCTIME);
+        M_ASN1_I2D_put_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
+        M_ASN1_I2D_finish();
+        }
+X509_REVOKED *d2i_X509_REVOKED(a,pp,length)
+X509_REVOKED **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,X509_REVOKED *,X509_REVOKED_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
+        M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_UTCTIME);
+        M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION);
+        M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
+        }
+int i2d_X509_CRL_INFO(a,pp)
+X509_CRL_INFO *a;
+unsigned char **pp;
+        {
+        int v1=0;
+        long l=0;
+        M_ASN1_I2D_vars(a);
+        if (sk_num(a->revoked) != 0)
+                qsort((char *)a->revoked->data,sk_num(a->revoked),
+                        sizeof(X509_REVOKED *),(int (*)(P_CC_CC))X509_REVOKED_seq_cmp);
+        if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0))
+                {
+                M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+                }
+        M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
+        M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME);
+        if (a->nextUpdate != NULL)
+                { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME); }
+        M_ASN1_I2D_len_SEQ_opt(a->revoked,i2d_X509_REVOKED);
+        M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
+                V_ASN1_SEQUENCE,v1);
+        M_ASN1_I2D_seq_total();
+        if ((a->version != NULL) && (l != 0))
+                {
+                M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+                }
+        M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
+        M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_UTCTIME);
+        if (a->nextUpdate != NULL)
+                { M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_UTCTIME); }
+        M_ASN1_I2D_put_SEQ_opt(a->revoked,i2d_X509_REVOKED);
+        M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
+                V_ASN1_SEQUENCE,v1);
+        M_ASN1_I2D_finish();
+        }
+X509_CRL_INFO *d2i_X509_CRL_INFO(a,pp,length)
+X509_CRL_INFO **a;
+unsigned char **pp;
+long length;
+        {
+        int i,ver=0;
+        M_ASN1_D2I_vars(a,X509_CRL_INFO *,X509_CRL_INFO_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get_opt(ret->version,d2i_ASN1_INTEGER,V_ASN1_INTEGER);
+        if (ret->version != NULL)
+                ver=ret->version->data[0];
+        
+        if ((ver == 0) && (ret->version != NULL))
+                {
+                ASN1_INTEGER_free(ret->version);
+                ret->version=NULL;
+                }
+        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
+        M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME);
+        M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME,V_ASN1_UTCTIME);
+        if (ret->revoked != NULL)
+                {
+                while (sk_num(ret->revoked))
+                        X509_REVOKED_free((X509_REVOKED *)sk_pop(ret->revoked));
+                }
+        M_ASN1_D2I_get_seq_opt(ret->revoked,d2i_X509_REVOKED);
+        if (ret->revoked != NULL)
+                {
+                for (i=0; i<sk_num(ret->revoked); i++)
+                        {
+                        ((X509_REVOKED *)sk_value(ret->revoked,i))->sequence=i;
+                        }
+                }
+        if (ver >= 1)
+                {
+                if (ret->extensions != NULL)
+                        {
+                        while (sk_num(ret->extensions))
+                                X509_EXTENSION_free((X509_EXTENSION *)
+                                sk_pop(ret->extensions));
+                        }
+                        
+                M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,
+                        0,V_ASN1_SEQUENCE);
+                }
+        M_ASN1_D2I_Finish(a,X509_CRL_INFO_free,ASN1_F_D2I_X509_CRL_INFO);
+        }
+int i2d_X509_CRL(a,pp)
+X509_CRL *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->crl,i2d_X509_CRL_INFO);
+        M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->signature,i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->crl,i2d_X509_CRL_INFO);
+        M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->signature,i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_finish();
+        }
+X509_CRL *d2i_X509_CRL(a,pp,length)
+X509_CRL **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,X509_CRL *,X509_CRL_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->crl,d2i_X509_CRL_INFO);
+        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+        M_ASN1_D2I_Finish(a,X509_CRL_free,ASN1_F_D2I_X509_CRL);
+        }
+X509_REVOKED *X509_REVOKED_new()
+        {
+        X509_REVOKED *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_REVOKED);
+        M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new);
+        M_ASN1_New(ret->revocationDate,ASN1_UTCTIME_new);
+        ret->extensions=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_REVOKED_NEW);
+        }
+X509_CRL_INFO *X509_CRL_INFO_new()
+        {
+        X509_CRL_INFO *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_CRL_INFO);
+        ret->version=NULL;
+        M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+        M_ASN1_New(ret->issuer,X509_NAME_new);
+        M_ASN1_New(ret->lastUpdate,ASN1_UTCTIME_new);
+        ret->nextUpdate=NULL;
+        M_ASN1_New(ret->revoked,sk_new_null);
+        M_ASN1_New(ret->extensions,sk_new_null);
+        ret->revoked->comp=(int (*)())X509_REVOKED_cmp;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
+        }
+X509_CRL *X509_CRL_new()
+        {
+        X509_CRL *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_CRL);
+        ret->references=1;
+        M_ASN1_New(ret->crl,X509_CRL_INFO_new);
+        M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+        M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_CRL_NEW);
+        }
+void X509_REVOKED_free(a)
+X509_REVOKED *a;
+        {
+        if (a == NULL) return;
+        ASN1_INTEGER_free(a->serialNumber);
+        ASN1_UTCTIME_free(a->revocationDate);
+        sk_pop_free(a->extensions,X509_EXTENSION_free);
+        Free((char *)a);
+        }
+void X509_CRL_INFO_free(a)
+X509_CRL_INFO *a;
+        {
+        if (a == NULL) return;
+        ASN1_INTEGER_free(a->version);
+        X509_ALGOR_free(a->sig_alg);
+        X509_NAME_free(a->issuer);
+        ASN1_UTCTIME_free(a->lastUpdate);
+        if (a->nextUpdate)
+                ASN1_UTCTIME_free(a->nextUpdate);
+        sk_pop_free(a->revoked,X509_REVOKED_free);
+        sk_pop_free(a->extensions,X509_EXTENSION_free);
+        Free((char *)a);
+        }
+void X509_CRL_free(a)
+X509_CRL *a;
+        {
+        int i;
+        if (a == NULL) return;
+        i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+        REF_PRINT("X509_CRL",a);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"X509_CRL_free, bad reference count\n");
+                abort();
+                }
+#endif
+        X509_CRL_INFO_free(a->crl);
+        X509_ALGOR_free(a->sig_alg);
+        ASN1_BIT_STRING_free(a->signature);
+        Free((char *)a);
+        }
+static int X509_REVOKED_cmp(a,b)
+X509_REVOKED **a,**b;
+        {
+        return(ASN1_STRING_cmp(
+                (ASN1_STRING *)(*a)->serialNumber,
+                (ASN1_STRING *)(*b)->serialNumber));
+        }
+static int X509_REVOKED_seq_cmp(a,b)
+X509_REVOKED **a,**b;
+        {
+        return((*a)->sequence-(*b)->sequence);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_exten.c b/src/lib/libssl/src/crypto/asn1/x_exten.c
new file mode 100644
index 0000000000..54ffe2f00b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_exten.c
@@ -0,0 +1,156 @@
+/* crypto/asn1/x_exten.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "objects.h"
+#include "asn1_mac.h"
+/*
+ * ASN1err(ASN1_F_D2I_X509_EXTENSION,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_EXTENSION_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+int i2d_X509_EXTENSION(a,pp)
+X509_EXTENSION *a;
+unsigned char **pp;
+        {
+        int k=0;
+        int r=0,ret=0;
+        unsigned char **p=NULL;
+        if (a == NULL) return(0);
+        p=NULL;
+        for (;;)
+                {
+                if (k)
+                        {
+                        r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
+                        if (pp == NULL) return(r);
+                        p=pp;
+                        ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
+                                V_ASN1_UNIVERSAL);
+                        }
+                ret+=i2d_ASN1_OBJECT(a->object,p);
+                if ((a->critical) || a->netscape_hack)
+                        ret+=i2d_ASN1_BOOLEAN(a->critical,p);
+                ret+=i2d_ASN1_OCTET_STRING(a->value,p);
+                if (k++) return(r);
+                }
+        }
+X509_EXTENSION *d2i_X509_EXTENSION(a,pp,length)
+X509_EXTENSION **a;
+unsigned char **pp;
+long length;
+        {
+        int i;
+        M_ASN1_D2I_vars(a,X509_EXTENSION *,X509_EXTENSION_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
+        if ((ret->argp != NULL) && (ret->ex_free != NULL))
+                ret->ex_free(ret);
+        ret->argl=0;
+        ret->argp=NULL;
+        ret->netscape_hack=0;
+        if ((c.slen != 0) &&
+                (M_ASN1_next == (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN)))
+                {
+                c.q=c.p;
+                if (d2i_ASN1_BOOLEAN(&i,&c.p,c.slen) < 0) goto err;
+                ret->critical=i;
+                c.slen-=(c.p-c.q);
+                if (ret->critical == 0) ret->netscape_hack=1;
+                }
+        M_ASN1_D2I_get(ret->value,d2i_ASN1_OCTET_STRING);
+        M_ASN1_D2I_Finish(a,X509_EXTENSION_free,ASN1_F_D2I_X509_EXTENSION);
+        }
+X509_EXTENSION *X509_EXTENSION_new()
+        {
+        X509_EXTENSION *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_EXTENSION);
+        M_ASN1_New(ret->object,ASN1_OBJECT_new);
+        M_ASN1_New(ret->value,ASN1_OCTET_STRING_new);
+        ret->critical=0;
+        ret->netscape_hack=0;
+        ret->argl=0L;
+        ret->argp=NULL;
+        ret->ex_free=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_EXTENSION_NEW);
+        }
+        
+void X509_EXTENSION_free(a)
+X509_EXTENSION *a;
+        {
+        if (a == NULL) return;
+        if ((a->argp != NULL) && (a->ex_free != NULL))
+                a->ex_free(a);
+        ASN1_OBJECT_free(a->object);
+        ASN1_OCTET_STRING_free(a->value);
+        Free((char *)a);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_info.c b/src/lib/libssl/src/crypto/asn1/x_info.c
new file mode 100644
index 0000000000..b55f0ce77a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_info.c
@@ -0,0 +1,111 @@
+/* crypto/asn1/x_info.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "asn1_mac.h"
+#include "x509.h"
+X509_INFO *X509_INFO_new()
+        {
+        X509_INFO *ret=NULL;
+        ret=(X509_INFO *)Malloc(sizeof(X509_INFO));
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+ 
+        ret->enc_cipher.cipher=NULL;
+        ret->enc_len=0;
+        ret->enc_data=NULL;
+ 
+        ret->references=1;
+        ret->x509=NULL;
+        ret->crl=NULL;
+        ret->x_pkey=NULL;
+        return(ret);
+        }
+void X509_INFO_free(x)
+X509_INFO *x;
+        {
+        int i;
+        if (x == NULL) return;
+        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
+#ifdef REF_PRINT
+        REF_PRINT("X509_INFO",x);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"X509_INFO_free, bad reference count\n");
+                abort();
+                }
+#endif
+        if (x->x509 != NULL) X509_free(x->x509);
+        if (x->crl != NULL) X509_CRL_free(x->crl);
+        if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
+        Free((char *)x);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_name.c b/src/lib/libssl/src/crypto/asn1/x_name.c
new file mode 100644
index 0000000000..28b9c34b58
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_name.c
@@ -0,0 +1,295 @@
+/* crypto/asn1/x_name.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "objects.h"
+#include "asn1_mac.h"
+/*
+ * ASN1err(ASN1_F_D2I_X509_NAME,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_NAME_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ * ASN1err(ASN1_F_D2I_X509_NAME_ENTRY,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_NAME_ENTRY_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ */
+#ifndef NOPROTO
+static int i2d_X509_NAME_entries(X509_NAME *a);
+#else
+static int i2d_X509_NAME_entries();
+#endif
+int i2d_X509_NAME_ENTRY(a,pp)
+X509_NAME_ENTRY *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->object,i2d_ASN1_OBJECT);
+        M_ASN1_I2D_len(a->value,i2d_ASN1_PRINTABLE);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->object,i2d_ASN1_OBJECT);
+        M_ASN1_I2D_put(a->value,i2d_ASN1_PRINTABLE);
+        M_ASN1_I2D_finish();
+        }
+X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(a,pp,length)
+X509_NAME_ENTRY **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,X509_NAME_ENTRY *,X509_NAME_ENTRY_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
+        M_ASN1_D2I_get(ret->value,d2i_ASN1_PRINTABLE);
+        ret->set=0;
+        M_ASN1_D2I_Finish(a,X509_NAME_ENTRY_free,ASN1_F_D2I_X509_NAME_ENTRY);
+        }
+int i2d_X509_NAME(a,pp)
+X509_NAME *a;
+unsigned char **pp;
+        {
+        int ret;
+        if (a == NULL) return(0);
+        if (a->modified)
+                {
+                ret=i2d_X509_NAME_entries(a);
+                if (ret < 0) return(ret);
+                }
+        ret=a->bytes->length;
+        if (pp != NULL)
+                {
+                memcpy(*pp,a->bytes->data,ret);
+                *pp+=ret;
+                }
+        return(ret);
+        }
+static int i2d_X509_NAME_entries(a)
+X509_NAME *a;
+        {
+        X509_NAME_ENTRY *ne,*fe=NULL;
+        STACK *sk;
+        BUF_MEM *buf=NULL;
+        int set=0,r,ret=0;
+        int i;
+        unsigned char *p;
+        int size=0;
+        sk=a->entries;
+        for (i=0; i<sk_num(sk); i++)
+                {
+                ne=(X509_NAME_ENTRY *)sk_value(sk,i);
+                if (fe == NULL)
+                        {
+                        fe=ne;
+                        size=0;
+                        }
+                if (ne->set != set)
+                        {
+                        ret+=ASN1_object_size(1,size,V_ASN1_SET);
+                        fe->size=size;
+                        fe=ne;
+                        size=0;
+                        set=ne->set;
+                        }
+                size+=i2d_X509_NAME_ENTRY(ne,NULL);
+                }
+        ret+=ASN1_object_size(1,size,V_ASN1_SET);
+        if (fe != NULL)
+                fe->size=size;
+        r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
+        buf=a->bytes;
+        if (!BUF_MEM_grow(buf,r)) goto err;
+        p=(unsigned char *)buf->data;
+        ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+        set= -1;
+        for (i=0; i<sk_num(sk); i++)
+                {
+                ne=(X509_NAME_ENTRY *)sk_value(sk,i);
+                if (set != ne->set)
+                        {
+                        set=ne->set;
+                        ASN1_put_object(&p,1,ne->size,
+                                V_ASN1_SET,V_ASN1_UNIVERSAL);
+                        }
+                i2d_X509_NAME_ENTRY(ne,&p);
+                }
+        a->modified=0;
+        return(r);
+err:
+        return(-1);
+        }
+X509_NAME *d2i_X509_NAME(a,pp,length)
+X509_NAME **a;
+unsigned char **pp;
+long length;
+        {
+        int set=0,i;
+        int idx=0;
+        unsigned char *orig;
+        M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new);
+        orig= *pp;
+        if (sk_num(ret->entries) > 0)
+                {
+                while (sk_num(ret->entries) > 0)
+                        X509_NAME_ENTRY_free((X509_NAME_ENTRY *)
+                                sk_pop(ret->entries));
+                }
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        for (;;)
+                {
+                if (M_ASN1_D2I_end_sequence()) break;
+                M_ASN1_D2I_get_set(ret->entries,d2i_X509_NAME_ENTRY);
+                for (; idx < sk_num(ret->entries); idx++)
+                        {
+                        ((X509_NAME_ENTRY *)sk_value(ret->entries,idx))->set=
+                                set;
+                        }
+                set++;
+                }
+        i=(int)(c.p-orig);
+        if (!BUF_MEM_grow(ret->bytes,i)) goto err;
+        memcpy(ret->bytes->data,orig,i);
+        ret->bytes->length=i;
+        ret->modified=0;
+        M_ASN1_D2I_Finish(a,X509_NAME_free,ASN1_F_D2I_X509_NAME);
+        }
+X509_NAME *X509_NAME_new()
+        {
+        X509_NAME *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_NAME);
+        if ((ret->entries=sk_new(NULL)) == NULL) goto err2;
+        M_ASN1_New(ret->bytes,BUF_MEM_new);
+        ret->modified=1;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_NAME_NEW);
+        }
+X509_NAME_ENTRY *X509_NAME_ENTRY_new()
+        {
+        X509_NAME_ENTRY *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_NAME_ENTRY);
+/*      M_ASN1_New(ret->object,ASN1_OBJECT_new);*/
+        ret->object=NULL;
+        ret->set=0;
+        M_ASN1_New(ret->value,ASN1_STRING_new);
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_NAME_ENTRY_NEW);
+        }
+void X509_NAME_free(a)
+X509_NAME *a;
+        {
+        BUF_MEM_free(a->bytes);
+        sk_pop_free(a->entries,X509_NAME_ENTRY_free);
+        Free((char *)a);
+        }
+void X509_NAME_ENTRY_free(a)
+X509_NAME_ENTRY *a;
+        {
+        if (a == NULL) return;
+        ASN1_OBJECT_free(a->object);
+        ASN1_BIT_STRING_free(a->value);
+        Free((char *)a);
+        }
+int X509_NAME_set(xn,name)
+X509_NAME **xn;
+X509_NAME *name;
+        {
+        X509_NAME *in;
+        if (*xn == NULL) return(0);
+        if (*xn != name)
+                {
+                in=X509_NAME_dup(name);
+                if (in != NULL)
+                        {
+                        X509_NAME_free(*xn);
+                        *xn=in;
+                        }
+                }
+        return(*xn != NULL);
+        }
+        
diff --git a/src/lib/libssl/src/crypto/asn1/x_pkey.c b/src/lib/libssl/src/crypto/asn1/x_pkey.c
new file mode 100644
index 0000000000..1d4d926129
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_pkey.c
@@ -0,0 +1,156 @@
+/* crypto/asn1/x_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "asn1_mac.h"
+/* ASN1err(ASN1_F_D2I_X509_PKEY,ASN1_R_UNSUPPORTED_CIPHER); */
+/* ASN1err(ASN1_F_X509_PKEY_NEW,ASN1_R_IV_TOO_LARGE); */
+/* need to implement */
+int i2d_X509_PKEY(a,pp)
+X509_PKEY *a;
+unsigned char **pp;
+        {
+        return(0);
+        }
+X509_PKEY *d2i_X509_PKEY(a,pp,length)
+X509_PKEY **a;
+unsigned char **pp;
+long length;
+        {
+        int i;
+        M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->enc_algor,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->enc_pkey,d2i_ASN1_OCTET_STRING);
+        ret->cipher.cipher=EVP_get_cipherbyname(
+                OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
+        if (ret->cipher.cipher == NULL)
+                {
+                c.error=ASN1_R_UNSUPPORTED_CIPHER;
+                goto err;
+                }
+        if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) 
+                {
+                i=ret->enc_algor->parameter->value.octet_string->length;
+                if (i > EVP_MAX_IV_LENGTH)
+                        {
+                        c.error=ASN1_R_IV_TOO_LARGE;
+                        goto err;
+                        }
+                memcpy(ret->cipher.iv,
+                        ret->enc_algor->parameter->value.octet_string->data,i);
+                }
+        else
+                memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+        M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
+        }
+X509_PKEY *X509_PKEY_new()
+        {
+        X509_PKEY *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_PKEY);
+        ret->version=0;
+        M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
+        M_ASN1_New(ret->enc_pkey,ASN1_OCTET_STRING_new);
+        ret->dec_pkey=NULL;
+        ret->key_length=0;
+        ret->key_data=NULL;
+        ret->key_free=0;
+        ret->cipher.cipher=NULL;
+        memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+        ret->references=1;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
+        }
+void X509_PKEY_free(x)
+X509_PKEY *x;
+        {
+        int i;
+        if (x == NULL) return;
+        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("X509_PKEY",x);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"X509_PKEY_free, bad reference count\n");
+                abort();
+                }
+#endif
+        if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
+        if (x->enc_pkey != NULL) ASN1_OCTET_STRING_free(x->enc_pkey);
+        if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
+        if ((x->key_data != NULL) && (x->key_free)) Free((char *)x->key_data);
+        Free((char *)(char *)x);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_pubkey.c b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
new file mode 100644
index 0000000000..a309cf74a7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
@@ -0,0 +1,256 @@
+/* crypto/asn1/x_pubkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+/*
+ * ASN1err(ASN1_F_D2I_X509_PUBKEY,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_PUBKEY_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+int i2d_X509_PUBKEY(a,pp)
+X509_PUBKEY *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->algor,        i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->public_key,   i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->algor,        i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->public_key,   i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_finish();
+        }
+X509_PUBKEY *d2i_X509_PUBKEY(a,pp,length)
+X509_PUBKEY **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,X509_PUBKEY *,X509_PUBKEY_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->public_key,d2i_ASN1_BIT_STRING);
+        if (ret->pkey != NULL)
+                {
+                EVP_PKEY_free(ret->pkey);
+                ret->pkey=NULL;
+                }
+        M_ASN1_D2I_Finish(a,X509_PUBKEY_free,ASN1_F_D2I_X509_PUBKEY);
+        }
+X509_PUBKEY *X509_PUBKEY_new()
+        {
+        X509_PUBKEY *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_PUBKEY);
+        M_ASN1_New(ret->algor,X509_ALGOR_new);
+        M_ASN1_New(ret->public_key,ASN1_BIT_STRING_new);
+        ret->pkey=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_PUBKEY_NEW);
+        }
+void X509_PUBKEY_free(a)
+X509_PUBKEY *a;
+        {
+        if (a == NULL) return;
+        X509_ALGOR_free(a->algor);
+        ASN1_BIT_STRING_free(a->public_key);
+        if (a->pkey != NULL) EVP_PKEY_free(a->pkey);
+        Free((char *)a);
+        }
+int X509_PUBKEY_set(x,pkey)
+X509_PUBKEY **x;
+EVP_PKEY *pkey;
+        {
+        int ok=0;
+        X509_PUBKEY *pk;
+        X509_ALGOR *a;
+        ASN1_OBJECT *o;
+        unsigned char *s,*p;
+        int i;
+        if (x == NULL) return(0);
+        if ((pk=X509_PUBKEY_new()) == NULL) goto err;
+        a=pk->algor;
+        /* set the algorithm id */
+        if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
+        ASN1_OBJECT_free(a->algorithm);
+        a->algorithm=o;
+        /* Set the parameter list */
+        if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
+                {
+                if ((a->parameter == NULL) ||
+                        (a->parameter->type != V_ASN1_NULL))
+                        {
+                        ASN1_TYPE_free(a->parameter);
+                        a->parameter=ASN1_TYPE_new();
+                        a->parameter->type=V_ASN1_NULL;
+                        }
+                }
+        else
+#ifndef NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                {
+                unsigned char *pp;
+                DSA *dsa;
+                dsa=pkey->pkey.dsa;
+                dsa->write_params=0;
+                ASN1_TYPE_free(a->parameter);
+                i=i2d_DSAparams(dsa,NULL);
+                p=(unsigned char *)Malloc(i);
+                pp=p;
+                i2d_DSAparams(dsa,&pp);
+                a->parameter=ASN1_TYPE_new();
+                a->parameter->type=V_ASN1_SEQUENCE;
+                a->parameter->value.sequence=ASN1_STRING_new();
+                ASN1_STRING_set(a->parameter->value.sequence,p,i);
+                Free(p);
+                }
+        else
+#endif
+                {
+                X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
+                goto err;
+                }
+        i=i2d_PublicKey(pkey,NULL);
+        if ((s=(unsigned char *)Malloc(i+1)) == NULL) goto err;
+        p=s;
+        i2d_PublicKey(pkey,&p);
+        if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
+        Free(s);
+        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+        pk->pkey=pkey;
+        if (*x != NULL)
+                X509_PUBKEY_free(*x);
+        *x=pk;
+        pk=NULL;
+        ok=1;
+err:
+        if (pk != NULL) X509_PUBKEY_free(pk);
+        return(ok);
+        }
+EVP_PKEY *X509_PUBKEY_get(key)
+X509_PUBKEY *key;
+        {
+        EVP_PKEY *ret=NULL;
+        long j;
+        int type;
+        unsigned char *p;
+#ifndef NO_DSA
+        X509_ALGOR *a;
+#endif
+        if (key == NULL) goto err;
+        if (key->pkey != NULL) return(key->pkey);
+        if (key->public_key == NULL) goto err;
+        type=OBJ_obj2nid(key->algor->algorithm);
+        p=key->public_key->data;
+        j=key->public_key->length;
+        if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL)
+                {
+                X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB);
+                goto err;
+                }
+        ret->save_parameters=0;
+#ifndef NO_DSA
+        a=key->algor;
+        if (ret->type == EVP_PKEY_DSA)
+                {
+                if (a->parameter->type == V_ASN1_SEQUENCE)
+                        {
+                        ret->pkey.dsa->write_params=0;
+                        p=a->parameter->value.sequence->data;
+                        j=a->parameter->value.sequence->length;
+                        if (!d2i_DSAparams(&ret->pkey.dsa,&p,(long)j))
+                                goto err;
+                        }
+                ret->save_parameters=1;
+                }
+#endif
+        key->pkey=ret;
+        return(ret);
+err:
+        if (ret != NULL)
+                EVP_PKEY_free(ret);
+        return(NULL);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_req.c b/src/lib/libssl/src/crypto/asn1/x_req.c
new file mode 100644
index 0000000000..ff0be13d37
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_req.c
@@ -0,0 +1,247 @@
+/* crypto/asn1/x_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "x509.h"
+/*
+ * ASN1err(ASN1_F_D2I_X509_REQ,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_X509_REQ_INFO,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_REQ_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_REQ_INFO_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+int i2d_X509_REQ_INFO(a,pp)
+X509_REQ_INFO *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->version,              i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(a->subject,              i2d_X509_NAME);
+        M_ASN1_I2D_len(a->pubkey,               i2d_X509_PUBKEY);
+        /* this is a *nasty* hack reported to be required to
+         * allow some CA Software to accept the cert request.
+         * It is not following the PKCS standards ...
+         * PKCS#10 pg 5
+         * attributes [0] IMPLICIT Attibutes
+         * NOTE: no OPTIONAL ... so it *must* be there
+         */
+        if (a->req_kludge) 
+                {
+                M_ASN1_I2D_len_IMP_set_opt(a->attributes,i2d_X509_ATTRIBUTE,0);
+                }
+        else
+                {
+                M_ASN1_I2D_len_IMP_set(a->attributes,   i2d_X509_ATTRIBUTE,0);
+                }
+        
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->version,              i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(a->subject,              i2d_X509_NAME);
+        M_ASN1_I2D_put(a->pubkey,               i2d_X509_PUBKEY);
+        /* this is a *nasty* hack reported to be required by some CA's.
+         * It is not following the PKCS standards ...
+         * PKCS#10 pg 5
+         * attributes [0] IMPLICIT Attibutes
+         * NOTE: no OPTIONAL ... so it *must* be there
+         */
+        if (a->req_kludge)
+                {
+                M_ASN1_I2D_put_IMP_set_opt(a->attributes,i2d_X509_ATTRIBUTE,0);
+                }
+        else
+                {
+                M_ASN1_I2D_put_IMP_set(a->attributes,i2d_X509_ATTRIBUTE,0);
+                }
+        M_ASN1_I2D_finish();
+        }
+X509_REQ_INFO *d2i_X509_REQ_INFO(a,pp,length)
+X509_REQ_INFO **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,X509_REQ_INFO *,X509_REQ_INFO_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+        M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
+        M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
+        /* this is a *nasty* hack to allow for some CA's that
+         * have been reported as requiring it.
+         * It is not following the PKCS standards ...
+         * PKCS#10 pg 5
+         * attributes [0] IMPLICIT Attibutes
+         * NOTE: no OPTIONAL ... so it *must* be there
+         */
+        if (asn1_Finish(&c))
+                ret->req_kludge=1;
+        else
+                {
+                M_ASN1_D2I_get_IMP_set(ret->attributes,d2i_X509_ATTRIBUTE,0);
+                }
+        M_ASN1_D2I_Finish(a,X509_REQ_INFO_free,ASN1_F_D2I_X509_REQ_INFO);
+        }
+X509_REQ_INFO *X509_REQ_INFO_new()
+        {
+        X509_REQ_INFO *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_REQ_INFO);
+        M_ASN1_New(ret->version,ASN1_INTEGER_new);
+        M_ASN1_New(ret->subject,X509_NAME_new);
+        M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
+        M_ASN1_New(ret->attributes,sk_new_null);
+        ret->req_kludge=0;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW);
+        }
+        
+void X509_REQ_INFO_free(a)
+X509_REQ_INFO *a;
+        {
+        if (a == NULL) return;
+        ASN1_INTEGER_free(a->version);
+        X509_NAME_free(a->subject);
+        X509_PUBKEY_free(a->pubkey);
+        sk_pop_free(a->attributes,X509_ATTRIBUTE_free);
+        Free((char *)a);
+        }
+int i2d_X509_REQ(a,pp)
+X509_REQ *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->req_info,     i2d_X509_REQ_INFO);
+        M_ASN1_I2D_len(a->sig_alg,      i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->signature,    i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->req_info,     i2d_X509_REQ_INFO);
+        M_ASN1_I2D_put(a->sig_alg,      i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->signature,    i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_finish();
+        }
+X509_REQ *d2i_X509_REQ(a,pp,length)
+X509_REQ **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,X509_REQ *,X509_REQ_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->req_info,d2i_X509_REQ_INFO);
+        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+        M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ);
+        }
+X509_REQ *X509_REQ_new()
+        {
+        X509_REQ *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_REQ);
+        ret->references=1;
+        M_ASN1_New(ret->req_info,X509_REQ_INFO_new);
+        M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+        M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_REQ_NEW);
+        }
+void X509_REQ_free(a)
+X509_REQ *a;
+        {
+        int i;
+        if (a == NULL) return;
+        i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_REQ);
+#ifdef REF_PRINT
+        REF_PRINT("X509_REQ",a);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"X509_REQ_free, bad reference count\n");
+                abort();
+                }
+#endif
+        X509_REQ_INFO_free(a->req_info);
+        X509_ALGOR_free(a->sig_alg);
+        ASN1_BIT_STRING_free(a->signature);
+        Free((char *)a);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_sig.c b/src/lib/libssl/src/crypto/asn1/x_sig.c
new file mode 100644
index 0000000000..f0a2e4c27a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_sig.c
@@ -0,0 +1,119 @@
+/* crypto/asn1/x_sig.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+/*
+ * ASN1err(ASN1_F_D2I_X509_SIG,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_SIG_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+int i2d_X509_SIG(a,pp)
+X509_SIG *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->algor,        i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->digest,       i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->algor,        i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->digest,       i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_finish();
+        }
+X509_SIG *d2i_X509_SIG(a,pp,length)
+X509_SIG **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,X509_SIG *,X509_SIG_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->digest,d2i_ASN1_OCTET_STRING);
+        M_ASN1_D2I_Finish(a,X509_SIG_free,ASN1_F_D2I_X509_SIG);
+        }
+X509_SIG *X509_SIG_new()
+        {
+        X509_SIG *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_SIG);
+        M_ASN1_New(ret->algor,X509_ALGOR_new);
+        M_ASN1_New(ret->digest,ASN1_OCTET_STRING_new);
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_SIG_NEW);
+        }
+void X509_SIG_free(a)
+X509_SIG *a;
+        {
+        if (a == NULL) return;
+        X509_ALGOR_free(a->algor);
+        ASN1_OCTET_STRING_free(a->digest);
+        Free((char *)a);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_spki.c b/src/lib/libssl/src/crypto/asn1/x_spki.c
new file mode 100644
index 0000000000..4a80df44b8
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_spki.c
@@ -0,0 +1,181 @@
+/* crypto/asn1/x_spki.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+ /* This module was send to me my Pat Richards <patr@x509.com> who
+  * wrote it.  It is under my Copyright with his permision
+  */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "x509.h"
+#include "asn1_mac.h"
+/*
+ * ASN1err(ASN1_F_D2I_NETSCAPE_SPKAC,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_NETSCAPE_SPKAC_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_NETSCAPE_SPKI,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_NETSCAPE_SPKI_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+int i2d_NETSCAPE_SPKAC(a,pp)
+NETSCAPE_SPKAC *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->pubkey,       i2d_X509_PUBKEY);
+        M_ASN1_I2D_len(a->challenge,    i2d_ASN1_IA5STRING);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->pubkey,       i2d_X509_PUBKEY);
+        M_ASN1_I2D_put(a->challenge,    i2d_ASN1_IA5STRING);
+        M_ASN1_I2D_finish();
+        }
+NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(a,pp,length)
+NETSCAPE_SPKAC **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,NETSCAPE_SPKAC *,NETSCAPE_SPKAC_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
+        M_ASN1_D2I_get(ret->challenge,d2i_ASN1_IA5STRING);
+        M_ASN1_D2I_Finish(a,NETSCAPE_SPKAC_free,ASN1_F_D2I_NETSCAPE_SPKAC);
+        }
+NETSCAPE_SPKAC *NETSCAPE_SPKAC_new()
+        {
+        NETSCAPE_SPKAC *ret=NULL;
+        M_ASN1_New_Malloc(ret,NETSCAPE_SPKAC);
+        M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
+        M_ASN1_New(ret->challenge,ASN1_IA5STRING_new);
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKAC_NEW);
+        }
+void NETSCAPE_SPKAC_free(a)
+NETSCAPE_SPKAC *a;
+        {
+        if (a == NULL) return;
+        X509_PUBKEY_free(a->pubkey);
+        ASN1_IA5STRING_free(a->challenge);
+        Free((char *)a);
+        }
+int i2d_NETSCAPE_SPKI(a,pp)
+NETSCAPE_SPKI *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->spkac,        i2d_NETSCAPE_SPKAC);
+        M_ASN1_I2D_len(a->sig_algor,    i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->signature,    i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->spkac,        i2d_NETSCAPE_SPKAC);
+        M_ASN1_I2D_put(a->sig_algor,    i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->signature,    i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_finish();
+        }
+NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(a,pp,length)
+NETSCAPE_SPKI **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,NETSCAPE_SPKI *,NETSCAPE_SPKI_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->spkac,d2i_NETSCAPE_SPKAC);
+        M_ASN1_D2I_get(ret->sig_algor,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+        M_ASN1_D2I_Finish(a,NETSCAPE_SPKI_free,ASN1_F_D2I_NETSCAPE_SPKI);
+        }
+NETSCAPE_SPKI *NETSCAPE_SPKI_new()
+        {
+        NETSCAPE_SPKI *ret=NULL;
+        M_ASN1_New_Malloc(ret,NETSCAPE_SPKI);
+        M_ASN1_New(ret->spkac,NETSCAPE_SPKAC_new);
+        M_ASN1_New(ret->sig_algor,X509_ALGOR_new);
+        M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKI_NEW);
+        }
+void NETSCAPE_SPKI_free(a)
+NETSCAPE_SPKI *a;
+        {
+        if (a == NULL) return;
+        NETSCAPE_SPKAC_free(a->spkac);
+        X509_ALGOR_free(a->sig_algor);
+        ASN1_BIT_STRING_free(a->signature);
+        Free((char *)a);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_val.c b/src/lib/libssl/src/crypto/asn1/x_val.c
new file mode 100644
index 0000000000..a9c390f88c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_val.c
@@ -0,0 +1,118 @@
+/* crypto/asn1/x_val.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+/* ASN1err(ASN1_F_X509_VAL_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_X509_VAL_FREE,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_X509_VAL,ERR_R_MALLOC_FAILURE);
+ */
+int i2d_X509_VAL(a,pp)
+X509_VAL *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->notBefore,i2d_ASN1_UTCTIME);
+        M_ASN1_I2D_len(a->notAfter,i2d_ASN1_UTCTIME);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->notBefore,i2d_ASN1_UTCTIME);
+        M_ASN1_I2D_put(a->notAfter,i2d_ASN1_UTCTIME);
+        M_ASN1_I2D_finish();
+        }
+X509_VAL *d2i_X509_VAL(a,pp,length)
+X509_VAL **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,X509_VAL *,X509_VAL_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_UTCTIME);
+        M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_UTCTIME);
+        M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL);
+        }
+X509_VAL *X509_VAL_new()
+        {
+        X509_VAL *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509_VAL);
+        M_ASN1_New(ret->notBefore,ASN1_UTCTIME_new);
+        M_ASN1_New(ret->notAfter,ASN1_UTCTIME_new);
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_VAL_NEW);
+        }
+void X509_VAL_free(a)
+X509_VAL *a;
+        {
+        if (a == NULL) return;
+        ASN1_UTCTIME_free(a->notBefore);
+        ASN1_UTCTIME_free(a->notAfter);
+        Free((char *)a);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_x509.c b/src/lib/libssl/src/crypto/asn1/x_x509.c
new file mode 100644
index 0000000000..bc466ce0f6
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/x_x509.c
@@ -0,0 +1,158 @@
+/* crypto/asn1/x_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "asn1_mac.h"
+/*
+ * ASN1err(ASN1_F_D2I_X509,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_NEW,ASN1_R_BAD_GET_OBJECT);
+ */
+static ASN1_METHOD meth={
+        (int (*)())  i2d_X509,
+        (char *(*)())d2i_X509,
+        (char *(*)())X509_new,
+        (void (*)()) X509_free};
+ASN1_METHOD *X509_asn1_meth()
+        {
+        return(&meth);
+        }
+int i2d_X509(a,pp)
+X509 *a;
+unsigned char **pp;
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->cert_info,    i2d_X509_CINF);
+        M_ASN1_I2D_len(a->sig_alg,      i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->signature,    i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->cert_info,    i2d_X509_CINF);
+        M_ASN1_I2D_put(a->sig_alg,      i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->signature,    i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_finish();
+        }
+X509 *d2i_X509(a,pp,length)
+X509 **a;
+unsigned char **pp;
+long length;
+        {
+        M_ASN1_D2I_vars(a,X509 *,X509_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
+        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+if (ret->name != NULL) Free(ret->name);
+ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+        M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
+        }
+X509 *X509_new()
+        {
+        X509 *ret=NULL;
+        M_ASN1_New_Malloc(ret,X509);
+        ret->references=1;
+        ret->valid=0;
+        ret->name=NULL;
+        M_ASN1_New(ret->cert_info,X509_CINF_new);
+        M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+        M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_NEW);
+        }
+void X509_free(a)
+X509 *a;
+        {
+        int i;
+        if (a == NULL) return;
+        i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+        REF_PRINT("X509",a);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"X509_free, bad reference count\n");
+                abort();
+                }
+#endif
+        X509_CINF_free(a->cert_info);
+        X509_ALGOR_free(a->sig_alg);
+        ASN1_BIT_STRING_free(a->signature);
+        if (a->name != NULL) Free(a->name);
+        Free((char *)a);
+        }
diff --git a/src/lib/libssl/src/crypto/bf/COPYRIGHT b/src/lib/libssl/src/crypto/bf/COPYRIGHT
new file mode 100644
index 0000000000..6857223506
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/COPYRIGHT
@@ -0,0 +1,46 @@
+Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+All rights reserved.
+This package is an Blowfish implementation written
+by Eric Young (eay@cryptsoft.com).
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to.  The following conditions
+apply to all code found in this distribution.
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   This product includes software developed by Eric Young (eay@cryptsoft.com)
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+The license and distribution terms for any publically available version or
+derivative of this code cannot be changed.  i.e. this code cannot simply be
+copied and put under another distrubution license
+[including the GNU Public License.]
+The reason behind this being stated in this direct manner is past
+experience in code simply being copied and the attribution removed
+from it and then being distributed as part of other packages. This
+implementation was a non-trivial and unpaid effort.
diff --git a/src/lib/libssl/src/crypto/bf/INSTALL b/src/lib/libssl/src/crypto/bf/INSTALL
new file mode 100644
index 0000000000..3b25923532
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/INSTALL
@@ -0,0 +1,14 @@
+This Eric Young's blowfish implementation, taken from his SSLeay library
+and made available as a separate library.
+ 
+The version number (0.7.2m) is the SSLeay version that this library was
+taken from.
+ 
+To build, just unpack and type make.
+If you are not using gcc, edit the Makefile.
+If you are compiling for an x86 box, try the assembler (it needs improving).
+There are also some compile time options that can improve performance,
+these are documented in the Makefile.
+ 
+eric 15-Apr-1997
+ 
diff --git a/src/lib/libssl/src/crypto/bf/README b/src/lib/libssl/src/crypto/bf/README
new file mode 100644
index 0000000000..f2712fd0e7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/README
@@ -0,0 +1,8 @@
+This is a quick packaging up of my blowfish code into a library.
+It has been lifted from SSLeay.
+The copyright notices seem a little harsh because I have not spent the
+time to rewrite the conditions from the normal SSLeay ones.
+Basically if you just want to play with the library, not a problem.
+eric 15-Apr-1997
diff --git a/src/lib/libssl/src/crypto/bf/VERSION b/src/lib/libssl/src/crypto/bf/VERSION
new file mode 100644
index 0000000000..be995855e4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/VERSION
@@ -0,0 +1,6 @@
+The version numbers will follow my SSL implementation
+0.7.2r - Some reasonable default compiler options from 
+        Peter Gutman <pgut001@cs.auckland.ac.nz>
+0.7.2m - the first release
diff --git a/src/lib/libssl/src/crypto/bf/asm/bf-586.pl b/src/lib/libssl/src/crypto/bf/asm/bf-586.pl
new file mode 100644
index 0000000000..5c7ab14ab0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/asm/bf-586.pl
@@ -0,0 +1,136 @@
+#!/usr/bin/perl
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+&asm_init($ARGV[0],"bf-586.pl");
+$BF_ROUNDS=16;
+$BF_OFF=($BF_ROUNDS+2)*4;
+$L="edi";
+$R="esi";
+$P="ebp";
+$tmp1="eax";
+$tmp2="ebx";
+$tmp3="ecx";
+$tmp4="edx";
+&BF_encrypt("BF_encrypt",1);
+&BF_encrypt("BF_decrypt",0);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
+&asm_finish();
+sub BF_encrypt
+        {
+        local($name,$enc)=@_;
+        &function_begin_B($name,"");
+        &comment("");
+        &push("ebp");
+        &push("ebx");
+        &mov($tmp2,&wparam(0));
+        &mov($P,&wparam(1));
+        &push("esi");
+        &push("edi");
+        &comment("Load the 2 words");
+        &mov($L,&DWP(0,$tmp2,"",0));
+        &mov($R,&DWP(4,$tmp2,"",0));
+        &xor(   $tmp1,  $tmp1);
+        # encrypting part
+        if ($enc)
+                {
+                 &mov($tmp2,&DWP(0,$P,"",0));
+                &xor(   $tmp3,  $tmp3);
+                &xor($L,$tmp2);
+                for ($i=0; $i<$BF_ROUNDS; $i+=2)
+                        {
+                        &comment("");
+                        &comment("Round $i");
+                        &BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
+                        &comment("");
+                        &comment("Round ".sprintf("%d",$i+1));
+                        &BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
+                        }
+                # &mov($tmp1,&wparam(0)); In last loop
+                &mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+                }
+        else
+                {
+                 &mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+                &xor(   $tmp3,  $tmp3);
+                &xor($L,$tmp2);
+                for ($i=$BF_ROUNDS; $i>0; $i-=2)
+                        {
+                        &comment("");
+                        &comment("Round $i");
+                        &BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
+                        &comment("");
+                        &comment("Round ".sprintf("%d",$i-1));
+                        &BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
+                        }
+                # &mov($tmp1,&wparam(0)); In last loop
+                &mov($tmp4,&DWP(0,$P,"",0));
+                }
+        &xor($R,$tmp4);
+        &mov(&DWP(4,$tmp1,"",0),$L);
+        &mov(&DWP(0,$tmp1,"",0),$R);
+        &function_end($name);
+        }
+sub BF_ENCRYPT
+        {
+        local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_;
+        &mov(   $tmp4,          &DWP(&n2a($i*4),$P,"",0)); # for next round
+        &mov(   $tmp2,          $R);
+        &xor(   $L,             $tmp4);
+        &shr(   $tmp2,          16);
+        &mov(   $tmp4,          $R);
+        &movb(  &LB($tmp1),     &HB($tmp2));    # A
+        &and(   $tmp2,          0xff);          # B
+        &movb(  &LB($tmp3),     &HB($tmp4));    # C
+        &and(   $tmp4,          0xff);          # D
+        &mov(   $tmp1,          &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
+        &mov(   $tmp2,          &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
+        &add(   $tmp2,          $tmp1);
+        &mov(   $tmp1,          &DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4));
+        &xor(   $tmp2,          $tmp1);
+        &mov(   $tmp4,          &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4));
+        &add(   $tmp2,          $tmp4);
+        if (($enc && ($i != 16)) || ((!$enc) && ($i != 1)))
+                { &xor( $tmp1,          $tmp1); }
+        else
+                {
+                &comment("Load parameter 0 ($i) enc=$enc");
+                &mov($tmp1,&wparam(0));
+                } # In last loop
+        &xor(   $L,             $tmp2);
+        # delay
+        }
+sub n2a
+        {
+        sprintf("%d",$_[0]);
+        }
diff --git a/src/lib/libssl/src/crypto/bf/asm/bf-686.pl b/src/lib/libssl/src/crypto/bf/asm/bf-686.pl
new file mode 100644
index 0000000000..bed303d786
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/asm/bf-686.pl
@@ -0,0 +1,128 @@
+#!/usr/bin/perl
+#!/usr/local/bin/perl
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+&asm_init($ARGV[0],"bf-686.pl");
+$BF_ROUNDS=16;
+$BF_OFF=($BF_ROUNDS+2)*4;
+$L="ecx";
+$R="edx";
+$P="edi";
+$tot="esi";
+$tmp1="eax";
+$tmp2="ebx";
+$tmp3="ebp";
+&des_encrypt("BF_encrypt",1);
+&des_encrypt("BF_decrypt",0);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
+&asm_finish();
+&file_end();
+sub des_encrypt
+        {
+        local($name,$enc)=@_;
+        &function_begin($name,"");
+        &comment("");
+        &comment("Load the 2 words");
+        &mov("eax",&wparam(0));
+        &mov($L,&DWP(0,"eax","",0));
+        &mov($R,&DWP(4,"eax","",0));
+        &comment("");
+        &comment("P pointer, s and enc flag");
+        &mov($P,&wparam(1));
+        &xor(   $tmp1,  $tmp1);
+        &xor(   $tmp2,  $tmp2);
+        # encrypting part
+        if ($enc)
+                {
+                &xor($L,&DWP(0,$P,"",0));
+                for ($i=0; $i<$BF_ROUNDS; $i+=2)
+                        {
+                        &comment("");
+                        &comment("Round $i");
+                        &BF_ENCRYPT($i+1,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        &comment("");
+                        &comment("Round ".sprintf("%d",$i+1));
+                        &BF_ENCRYPT($i+2,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        }
+                &xor($R,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+                &mov("eax",&wparam(0));
+                &mov(&DWP(0,"eax","",0),$R);
+                &mov(&DWP(4,"eax","",0),$L);
+                &function_end_A($name);
+                }
+        else
+                {
+                &xor($L,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+                for ($i=$BF_ROUNDS; $i>0; $i-=2)
+                        {
+                        &comment("");
+                        &comment("Round $i");
+                        &BF_ENCRYPT($i,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        &comment("");
+                        &comment("Round ".sprintf("%d",$i-1));
+                        &BF_ENCRYPT($i-1,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        }
+                &xor($R,&DWP(0,$P,"",0));
+                &mov("eax",&wparam(0));
+                &mov(&DWP(0,"eax","",0),$R);
+                &mov(&DWP(4,"eax","",0),$L);
+                &function_end_A($name);
+                }
+        &function_end_B($name);
+        }
+sub BF_ENCRYPT
+        {
+        local($i,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3)=@_;
+        &rotr(  $R,             16);
+        &mov(   $tot,           &DWP(&n2a($i*4),$P,"",0));
+        &movb(  &LB($tmp1),     &HB($R));
+        &movb(  &LB($tmp2),     &LB($R));
+        &rotr(  $R,             16);
+        &xor(   $L,             $tot);
+        &mov(   $tot,           &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
+        &mov(   $tmp3,          &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
+        &movb(  &LB($tmp1),     &HB($R));
+        &movb(  &LB($tmp2),     &LB($R));
+        &add(   $tot,           $tmp3);
+        &mov(   $tmp1,          &DWP(&n2a($BF_OFF+0x0800),$P,$tmp1,4)); # delay
+        &xor(   $tot,           $tmp1);
+        &mov(   $tmp3,          &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp2,4));
+        &add(   $tot,           $tmp3);
+        &xor(   $tmp1,          $tmp1);
+        &xor(   $L,             $tot);                                  
+        # delay
+        }
+sub n2a
+        {
+        sprintf("%d",$_[0]);
+        }
diff --git a/src/lib/libssl/src/crypto/bf/asm/readme b/src/lib/libssl/src/crypto/bf/asm/readme
new file mode 100644
index 0000000000..2385fa3812
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/asm/readme
@@ -0,0 +1,10 @@
+There are blowfish assembler generation scripts.
+bf-586.pl version is for the pentium and
+bf-686.pl is my original version, which is faster on the pentium pro.
+When using a bf-586.pl, the pentium pro/II is %8 slower than using
+bf-686.pl.  When using a bf-686.pl, the pentium is %16 slower
+than bf-586.pl
+So the default is bf-586.pl
diff --git a/src/lib/libssl/src/crypto/bf/bf_cbc.c b/src/lib/libssl/src/crypto/bf/bf_cbc.c
new file mode 100644
index 0000000000..e0fa9ad763
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/bf_cbc.c
@@ -0,0 +1,148 @@
+/* crypto/bf/bf_cbc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "blowfish.h"
+#include "bf_locl.h"
+void BF_cbc_encrypt(in, out, length, ks, iv, encrypt)
+unsigned char *in;
+unsigned char *out;
+long length;
+BF_KEY *ks;
+unsigned char *iv;
+int encrypt;
+        {
+        register BF_LONG tin0,tin1;
+        register BF_LONG tout0,tout1,xor0,xor1;
+        register long l=length;
+        BF_LONG tin[2];
+        if (encrypt)
+                {
+                n2l(iv,tout0);
+                n2l(iv,tout1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_encrypt(tin,ks);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        n2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_encrypt(tin,ks);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        }
+                l2n(tout0,iv);
+                l2n(tout1,iv);
+                }
+        else
+                {
+                n2l(iv,xor0);
+                n2l(iv,xor1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2nn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                l2n(xor0,iv);
+                l2n(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
diff --git a/src/lib/libssl/src/crypto/bf/bf_cfb64.c b/src/lib/libssl/src/crypto/bf/bf_cfb64.c
new file mode 100644
index 0000000000..f9c66e7ced
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/bf_cfb64.c
@@ -0,0 +1,127 @@
+/* crypto/bf/bf_cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "blowfish.h"
+#include "bf_locl.h"
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void BF_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
+unsigned char *in;
+unsigned char *out;
+long length;
+BF_KEY *schedule;
+unsigned char *ivec;
+int *num;
+int encrypt;
+        {
+        register BF_LONG v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        BF_LONG ti[2];
+        unsigned char *iv,c,cc;
+        iv=(unsigned char *)ivec;
+        if (encrypt)
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                n2l(iv,v0); ti[0]=v0;
+                                n2l(iv,v1); ti[1]=v1;
+                                BF_encrypt((BF_LONG *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2n(t,iv);
+                                t=ti[1]; l2n(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
+                }
+        else
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                n2l(iv,v0); ti[0]=v0;
+                                n2l(iv,v1); ti[1]=v1;
+                                BF_encrypt((BF_LONG *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2n(t,iv);
+                                t=ti[1]; l2n(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
+                }
+        v0=v1=ti[0]=ti[1]=t=c=cc=0;
+        *num=n;
+        }
diff --git a/src/lib/libssl/src/crypto/bf/bf_ecb.c b/src/lib/libssl/src/crypto/bf/bf_ecb.c
new file mode 100644
index 0000000000..6d16360bd9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/bf_ecb.c
@@ -0,0 +1,98 @@
+/* crypto/bf/bf_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "blowfish.h"
+#include "bf_locl.h"
+/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+char *BF_version="BlowFish part of SSLeay 0.9.0b 29-Jun-1998";
+char *BF_options()
+        {
+#ifdef BF_PTR
+        return("blowfish(ptr)");
+#elif defined(BF_PTR2)
+        return("blowfish(ptr2)");
+#else
+        return("blowfish(idx)");
+#endif
+        }
+void BF_ecb_encrypt(in, out, ks, encrypt)
+unsigned char *in;
+unsigned char *out;
+BF_KEY *ks;
+int encrypt;
+        {
+        BF_LONG l,d[2];
+        n2l(in,l); d[0]=l;
+        n2l(in,l); d[1]=l;
+        if (encrypt)
+                BF_encrypt(d,ks);
+        else
+                BF_decrypt(d,ks);
+        l=d[0]; l2n(l,out);
+        l=d[1]; l2n(l,out);
+        l=d[0]=d[1]=0;
+        }
diff --git a/src/lib/libssl/src/crypto/bf/bf_enc.c b/src/lib/libssl/src/crypto/bf/bf_enc.c
new file mode 100644
index 0000000000..66a8604c59
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/bf_enc.c
@@ -0,0 +1,241 @@
+/* crypto/bf/bf_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "blowfish.h"
+#include "bf_locl.h"
+/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
+If you set BF_ROUNDS to some value other than 16 or 20, you will have
+to modify the code.
+#endif
+void BF_encrypt(data,key)
+BF_LONG *data;
+BF_KEY *key;
+        {
+        register BF_LONG l,r,*p,*s;
+        p=key->P;
+        s= &(key->S[0]);
+        l=data[0];
+        r=data[1];
+        l^=p[0];
+        BF_ENC(r,l,s,p[ 1]);
+        BF_ENC(l,r,s,p[ 2]);
+        BF_ENC(r,l,s,p[ 3]);
+        BF_ENC(l,r,s,p[ 4]);
+        BF_ENC(r,l,s,p[ 5]);
+        BF_ENC(l,r,s,p[ 6]);
+        BF_ENC(r,l,s,p[ 7]);
+        BF_ENC(l,r,s,p[ 8]);
+        BF_ENC(r,l,s,p[ 9]);
+        BF_ENC(l,r,s,p[10]);
+        BF_ENC(r,l,s,p[11]);
+        BF_ENC(l,r,s,p[12]);
+        BF_ENC(r,l,s,p[13]);
+        BF_ENC(l,r,s,p[14]);
+        BF_ENC(r,l,s,p[15]);
+        BF_ENC(l,r,s,p[16]);
+#if BF_ROUNDS == 20
+        BF_ENC(r,l,s,p[17]);
+        BF_ENC(l,r,s,p[18]);
+        BF_ENC(r,l,s,p[19]);
+        BF_ENC(l,r,s,p[20]);
+#endif
+        r^=p[BF_ROUNDS+1];
+        data[1]=l&0xffffffffL;
+        data[0]=r&0xffffffffL;
+        }
+#ifndef BF_DEFAULT_OPTIONS
+void BF_decrypt(data,key)
+BF_LONG *data;
+BF_KEY *key;
+        {
+        register BF_LONG l,r,*p,*s;
+        p=key->P;
+        s= &(key->S[0]);
+        l=data[0];
+        r=data[1];
+        l^=p[BF_ROUNDS+1];
+#if BF_ROUNDS == 20
+        BF_ENC(r,l,s,p[20]);
+        BF_ENC(l,r,s,p[19]);
+        BF_ENC(r,l,s,p[18]);
+        BF_ENC(l,r,s,p[17]);
+#endif
+        BF_ENC(r,l,s,p[16]);
+        BF_ENC(l,r,s,p[15]);
+        BF_ENC(r,l,s,p[14]);
+        BF_ENC(l,r,s,p[13]);
+        BF_ENC(r,l,s,p[12]);
+        BF_ENC(l,r,s,p[11]);
+        BF_ENC(r,l,s,p[10]);
+        BF_ENC(l,r,s,p[ 9]);
+        BF_ENC(r,l,s,p[ 8]);
+        BF_ENC(l,r,s,p[ 7]);
+        BF_ENC(r,l,s,p[ 6]);
+        BF_ENC(l,r,s,p[ 5]);
+        BF_ENC(r,l,s,p[ 4]);
+        BF_ENC(l,r,s,p[ 3]);
+        BF_ENC(r,l,s,p[ 2]);
+        BF_ENC(l,r,s,p[ 1]);
+        r^=p[0];
+        data[1]=l&0xffffffffL;
+        data[0]=r&0xffffffffL;
+        }
+void BF_cbc_encrypt(in, out, length, ks, iv, encrypt)
+unsigned char *in;
+unsigned char *out;
+long length;
+BF_KEY *ks;
+unsigned char *iv;
+int encrypt;
+        {
+        register BF_LONG tin0,tin1;
+        register BF_LONG tout0,tout1,xor0,xor1;
+        register long l=length;
+        BF_LONG tin[2];
+        if (encrypt)
+                {
+                n2l(iv,tout0);
+                n2l(iv,tout1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_encrypt(tin,ks);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        n2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_encrypt(tin,ks);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        }
+                l2n(tout0,iv);
+                l2n(tout1,iv);
+                }
+        else
+                {
+                n2l(iv,xor0);
+                n2l(iv,xor1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2nn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                l2n(xor0,iv);
+                l2n(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/bf/bf_ofb64.c b/src/lib/libssl/src/crypto/bf/bf_ofb64.c
new file mode 100644
index 0000000000..5d844ac760
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/bf_ofb64.c
@@ -0,0 +1,115 @@
+/* crypto/bf/bf_ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "blowfish.h"
+#include "bf_locl.h"
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void BF_ofb64_encrypt(in, out, length, schedule, ivec, num)
+unsigned char *in;
+unsigned char *out;
+long length;
+BF_KEY *schedule;
+unsigned char *ivec;
+int *num;
+        {
+        register BF_LONG v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned char d[8];
+        register char *dp;
+        BF_LONG ti[2];
+        unsigned char *iv;
+        int save=0;
+        iv=(unsigned char *)ivec;
+        n2l(iv,v0);
+        n2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        dp=(char *)d;
+        l2n(v0,dp);
+        l2n(v1,dp);
+        while (l--)
+                {
+                if (n == 0)
+                        {
+                        BF_encrypt((BF_LONG *)ti,schedule);
+                        dp=(char *)d;
+                        t=ti[0]; l2n(t,dp);
+                        t=ti[1]; l2n(t,dp);
+                        save++;
+                        }
+                *(out++)= *(in++)^d[n];
+                n=(n+1)&0x07;
+                }
+        if (save)
+                {
+                v0=ti[0];
+                v1=ti[1];
+                iv=(unsigned char *)ivec;
+                l2n(v0,iv);
+                l2n(v1,iv);
+                }
+        t=v0=v1=ti[0]=ti[1]=0;
+        *num=n;
+        }
diff --git a/src/lib/libssl/src/crypto/bf/bf_opts.c b/src/lib/libssl/src/crypto/bf/bf_opts.c
new file mode 100644
index 0000000000..5cfa60c537
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/bf_opts.c
@@ -0,0 +1,347 @@
+/* crypto/bf/bf_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern void exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "blowfish.h"
+#define BF_DEFAULT_OPTIONS
+#undef BF_ENC
+#define BF_encrypt  BF_encrypt_normal
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+#define BF_PTR
+#undef BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt  BF_encrypt_ptr
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+#undef BF_PTR
+#define BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt  BF_encrypt_ptr2
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+        
+#define time_it(func,name,index) \
+        print_name(name); \
+        Time_F(START); \
+        for (count=0,run=1; COND(cb); count+=4) \
+                { \
+                unsigned long d[2]; \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                } \
+        tm[index]=Time_F(STOP); \
+        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+        tm[index]=((double)COUNT(cb))/tm[index];
+#define print_it(name,index) \
+        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+                tm[index]*8,1.0e6/tm[index]);
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static char key[16]={   0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                                0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        BF_KEY sch;
+        double d,tm[16],max=0;
+        int rank[16];
+        char *str[16];
+        int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+        long ca,cb,cc,cd,ce;
+#endif
+        for (i=0; i<12; i++)
+                {
+                tm[i]=0.0;
+                rank[i]=0;
+                }
+#ifndef TIMES
+        fprintf(stderr,"To get the most acurate results, try to run this\n");
+        fprintf(stderr,"program when this computer is idle.\n");
+#endif
+        BF_set_key(&sch,16,key);
+#ifndef SIGALRM
+        fprintf(stderr,"First we calculate the approximate speed ...\n");
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        BF_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+        ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+        time_it(BF_encrypt_normal,      "BF_encrypt_normal ", 0);
+        time_it(BF_encrypt_ptr,         "BF_encrypt_ptr    ", 1);
+        time_it(BF_encrypt_ptr2,        "BF_encrypt_ptr2   ", 2);
+        num+=3;
+        str[0]="<nothing>";
+        print_it("BF_encrypt_normal ",0);
+        max=tm[0];
+        max_idx=0;
+        str[1]="ptr      ";
+        print_it("BF_encrypt_ptr ",1);
+        if (max < tm[1]) { max=tm[1]; max_idx=1; }
+        str[2]="ptr2     ";
+        print_it("BF_encrypt_ptr2 ",2);
+        if (max < tm[2]) { max=tm[2]; max_idx=2; }
+        printf("options    BF ecb/s\n");
+        printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+        d=tm[max_idx];
+        tm[max_idx]= -2.0;
+        max= -1.0;
+        for (;;)
+                {
+                for (i=0; i<3; i++)
+                        {
+                        if (max < tm[i]) { max=tm[i]; j=i; }
+                        }
+                if (max < 0.0) break;
+                printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+                tm[j]= -2.0;
+                max= -1.0;
+                }
+        switch (max_idx)
+                {
+        case 0:
+                printf("-DBF_DEFAULT_OPTIONS\n");
+                break;
+        case 1:
+                printf("-DBF_PTR\n");
+                break;
+        case 2:
+                printf("-DBF_PTR2\n");
+                break;
+                }
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/bf/bf_pi.h b/src/lib/libssl/src/crypto/bf/bf_pi.h
new file mode 100644
index 0000000000..417b935538
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/bf_pi.h
@@ -0,0 +1,325 @@
+/* crypto/bf/bf_pi.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+static BF_KEY bf_init= {
+        {
+        0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
+        0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
+        0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
+        0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
+        0x9216d5d9L, 0x8979fb1b
+        },{
+        0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 
+        0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 
+        0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, 
+        0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, 
+        0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, 
+        0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 
+        0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, 
+        0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, 
+        0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, 
+        0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, 
+        0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 
+        0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 
+        0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, 
+        0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, 
+        0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, 
+        0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 
+        0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, 
+        0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, 
+        0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, 
+        0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, 
+        0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 
+        0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 
+        0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, 
+        0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, 
+        0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, 
+        0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 
+        0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 
+        0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, 
+        0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, 
+        0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, 
+        0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 
+        0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 
+        0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, 
+        0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, 
+        0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, 
+        0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 
+        0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 
+        0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, 
+        0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, 
+        0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, 
+        0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 
+        0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 
+        0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, 
+        0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, 
+        0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, 
+        0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 
+        0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 
+        0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, 
+        0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, 
+        0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, 
+        0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 
+        0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 
+        0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, 
+        0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, 
+        0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, 
+        0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 
+        0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 
+        0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, 
+        0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, 
+        0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, 
+        0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 
+        0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 
+        0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, 
+        0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, 
+        0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, 
+        0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 
+        0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 
+        0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, 
+        0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, 
+        0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, 
+        0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 
+        0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 
+        0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, 
+        0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, 
+        0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, 
+        0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 
+        0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, 
+        0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, 
+        0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, 
+        0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, 
+        0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 
+        0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, 
+        0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, 
+        0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, 
+        0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, 
+        0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 
+        0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 
+        0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, 
+        0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, 
+        0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, 
+        0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 
+        0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 
+        0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, 
+        0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, 
+        0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, 
+        0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 
+        0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 
+        0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, 
+        0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, 
+        0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, 
+        0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 
+        0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 
+        0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, 
+        0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, 
+        0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, 
+        0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 
+        0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, 
+        0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, 
+        0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, 
+        0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, 
+        0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 
+        0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 
+        0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, 
+        0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, 
+        0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, 
+        0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 
+        0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 
+        0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, 
+        0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, 
+        0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, 
+        0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 
+        0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 
+        0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, 
+        0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, 
+        0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, 
+        0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 
+        0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 
+        0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, 
+        0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, 
+        0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, 
+        0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 
+        0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, 
+        0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, 
+        0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, 
+        0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, 
+        0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 
+        0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 
+        0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, 
+        0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, 
+        0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, 
+        0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 
+        0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 
+        0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, 
+        0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, 
+        0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, 
+        0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 
+        0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, 
+        0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, 
+        0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, 
+        0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, 
+        0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 
+        0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 
+        0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, 
+        0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, 
+        0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, 
+        0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 
+        0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 
+        0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, 
+        0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, 
+        0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, 
+        0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 
+        0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 
+        0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, 
+        0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, 
+        0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, 
+        0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 
+        0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 
+        0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, 
+        0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, 
+        0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, 
+        0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 
+        0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, 
+        0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, 
+        0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, 
+        0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, 
+        0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 
+        0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 
+        0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, 
+        0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, 
+        0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, 
+        0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 
+        0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 
+        0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, 
+        0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, 
+        0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, 
+        0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 
+        0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 
+        0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, 
+        0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, 
+        0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, 
+        0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 
+        0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, 
+        0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, 
+        0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, 
+        0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, 
+        0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 
+        0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 
+        0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, 
+        0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, 
+        0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, 
+        0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 
+        0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 
+        0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, 
+        0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, 
+        0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, 
+        0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 
+        0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 
+        0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, 
+        0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, 
+        0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, 
+        0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 
+        0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 
+        0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, 
+        0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, 
+        0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, 
+        0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 
+        0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, 
+        0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, 
+        0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, 
+        0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, 
+        0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 
+        0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 
+        0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, 
+        0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, 
+        0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, 
+        0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 
+        0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 
+        0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, 
+        0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, 
+        0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, 
+        0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 
+        0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 
+        0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, 
+        0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, 
+        0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, 
+        0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 
+        0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 
+        0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, 
+        0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, 
+        0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, 
+        0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 
+        0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 
+        0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, 
+        0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, 
+        0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, 
+        0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 
+        0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, 
+        0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, 
+        0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, 
+        0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, 
+        0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 
+        0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, 
+        0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, 
+        0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, 
+        0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, 
+        0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, 
+        }
+        };
diff --git a/src/lib/libssl/src/crypto/bf/bf_skey.c b/src/lib/libssl/src/crypto/bf/bf_skey.c
new file mode 100644
index 0000000000..86574c0acc
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/bf_skey.c
@@ -0,0 +1,119 @@
+/* crypto/bf/bf_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include "blowfish.h"
+#include "bf_locl.h"
+#include "bf_pi.h"
+void BF_set_key(key,len,data)
+BF_KEY *key;
+int len;
+unsigned char *data;
+        {
+        int i;
+        BF_LONG *p,ri,in[2];
+        unsigned char *d,*end;
+        memcpy((char *)key,(char *)&bf_init,sizeof(BF_KEY));
+        p=key->P;
+        if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
+        d=data;
+        end= &(data[len]);
+        for (i=0; i<(BF_ROUNDS+2); i++)
+                {
+                ri= *(d++);
+                if (d >= end) d=data;
+                ri<<=8;
+                ri|= *(d++);
+                if (d >= end) d=data;
+                ri<<=8;
+                ri|= *(d++);
+                if (d >= end) d=data;
+                ri<<=8;
+                ri|= *(d++);
+                if (d >= end) d=data;
+                p[i]^=ri;
+                }
+        in[0]=0L;
+        in[1]=0L;
+        for (i=0; i<(BF_ROUNDS+2); i+=2)
+                {
+                BF_encrypt(in,key);
+                p[i  ]=in[0];
+                p[i+1]=in[1];
+                }
+        p=key->S;
+        for (i=0; i<4*256; i+=2)
+                {
+                BF_encrypt(in,key);
+                p[i  ]=in[0];
+                p[i+1]=in[1];
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/bf/bfs.cpp b/src/lib/libssl/src/crypto/bf/bfs.cpp
new file mode 100644
index 0000000000..272ed2f978
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/bfs.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "blowfish.h"
+void main(int argc,char *argv[])
+        {
+        BF_KEY key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(s1);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(e2);
+                        BF_encrypt(&data[0],&key);
+                        }
+                printf("blowfish %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/bf/bfspeed.c b/src/lib/libssl/src/crypto/bf/bfspeed.c
new file mode 100644
index 0000000000..640d820dd3
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/bfspeed.c
@@ -0,0 +1,293 @@
+/* crypto/bf/bfspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern int exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "blowfish.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#ifndef VMS
+#define HZ      100.0
+#else /* VMS */
+#define HZ      100.0
+#endif
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        BF_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+#ifndef TIMES
+        printf("To get the most acurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        BF_set_key(&sch,16,key);
+        count=10;
+        do      {
+                long i;
+                BF_LONG data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        BF_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing BF_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing BF_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                BF_set_key(&sch,16,key);
+                BF_set_key(&sch,16,key);
+                BF_set_key(&sch,16,key);
+                BF_set_key(&sch,16,key);
+                }
+        d=Time_F(STOP);
+        printf("%ld BF_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing BF_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing BF_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                BF_LONG data[2];
+                BF_encrypt(data,&sch);
+                BF_encrypt(data,&sch);
+                BF_encrypt(data,&sch);
+                BF_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld BF_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+#ifdef SIGALRM
+        printf("Doing BF_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing BF_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                BF_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),BF_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld BF_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+        printf("Blowfish set_key       per sec = %12.3f (%9.3fuS)\n",a,1.0e6/a);
+        printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n",b,8.0e6/b);
+        printf("Blowfish cbc     bytes per sec = %12.3f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/bf/bftest.c b/src/lib/libssl/src/crypto/bf/bftest.c
new file mode 100644
index 0000000000..9266cf813a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/bftest.c
@@ -0,0 +1,521 @@
+/* crypto/bf/bftest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "blowfish.h"
+char *bf_key[2]={
+        "abcdefghijklmnopqrstuvwxyz",
+        "Who is John Galt?"
+        };
+/* big endian */
+BF_LONG bf_plain[2][2]={
+        {0x424c4f57L,0x46495348L},
+        {0xfedcba98L,0x76543210L}
+        };
+BF_LONG bf_cipher[2][2]={
+        {0x324ed0feL,0xf413a203L},
+        {0xcc91732bL,0x8022f684L}
+        };
+/************/
+/* Lets use the DES test vectors :-) */
+#define NUM_TESTS 34
+static unsigned char ecb_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+        {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+        {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+        {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+        {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+        {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+        {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+        {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+        {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+        {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+        {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+        {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+        {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+        {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+        {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+        {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+        {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+        {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+        {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+        {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+        {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+        {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+        {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+static unsigned char plain_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+        {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+        {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+        {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+        {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+        {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+        {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+        {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+        {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+        {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+        {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+        {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+        {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+        {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+        {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+        {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+        {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+        {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+        {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+static unsigned char cipher_data[NUM_TESTS][8]={
+        {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+        {0x51,0x86,0x6F,0xD5,0xB8,0x5E,0xCB,0x8A},
+        {0x7D,0x85,0x6F,0x9A,0x61,0x30,0x63,0xF2},
+        {0x24,0x66,0xDD,0x87,0x8B,0x96,0x3C,0x9D},
+        {0x61,0xF9,0xC3,0x80,0x22,0x81,0xB0,0x96},
+        {0x7D,0x0C,0xC6,0x30,0xAF,0xDA,0x1E,0xC7},
+        {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+        {0x0A,0xCE,0xAB,0x0F,0xC6,0xA0,0xA2,0x8D},
+        {0x59,0xC6,0x82,0x45,0xEB,0x05,0x28,0x2B},
+        {0xB1,0xB8,0xCC,0x0B,0x25,0x0F,0x09,0xA0},
+        {0x17,0x30,0xE5,0x77,0x8B,0xEA,0x1D,0xA4},
+        {0xA2,0x5E,0x78,0x56,0xCF,0x26,0x51,0xEB},
+        {0x35,0x38,0x82,0xB1,0x09,0xCE,0x8F,0x1A},
+        {0x48,0xF4,0xD0,0x88,0x4C,0x37,0x99,0x18},
+        {0x43,0x21,0x93,0xB7,0x89,0x51,0xFC,0x98},
+        {0x13,0xF0,0x41,0x54,0xD6,0x9D,0x1A,0xE5},
+        {0x2E,0xED,0xDA,0x93,0xFF,0xD3,0x9C,0x79},
+        {0xD8,0x87,0xE0,0x39,0x3C,0x2D,0xA6,0xE3},
+        {0x5F,0x99,0xD0,0x4F,0x5B,0x16,0x39,0x69},
+        {0x4A,0x05,0x7A,0x3B,0x24,0xD3,0x97,0x7B},
+        {0x45,0x20,0x31,0xC1,0xE4,0xFA,0xDA,0x8E},
+        {0x75,0x55,0xAE,0x39,0xF5,0x9B,0x87,0xBD},
+        {0x53,0xC5,0x5F,0x9C,0xB4,0x9F,0xC0,0x19},
+        {0x7A,0x8E,0x7B,0xFA,0x93,0x7E,0x89,0xA3},
+        {0xCF,0x9C,0x5D,0x7A,0x49,0x86,0xAD,0xB5},
+        {0xD1,0xAB,0xB2,0x90,0x65,0x8B,0xC7,0x78},
+        {0x55,0xCB,0x37,0x74,0xD1,0x3E,0xF2,0x01},
+        {0xFA,0x34,0xEC,0x48,0x47,0xB2,0x68,0xB2},
+        {0xA7,0x90,0x79,0x51,0x08,0xEA,0x3C,0xAE},
+        {0xC3,0x9E,0x07,0x2D,0x9F,0xAC,0x63,0x1D},
+        {0x01,0x49,0x33,0xE0,0xCD,0xAF,0xF6,0xE4},
+        {0xF2,0x1E,0x9A,0x77,0xB7,0x1C,0x49,0xBC},
+        {0x24,0x59,0x46,0x88,0x57,0x54,0x36,0x9A},
+        {0x6B,0x5C,0x5A,0x9C,0x5D,0x9E,0x0A,0x5A},
+        };
+static unsigned char cbc_key [16]={
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static char cbc_data[40]="7654321 Now is the time for ";
+static unsigned char cbc_ok[32]={
+        0x6B,0x77,0xB4,0xD6,0x30,0x06,0xDE,0xE6,
+        0x05,0xB1,0x56,0xE2,0x74,0x03,0x97,0x93,
+        0x58,0xDE,0xB9,0xE7,0x15,0x46,0x16,0xD9,
+        0x59,0xF1,0x65,0x2B,0xD5,0xFF,0x92,0xCC};
+static unsigned char cfb64_ok[]={
+        0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+        0xF2,0x6E,0xCF,0x6D,0x2E,0xB9,0xE7,0x6E,
+        0x3D,0xA3,0xDE,0x04,0xD1,0x51,0x72,0x00,
+        0x51,0x9D,0x57,0xA6,0xC3};
+static unsigned char ofb64_ok[]={
+        0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+        0x62,0xB3,0x43,0xCC,0x5B,0x65,0x58,0x73,
+        0x10,0xDD,0x90,0x8D,0x0C,0x24,0x1B,0x22,
+        0x63,0xC2,0xCF,0x80,0xDA};
+#define KEY_TEST_NUM    25
+unsigned char key_test[KEY_TEST_NUM]={
+        0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
+        0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
+        0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
+        0x88};
+unsigned char key_data[8]=
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10};
+unsigned char key_out[KEY_TEST_NUM][8]={
+        {0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E},
+        {0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6},
+        {0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3},
+        {0xBE,0x1E,0x63,0x94,0x08,0x64,0x0F,0x05},
+        {0xB3,0x9E,0x44,0x48,0x1B,0xDB,0x1E,0x6E},
+        {0x94,0x57,0xAA,0x83,0xB1,0x92,0x8C,0x0D},
+        {0x8B,0xB7,0x70,0x32,0xF9,0x60,0x62,0x9D},
+        {0xE8,0x7A,0x24,0x4E,0x2C,0xC8,0x5E,0x82},
+        {0x15,0x75,0x0E,0x7A,0x4F,0x4E,0xC5,0x77},
+        {0x12,0x2B,0xA7,0x0B,0x3A,0xB6,0x4A,0xE0},
+        {0x3A,0x83,0x3C,0x9A,0xFF,0xC5,0x37,0xF6},
+        {0x94,0x09,0xDA,0x87,0xA9,0x0F,0x6B,0xF2},
+        {0x88,0x4F,0x80,0x62,0x50,0x60,0xB8,0xB4},
+        {0x1F,0x85,0x03,0x1C,0x19,0xE1,0x19,0x68},
+        {0x79,0xD9,0x37,0x3A,0x71,0x4C,0xA3,0x4F},
+        {0x93,0x14,0x28,0x87,0xEE,0x3B,0xE1,0x5C},
+        {0x03,0x42,0x9E,0x83,0x8C,0xE2,0xD1,0x4B},
+        {0xA4,0x29,0x9E,0x27,0x46,0x9F,0xF6,0x7B},
+        {0xAF,0xD5,0xAE,0xD1,0xC1,0xBC,0x96,0xA8},
+        {0x10,0x85,0x1C,0x0E,0x38,0x58,0xDA,0x9F},
+        {0xE6,0xF5,0x1E,0xD7,0x9B,0x9D,0xB2,0x1F},
+        {0x64,0xA6,0xE1,0x4A,0xFD,0x36,0xB4,0x6F},
+        {0x80,0xC7,0xD7,0xD4,0x5A,0x54,0x79,0xAD},
+        {0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},
+        };
+#ifndef NOPROTO
+static int test(void );
+static int print_test_data(void );
+#else
+static int test();
+static int print_test_data();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int ret;
+        if (argc > 1)
+                ret=print_test_data();
+        else
+                ret=test();
+        exit(ret);
+        return(0);
+        }
+static int print_test_data()
+        {
+        unsigned int i,j;
+        printf("ecb test data\n");
+        printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
+        for (i=0; i<NUM_TESTS; i++)
+                {
+                for (j=0; j<8; j++)
+                        printf("%02X",ecb_data[i][j]);
+                printf("\t");
+                for (j=0; j<8; j++)
+                        printf("%02X",plain_data[i][j]);
+                printf("\t");
+                for (j=0; j<8; j++)
+                        printf("%02X",cipher_data[i][j]);
+                printf("\n");
+                }
+        printf("set_key test data\n");
+        printf("data[8]= ");
+        for (j=0; j<8; j++)
+                printf("%02X",key_data[j]);
+        printf("\n");
+        for (i=0; i<KEY_TEST_NUM-1; i++)
+                {
+                printf("c=");
+                for (j=0; j<8; j++)
+                        printf("%02X",key_out[i][j]);
+                printf(" k[%2d]=",i+1);
+                for (j=0; j<i+1; j++)
+                        printf("%02X",key_test[j]);
+                printf("\n");
+                }
+        printf("\nchaining mode test data\n");
+        printf("key[16]   = ");
+        for (j=0; j<16; j++)
+                printf("%02X",cbc_key[j]);
+        printf("\niv[8]     = ");
+        for (j=0; j<8; j++)
+                printf("%02X",cbc_iv[j]);
+        printf("\ndata[%d]  = '%s'",(int)strlen(cbc_data)+1,cbc_data);
+        printf("\ndata[%d]  = ",(int)strlen(cbc_data)+1);
+        for (j=0; j<strlen(cbc_data)+1; j++)
+                printf("%02X",cbc_data[j]);
+        printf("\n");
+        printf("cbc cipher text\n");
+        printf("cipher[%d]= ",32);
+        for (j=0; j<32; j++)
+                printf("%02X",cbc_ok[j]);
+        printf("\n");
+        printf("cfb64 cipher text\n");
+        printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
+        for (j=0; j<strlen(cbc_data)+1; j++)
+                printf("%02X",cfb64_ok[j]);
+        printf("\n");
+        printf("ofb64 cipher text\n");
+        printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
+        for (j=0; j<strlen(cbc_data)+1; j++)
+                printf("%02X",ofb64_ok[j]);
+        printf("\n");
+        return(0);
+        }
+static int test()
+        {
+        unsigned char cbc_in[40],cbc_out[40],iv[8];
+        int i,n,err=0;
+        BF_KEY key;
+        BF_LONG data[2]; 
+        unsigned char out[8]; 
+        BF_LONG len;
+        printf("testing blowfish in raw ecb mode\n");
+        for (n=0; n<2; n++)
+                {
+                BF_set_key(&key,strlen(bf_key[n]),(unsigned char *)bf_key[n]);
+                data[0]=bf_plain[n][0];
+                data[1]=bf_plain[n][1];
+                BF_encrypt(data,&key);
+                if (memcmp(&(bf_cipher[n][0]),&(data[0]),8) != 0)
+                        {
+                        printf("BF_encrypt error encrypting\n");
+                        printf("got     :");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",data[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",bf_cipher[n][i]);
+                        err=1;
+                        printf("\n");
+                        }
+                BF_decrypt(&(data[0]),&key);
+                if (memcmp(&(bf_plain[n][0]),&(data[0]),8) != 0)
+                        {
+                        printf("BF_encrypt error decrypting\n");
+                        printf("got     :");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",data[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",bf_plain[n][i]);
+                        printf("\n");
+                        err=1;
+                        }
+                }
+        printf("testing blowfish in ecb mode\n");
+        for (n=0; n<NUM_TESTS; n++)
+                {
+                BF_set_key(&key,8,ecb_data[n]);
+                BF_ecb_encrypt(&(plain_data[n][0]),out,&key,BF_ENCRYPT);
+                if (memcmp(&(cipher_data[n][0]),out,8) != 0)
+                        {
+                        printf("BF_ecb_encrypt blowfish error encrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",out[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",cipher_data[n][i]);
+                        err=1;
+                        printf("\n");
+                        }
+                BF_ecb_encrypt(out,out,&key,BF_DECRYPT);
+                if (memcmp(&(plain_data[n][0]),out,8) != 0)
+                        {
+                        printf("BF_ecb_encrypt error decrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",out[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",plain_data[n][i]);
+                        printf("\n");
+                        err=1;
+                        }
+                }
+        printf("testing blowfish set_key\n");
+        for (n=1; n<KEY_TEST_NUM; n++)
+                {
+                BF_set_key(&key,n,key_test);
+                BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);
+                if (memcmp(out,&(key_out[n-1][0]),8) != 0)
+                        {
+                        printf("blowfish setkey error\n");
+                        err=1;
+                        }
+                }
+        printf("testing blowfish in cbc mode\n");
+        len=strlen(cbc_data)+1;
+        BF_set_key(&key,16,cbc_key);
+        memset(cbc_in,0,40);
+        memset(cbc_out,0,40);
+        memcpy(iv,cbc_iv,8);
+        BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
+                &key,iv,BF_ENCRYPT);
+        if (memcmp(cbc_out,cbc_ok,32) != 0)
+                {
+                err=1;
+                printf("BF_cbc_encrypt encrypt error\n");
+                for (i=0; i<32; i++) printf("0x%02X,",cbc_out[i]);
+                }
+        memcpy(iv,cbc_iv,8);
+        BF_cbc_encrypt(cbc_out,cbc_in,len,
+                &key,iv,BF_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+                {
+                printf("BF_cbc_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("testing blowfish in cfb64 mode\n");
+        BF_set_key(&key,16,cbc_key);
+        memset(cbc_in,0,40);
+        memset(cbc_out,0,40);
+        memcpy(iv,cbc_iv,8);
+        n=0;
+        BF_cfb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,
+                &key,iv,&n,BF_ENCRYPT);
+        BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]),&(cbc_out[13]),len-13,
+                &key,iv,&n,BF_ENCRYPT);
+        if (memcmp(cbc_out,cfb64_ok,(int)len) != 0)
+                {
+                err=1;
+                printf("BF_cfb64_encrypt encrypt error\n");
+                for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
+                }
+        n=0;
+        memcpy(iv,cbc_iv,8);
+        BF_cfb64_encrypt(cbc_out,cbc_in,17,
+                &key,iv,&n,BF_DECRYPT);
+        BF_cfb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,
+                &key,iv,&n,BF_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,(int)len) != 0)
+                {
+                printf("BF_cfb64_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("testing blowfish in ofb64\n");
+        BF_set_key(&key,16,cbc_key);
+        memset(cbc_in,0,40);
+        memset(cbc_out,0,40);
+        memcpy(iv,cbc_iv,8);
+        n=0;
+        BF_ofb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,&key,iv,&n);
+        BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]),
+                &(cbc_out[13]),len-13,&key,iv,&n);
+        if (memcmp(cbc_out,ofb64_ok,(int)len) != 0)
+                {
+                err=1;
+                printf("BF_ofb64_encrypt encrypt error\n");
+                for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
+                }
+        n=0;
+        memcpy(iv,cbc_iv,8);
+        BF_ofb64_encrypt(cbc_out,cbc_in,17,&key,iv,&n);
+        BF_ofb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,&key,iv,&n);
+        if (memcmp(cbc_in,cbc_data,(int)len) != 0)
+                {
+                printf("BF_ofb64_encrypt decrypt error\n");
+                err=1;
+                }
+        return(err);
+        }
diff --git a/src/lib/libssl/src/crypto/bf/blowfish.h b/src/lib/libssl/src/crypto/bf/blowfish.h
new file mode 100644
index 0000000000..c4a8085a29
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bf/blowfish.h
@@ -0,0 +1,116 @@
+/* crypto/bf/blowfish.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_BLOWFISH_H
+#define HEADER_BLOWFISH_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#define BF_ENCRYPT      1
+#define BF_DECRYPT      0
+/* If you make this 'unsigned int' the pointer variants will work on
+ * the Alpha, otherwise they will not.  Strangly using the '8 byte'
+ * BF_LONG and the default 'non-pointer' inner loop is the best configuration
+ * for the Alpha */
+#define BF_LONG unsigned long
+#define BF_ROUNDS       16
+#define BF_BLOCK        8
+typedef struct bf_key_st
+        {
+        BF_LONG P[BF_ROUNDS+2];
+        BF_LONG S[4*256];
+        } BF_KEY;
+#ifndef NOPROTO
+ 
+void BF_set_key(BF_KEY *key, int len, unsigned char *data);
+void BF_ecb_encrypt(unsigned char *in,unsigned char *out,BF_KEY *key,
+        int enc);
+void BF_encrypt(BF_LONG *data,BF_KEY *key);
+void BF_decrypt(BF_LONG *data,BF_KEY *key);
+void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+        BF_KEY *ks, unsigned char *iv, int enc);
+void BF_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        BF_KEY *schedule, unsigned char *ivec, int *num);
+char *BF_options(void);
+#else
+void BF_set_key();
+void BF_ecb_encrypt();
+void BF_encrypt();
+void BF_decrypt();
+void BF_cbc_encrypt();
+void BF_cfb64_encrypt();
+void BF_ofb64_encrypt();
+char *BF_options();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/bio/b_dump.c b/src/lib/libssl/src/crypto/bio/b_dump.c
new file mode 100644
index 0000000000..db84ad3d47
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/b_dump.c
@@ -0,0 +1,125 @@
+/* crypto/bio/b_dump.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bio.h"
+#define TRUNCATE
+#define DUMP_WIDTH      16
+int BIO_dump(bio,s,len)
+BIO *bio;
+char *s;
+int len;
+{
+  int ret=0;
+  char buf[160+1],tmp[20];
+  int i,j,rows,trunc;
+  unsigned char ch;
+  trunc=0;
+#ifdef TRUNCATE
+  for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) 
+    trunc++;
+#endif
+  rows=(len/DUMP_WIDTH);
+  if ((rows*DUMP_WIDTH)<len)
+    rows++;
+  for(i=0;i<rows;i++) {
+    buf[0]='\0';        /* start with empty string */
+    sprintf(tmp,"%04x - ",i*DUMP_WIDTH);
+    strcpy(buf,tmp);
+    for(j=0;j<DUMP_WIDTH;j++) {
+      if (((i*DUMP_WIDTH)+j)>=len) {
+        strcat(buf,"   ");
+      } else {
+        ch=((unsigned char)*((char *)(s)+i*DUMP_WIDTH+j)) & 0xff;
+        sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
+        strcat(buf,tmp);
+      }
+    }
+    strcat(buf,"  ");
+    for(j=0;j<DUMP_WIDTH;j++) {
+      if (((i*DUMP_WIDTH)+j)>=len)
+        break;
+      ch=((unsigned char)*((char *)(s)+i*DUMP_WIDTH+j)) & 0xff;
+      sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
+      strcat(buf,tmp);
+    }
+    strcat(buf,"\n");
+    /* if this is the last call then update the ddt_dump thing so that
+     * we will move the selection point in the debug window 
+     */
+    ret+=BIO_write(bio,(char *)buf,strlen(buf));
+  }
+#ifdef TRUNCATE
+  if (trunc > 0) {
+    sprintf(buf,"%04x - <SPACES/NULS>\n",len+trunc);
+    ret+=BIO_write(bio,(char *)buf,strlen(buf));
+  }
+#endif
+  return(ret);
+}
diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c
new file mode 100644
index 0000000000..cdadeb839a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/b_print.c
@@ -0,0 +1,92 @@
+/* crypto/bio/b_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bio.h"
+int BIO_printf ( VAR_PLIST( BIO *, bio ) )
+VAR_ALIST
+        {
+        VAR_BDEFN(args, BIO *, bio);
+        char *format;
+        int ret;
+        MS_STATIC char hugebuf[1024*2]; /* 10k in one chunk is the limit */
+        VAR_INIT(args, BIO *, bio);
+        VAR_ARG(args, char *, format);
+        hugebuf[0]='\0';
+/* no-one uses _doprnt anymore and it appears to be broken under SunOS 4.1.4 */
+#if 0 && defined(sun) && !defined(VAR_ANSI) /**/
+        _doprnt(hugebuf,format,args);
+#else /* !sun */
+        vsprintf(hugebuf,format,args);
+#endif /* sun */
+        ret=BIO_write(bio,hugebuf,strlen(hugebuf));
+        VAR_END( args );
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/bio/b_sock.c b/src/lib/libssl/src/crypto/bio/b_sock.c
new file mode 100644
index 0000000000..a45909527c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/b_sock.c
@@ -0,0 +1,628 @@
+/* crypto/bio/b_sock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef NO_SOCK
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include "bio.h"
+/*      BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */
+#ifdef WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+#ifdef SO_MAXCONN
+#define MAX_LISTEN  SOMAXCONN
+#elif defined(SO_MAXCONN)
+#define MAX_LISTEN  SO_MAXCONN
+#else
+#define MAX_LISTEN  32
+#endif
+#ifdef WINDOWS
+static int wsa_init_done=0;
+#endif
+static unsigned long BIO_ghbn_hits=0L;
+static unsigned long BIO_ghbn_miss=0L;
+#define GHBN_NUM        4
+static struct ghbn_cache_st
+        {
+        char name[129];
+        struct hostent *ent;
+        unsigned long order;
+        } ghbn_cache[GHBN_NUM];
+#ifndef NOPROTO
+static int get_ip(char *str,unsigned char *ip);
+static void ghbn_free(struct hostent *a);
+static struct hostent *ghbn_dup(struct hostent *a);
+#else
+static int get_ip();
+static void ghbn_free();
+static struct hostent *ghbn_dup();
+#endif
+int BIO_get_host_ip(str,ip)
+char *str;
+unsigned char *ip;
+        {
+        int i;
+        struct hostent *he;
+        i=get_ip(str,ip);
+        if (i > 0) return(1);
+        if (i < 0)
+                {
+                BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
+                ERR_add_error_data(2,"host=",str);
+                return(0);
+                }
+        else
+                { /* do a gethostbyname */
+                if (!BIO_sock_init()) return(0);
+                he=BIO_gethostbyname(str);
+                if (he == NULL)
+                        {
+                        BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);
+                        ERR_add_error_data(2,"host=",str);
+                        return(0);
+                        }
+                /* cast to short because of win16 winsock definition */
+                if ((short)he->h_addrtype != AF_INET)
+                        {
+                        BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+                        ERR_add_error_data(2,"host=",str);
+                        return(0);
+                        }
+                for (i=0; i<4; i++)
+                        ip[i]=he->h_addr_list[0][i];
+                }
+        return(1);
+        }
+int BIO_get_port(str,port_ptr)
+char *str;
+short *port_ptr;
+        {
+        int i;
+        struct servent *s;
+        if (str == NULL)
+                {
+                BIOerr(BIO_F_BIO_GET_PORT,BIO_R_NO_PORT_DEFINED);
+                return(0);
+                }
+        i=atoi(str);
+        if (i != 0)
+                *port_ptr=(unsigned short)i;
+        else
+                {
+                s=getservbyname(str,"tcp");
+                if (s == NULL)
+                        {
+                        if (strcmp(str,"http") == 0)
+                                *port_ptr=80;
+                        else if (strcmp(str,"telnet") == 0)
+                                *port_ptr=23;
+                        else if (strcmp(str,"socks") == 0)
+                                *port_ptr=1080;
+                        else if (strcmp(str,"https") == 0)
+                                *port_ptr=443;
+                        else if (strcmp(str,"ssl") == 0)
+                                *port_ptr=443;
+                        else if (strcmp(str,"ftp") == 0)
+                                *port_ptr=21;
+                        else if (strcmp(str,"gopher") == 0)
+                                *port_ptr=70;
+#if 0
+                        else if (strcmp(str,"wais") == 0)
+                                *port_ptr=21;
+#endif
+                        else
+                                {
+                                SYSerr(SYS_F_GETSERVBYNAME,get_last_socket_error());
+                                ERR_add_error_data(3,"service='",str,"'");
+                                return(0);
+                                }
+                        return(1);
+                        }
+                *port_ptr=htons((unsigned short)s->s_port);
+                }
+        return(1);
+        }
+int BIO_sock_error(sock)
+int sock;
+        {
+        int j,i,size;
+                 
+        size=sizeof(int);
+        i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size);
+        if (i < 0)
+                return(1);
+        else
+                return(j);
+        }
+long BIO_ghbn_ctrl(cmd,iarg,parg)
+int cmd;
+int iarg;
+char *parg;
+        {
+        int i;
+        char **p;
+        switch (cmd)
+                {
+        case BIO_GHBN_CTRL_HITS:
+                return(BIO_ghbn_hits);
+                break;
+        case BIO_GHBN_CTRL_MISSES:
+                return(BIO_ghbn_miss);
+                break;
+        case BIO_GHBN_CTRL_CACHE_SIZE:
+                return(GHBN_NUM);
+                break;
+        case BIO_GHBN_CTRL_GET_ENTRY:
+                if ((iarg >= 0) && (iarg <GHBN_NUM) &&
+                        (ghbn_cache[iarg].order > 0))
+                        {
+                        p=(char **)parg;
+                        if (p == NULL) return(0);
+                        *p=ghbn_cache[iarg].name;
+                        ghbn_cache[iarg].name[128]='\0';
+                        return(1);
+                        }
+                return(0);
+                break;
+        case BIO_GHBN_CTRL_FLUSH:
+                for (i=0; i<GHBN_NUM; i++)
+                        ghbn_cache[i].order=0;
+                break;
+        default:
+                return(0);
+                }
+        return(1);
+        }
+static struct hostent *ghbn_dup(a)
+struct hostent *a;
+        {
+        struct hostent *ret;
+        int i,j;
+        ret=(struct hostent *)malloc(sizeof(struct hostent));
+        if (ret == NULL) return(NULL);
+        memset(ret,0,sizeof(struct hostent));
+        for (i=0; a->h_aliases[i] != NULL; i++)
+                ;
+        i++;
+        ret->h_aliases=(char **)malloc(sizeof(char *)*i);
+        memset(ret->h_aliases,0,sizeof(char *)*i);
+        if (ret == NULL) goto err;
+        for (i=0; a->h_addr_list[i] != NULL; i++)
+                ;
+        i++;
+        ret->h_addr_list=(char **)malloc(sizeof(char *)*i);
+        memset(ret->h_addr_list,0,sizeof(char *)*i);
+        if (ret->h_addr_list == NULL) goto err;
+        j=strlen(a->h_name)+1;
+        if ((ret->h_name=malloc(j)) == NULL) goto err;
+        memcpy((char *)ret->h_name,a->h_name,j);
+        for (i=0; a->h_aliases[i] != NULL; i++)
+                {
+                j=strlen(a->h_aliases[i])+1;
+                if ((ret->h_aliases[i]=malloc(j)) == NULL) goto err;
+                memcpy(ret->h_aliases[i],a->h_aliases[i],j);
+                }
+        ret->h_length=a->h_length;
+        ret->h_addrtype=a->h_addrtype;
+        for (i=0; a->h_addr_list[i] != NULL; i++)
+                {
+                if ((ret->h_addr_list[i]=malloc(a->h_length)) == NULL)
+                        goto err;
+                memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length);
+                }
+        return(ret);
+err:    
+        if (ret != NULL)
+                ghbn_free(ret);
+        return(NULL);
+        }
+static void ghbn_free(a)
+struct hostent *a;
+        {
+        int i;
+        if (a->h_aliases != NULL)
+                {
+                for (i=0; a->h_aliases[i] != NULL; i++)
+                        free(a->h_aliases[i]);
+                free(a->h_aliases);
+                }
+        if (a->h_addr_list != NULL)
+                {
+                for (i=0; a->h_addr_list[i] != NULL; i++)
+                        free(a->h_addr_list[i]);
+                free(a->h_addr_list);
+                }
+        if (a->h_name != NULL) free((char *)a->h_name);
+        free(a);
+        }
+struct hostent *BIO_gethostbyname(name)
+char *name;
+        {
+        struct hostent *ret;
+        int i,lowi=0,j;
+        unsigned long low= (unsigned long)-1;
+/*      return(gethostbyname(name)); */
+        CRYPTO_w_lock(CRYPTO_LOCK_BIO_GETHOSTBYNAME);
+        j=strlen(name);
+        if (j < 128)
+                {
+                for (i=0; i<GHBN_NUM; i++)
+                        {
+                        if (low > ghbn_cache[i].order)
+                                {
+                                low=ghbn_cache[i].order;
+                                lowi=i;
+                                }
+                        if (ghbn_cache[i].order > 0)
+                                {
+                                if (strncmp(name,ghbn_cache[i].name,128) == 0)
+                                        break;
+                                }
+                        }
+                }
+        else
+                i=GHBN_NUM;
+        if (i == GHBN_NUM) /* no hit*/
+                {
+                BIO_ghbn_miss++;
+                ret=gethostbyname(name);
+                if (ret == NULL) return(NULL);
+                if (j > 128) return(ret); /* too big to cache */
+                /* else add to cache */
+                if (ghbn_cache[lowi].ent != NULL)
+                        ghbn_free(ghbn_cache[lowi].ent);
+                strncpy(ghbn_cache[lowi].name,name,128);
+                ghbn_cache[lowi].ent=ghbn_dup(ret);
+                ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits;
+                }
+        else
+                {
+                BIO_ghbn_hits++;
+                ret= ghbn_cache[i].ent;
+                ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_BIO_GETHOSTBYNAME);
+        return(ret);
+        }
+int BIO_sock_init()
+        {
+#ifdef WINDOWS
+        static struct WSAData wsa_state;
+        if (!wsa_init_done)
+                {
+                int err;
+          
+#ifdef SIGINT
+                signal(SIGINT,(void (*)(int))BIO_sock_cleanup);
+#endif
+                wsa_init_done=1;
+                memset(&wsa_state,0,sizeof(wsa_state));
+                if (WSAStartup(0x0101,&wsa_state)!=0)
+                        {
+                        err=WSAGetLastError();
+                        SYSerr(SYS_F_WSASTARTUP,err);
+                        BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);
+                        return(-1);
+                        }
+                }
+#endif /* WINDOWS */
+        return(1);
+        }
+void BIO_sock_cleanup()
+        {
+#ifdef WINDOWS
+        if (wsa_init_done)
+                {
+                wsa_init_done=0;
+                WSACancelBlockingCall();
+                WSACleanup();
+                }
+#endif
+        }
+int BIO_socket_ioctl(fd,type,arg)
+int fd;
+long type;
+unsigned long *arg;
+        {
+        int i;
+        i=ioctlsocket(fd,type,arg);
+        if (i < 0)
+                SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
+        return(i);
+        }
+/* The reason I have implemented this instead of using sscanf is because
+ * Visual C 1.52c gives an unresolved external when linking a DLL :-( */
+static int get_ip(str,ip)
+char *str;
+unsigned char ip[4];
+        {
+        unsigned int tmp[4];
+        int num=0,c,ok=0;
+        tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
+        for (;;)
+                {
+                c= *(str++);
+                if ((c >= '0') && (c <= '9'))
+                        {
+                        ok=1;
+                        tmp[num]=tmp[num]*10+c-'0';
+                        if (tmp[num] > 255) return(-1);
+                        }
+                else if (c == '.')
+                        {
+                        if (!ok) return(-1);
+                        if (num == 3) break;
+                        num++;
+                        ok=0;
+                        }
+                else if ((num == 3) && ok)
+                        break;
+                else
+                        return(0);
+                }
+        ip[0]=tmp[0];
+        ip[1]=tmp[1];
+        ip[2]=tmp[2];
+        ip[3]=tmp[3];
+        return(1);
+        }
+int BIO_get_accept_socket(host)
+char *host;
+        {
+        int ret=0;
+        struct sockaddr_in server;
+        int s= -1;
+        unsigned char ip[4];
+        short port;
+        char *str,*h,*p,*e;
+        unsigned long l;
+        if (!BIO_sock_init()) return(INVALID_SOCKET);
+        if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
+        h=p=NULL;
+        h=str;
+        for (e=str; *e; e++)
+                {
+                if (*e == ':')
+                        {
+                        p= &(e[1]);
+                        *e='\0';
+                        }
+                else if (*e == '/')
+                        {
+                        *e='\0';
+                        break;
+                        }
+                }
+        if (p == NULL)
+                {
+                p=h;
+                h="*";
+                }
+        if (!BIO_get_port(p,&port)) return(INVALID_SOCKET);
+        memset((char *)&server,0,sizeof(server));
+        server.sin_family=AF_INET;
+        server.sin_port=htons((unsigned short)port);
+        if (strcmp(h,"*") == 0)
+                server.sin_addr.s_addr=INADDR_ANY;
+        else
+                {
+                if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET);
+                l=(unsigned long)
+                        ((unsigned long)ip[0]<<24L)|
+                        ((unsigned long)ip[0]<<16L)|
+                        ((unsigned long)ip[0]<< 8L)|
+                        ((unsigned long)ip[0]);
+                server.sin_addr.s_addr=htonl(l);
+                }
+        s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+        if (s == INVALID_SOCKET)
+                {
+                SYSerr(SYS_F_SOCKET,get_last_socket_error());
+                ERR_add_error_data(3,"port='",host,"'");
+                BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_CREATE_SOCKET);
+                goto err;
+                }
+        if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+                {
+                SYSerr(SYS_F_BIND,get_last_socket_error());
+                ERR_add_error_data(3,"port='",host,"'");
+                BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET);
+                goto err;
+                }
+        if (listen(s,MAX_LISTEN) == -1)
+                {
+                SYSerr(SYS_F_BIND,get_last_socket_error());
+                ERR_add_error_data(3,"port='",host,"'");
+                BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_LISTEN_SOCKET);
+                goto err;
+                }
+        ret=1;
+err:
+        if (str != NULL) Free(str);
+        if ((ret == 0) && (s != INVALID_SOCKET))
+                {
+#ifdef WINDOWS
+                closesocket(s);
+#else
+                close(s);
+#endif
+                s= INVALID_SOCKET;
+                }
+        return(s);
+        }
+int BIO_accept(sock,addr)
+int sock;
+char **addr;
+        {
+        int ret=INVALID_SOCKET;
+        static struct sockaddr_in from;
+        unsigned long l;
+        short port;
+        int len;
+        char *p;
+        memset((char *)&from,0,sizeof(from));
+        len=sizeof(from);
+        ret=accept(sock,(struct sockaddr *)&from,&len);
+        if (ret == INVALID_SOCKET)
+                {
+                SYSerr(SYS_F_ACCEPT,get_last_socket_error());
+                BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);
+                goto end;
+                }
+        if (addr == NULL) goto end;
+        l=ntohl(from.sin_addr.s_addr);
+        port=ntohs(from.sin_port);
+        if (*addr == NULL)
+                {
+                if ((p=Malloc(24)) == NULL)
+                        {
+                        BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);
+                        goto end;
+                        }
+                *addr=p;
+                }
+        sprintf(*addr,"%d.%d.%d.%d:%d",
+                (unsigned char)(l>>24L)&0xff,
+                (unsigned char)(l>>16L)&0xff,
+                (unsigned char)(l>> 8L)&0xff,
+                (unsigned char)(l     )&0xff,
+                port);
+end:
+        return(ret);
+        }
+int BIO_set_tcp_ndelay(s,on)
+int s;
+int on;
+        {
+        int ret=0;
+#if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
+        int opt;
+#ifdef SOL_TCP
+        opt=SOL_TCP;
+#else
+#ifdef IPPROTO_TCP
+        opt=IPPROTO_TCP;
+#endif
+#endif
+        
+        ret=setsockopt(s,opt,TCP_NODELAY,(char *)&on,sizeof(on));
+#endif
+        return(ret == 0);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/bio/bf_buff.c b/src/lib/libssl/src/crypto/bio/bf_buff.c
new file mode 100644
index 0000000000..7912b88473
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bf_buff.c
@@ -0,0 +1,512 @@
+/* crypto/bio/bf_buff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "bio.h"
+#include "evp.h"
+#ifndef NOPROTO
+static int buffer_write(BIO *h,char *buf,int num);
+static int buffer_read(BIO *h,char *buf,int size);
+static int buffer_puts(BIO *h,char *str);
+static int buffer_gets(BIO *h,char *str,int size);
+static long buffer_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int buffer_new(BIO *h);
+static int buffer_free(BIO *data);
+#else
+static int buffer_write();
+static int buffer_read();
+static int buffer_puts();
+static int buffer_gets();
+static long buffer_ctrl();
+static int buffer_new();
+static int buffer_free();
+#endif
+#define DEFAULT_BUFFER_SIZE     1024
+static BIO_METHOD methods_buffer=
+        {
+        BIO_TYPE_BUFFER,
+        "buffer",
+        buffer_write,
+        buffer_read,
+        buffer_puts,
+        buffer_gets,
+        buffer_ctrl,
+        buffer_new,
+        buffer_free,
+        };
+BIO_METHOD *BIO_f_buffer()
+        {
+        return(&methods_buffer);
+        }
+static int buffer_new(bi)
+BIO *bi;
+        {
+        BIO_F_BUFFER_CTX *ctx;
+        ctx=(BIO_F_BUFFER_CTX *)Malloc(sizeof(BIO_F_BUFFER_CTX));
+        if (ctx == NULL) return(0);
+        ctx->ibuf=(char *)Malloc(DEFAULT_BUFFER_SIZE);
+        if (ctx->ibuf == NULL) { Free(ctx); return(0); }
+        ctx->obuf=(char *)Malloc(DEFAULT_BUFFER_SIZE);
+        if (ctx->obuf == NULL) { Free(ctx->ibuf); Free(ctx); return(0); }
+        ctx->ibuf_size=DEFAULT_BUFFER_SIZE;
+        ctx->obuf_size=DEFAULT_BUFFER_SIZE;
+        ctx->ibuf_len=0;
+        ctx->ibuf_off=0;
+        ctx->obuf_len=0;
+        ctx->obuf_off=0;
+        bi->init=1;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+static int buffer_free(a)
+BIO *a;
+        {
+        BIO_F_BUFFER_CTX *b;
+        if (a == NULL) return(0);
+        b=(BIO_F_BUFFER_CTX *)a->ptr;
+        if (b->ibuf != NULL) Free(b->ibuf);
+        if (b->obuf != NULL) Free(b->obuf);
+        Free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int buffer_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        int i,num=0;
+        BIO_F_BUFFER_CTX *ctx;
+        if (out == NULL) return(0);
+        ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+        num=0;
+        BIO_clear_retry_flags(b);
+start:
+        i=ctx->ibuf_len;
+        /* If there is stuff left over, grab it */
+        if (i != 0)
+                {
+                if (i > outl) i=outl;
+                memcpy(out,&(ctx->ibuf[ctx->ibuf_off]),i);
+                ctx->ibuf_off+=i;
+                ctx->ibuf_len-=i;
+                num+=i;
+                if (outl == i)  return(num);
+                outl-=i;
+                out+=i;
+                }
+        /* We may have done a partial read. try to do more.
+         * We have nothing in the buffer.
+         * If we get an error and have read some data, just return it
+         * and let them retry to get the error again.
+         * copy direct to parent address space */
+        if (outl > ctx->ibuf_size)
+                {
+                for (;;)
+                        {
+                        i=BIO_read(b->next_bio,out,outl);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+                                if (i < 0) return((num > 0)?num:i);
+                                if (i == 0) return(num);
+                                }
+                        num+=i;
+                        if (outl == i) return(num);
+                        out+=i;
+                        outl-=i;
+                        }
+                }
+        /* else */
+        /* we are going to be doing some buffering */
+        i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
+        if (i <= 0)
+                {
+                BIO_copy_next_retry(b);
+                if (i < 0) return((num > 0)?num:i);
+                if (i == 0) return(num);
+                }
+        ctx->ibuf_off=0;
+        ctx->ibuf_len=i;
+        /* Lets re-read using ourselves :-) */
+        goto start;
+        }
+static int buffer_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+        {
+        int i,num=0;
+        BIO_F_BUFFER_CTX *ctx;
+        if ((in == NULL) || (inl <= 0)) return(0);
+        ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+        BIO_clear_retry_flags(b);
+start:
+        i=ctx->obuf_size-(ctx->obuf_len+ctx->obuf_off);
+        /* add to buffer and return */
+        if (i >= inl)
+                {
+                memcpy(&(ctx->obuf[ctx->obuf_len]),in,inl);
+                ctx->obuf_len+=inl;
+                return(num+inl);
+                }
+        /* else */
+        /* stuff already in buffer, so add to it first, then flush */
+        if (ctx->obuf_len != 0)
+                {
+                if (i > 0) /* lets fill it up if we can */
+                        {
+                        memcpy(&(ctx->obuf[ctx->obuf_len]),in,i);
+                        in+=i;
+                        inl-=i;
+                        num+=i;
+                        ctx->obuf_len+=i;
+                        }
+                /* we now have a full buffer needing flushing */
+                for (;;)
+                        {
+                        i=BIO_write(b->next_bio,&(ctx->obuf[ctx->obuf_off]),
+                                ctx->obuf_len);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+                                if (i < 0) return((num > 0)?num:i);
+                                if (i == 0) return(num);
+                                }
+                        ctx->obuf_off+=i;
+                        ctx->obuf_len-=i;
+                        if (ctx->obuf_len == 0) break;
+                        }
+                }
+        /* we only get here if the buffer has been flushed and we
+         * still have stuff to write */
+        ctx->obuf_off=0;
+        /* we now have inl bytes to write */
+        while (inl >= ctx->obuf_size)
+                {
+                i=BIO_write(b->next_bio,in,inl);
+                if (i <= 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        if (i < 0) return((num > 0)?num:i);
+                        if (i == 0) return(num);
+                        }
+                num+=i;
+                in+=i;
+                inl-=i;
+                if (inl == 0) return(num);
+                }
+        /* copy the rest into the buffer since we have only a small 
+         * amount left */
+        goto start;
+        }
+static long buffer_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        BIO *dbio;
+        BIO_F_BUFFER_CTX *ctx;
+        long ret=1;
+        char *p1,*p2;
+        int r,i,*ip;
+        int ibs,obs;
+        ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ctx->ibuf_off=0;
+                ctx->ibuf_len=0;
+                ctx->obuf_off=0;
+                ctx->obuf_len=0;
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_INFO:
+                ret=(long)ctx->obuf_len;
+                break;
+        case BIO_C_GET_BUFF_NUM_LINES:
+                ret=0;
+                p1=ctx->ibuf;
+                for (i=ctx->ibuf_off; i<ctx->ibuf_len; i++)
+                        {
+                        if (p1[i] == '\n') ret++;
+                        }
+                break;
+        case BIO_CTRL_WPENDING:
+                ret=(long)ctx->obuf_len;
+                if (ret == 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_PENDING:
+                ret=(long)ctx->ibuf_len;
+                if (ret == 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_C_SET_BUFF_READ_DATA:
+                if (num > ctx->ibuf_size)
+                        {
+                        p1=Malloc((int)num);
+                        if (p1 == NULL) goto malloc_error;
+                        if (ctx->ibuf != NULL) Free(ctx->ibuf);
+                        ctx->ibuf=p1;
+                        }
+                ctx->ibuf_off=0;
+                ctx->ibuf_len=(int)num;
+                memcpy(ctx->ibuf,ptr,(int)num);
+                ret=1;
+                break;
+        case BIO_C_SET_BUFF_SIZE:
+                if (ptr != NULL)
+                        {
+                        ip=(int *)ptr;
+                        if (*ip == 0)
+                                {
+                                ibs=(int)num;
+                                obs=ctx->obuf_size;
+                                }
+                        else /* if (*ip == 1) */
+                                {
+                                ibs=ctx->ibuf_size;
+                                obs=(int)num;
+                                }
+                        }
+                else
+                        {
+                        ibs=(int)num;
+                        obs=(int)num;
+                        }
+                p1=ctx->ibuf;
+                p2=ctx->obuf;
+                if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size))
+                        {
+                        p1=(char *)Malloc((int)num);
+                        if (p1 == NULL) goto malloc_error;
+                        }
+                if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size))
+                        {
+                        p2=(char *)Malloc((int)num);
+                        if (p2 == NULL)
+                                {
+                                if (p1 != ctx->ibuf) Free(p1);
+                                goto malloc_error;
+                                }
+                        }
+                if (ctx->ibuf != p1)
+                        {
+                        Free(ctx->ibuf);
+                        ctx->ibuf=p1;
+                        ctx->ibuf_off=0;
+                        ctx->ibuf_len=0;
+                        ctx->ibuf_size=ibs;
+                        }
+                if (ctx->obuf != p2)
+                        {
+                        Free(ctx->obuf);
+                        ctx->obuf=p2;
+                        ctx->obuf_off=0;
+                        ctx->obuf_len=0;
+                        ctx->obuf_size=obs;
+                        }
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_CTRL_FLUSH:
+                if (ctx->obuf_len <= 0)
+                        {
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                        break;
+                        }
+                for (;;)
+                        {
+                        BIO_clear_retry_flags(b);
+                        if (ctx->obuf_len > ctx->obuf_off)
+                                {
+                                r=BIO_write(b->next_bio,
+                                        &(ctx->obuf[ctx->obuf_off]),
+                                        ctx->obuf_len-ctx->obuf_off);
+#if 0
+fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r);
+#endif
+                                BIO_copy_next_retry(b);
+                                if (r <= 0) return((long)r);
+                                ctx->obuf_off+=r;
+                                }
+                        else
+                                {
+                                ctx->obuf_len=0;
+                                ctx->obuf_off=0;
+                                ret=1;
+                                break;
+                                }
+                        }
+                break;
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+                if (    !BIO_set_read_buffer_size(dbio,ctx->ibuf_size) ||
+                        !BIO_set_write_buffer_size(dbio,ctx->obuf_size))
+                        ret=0;
+                break;
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+malloc_error:
+        BIOerr(BIO_F_BUFFER_CTRL,ERR_R_MALLOC_FAILURE);
+        return(0);
+        }
+static int buffer_gets(b,buf,size)
+BIO *b;
+char *buf;
+int size;
+        {
+        BIO_F_BUFFER_CTX *ctx;
+        int num=0,i,flag;
+        char *p;
+        ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+        size--; /* reserve space for a '\0' */
+        BIO_clear_retry_flags(b);
+        for (;;)
+                {
+                if (ctx->ibuf_len > 0)
+                        {
+                        p= &(ctx->ibuf[ctx->ibuf_off]);
+                        flag=0;
+                        for (i=0; (i<ctx->ibuf_len) && (i<size); i++)
+                                {
+                                *(buf++)=p[i];
+                                if (p[i] == '\n')
+                                        {
+                                        flag=1;
+                                        i++;
+                                        break;
+                                        }
+                                }
+                        num+=i;
+                        size-=i;
+                        ctx->ibuf_len-=i;
+                        ctx->ibuf_off+=i;
+                        if ((flag) || (i == size))
+                                {
+                                *buf='\0';
+                                return(num);
+                                }
+                        }
+                else    /* read another chunk */
+                        {
+                        i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+                                if (i < 0) return((num > 0)?num:i);
+                                if (i == 0) return(num);
+                                }
+                        ctx->ibuf_len=i;
+                        ctx->ibuf_off=0;
+                        }
+                }
+        }
+static int buffer_puts(b,str)
+BIO *b;
+char *str;
+        {
+        return(BIO_write(b,str,strlen(str)));
+        }
diff --git a/src/lib/libssl/src/crypto/bio/bf_nbio.c b/src/lib/libssl/src/crypto/bio/bf_nbio.c
new file mode 100644
index 0000000000..034b3024df
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bf_nbio.c
@@ -0,0 +1,268 @@
+/* crypto/bio/bf_nbio.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "rand.h"
+#include "bio.h"
+#include "evp.h"
+/* BIO_put and BIO_get both add to the digest,
+ * BIO_gets returns the digest */
+#ifndef NOPROTO
+static int nbiof_write(BIO *h,char *buf,int num);
+static int nbiof_read(BIO *h,char *buf,int size);
+static int nbiof_puts(BIO *h,char *str);
+static int nbiof_gets(BIO *h,char *str,int size);
+static long nbiof_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int nbiof_new(BIO *h);
+static int nbiof_free(BIO *data);
+#else
+static int nbiof_write();
+static int nbiof_read();
+static int nbiof_puts();
+static int nbiof_gets();
+static long nbiof_ctrl();
+static int nbiof_new();
+static int nbiof_free();
+#endif
+typedef struct nbio_test_st
+        {
+        /* only set if we sent a 'should retry' error */
+        int lrn;
+        int lwn;
+        } NBIO_TEST;
+static BIO_METHOD methods_nbiof=
+        {
+        BIO_TYPE_NBIO_TEST,
+        "non-blocking IO test filter",
+        nbiof_write,
+        nbiof_read,
+        nbiof_puts,
+        nbiof_gets,
+        nbiof_ctrl,
+        nbiof_new,
+        nbiof_free,
+        };
+BIO_METHOD *BIO_f_nbio_test()
+        {
+        return(&methods_nbiof);
+        }
+static int nbiof_new(bi)
+BIO *bi;
+        {
+        NBIO_TEST *nt;
+        nt=(NBIO_TEST *)Malloc(sizeof(NBIO_TEST));
+        nt->lrn= -1;
+        nt->lwn= -1;
+        bi->ptr=(char *)nt;
+        bi->init=1;
+        bi->flags=0;
+        return(1);
+        }
+static int nbiof_free(a)
+BIO *a;
+        {
+        if (a == NULL) return(0);
+        if (a->ptr != NULL)
+                Free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int nbiof_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        NBIO_TEST *nt;
+        int ret=0;
+#if 0
+        int num;
+        unsigned char n;
+#endif
+        if (out == NULL) return(0);
+        if (b->next_bio == NULL) return(0);
+        nt=(NBIO_TEST *)b->ptr;
+        BIO_clear_retry_flags(b);
+#if 0
+        RAND_bytes(&n,1);
+        num=(n&0x07);
+        if (outl > num) outl=num;
+        if (num == 0)
+                {
+                ret= -1;
+                BIO_set_retry_read(b);
+                }
+        else
+#endif
+                {
+                ret=BIO_read(b->next_bio,out,outl);
+                if (ret < 0)
+                        BIO_copy_next_retry(b);
+                }
+        return(ret);
+        }
+static int nbiof_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+        {
+        NBIO_TEST *nt;
+        int ret=0;
+        int num;
+        unsigned char n;
+        if ((in == NULL) || (inl <= 0)) return(0);
+        if (b->next_bio == NULL) return(0);
+        nt=(NBIO_TEST *)b->ptr;
+        BIO_clear_retry_flags(b);
+#if 1
+        if (nt->lwn > 0)
+                {
+                num=nt->lwn;
+                nt->lwn=0;
+                }
+        else
+                {
+                RAND_bytes(&n,1);
+                num=(n&7);
+                }
+        if (inl > num) inl=num;
+        if (num == 0)
+                {
+                ret= -1;
+                BIO_set_retry_write(b);
+                }
+        else
+#endif
+                {
+                ret=BIO_write(b->next_bio,in,inl);
+                if (ret < 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        nt->lwn=inl;
+                        }
+                }
+        return(ret);
+        }
+static long nbiof_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        long ret;
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_CTRL_DUP:
+                ret=0L;
+                break;
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
+static int nbiof_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+        {
+        if (bp->next_bio == NULL) return(0);
+        return(BIO_gets(bp->next_bio,buf,size));
+        }
+static int nbiof_puts(bp,str)
+BIO *bp;
+char *str;
+        {
+        if (bp->next_bio == NULL) return(0);
+        return(BIO_puts(bp->next_bio,str));
+        }
diff --git a/src/lib/libssl/src/crypto/bio/bf_null.c b/src/lib/libssl/src/crypto/bio/bf_null.c
new file mode 100644
index 0000000000..a47a65741a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bf_null.c
@@ -0,0 +1,196 @@
+/* crypto/bio/bf_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "bio.h"
+#include "evp.h"
+/* BIO_put and BIO_get both add to the digest,
+ * BIO_gets returns the digest */
+#ifndef NOPROTO
+static int nullf_write(BIO *h,char *buf,int num);
+static int nullf_read(BIO *h,char *buf,int size);
+static int nullf_puts(BIO *h,char *str);
+static int nullf_gets(BIO *h,char *str,int size);
+static long nullf_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int nullf_new(BIO *h);
+static int nullf_free(BIO *data);
+#else
+static int nullf_write();
+static int nullf_read();
+static int nullf_puts();
+static int nullf_gets();
+static long nullf_ctrl();
+static int nullf_new();
+static int nullf_free();
+#endif
+static BIO_METHOD methods_nullf=
+        {
+        BIO_TYPE_NULL_FILTER,
+        "NULL filter",
+        nullf_write,
+        nullf_read,
+        nullf_puts,
+        nullf_gets,
+        nullf_ctrl,
+        nullf_new,
+        nullf_free,
+        };
+BIO_METHOD *BIO_f_null()
+        {
+        return(&methods_nullf);
+        }
+static int nullf_new(bi)
+BIO *bi;
+        {
+        bi->init=1;
+        bi->ptr=NULL;
+        bi->flags=0;
+        return(1);
+        }
+static int nullf_free(a)
+BIO *a;
+        {
+        if (a == NULL) return(0);
+/*      a->ptr=NULL;
+        a->init=0;
+        a->flags=0;*/
+        return(1);
+        }
+        
+static int nullf_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        int ret=0;
+ 
+        if (out == NULL) return(0);
+        if (b->next_bio == NULL) return(0);
+        ret=BIO_read(b->next_bio,out,outl);
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+static int nullf_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+        {
+        int ret=0;
+        if ((in == NULL) || (inl <= 0)) return(0);
+        if (b->next_bio == NULL) return(0);
+        ret=BIO_write(b->next_bio,in,inl);
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+static long nullf_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        long ret;
+        if (b->next_bio == NULL) return(0);
+        switch(cmd)
+                {
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_CTRL_DUP:
+                ret=0L;
+                break;
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                }
+        return(ret);
+        }
+static int nullf_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+        {
+        if (bp->next_bio == NULL) return(0);
+        return(BIO_gets(bp->next_bio,buf,size));
+        }
+static int nullf_puts(bp,str)
+BIO *bp;
+char *str;
+        {
+        if (bp->next_bio == NULL) return(0);
+        return(BIO_puts(bp->next_bio,str));
+        }
diff --git a/src/lib/libssl/src/crypto/bio/bio.h b/src/lib/libssl/src/crypto/bio/bio.h
new file mode 100644
index 0000000000..300b330e00
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bio.h
@@ -0,0 +1,688 @@
+/* crypto/bio/bio.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_BIO_H
+#define HEADER_BIO_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "crypto.h"
+/* These are the 'types' of BIOs */
+#define BIO_TYPE_NONE           0
+#define BIO_TYPE_MEM            (1|0x0400)
+#define BIO_TYPE_FILE           (2|0x0400)
+#define BIO_TYPE_FD             (4|0x0400|0x0100)
+#define BIO_TYPE_SOCKET         (5|0x0400|0x0100)
+#define BIO_TYPE_NULL           (6|0x0400)
+#define BIO_TYPE_SSL            (7|0x0200)
+#define BIO_TYPE_MD             (8|0x0200)              /* pasive filter */
+#define BIO_TYPE_BUFFER         (9|0x0200)              /* filter */
+#define BIO_TYPE_CIPHER         (10|0x0200)             /* filter */
+#define BIO_TYPE_BASE64         (11|0x0200)             /* filter */
+#define BIO_TYPE_CONNECT        (12|0x0400|0x0100)      /* socket - connect */
+#define BIO_TYPE_ACCEPT         (13|0x0400|0x0100)      /* socket for accept */
+#define BIO_TYPE_PROXY_CLIENT   (14|0x0200)             /* client proxy BIO */
+#define BIO_TYPE_PROXY_SERVER   (15|0x0200)             /* server proxy BIO */
+#define BIO_TYPE_NBIO_TEST      (16|0x0200)             /* server proxy BIO */
+#define BIO_TYPE_NULL_FILTER    (17|0x0200)
+#define BIO_TYPE_DESCRIPTOR     0x0100  /* socket, fd, connect or accept */
+#define BIO_TYPE_FILTER         0x0200
+#define BIO_TYPE_SOURCE_SINK    0x0400
+/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
+ * BIO_set_fp(in,stdin,BIO_NOCLOSE); */
+#define BIO_NOCLOSE             0x00
+#define BIO_CLOSE               0x01
+/* These are used in the following macros and are passed to
+ * BIO_ctrl() */
+#define BIO_CTRL_RESET          1  /* opt - rewind/zero etc */
+#define BIO_CTRL_EOF            2  /* opt - are we at the eof */
+#define BIO_CTRL_INFO           3  /* opt - extra tit-bits */
+#define BIO_CTRL_SET            4  /* man - set the 'IO' type */
+#define BIO_CTRL_GET            5  /* man - get the 'IO' type */
+#define BIO_CTRL_PUSH           6  /* opt - internal, used to signify change */
+#define BIO_CTRL_POP            7  /* opt - internal, used to signify change */
+#define BIO_CTRL_GET_CLOSE      8  /* man - set the 'close' on free */
+#define BIO_CTRL_SET_CLOSE      9  /* man - set the 'close' on free */
+#define BIO_CTRL_PENDING        10  /* opt - is their more data buffered */
+#define BIO_CTRL_FLUSH          11  /* opt - 'flush' buffered output */
+#define BIO_CTRL_DUP            12  /* man - extra stuff for 'duped' BIO */
+#define BIO_CTRL_WPENDING       13  /* opt - number of bytes still to write */
+/* callback is int cb(BIO *bio,state,ret); */
+#define BIO_CTRL_SET_CALLBACK   14  /* opt - set callback function */
+#define BIO_CTRL_GET_CALLBACK   15  /* opt - set callback function */
+#define BIO_CTRL_SET_FILENAME   30      /* BIO_s_file special */
+/* modifiers */
+#define BIO_FP_READ             0x02
+#define BIO_FP_WRITE            0x04
+#define BIO_FP_APPEND           0x08
+#define BIO_FP_TEXT             0x10
+#define BIO_FLAGS_READ          0x01
+#define BIO_FLAGS_WRITE         0x02
+#define BIO_FLAGS_IO_SPECIAL    0x04
+#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+#define BIO_FLAGS_SHOULD_RETRY  0x08
+/* Used in BIO_gethostbyname() */
+#define BIO_GHBN_CTRL_HITS              1
+#define BIO_GHBN_CTRL_MISSES            2
+#define BIO_GHBN_CTRL_CACHE_SIZE        3
+#define BIO_GHBN_CTRL_GET_ENTRY         4
+#define BIO_GHBN_CTRL_FLUSH             5
+/* Mostly used in the SSL BIO */
+/* Not used anymore
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
+ * #define BIO_FLAGS_PROTOCOL_STARTUP   0x40
+ */
+#define BIO_FLAGS_BASE64_NO_NL  0x100
+#define BIO_set_flags(b,f) ((b)->flags|=(f))
+#define BIO_get_flags(b) ((b)->flags)
+#define BIO_set_retry_special(b) \
+                ((b)->flags|=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_set_retry_read(b) \
+                ((b)->flags|=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_set_retry_write(b) \
+                ((b)->flags|=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
+/* These are normally used internally in BIOs */
+#define BIO_clear_flags(b,f) ((b)->flags&= ~(f))
+#define BIO_clear_retry_flags(b) \
+                ((b)->flags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_get_retry_flags(b) \
+                ((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+/* These shouldbe used by the application to tell why we should retry */
+#define BIO_should_read(a)              ((a)->flags & BIO_FLAGS_READ)
+#define BIO_should_write(a)             ((a)->flags & BIO_FLAGS_WRITE)
+#define BIO_should_io_special(a)        ((a)->flags & BIO_FLAGS_IO_SPECIAL)
+#define BIO_retry_type(a)               ((a)->flags & BIO_FLAGS_RWS)
+#define BIO_should_retry(a)             ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
+/* The next two are used in conjunction with the
+ * BIO_should_io_special() condition.  After this returns true,
+ * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO 
+ * stack and return the 'reason' for the special and the offending BIO.
+ * Given a BIO, BIO_get_retry_reason(bio) will return the code. */
+/* Returned from the SSL bio when the certificate retrieval code had an error */
+#define BIO_RR_SSL_X509_LOOKUP          0x01
+/* Returned from the connect BIO when a connect would have blocked */
+#define BIO_RR_CONNECT                  0x02
+/* These are passed by the BIO callback */
+#define BIO_CB_FREE     0x01
+#define BIO_CB_READ     0x02
+#define BIO_CB_WRITE    0x03
+#define BIO_CB_PUTS     0x04
+#define BIO_CB_GETS     0x05
+#define BIO_CB_CTRL     0x06
+/* The callback is called before and after the underling operation,
+ * The BIO_CB_RETURN flag indicates if it is after the call */
+#define BIO_CB_RETURN   0x80
+#define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
+#define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
+#define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
+#define BIO_set_callback(b,cb)          ((b)->callback=(cb))
+#define BIO_set_callback_arg(b,arg)     ((b)->cb_arg=(char *)(arg))
+#define BIO_get_callback_arg(b)         ((b)->cb_arg)
+#define BIO_get_callback(b)             ((b)->callback)
+#define BIO_method_name(b)              ((b)->method->name)
+#define BIO_method_type(b)              ((b)->method->type)
+#ifndef WIN16
+typedef struct bio_method_st
+        {
+        int type;
+        char *name;
+        int (*bwrite)();
+        int (*bread)();
+        int (*bputs)();
+        int (*bgets)();
+        long (*ctrl)();
+        int (*create)();
+        int (*destroy)();
+        } BIO_METHOD;
+#else
+typedef struct bio_method_st
+        {
+        int type;
+        char *name;
+        int (_far *bwrite)();
+        int (_far *bread)();
+        int (_far *bputs)();
+        int (_far *bgets)();
+        long (_far *ctrl)();
+        int (_far *create)();
+        int (_far *destroy)();
+        } BIO_METHOD;
+#endif
+typedef struct bio_st
+        {
+        BIO_METHOD *method;
+#ifndef NOPROTO
+        /* bio, mode, argp, argi, argl, ret */
+        long (*callback)(struct bio_st *,int,char *,int, long,long);
+#else
+        long (*callback)();
+#endif
+        char *cb_arg; /* first argument for the callback */
+        int init;
+        int shutdown;
+        int flags;      /* extra storage */
+        int retry_reason;
+        int num;
+        char *ptr;
+        struct bio_st *next_bio;        /* used by filter BIOs */
+        struct bio_st *prev_bio;        /* used by filter BIOs */
+        int references;
+        unsigned long num_read;
+        unsigned long num_write;
+        CRYPTO_EX_DATA ex_data;
+        } BIO;
+typedef struct bio_f_buffer_ctx_struct
+        {
+        /* BIO *bio; */ /* this is now in the BIO struct */
+        int ibuf_size;  /* how big is the input buffer */
+        int obuf_size;  /* how big is the output buffer */
+        char *ibuf;             /* the char array */
+        int ibuf_len;           /* how many bytes are in it */
+        int ibuf_off;           /* write/read offset */
+        char *obuf;             /* the char array */
+        int obuf_len;           /* how many bytes are in it */
+        int obuf_off;           /* write/read offset */
+        } BIO_F_BUFFER_CTX;
+/* connect BIO stuff */
+#define BIO_CONN_S_BEFORE               1
+#define BIO_CONN_S_GET_IP               2
+#define BIO_CONN_S_GET_PORT             3
+#define BIO_CONN_S_CREATE_SOCKET        4
+#define BIO_CONN_S_CONNECT              5
+#define BIO_CONN_S_OK                   6
+#define BIO_CONN_S_BLOCKED_CONNECT      7
+#define BIO_CONN_S_NBIO                 8
+#define BIO_CONN_get_param_hostname     BIO_ctrl
+#define BIO_number_read(b)      ((b)->num_read)
+#define BIO_number_written(b)   ((b)->num_write)
+#define BIO_C_SET_CONNECT                       100
+#define BIO_C_DO_STATE_MACHINE                  101
+#define BIO_C_SET_NBIO                          102
+#define BIO_C_SET_PROXY_PARAM                   103
+#define BIO_C_SET_FD                            104
+#define BIO_C_GET_FD                            105
+#define BIO_C_SET_FILE_PTR                      106
+#define BIO_C_GET_FILE_PTR                      107
+#define BIO_C_SET_FILENAME                      108
+#define BIO_C_SET_SSL                           109
+#define BIO_C_GET_SSL                           110
+#define BIO_C_SET_MD                            111
+#define BIO_C_GET_MD                            112
+#define BIO_C_GET_CIPHER_STATUS                 113
+#define BIO_C_SET_BUF_MEM                       114
+#define BIO_C_GET_BUF_MEM_PTR                   115
+#define BIO_C_GET_BUFF_NUM_LINES                116
+#define BIO_C_SET_BUFF_SIZE                     117
+#define BIO_C_SET_ACCEPT                        118
+#define BIO_C_SSL_MODE                          119
+#define BIO_C_GET_MD_CTX                        120
+#define BIO_C_GET_PROXY_PARAM                   121
+#define BIO_C_SET_BUFF_READ_DATA                122 /* data to read first */
+#define BIO_C_GET_CONNECT                       123
+#define BIO_C_GET_ACCEPT                        124
+#define BIO_C_SET_SSL_RENEGOTIATE_BYTES         125
+#define BIO_C_GET_SSL_NUM_RENEGOTIATES          126
+#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT       127
+#define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,(char *)arg)
+#define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
+int BIO_get_ex_num(BIO *bio);
+int BIO_set_ex_data(BIO *bio,int idx,char *data);
+char *BIO_get_ex_data(BIO *bio,int idx);
+void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)());
+int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+        int (*dup_func)(), void (*free_func)());
+/* BIO_s_connect_socket() */
+#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
+#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
+#define BIO_set_conn_ip(b,ip)     BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
+#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
+#define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
+#define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
+#define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2)
+#define BIO_get_conn_int port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)
+#define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+/* BIO_s_accept_socket() */
+#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
+#define BIO_get_accept_port(b)  BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
+/* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
+#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
+#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
+#define BIO_do_connect(b)       BIO_do_handshake(b)
+#define BIO_do_accept(b)        BIO_do_handshake(b)
+#define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+/* BIO_s_proxy_client() */
+#define BIO_set_url(b,url)      BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))
+#define BIO_set_proxies(b,p)    BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))
+/* BIO_set_nbio(b,n) */
+#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
+/* BIO *BIO_get_filter_bio(BIO *bio); */
+#define BIO_set_proxy_cb(b,cb) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(char *)(cb))
+#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
+#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
+#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
+#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
+#define BIO_get_url(b,url)      BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
+#define BIO_get_no_connect_return(b)    BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
+#define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+#define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+#define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
+#define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
+#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_READ,name)
+#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_WRITE,name)
+#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_APPEND,name)
+/* WARNING WARNING, this ups the reference count on the read bio of the
+ * SSL structure.  This is because the ssl read BIO is now pointed to by
+ * the next_bio field in the bio.  So when you free the BIO, make sure
+ * you are doing a BIO_free_all() to catch the underlying BIO. */
+#define BIO_set_ssl(b,ssl,c)    BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
+#define BIO_get_ssl(b,sslp)     BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
+#define BIO_set_ssl_mode(b,client)      BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+#define BIO_set_ssl_renegotiate_bytes(b,num) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+#define BIO_get_num_renegotiates(b) \
+        BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
+#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+/* defined in evp.h */
+/* #define BIO_set_md(b,md)     BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
+#define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
+#define BIO_get_mem_ptr(b,pp)   BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
+/* For the BIO_f_buffer() type */
+#define BIO_get_buffer_num_lines(b)     BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+#define BIO_set_buffer_size(b,size)     BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
+/* Don't use the next one unless you know what you are doing :-) */
+#define BIO_dup_state(b,ret)    BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
+#define BIO_reset(b)            (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
+#define BIO_eof(b)              (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
+#define BIO_set_close(b,c)      (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
+#define BIO_get_close(b)        (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
+#define BIO_pending(b)          (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+#define BIO_wpending(b)         (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+#define BIO_flush(b)            (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
+#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0,(char *)cbp)
+#define BIO_set_info_callback(b,cb) (int)BIO_ctrl(b,BIO_CTRL_SET_CALLBACK,0,(char *)cb)
+/* For the BIO_f_buffer() type */
+#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
+#ifdef NO_STDIO
+#define NO_FP_API
+#endif
+#ifndef NOPROTO
+#  if defined(WIN16) && defined(_WINDLL)
+BIO_METHOD *BIO_s_file_internal(void);
+BIO *BIO_new_file_internal(char *filename, char *mode);
+BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
+#    define BIO_s_file  BIO_s_file_internal
+#    define BIO_new_file        BIO_new_file_internal
+#    define BIO_new_fp  BIO_new_fp_internal
+#  else /* FP_API */
+BIO_METHOD *BIO_s_file(void );
+BIO *BIO_new_file(char *filename, char *mode);
+BIO *BIO_new_fp(FILE *stream, int close_flag);
+#    define BIO_s_file_internal         BIO_s_file
+#    define BIO_new_file_internal       BIO_new_file
+#    define BIO_new_fp_internal         BIO_s_file
+#  endif /* FP_API */
+#else
+#  if defined(WIN16) && defined(_WINDLL)
+BIO_METHOD *BIO_s_file_internal();
+BIO *BIO_new_file_internal();
+BIO *BIO_new_fp_internal();
+#    define BIO_s_file  BIO_s_file_internal
+#    define BIO_new_file        BIO_new_file_internal
+#    define BIO_new_fp  BIO_new_fp_internal
+#  else /* FP_API */
+BIO_METHOD *BIO_s_file();
+BIO *BIO_new_file();
+BIO *BIO_new_fp();
+#    define BIO_s_file_internal         BIO_s_file
+#    define BIO_new_file_internal       BIO_new_file
+#    define BIO_new_fp_internal         BIO_s_file
+#  endif /* FP_API */
+#endif
+#ifndef NOPROTO
+BIO *   BIO_new(BIO_METHOD *type);
+int     BIO_set(BIO *a,BIO_METHOD *type);
+int     BIO_free(BIO *a);
+int     BIO_read(BIO *b, char *data, int len);
+int     BIO_gets(BIO *bp,char *buf, int size);
+int     BIO_write(BIO *b, char *data, int len);
+int     BIO_puts(BIO *bp,char *buf);
+long    BIO_ctrl(BIO *bp,int cmd,long larg,char *parg);
+char *  BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
+long    BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
+BIO *   BIO_push(BIO *b,BIO *append);
+BIO *   BIO_pop(BIO *b);
+void    BIO_free_all(BIO *a);
+BIO *   BIO_find_type(BIO *b,int bio_type);
+BIO *   BIO_get_retry_BIO(BIO *bio, int *reason);
+int     BIO_get_retry_reason(BIO *bio);
+BIO *   BIO_dup_chain(BIO *in);
+#ifndef WIN16
+long BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,
+        long argl,long ret);
+#else
+long _far _loadds BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,
+        long argl,long ret);
+#endif
+BIO_METHOD *BIO_s_mem(void);
+BIO_METHOD *BIO_s_socket(void);
+BIO_METHOD *BIO_s_connect(void);
+BIO_METHOD *BIO_s_accept(void);
+BIO_METHOD *BIO_s_fd(void);
+BIO_METHOD *BIO_s_null(void);
+BIO_METHOD *BIO_f_null(void);
+BIO_METHOD *BIO_f_nbio_test(void);
+BIO_METHOD *BIO_f_buffer(void);
+int BIO_sock_should_retry(int i);
+int BIO_sock_non_fatal_error(int error);
+int BIO_fd_should_retry(int i);
+int BIO_fd_non_fatal_error(int error);
+int BIO_dump(BIO *b,char *bytes,int len);
+struct hostent *BIO_gethostbyname(char *name);
+int BIO_sock_error(int sock);
+int BIO_socket_ioctl(int fd, long type, unsigned long *arg);
+int BIO_get_port(char *str, short *port_ptr);
+int BIO_get_host_ip(char *str, unsigned char *ip);
+int BIO_get_accept_socket(char *host_port);
+int BIO_accept(int sock,char **ip_port);
+int BIO_sock_init(void );
+void BIO_sock_cleanup(void);
+int BIO_set_tcp_ndelay(int sock,int turn_on);
+void ERR_load_BIO_strings(void );
+BIO *BIO_new_socket(int sock, int close_flag);
+BIO *BIO_new_fd(int fd, int close_flag);
+BIO *BIO_new_connect(char *host_port);
+BIO *BIO_new_accept(char *host_port);
+void BIO_copy_next_retry(BIO *b);
+long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
+#else
+BIO *   BIO_new();
+int     BIO_set();
+int     BIO_free();
+int     BIO_read();
+int     BIO_gets();
+int     BIO_write();
+int     BIO_puts();
+char *  BIO_ptr_ctrl();
+long    BIO_ctrl();
+long    BIO_int_ctrl();
+BIO *   BIO_push();
+BIO *   BIO_pop();
+void    BIO_free_all();
+BIO *   BIO_find_type();
+BIO *   BIO_get_retry_BIO();
+int     BIO_get_retry_reason();
+BIO *   BIO_dup_chain();
+#ifndef WIN16
+long BIO_debug_callback();
+#else
+long _far _loadds BIO_debug_callback();
+#endif
+BIO_METHOD *BIO_s_mem();
+BIO_METHOD *BIO_s_socket();
+BIO_METHOD *BIO_s_connect();
+BIO_METHOD *BIO_s_accept();
+BIO_METHOD *BIO_s_fd();
+BIO_METHOD *BIO_s_null();
+BIO_METHOD *BIO_f_null();
+BIO_METHOD *BIO_f_buffer();
+BIO_METHOD *BIO_f_nbio_test();
+int BIO_sock_should_retry();
+int BIO_sock_non_fatal_error();
+int BIO_fd_should_retry();
+int BIO_fd_non_fatal_error();
+int BIO_dump();
+struct hostent *BIO_gethostbyname();
+int BIO_sock_error();
+int BIO_socket_ioctl();
+int BIO_get_port();
+int BIO_get_host_ip();
+int BIO_get_accept_socket();
+int BIO_accept();
+int BIO_sock_init();
+void BIO_sock_cleanup();
+int BIO_set_tcp_ndelay();
+void ERR_load_BIO_strings();
+BIO *BIO_new_socket();
+BIO *BIO_new_fd();
+BIO *BIO_new_connect();
+BIO *BIO_new_accept();
+void BIO_copy_next_retry();
+int BIO_ghbn_ctrl();
+#endif
+/* Tim Hudson's portable varargs stuff */
+#ifndef NOPROTO
+#define VAR_ANSI        /* select ANSI version by default */
+#endif
+#ifdef VAR_ANSI
+/* ANSI version of a "portable" macro set for variable length args */
+#ifndef __STDARG_H__ /**/
+#include <stdarg.h>
+#endif /**/
+#define VAR_PLIST(arg1type,arg1)    arg1type arg1, ...
+#define VAR_PLIST2(arg1type,arg1,arg2type,arg2) arg1type arg1,arg2type arg2,...
+#define VAR_ALIST
+#define VAR_BDEFN(args,arg1type,arg1)   va_list args
+#define VAR_BDEFN2(args,arg1type,arg1,arg2type,arg2)    va_list args
+#define VAR_INIT(args,arg1type,arg1)    va_start(args,arg1);
+#define VAR_INIT2(args,arg1type,arg1,arg2type,arg2) va_start(args,arg2);
+#define VAR_ARG(args,type,arg)  arg=va_arg(args,type)
+#define VAR_END(args)           va_end(args);
+#else
+/* K&R version of a "portable" macro set for variable length args */
+#ifndef __VARARGS_H__
+#include <varargs.h>
+#endif
+#define VAR_PLIST(arg1type,arg1)        va_alist
+#define VAR_PLIST2(arg1type,arg1,arg2type,arg2) va_alist
+#define VAR_ALIST               va_dcl
+#define VAR_BDEFN(args,arg1type,arg1)   va_list args; arg1type arg1
+#define VAR_BDEFN2(args,arg1type,arg1,arg2type,arg2)    va_list args; \
+        arg1type arg1; arg2type arg2
+#define VAR_INIT(args,arg1type,arg1)    va_start(args); \
+        arg1=va_arg(args,arg1type);
+#define VAR_INIT2(args,arg1type,arg1,arg2type,arg2) va_start(args); \
+        arg1=va_arg(args,arg1type);     arg2=va_arg(args,arg2type);
+#define VAR_ARG(args,type,arg)          arg=va_arg(args,type)
+#define VAR_END(args)                   va_end(args);
+#endif
+#ifndef NOPROTO
+int BIO_printf( VAR_PLIST( BIO *, bio ) );
+#else
+int BIO_printf();
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the BIO functions. */
+/* Function codes. */
+#define BIO_F_ACPT_STATE                                 100
+#define BIO_F_BIO_ACCEPT                                 101
+#define BIO_F_BIO_CTRL                                   102
+#define BIO_F_BIO_GETS                                   103
+#define BIO_F_BIO_GET_ACCEPT_SOCKET                      104
+#define BIO_F_BIO_GET_HOST_IP                            105
+#define BIO_F_BIO_GET_PORT                               106
+#define BIO_F_BIO_NEW                                    107
+#define BIO_F_BIO_NEW_FILE                               108
+#define BIO_F_BIO_PUTS                                   109
+#define BIO_F_BIO_READ                                   110
+#define BIO_F_BIO_SOCK_INIT                              111
+#define BIO_F_BIO_WRITE                                  112
+#define BIO_F_BUFFER_CTRL                                113
+#define BIO_F_CONN_STATE                                 114
+#define BIO_F_FILE_CTRL                                  115
+#define BIO_F_MEM_WRITE                                  116
+#define BIO_F_SSL_NEW                                    117
+#define BIO_F_WSASTARTUP                                 118
+/* Reason codes. */
+#define BIO_R_ACCEPT_ERROR                               100
+#define BIO_R_BAD_FOPEN_MODE                             101
+#define BIO_R_BAD_HOSTNAME_LOOKUP                        102
+#define BIO_R_CONNECT_ERROR                              103
+#define BIO_R_ERROR_SETTING_NBIO                         104
+#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET      105
+#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET        106
+#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET          107
+#define BIO_R_INVALID_IP_ADDRESS                         108
+#define BIO_R_KEEPALIVE                                  109
+#define BIO_R_NBIO_CONNECT_ERROR                         110
+#define BIO_R_NO_ACCEPT_PORT_SPECIFIED                   111
+#define BIO_R_NO_HOSTHNAME_SPECIFIED                     112
+#define BIO_R_NO_PORT_DEFINED                            113
+#define BIO_R_NO_PORT_SPECIFIED                          114
+#define BIO_R_NULL_PARAMETER                             115
+#define BIO_R_UNABLE_TO_BIND_SOCKET                      116
+#define BIO_R_UNABLE_TO_CREATE_SOCKET                    117
+#define BIO_R_UNABLE_TO_LISTEN_SOCKET                    118
+#define BIO_R_UNINITALISED                               119
+#define BIO_R_UNSUPPORTED_METHOD                         120
+#define BIO_R_WSASTARTUP                                 121
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/bio/bio_cb.c b/src/lib/libssl/src/crypto/bio/bio_cb.c
new file mode 100644
index 0000000000..bc6ed9eda1
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bio_cb.c
@@ -0,0 +1,138 @@
+/* crypto/bio/bio_cb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include "bio.h"
+#include "err.h"
+long MS_CALLBACK BIO_debug_callback(bio,cmd,argp,argi,argl,ret)
+BIO *bio;
+int cmd;
+char *argp;
+int argi;
+long argl;
+long ret;
+        {
+        BIO *b;
+        MS_STATIC char buf[256];
+        char *p;
+        long r=1;
+        if (BIO_CB_RETURN & cmd)
+                r=ret;
+        sprintf(buf,"BIO[%08lX]:",(unsigned long)bio);
+        p= &(buf[14]);
+        switch (cmd)
+                {
+        case BIO_CB_FREE:
+                sprintf(p,"Free - %s\n",bio->method->name);
+                break;
+        case BIO_CB_READ:
+                if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+                        sprintf(p,"read(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
+                else
+                        sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name);
+                break;
+        case BIO_CB_WRITE:
+                if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+                        sprintf(p,"write(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
+                else
+                        sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name);
+                break;
+        case BIO_CB_PUTS:
+                sprintf(p,"puts() - %s\n",bio->method->name);
+                break;
+        case BIO_CB_GETS:
+                sprintf(p,"gets(%d) - %s\n",argi,bio->method->name);
+                break;
+        case BIO_CB_CTRL:
+                sprintf(p,"ctrl(%d) - %s\n",argi,bio->method->name);
+                break;
+        case BIO_CB_RETURN|BIO_CB_READ:
+                sprintf(p,"read return %ld\n",ret);
+                break;
+        case BIO_CB_RETURN|BIO_CB_WRITE:
+                sprintf(p,"write return %ld\n",ret);
+                break;
+        case BIO_CB_RETURN|BIO_CB_GETS:
+                sprintf(p,"gets return %ld\n",ret);
+                break;
+        case BIO_CB_RETURN|BIO_CB_PUTS:
+                sprintf(p,"puts return %ld\n",ret);
+                break;
+        case BIO_CB_RETURN|BIO_CB_CTRL:
+                sprintf(p,"ctrl return %ld\n",ret);
+                break;
+        default:
+                sprintf(p,"bio callback - unknown type (%d)\n",cmd);
+                break;
+                }
+        b=(BIO *)bio->cb_arg;
+        if (b != NULL)
+                BIO_write(b,buf,strlen(buf));
+#if !defined(NO_STDIO) && !defined(WIN16)
+        else
+                fputs(buf,stderr);
+#endif
+        return(r);
+        }
diff --git a/src/lib/libssl/src/crypto/bio/bio_err.c b/src/lib/libssl/src/crypto/bio/bio_err.c
new file mode 100644
index 0000000000..37e14ca107
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bio_err.c
@@ -0,0 +1,130 @@
+/* lib/bio/bio_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "bio.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA BIO_str_functs[]=
+        {
+{ERR_PACK(0,BIO_F_ACPT_STATE,0),        "ACPT_STATE"},
+{ERR_PACK(0,BIO_F_BIO_ACCEPT,0),        "BIO_accept"},
+{ERR_PACK(0,BIO_F_BIO_CTRL,0),  "BIO_ctrl"},
+{ERR_PACK(0,BIO_F_BIO_GETS,0),  "BIO_gets"},
+{ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0),     "BIO_get_accept_socket"},
+{ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0),   "BIO_get_host_ip"},
+{ERR_PACK(0,BIO_F_BIO_GET_PORT,0),      "BIO_get_port"},
+{ERR_PACK(0,BIO_F_BIO_NEW,0),   "BIO_new"},
+{ERR_PACK(0,BIO_F_BIO_NEW_FILE,0),      "BIO_new_file"},
+{ERR_PACK(0,BIO_F_BIO_PUTS,0),  "BIO_puts"},
+{ERR_PACK(0,BIO_F_BIO_READ,0),  "BIO_read"},
+{ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0),     "BIO_sock_init"},
+{ERR_PACK(0,BIO_F_BIO_WRITE,0), "BIO_write"},
+{ERR_PACK(0,BIO_F_BUFFER_CTRL,0),       "BUFFER_CTRL"},
+{ERR_PACK(0,BIO_F_CONN_STATE,0),        "CONN_STATE"},
+{ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"},
+{ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"},
+{ERR_PACK(0,BIO_F_SSL_NEW,0),   "SSL_NEW"},
+{ERR_PACK(0,BIO_F_WSASTARTUP,0),        "WSASTARTUP"},
+{0,NULL},
+        };
+static ERR_STRING_DATA BIO_str_reasons[]=
+        {
+{BIO_R_ACCEPT_ERROR                      ,"accept error"},
+{BIO_R_BAD_FOPEN_MODE                    ,"bad fopen mode"},
+{BIO_R_BAD_HOSTNAME_LOOKUP               ,"bad hostname lookup"},
+{BIO_R_CONNECT_ERROR                     ,"connect error"},
+{BIO_R_ERROR_SETTING_NBIO                ,"error setting nbio"},
+{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"},
+{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"},
+{BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"},
+{BIO_R_INVALID_IP_ADDRESS                ,"invalid ip address"},
+{BIO_R_KEEPALIVE                         ,"keepalive"},
+{BIO_R_NBIO_CONNECT_ERROR                ,"nbio connect error"},
+{BIO_R_NO_ACCEPT_PORT_SPECIFIED          ,"no accept port specified"},
+{BIO_R_NO_HOSTHNAME_SPECIFIED            ,"no hosthname specified"},
+{BIO_R_NO_PORT_DEFINED                   ,"no port defined"},
+{BIO_R_NO_PORT_SPECIFIED                 ,"no port specified"},
+{BIO_R_NULL_PARAMETER                    ,"null parameter"},
+{BIO_R_UNABLE_TO_BIND_SOCKET             ,"unable to bind socket"},
+{BIO_R_UNABLE_TO_CREATE_SOCKET           ,"unable to create socket"},
+{BIO_R_UNABLE_TO_LISTEN_SOCKET           ,"unable to listen socket"},
+{BIO_R_UNINITALISED                      ,"uninitalised"},
+{BIO_R_UNSUPPORTED_METHOD                ,"unsupported method"},
+{BIO_R_WSASTARTUP                        ,"wsastartup"},
+{0,NULL},
+        };
+#endif
+void ERR_load_BIO_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_BIO,BIO_str_functs);
+                ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/bio/bio_lib.c b/src/lib/libssl/src/crypto/bio/bio_lib.c
new file mode 100644
index 0000000000..7a66b0892e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bio_lib.c
@@ -0,0 +1,519 @@
+/* crypto/bio/bio_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#include "crypto.h"
+#include "cryptlib.h"
+#include "bio.h"
+#include "stack.h"
+static STACK *bio_meth=NULL;
+static int bio_meth_num=0;
+BIO *BIO_new(method)
+BIO_METHOD *method;
+        {
+        BIO *ret=NULL;
+        ret=(BIO *)Malloc(sizeof(BIO));
+        if (ret == NULL)
+                {
+                BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        if (!BIO_set(ret,method))
+                {
+                Free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+int BIO_set(bio,method)
+BIO *bio;
+BIO_METHOD *method;
+        {
+        bio->method=method;
+        bio->callback=NULL;
+        bio->cb_arg=NULL;
+        bio->init=0;
+        bio->shutdown=1;
+        bio->flags=0;
+        bio->retry_reason=0;
+        bio->num=0;
+        bio->ptr=NULL;
+        bio->prev_bio=NULL;
+        bio->next_bio=NULL;
+        bio->references=1;
+        bio->num_read=0L;
+        bio->num_write=0L;
+        CRYPTO_new_ex_data(bio_meth,(char *)bio,&bio->ex_data);
+        if (method->create != NULL)
+                if (!method->create(bio))
+                        return(0);
+        return(1);
+        }
+int BIO_free(a)
+BIO *a;
+        {
+        int ret=0,i;
+        if (a == NULL) return(0);
+        i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO);
+#ifdef REF_PRINT
+        REF_PRINT("BIO",a);
+#endif
+        if (i > 0) return(1);
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"BIO_free, bad reference count\n");
+                abort();
+                }
+#endif
+        if ((a->callback != NULL) &&
+                ((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
+                        return(i);
+        CRYPTO_free_ex_data(bio_meth,(char *)a,&a->ex_data);
+        if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
+        ret=a->method->destroy(a);
+        Free(a);
+        return(1);
+        }
+int BIO_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        int i;
+        long (*cb)();
+        if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL))
+                {
+                BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD);
+                return(-2);
+                }
+        cb=b->callback;
+        if ((cb != NULL) &&
+                ((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0))
+                        return(i);
+        if (!b->init)
+                {
+                BIOerr(BIO_F_BIO_READ,BIO_R_UNINITALISED);
+                return(-2);
+                }
+        i=b->method->bread(b,out,outl);
+        if (i > 0) b->num_read+=(unsigned long)i;
+        if (cb != NULL)
+                i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl,
+                        0L,(long)i);
+        return(i);
+        }
+int BIO_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+        {
+        int i;
+        long (*cb)();
+        if (b == NULL)
+                return(0);
+        cb=b->callback;
+        if ((b->method == NULL) || (b->method->bwrite == NULL))
+                {
+                BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD);
+                return(-2);
+                }
+        if ((cb != NULL) &&
+                ((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0))
+                        return(i);
+        if (!b->init)
+                {
+                BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITALISED);
+                return(-2);
+                }
+        i=b->method->bwrite(b,in,inl);
+        if (i > 0) b->num_write+=(unsigned long)i;
+        if (cb != NULL)
+                i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
+                        0L,(long)i);
+        return(i);
+        }
+int BIO_puts(b,in)
+BIO *b;
+char *in;
+        {
+        int i;
+        long (*cb)();
+        if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL))
+                {
+                BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD);
+                return(-2);
+                }
+        cb=b->callback;
+        if ((cb != NULL) &&
+                ((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0))
+                        return(i);
+        if (!b->init)
+                {
+                BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITALISED);
+                return(-2);
+                }
+        i=b->method->bputs(b,in);
+        if (cb != NULL)
+                i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,
+                        0L,(long)i);
+        return(i);
+        }
+int BIO_gets(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+        {
+        int i;
+        long (*cb)();
+        if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL))
+                {
+                BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD);
+                return(-2);
+                }
+        cb=b->callback;
+        if ((cb != NULL) &&
+                ((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0))
+                        return(i);
+        if (!b->init)
+                {
+                BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITALISED);
+                return(-2);
+                }
+        i=b->method->bgets(b,in,inl);
+        if (cb != NULL)
+                i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl,
+                        0L,(long)i);
+        return(i);
+        }
+long BIO_int_ctrl(b,cmd,larg,iarg)
+BIO *b;
+int cmd;
+long larg;
+int iarg;
+        {
+        int i;
+        i=iarg;
+        return(BIO_ctrl(b,cmd,larg,(char *)&i));
+        }
+char *BIO_ptr_ctrl(b,cmd,larg)
+BIO *b;
+int cmd;
+long larg;
+        {
+        char *p=NULL;
+        if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0)
+                return(NULL);
+        else
+                return(p);
+        }
+long BIO_ctrl(b,cmd,larg,parg)
+BIO *b;
+int cmd;
+long larg;
+char *parg;
+        {
+        long ret;
+        long (*cb)();
+        if (b == NULL) return(0);
+        if ((b->method == NULL) || (b->method->ctrl == NULL))
+                {
+                BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);
+                return(-2);
+                }
+        cb=b->callback;
+        if ((cb != NULL) &&
+                ((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
+                return(ret);
+        ret=b->method->ctrl(b,cmd,larg,parg);
+        if (cb != NULL)
+                ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd,
+                        larg,ret);
+        return(ret);
+        }
+/* put the 'bio' on the end of b's list of operators */
+BIO *BIO_push(b,bio)
+BIO *b,*bio;
+        {
+        BIO *lb;
+        if (b == NULL) return(bio);
+        lb=b;
+        while (lb->next_bio != NULL)
+                lb=lb->next_bio;
+        lb->next_bio=bio;
+        if (bio != NULL)
+                bio->prev_bio=lb;
+        /* called to do internal processing */
+        BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL);
+        return(b);
+        }
+/* Remove the first and return the rest */
+BIO *BIO_pop(b)
+BIO *b;
+        {
+        BIO *ret;
+        if (b == NULL) return(NULL);
+        ret=b->next_bio;
+        if (b->prev_bio != NULL)
+                b->prev_bio->next_bio=b->next_bio;
+        if (b->next_bio != NULL)
+                b->next_bio->prev_bio=b->prev_bio;
+        b->next_bio=NULL;
+        b->prev_bio=NULL;
+        BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
+        return(ret);
+        }
+BIO *BIO_get_retry_BIO(bio,reason)
+BIO *bio;
+int *reason;
+        {
+        BIO *b,*last;
+        b=last=bio;
+        for (;;)
+                {
+                if (!BIO_should_retry(b)) break;
+                last=b;
+                b=b->next_bio;
+                if (b == NULL) break;
+                }
+        if (reason != NULL) *reason=last->retry_reason;
+        return(last);
+        }
+int BIO_get_retry_reason(bio)
+BIO *bio;
+        {
+        return(bio->retry_reason);
+        }
+BIO *BIO_find_type(bio,type)
+BIO *bio;
+int type;
+        {
+        int mt,mask;
+        mask=type&0xff;
+        do      {
+                if (bio->method != NULL)
+                        {
+                        mt=bio->method->type;
+                        if (!mask)
+                                {
+                                if (mt & type) return(bio);
+                                }
+                        else if (mt == type)
+                                return(bio);
+                        }
+                bio=bio->next_bio;
+                } while (bio != NULL);
+        return(NULL);
+        }
+void BIO_free_all(bio)
+BIO *bio;
+        {
+        BIO *b;
+        int ref;
+        while (bio != NULL)
+                {
+                b=bio;
+                ref=b->references;
+                bio=bio->next_bio;
+                BIO_free(b);
+                /* Since ref count > 1, don't free anyone else. */
+                if (ref > 1) break;
+                }
+        }
+BIO *BIO_dup_chain(in)
+BIO *in;
+        {
+        BIO *ret=NULL,*eoc=NULL,*bio,*new;
+        for (bio=in; bio != NULL; bio=bio->next_bio)
+                {
+                if ((new=BIO_new(bio->method)) == NULL) goto err;
+                new->callback=bio->callback;
+                new->cb_arg=bio->cb_arg;
+                new->init=bio->init;
+                new->shutdown=bio->shutdown;
+                new->flags=bio->flags;
+                /* This will let SSL_s_sock() work with stdin/stdout */
+                new->num=bio->num;
+                if (!BIO_dup_state(bio,(char *)new))
+                        {
+                        BIO_free(new);
+                        goto err;
+                        }
+                /* copy app data */
+                if (!CRYPTO_dup_ex_data(bio_meth,&new->ex_data,&bio->ex_data))
+                        goto err;
+                if (ret == NULL)
+                        {
+                        eoc=new;
+                        ret=eoc;
+                        }
+                else
+                        {
+                        BIO_push(eoc,new);
+                        eoc=new;
+                        }
+                }
+        return(ret);
+err:
+        if (ret != NULL)
+                BIO_free(ret);
+        return(NULL);   
+        }
+void BIO_copy_next_retry(b)
+BIO *b;
+        {
+        BIO_set_flags(b,BIO_get_retry_flags(b->next_bio));
+        b->retry_reason=b->next_bio->retry_reason;
+        }
+int BIO_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+        bio_meth_num++;
+        return(CRYPTO_get_ex_new_index(bio_meth_num-1,&bio_meth,
+                argl,argp,new_func,dup_func,free_func));
+        }
+int BIO_set_ex_data(bio,idx,data)
+BIO *bio;
+int idx;
+char *data;
+        {
+        return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data));
+        }
+char *BIO_get_ex_data(bio,idx)
+BIO *bio;
+int idx;
+        {
+        return(CRYPTO_get_ex_data(&(bio->ex_data),idx));
+        }
diff --git a/src/lib/libssl/src/crypto/bio/bss_acpt.c b/src/lib/libssl/src/crypto/bio/bss_acpt.c
new file mode 100644
index 0000000000..e49902fa9f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bss_acpt.c
@@ -0,0 +1,500 @@
+/* crypto/bio/bss_acpt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef NO_SOCK
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include "bio.h"
+/*      BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */
+#ifdef WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+typedef struct bio_accept_st
+        {
+        int state;
+        char *param_addr;
+        int accept_sock;
+        int accept_nbio;
+        char *addr;
+        int nbio;
+        BIO *bio_chain;
+        } BIO_ACCEPT;
+#ifndef NOPROTO
+static int acpt_write(BIO *h,char *buf,int num);
+static int acpt_read(BIO *h,char *buf,int size);
+static int acpt_puts(BIO *h,char *str);
+static long acpt_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int acpt_new(BIO *h);
+static int acpt_free(BIO *data);
+#else
+static int acpt_write();
+static int acpt_read();
+static int acpt_puts();
+static long acpt_ctrl();
+static int acpt_new();
+static int acpt_free();
+#endif
+#ifndef NOPROTO
+static int acpt_state(BIO *b, BIO_ACCEPT *c);
+static void acpt_close_socket(BIO *data);
+BIO_ACCEPT *BIO_ACCEPT_new(void );
+void BIO_ACCEPT_free(BIO_ACCEPT *a);
+#else
+static int acpt_state();
+static void acpt_close_socket();
+BIO_ACCEPT *BIO_ACCEPT_new();
+void BIO_ACCEPT_free();
+#endif
+#define ACPT_S_BEFORE                   1
+#define ACPT_S_GET_ACCEPT_SOCKET        2
+#define ACPT_S_OK                       3
+static BIO_METHOD methods_acceptp=
+        {
+        BIO_TYPE_ACCEPT,
+        "socket accept",
+        acpt_write,
+        acpt_read,
+        acpt_puts,
+        NULL, /* connect_gets, */
+        acpt_ctrl,
+        acpt_new,
+        acpt_free,
+        };
+BIO_METHOD *BIO_s_accept()
+        {
+        return(&methods_acceptp);
+        }
+static int acpt_new(bi)
+BIO *bi;
+        {
+        BIO_ACCEPT *ba;
+        bi->init=0;
+        bi->num=INVALID_SOCKET;
+        bi->flags=0;
+        if ((ba=BIO_ACCEPT_new()) == NULL)
+                return(0);
+        bi->ptr=(char *)ba;
+        ba->state=ACPT_S_BEFORE;
+        bi->shutdown=1;
+        return(1);
+        }
+BIO_ACCEPT *BIO_ACCEPT_new()
+        {
+        BIO_ACCEPT *ret;
+        if ((ret=(BIO_ACCEPT *)Malloc(sizeof(BIO_ACCEPT))) == NULL)
+                return(NULL);
+        memset(ret,0,sizeof(BIO_ACCEPT));
+        ret->accept_sock=INVALID_SOCKET;
+        return(ret);
+        }
+void BIO_ACCEPT_free(a)
+BIO_ACCEPT *a;
+        {
+        if (a->param_addr != NULL) Free(a->param_addr);
+        if (a->addr != NULL) Free(a->addr);
+        if (a->bio_chain != NULL) BIO_free(a->bio_chain);
+        Free(a);
+        }
+static void acpt_close_socket(bio)
+BIO *bio;
+        {
+        BIO_ACCEPT *c;
+        c=(BIO_ACCEPT *)bio->ptr;
+        if (c->accept_sock != INVALID_SOCKET)
+                {
+                shutdown(c->accept_sock,2);
+# ifdef WINDOWS
+                closesocket(c->accept_sock);
+# else
+                close(c->accept_sock);
+# endif
+                c->accept_sock=INVALID_SOCKET;
+                bio->num=INVALID_SOCKET;
+                }
+        }
+static int acpt_free(a)
+BIO *a;
+        {
+        BIO_ACCEPT *data;
+        if (a == NULL) return(0);
+        data=(BIO_ACCEPT *)a->ptr;
+         
+        if (a->shutdown)
+                {
+                acpt_close_socket(a);
+                BIO_ACCEPT_free(data);
+                a->ptr=NULL;
+                a->flags=0;
+                a->init=0;
+                }
+        return(1);
+        }
+        
+static int acpt_state(b,c)
+BIO *b;
+BIO_ACCEPT *c;
+        {
+        BIO *bio=NULL,*dbio;
+        unsigned long l=1;
+        int s= -1;
+        int i;
+again:
+        switch (c->state)
+                {
+        case ACPT_S_BEFORE:
+                if (c->param_addr == NULL)
+                        {
+                        BIOerr(BIO_F_ACPT_STATE,BIO_R_NO_ACCEPT_PORT_SPECIFIED);
+                        return(-1);
+                        }
+                s=BIO_get_accept_socket(c->param_addr);
+                if (s == INVALID_SOCKET)
+                        return(-1);
+#ifdef FIONBIO
+                if (c->accept_nbio)
+                        {
+                        i=BIO_socket_ioctl(b->num,FIONBIO,&l);
+                        if (i < 0)
+                                {
+#ifdef WINDOWS
+                                closesocket(s);
+#else
+                                close(s);
+# endif
+                                BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
+                                return(-1);
+                                }
+                        }
+#endif
+                c->accept_sock=s;
+                b->num=s;
+                c->state=ACPT_S_GET_ACCEPT_SOCKET;
+                return(1);
+                break;
+        case ACPT_S_GET_ACCEPT_SOCKET:
+                if (b->next_bio != NULL)
+                        {
+                        c->state=ACPT_S_OK;
+                        goto again;
+                        }
+                i=BIO_accept(c->accept_sock,&(c->addr));
+                if (i < 0) return(i);
+                bio=BIO_new_socket(i,BIO_CLOSE);
+                if (bio == NULL) goto err;
+                BIO_set_callback(bio,BIO_get_callback(b));
+                BIO_set_callback_arg(bio,BIO_get_callback_arg(b));
+#ifdef FIONBIO
+                if (c->nbio)
+                        {
+                        i=BIO_socket_ioctl(i,FIONBIO,&l);
+                        if (i < 0)
+                                {
+                                BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
+                                goto err;
+                                }
+                        }
+#endif
+                /* If the accept BIO has an bio_chain, we dup it and
+                 * put the new socket at the end. */
+                if (c->bio_chain != NULL)
+                        {
+                        if ((dbio=BIO_dup_chain(c->bio_chain)) == NULL)
+                                goto err;
+                        if (!BIO_push(dbio,bio)) goto err;
+                        bio=dbio;
+                        }
+                if (BIO_push(b,bio) == NULL) goto err;
+                c->state=ACPT_S_OK;
+                return(1);
+err:
+                if (bio != NULL)
+                        BIO_free(bio);
+                else if (s >= 0)
+                        {
+#ifdef WINDOWS
+                        closesocket(s);
+#else
+                        close(s);
+# endif
+                        }
+                return(0);
+                break;
+        case ACPT_S_OK:
+                if (b->next_bio == NULL)
+                        {
+                        c->state=ACPT_S_GET_ACCEPT_SOCKET;
+                        goto again;
+                        }
+                return(1);
+                break;
+        default:        
+                return(0);
+                break;
+                }
+        }
+static int acpt_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        int ret=0;
+        BIO_ACCEPT *data;
+        BIO_clear_retry_flags(b);
+        data=(BIO_ACCEPT *)b->ptr;
+        while (b->next_bio == NULL)
+                {
+                ret=acpt_state(b,data);
+                if (ret <= 0) return(ret);
+                }
+        ret=BIO_read(b->next_bio,out,outl);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+static int acpt_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+        {
+        int ret;
+        BIO_ACCEPT *data;
+        BIO_clear_retry_flags(b);
+        data=(BIO_ACCEPT *)b->ptr;
+        while (b->next_bio == NULL)
+                {
+                ret=acpt_state(b,data);
+                if (ret <= 0) return(ret);
+                }
+        ret=BIO_write(b->next_bio,in,inl);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+static long acpt_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        BIO *dbio;
+        int *ip;
+        long ret=1;
+        BIO_ACCEPT *data;
+        char **pp;
+        data=(BIO_ACCEPT *)b->ptr;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ret=0;
+                data->state=ACPT_S_BEFORE;
+                acpt_close_socket(b);
+                b->flags=0;
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                /* use this one to start the connection */
+                ret=(long)acpt_state(b,data);
+                break;
+        case BIO_C_SET_ACCEPT:
+                if (ptr != NULL)
+                        {
+                        if (num == 0)
+                                {
+                                b->init=1;
+                                if (data->param_addr != NULL)
+                                        Free(data->param_addr);
+                                data->param_addr=BUF_strdup(ptr);
+                                }
+                        else if (num == 1)
+                                {
+                                data->accept_nbio=(ptr != NULL);
+                                }
+                        else if (num == 2)
+                                {
+                                if (data->bio_chain != NULL)
+                                        BIO_free(data->bio_chain);
+                                data->bio_chain=(BIO *)ptr;
+                                }
+                        }
+                break;
+        case BIO_C_SET_NBIO:
+                data->nbio=(int)num;
+                break;
+        case BIO_C_GET_FD:
+                if (b->init)
+                        {
+                        ip=(int *)ptr;
+                        if (ip != NULL)
+                                *ip=data->accept_sock;
+                        ret=b->num;
+                        }
+                else
+                        ret= -1;
+                break;
+        case BIO_C_GET_ACCEPT:
+                if (b->init)
+                        {
+                        if (ptr != NULL)
+                                {
+                                pp=(char **)ptr;
+                                *pp=data->param_addr;
+                                }
+                        else
+                                ret= -1;
+                        }
+                else
+                        ret= -1;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+                ret=b->shutdown;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+                b->shutdown=(int)num;
+                break;
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_WPENDING:
+                ret=0;
+                break;
+        case BIO_CTRL_FLUSH:
+                break;
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+/*              if (data->param_port) EAY EAY
+                        BIO_set_port(dbio,data->param_port);
+                if (data->param_hostname)
+                        BIO_set_hostname(dbio,data->param_hostname);
+                BIO_set_nbio(dbio,data->nbio); */
+                break;
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+static int acpt_puts(bp,str)
+BIO *bp;
+char *str;
+        {
+        int n,ret;
+        n=strlen(str);
+        ret=acpt_write(bp,str,n);
+        return(ret);
+        }
+BIO *BIO_new_accept(str)
+char *str;
+        {
+        BIO *ret;
+        ret=BIO_new(BIO_s_accept());
+        if (ret == NULL) return(NULL);
+        if (BIO_set_accept_port(ret,str))
+                return(ret);
+        else
+                {
+                BIO_free(ret);
+                return(NULL);
+                }
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/bio/bss_conn.c b/src/lib/libssl/src/crypto/bio/bss_conn.c
new file mode 100644
index 0000000000..6e547bf866
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bss_conn.c
@@ -0,0 +1,648 @@
+/* crypto/bio/bss_conn.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef NO_SOCK
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include "bio.h"
+/*      BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */
+#ifdef WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+typedef struct bio_connect_st
+        {
+        int state;
+        char *param_hostname;
+        char *param_port;
+        int nbio;
+        unsigned char ip[4];
+        short port;
+        struct sockaddr_in them;
+        /* int socket; this will be kept in bio->num so that it is
+         * compatable with the bss_sock bio */ 
+        int error;
+        /* called when the connection is initially made
+         *  callback(BIO,state,ret);  The callback should return
+         * 'ret'.  state is for compatablity with the ssl info_callback */
+        int (*info_callback)();
+        } BIO_CONNECT;
+#ifndef NOPROTO
+static int conn_write(BIO *h,char *buf,int num);
+static int conn_read(BIO *h,char *buf,int size);
+static int conn_puts(BIO *h,char *str);
+static long conn_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int conn_new(BIO *h);
+static int conn_free(BIO *data);
+#else
+static int conn_write();
+static int conn_read();
+static int conn_puts();
+static long conn_ctrl();
+static int conn_new();
+static int conn_free();
+#endif
+#ifndef NOPROTO
+static int conn_state(BIO *b, BIO_CONNECT *c);
+static void conn_close_socket(BIO *data);
+BIO_CONNECT *BIO_CONNECT_new(void );
+void BIO_CONNECT_free(BIO_CONNECT *a);
+#else
+static int conn_state();
+static void conn_close_socket();
+BIO_CONNECT *BIO_CONNECT_new();
+void BIO_CONNECT_free();
+#endif
+static BIO_METHOD methods_connectp=
+        {
+        BIO_TYPE_CONNECT,
+        "socket connect",
+        conn_write,
+        conn_read,
+        conn_puts,
+        NULL, /* connect_gets, */
+        conn_ctrl,
+        conn_new,
+        conn_free,
+        };
+static int conn_state(b,c)
+BIO *b;
+BIO_CONNECT *c;
+        {
+        int ret= -1,i;
+        unsigned long l;
+        char *p,*q;
+        int (*cb)()=NULL;
+        if (c->info_callback != NULL)
+                cb=c->info_callback;
+        for (;;)
+                {
+                switch (c->state)
+                        {
+                case BIO_CONN_S_BEFORE:
+                        p=c->param_hostname;
+                        if (p == NULL)
+                                {
+                                BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTHNAME_SPECIFIED);
+                                goto exit_loop;
+                                }
+                        for ( ; *p != '\0'; p++)
+                                {
+                                if ((*p == ':') || (*p == '/')) break;
+                                }
+                        i= *p;
+                        if ((i == ':') || (i == '/'))
+                                {
+                                *(p++)='\0';
+                                if (i == ':')
+                                        {
+                                        for (q=p; *q; q++)
+                                                if (*q == '/')
+                                                        {
+                                                        *q='\0';
+                                                        break;
+                                                        }
+                                        if (c->param_port != NULL)
+                                                Free(c->param_port);
+                                        c->param_port=BUF_strdup(p);
+                                        }
+                                }
+                        if (p == NULL)
+                                {
+                                BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED);
+                                ERR_add_error_data(2,"host=",c->param_hostname);
+                                goto exit_loop;
+                                }
+                        c->state=BIO_CONN_S_GET_IP;
+                        break;
+                case BIO_CONN_S_GET_IP:
+                        if (BIO_get_host_ip(c->param_hostname,&(c->ip[0])) <= 0)
+                                goto exit_loop;
+                        c->state=BIO_CONN_S_GET_PORT;
+                        break;
+                case BIO_CONN_S_GET_PORT:
+                        if (BIO_get_port(c->param_port,&c->port) <= 0)
+                                goto exit_loop;
+                        c->state=BIO_CONN_S_CREATE_SOCKET;
+                        break;
+                case BIO_CONN_S_CREATE_SOCKET:
+                        /* now setup address */
+                        memset((char *)&c->them,0,sizeof(c->them));
+                        c->them.sin_family=AF_INET;
+                        c->them.sin_port=htons((unsigned short)c->port);
+                        l=(unsigned long)
+                                ((unsigned long)c->ip[0]<<24L)|
+                                ((unsigned long)c->ip[1]<<16L)|
+                                ((unsigned long)c->ip[2]<< 8L)|
+                                ((unsigned long)c->ip[3]);
+                        c->them.sin_addr.s_addr=htonl(l);
+                        c->state=BIO_CONN_S_CREATE_SOCKET;
+                        ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+                        if (ret == INVALID_SOCKET)
+                                {
+                                SYSerr(SYS_F_SOCKET,get_last_socket_error());
+                                ERR_add_error_data(4,"host=",c->param_hostname,
+                                        ":",c->param_port);
+                                BIOerr(BIO_F_CONN_STATE,BIO_R_UNABLE_TO_CREATE_SOCKET);
+                                goto exit_loop;
+                                }
+                        b->num=ret;
+                        c->state=BIO_CONN_S_NBIO;
+                        break;
+                case BIO_CONN_S_NBIO:
+#ifdef FIONBIO
+                        if (c->nbio)
+                                {
+                                l=1;
+                                ret=BIO_socket_ioctl(b->num,FIONBIO,&l);
+                                if (ret < 0)
+                                        {
+                                        BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO);
+                                        ERR_add_error_data(4,"host=",
+                                                c->param_hostname,
+                                                ":",c->param_port);
+                                        goto exit_loop;
+                                        }
+                                }
+#endif
+                        c->state=BIO_CONN_S_CONNECT;
+#ifdef SO_KEEPALIVE
+                        i=1;
+                        i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+                        if (i < 0)
+                                {
+                                SYSerr(SYS_F_SOCKET,get_last_socket_error());
+                                ERR_add_error_data(4,"host=",c->param_hostname,
+                                        ":",c->param_port);
+                                BIOerr(BIO_F_CONN_STATE,BIO_R_KEEPALIVE);
+                                goto exit_loop;
+                                }
+#endif
+                        break;
+                case BIO_CONN_S_CONNECT:
+                        BIO_clear_retry_flags(b);
+                        ret=connect(b->num,
+                                (struct sockaddr *)&c->them,
+                                sizeof(c->them));
+                        b->retry_reason=0;
+                        if (ret < 0)
+                                {
+                                if (BIO_sock_should_retry(ret))
+                                        {
+                                        BIO_set_retry_special(b);
+                                        c->state=BIO_CONN_S_BLOCKED_CONNECT;
+                                        b->retry_reason=BIO_RR_CONNECT;
+                                        }
+                                else
+                                        {
+                                        SYSerr(SYS_F_CONNECT,get_last_socket_error());
+                                        ERR_add_error_data(4,"host=",
+                                                c->param_hostname,
+                                                ":",c->param_port);
+                                        BIOerr(BIO_F_CONN_STATE,BIO_R_CONNECT_ERROR);
+                                        }
+                                goto exit_loop;
+                                }
+                        else
+                                c->state=BIO_CONN_S_OK;
+                        break;
+                case BIO_CONN_S_BLOCKED_CONNECT:
+                        i=BIO_sock_error(b->num);
+                        if (i)
+                                {
+                                BIO_clear_retry_flags(b);
+                                SYSerr(SYS_F_CONNECT,i);
+                                ERR_add_error_data(4,"host=",
+                                        c->param_hostname,
+                                        ":",c->param_port);
+                                BIOerr(BIO_F_CONN_STATE,BIO_R_NBIO_CONNECT_ERROR);
+                                ret=0;
+                                goto exit_loop;
+                                }
+                        else
+                                c->state=BIO_CONN_S_OK;
+                        break;
+                case BIO_CONN_S_OK:
+                        ret=1;
+                        goto exit_loop;
+                default:
+                        abort();
+                        goto exit_loop;
+                        }
+                if (cb != NULL)
+                        {
+                        if (!(ret=cb((BIO *)b,c->state,ret)))
+                                goto end;
+                        }
+                }
+        if (1)
+                {
+exit_loop:
+                if (cb != NULL)
+                        ret=cb((BIO *)b,c->state,ret);
+                }
+end:
+        return(ret);
+        }
+BIO_CONNECT *BIO_CONNECT_new()
+        {
+        BIO_CONNECT *ret;
+        if ((ret=(BIO_CONNECT *)Malloc(sizeof(BIO_CONNECT))) == NULL)
+                return(NULL);
+        ret->state=BIO_CONN_S_BEFORE;
+        ret->param_hostname=NULL;
+        ret->param_port=NULL;
+        ret->info_callback=NULL;
+        ret->nbio=0;
+        ret->ip[0]=0;
+        ret->ip[1]=0;
+        ret->ip[2]=0;
+        ret->ip[3]=0;
+        ret->port=0;
+        memset((char *)&ret->them,0,sizeof(ret->them));
+        ret->error=0;
+        return(ret);
+        }
+void BIO_CONNECT_free(a)
+BIO_CONNECT *a;
+        {
+        if (a->param_hostname != NULL)
+                Free(a->param_hostname);
+        if (a->param_port != NULL)
+                Free(a->param_port);
+        Free(a);
+        }
+BIO_METHOD *BIO_s_connect()
+        {
+        return(&methods_connectp);
+        }
+static int conn_new(bi)
+BIO *bi;
+        {
+        bi->init=0;
+        bi->num=INVALID_SOCKET;
+        bi->flags=0;
+        if ((bi->ptr=(char *)BIO_CONNECT_new()) == NULL)
+                return(0);
+        else
+                return(1);
+        }
+static void conn_close_socket(bio)
+BIO *bio;
+        {
+        BIO_CONNECT *c;
+        c=(BIO_CONNECT *)bio->ptr;
+        if (bio->num != INVALID_SOCKET)
+                {
+                /* Only do a shutdown if things were established */
+                if (c->state == BIO_CONN_S_OK)
+                        shutdown(bio->num,2);
+# ifdef WINDOWS
+                closesocket(bio->num);
+# else
+                close(bio->num);
+# endif
+                bio->num=INVALID_SOCKET;
+                }
+        }
+static int conn_free(a)
+BIO *a;
+        {
+        BIO_CONNECT *data;
+        if (a == NULL) return(0);
+        data=(BIO_CONNECT *)a->ptr;
+         
+        if (a->shutdown)
+                {
+                conn_close_socket(a);
+                BIO_CONNECT_free(data);
+                a->ptr=NULL;
+                a->flags=0;
+                a->init=0;
+                }
+        return(1);
+        }
+        
+static int conn_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        int ret=0;
+        BIO_CONNECT *data;
+        data=(BIO_CONNECT *)b->ptr;
+        if (data->state != BIO_CONN_S_OK)
+                {
+                ret=conn_state(b,data);
+                if (ret <= 0)
+                                return(ret);
+                }
+        if (out != NULL)
+                {
+                clear_socket_error();
+#if defined(WINDOWS)
+                ret=recv(b->num,out,outl,0);
+#else
+                ret=read(b->num,out,outl);
+#endif
+                BIO_clear_retry_flags(b);
+                if (ret <= 0)
+                        {
+                        if (BIO_sock_should_retry(ret))
+                                BIO_set_retry_read(b);
+                        }
+                }
+        return(ret);
+        }
+static int conn_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+        {
+        int ret;
+        BIO_CONNECT *data;
+        data=(BIO_CONNECT *)b->ptr;
+        if (data->state != BIO_CONN_S_OK)
+                {
+                ret=conn_state(b,data);
+                if (ret <= 0) return(ret);
+                }
+        clear_socket_error();
+#if defined(WINDOWS)
+        ret=send(b->num,in,inl,0);
+#else
+        ret=write(b->num,in,inl);
+#endif
+        BIO_clear_retry_flags(b);
+        if (ret <= 0)
+                {
+                if (BIO_sock_should_retry(ret))
+                        BIO_set_retry_write(b);
+                }
+        return(ret);
+        }
+static long conn_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        BIO *dbio;
+        int *ip;
+        char **pptr;
+        long ret=1;
+        BIO_CONNECT *data;
+        data=(BIO_CONNECT *)b->ptr;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ret=0;
+                data->state=BIO_CONN_S_BEFORE;
+                conn_close_socket(b);
+                b->flags=0;
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                /* use this one to start the connection */
+                if (!data->state != BIO_CONN_S_OK)
+                        ret=(long)conn_state(b,data);
+                else
+                        ret=1;
+                break;
+        case BIO_C_GET_CONNECT:
+                if (ptr != NULL)
+                        {
+                        pptr=(char **)ptr;
+                        if (num == 0)
+                                {
+                                *pptr=data->param_hostname;
+                                }
+                        else if (num == 1)
+                                {
+                                *pptr=data->param_port;
+                                }
+                        else if (num == 2)
+                                {
+                                *pptr= (char *)&(data->ip[0]);
+                                }
+                        else if (num == 3)
+                                {
+                                *((int *)ptr)=data->port;
+                                }
+                        if ((!b->init) || (ptr == NULL))
+                                *pptr="not initalised";
+                        ret=1;
+                        }
+                break;
+        case BIO_C_SET_CONNECT:
+                if (ptr != NULL)
+                        {
+                        b->init=1;
+                        if (num == 0)
+                                {
+                                if (data->param_hostname != NULL)
+                                        Free(data->param_hostname);
+                                data->param_hostname=BUF_strdup(ptr);
+                                }
+                        else if (num == 1)
+                                {
+                                if (data->param_port != NULL)
+                                        Free(data->param_port);
+                                data->param_port=BUF_strdup(ptr);
+                                }
+                        else if (num == 2)
+                                memcpy(data->ip,ptr,4);
+                        else if (num == 3)
+                                data->port= *(int *)ptr;
+                        }
+                break;
+        case BIO_C_SET_NBIO:
+                data->nbio=(int)num;
+                break;
+        case BIO_C_GET_FD:
+                if (b->init)
+                        {
+                        ip=(int *)ptr;
+                        if (ip != NULL)
+                                *ip=b->num;
+                        ret=b->num;
+                        }
+                else
+                        ret= -1;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+                ret=b->shutdown;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+                b->shutdown=(int)num;
+                break;
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_WPENDING:
+                ret=0;
+                break;
+        case BIO_CTRL_FLUSH:
+                break;
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+                if (data->param_port)
+                        BIO_set_conn_port(dbio,data->param_port);
+                if (data->param_hostname)
+                        BIO_set_conn_hostname(dbio,data->param_hostname);
+                BIO_set_nbio(dbio,data->nbio);
+                BIO_set_info_callback(dbio,data->info_callback);
+                break;
+        case BIO_CTRL_SET_CALLBACK:
+                data->info_callback=(int (*)())ptr;
+                break;
+        case BIO_CTRL_GET_CALLBACK:
+                {
+                int (**fptr)();
+                fptr=(int (**)())ptr;
+                *fptr=data->info_callback;
+                }
+                break;
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+static int conn_puts(bp,str)
+BIO *bp;
+char *str;
+        {
+        int n,ret;
+        n=strlen(str);
+        ret=conn_write(bp,str,n);
+        return(ret);
+        }
+BIO *BIO_new_connect(str)
+char *str;
+        {
+        BIO *ret;
+        ret=BIO_new(BIO_s_connect());
+        if (ret == NULL) return(NULL);
+        if (BIO_set_conn_hostname(ret,str))
+                return(ret);
+        else
+                {
+                BIO_free(ret);
+                return(NULL);
+                }
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/bio/bss_fd.c b/src/lib/libssl/src/crypto/bio/bss_fd.c
new file mode 100644
index 0000000000..686c4909a2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bss_fd.c
@@ -0,0 +1,62 @@
+/* crypto/bio/bss_fd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#define BIO_FD
+#include "bss_sock.c"
+#undef BIO_FD
diff --git a/src/lib/libssl/src/crypto/bio/bss_file.c b/src/lib/libssl/src/crypto/bio/bss_file.c
new file mode 100644
index 0000000000..1484cf849e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bss_file.c
@@ -0,0 +1,339 @@
+/* crypto/bio/bss_file.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/*
+ * 03-Dec-1997  rdenny@dc3.com  Fix bug preventing use of stdin/stdout
+ *              with binary data (e.g. asn1parse -inform DER < xxx) under
+ *              Windows
+ */
+#ifndef HEADER_BSS_FILE_C
+#define HEADER_BSS_FILE_C
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "bio.h"
+#include "err.h"
+#if !defined(NO_STDIO)
+#ifndef NOPROTO
+static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
+static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
+static int MS_CALLBACK file_puts(BIO *h,char *str);
+static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
+static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int MS_CALLBACK file_new(BIO *h);
+static int MS_CALLBACK file_free(BIO *data);
+#else
+static int MS_CALLBACK file_write();
+static int MS_CALLBACK file_read();
+static int MS_CALLBACK file_puts();
+static int MS_CALLBACK file_gets();
+static long MS_CALLBACK file_ctrl();
+static int MS_CALLBACK file_new();
+static int MS_CALLBACK file_free();
+#endif
+static BIO_METHOD methods_filep=
+        {
+        BIO_TYPE_FILE,
+        "FILE pointer",
+        file_write,
+        file_read,
+        file_puts,
+        file_gets,
+        file_ctrl,
+        file_new,
+        file_free,
+        };
+BIO *BIO_new_file(filename,mode)
+char *filename;
+char *mode;
+        {
+        BIO *ret;
+        FILE *file;
+        if ((file=fopen(filename,mode)) == NULL)
+                {
+                SYSerr(SYS_F_FOPEN,get_last_sys_error());
+                ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
+                BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
+                return(NULL);
+                }
+        if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
+                return(NULL);
+        BIO_set_fp(ret,file,BIO_CLOSE);
+        return(ret);
+        }
+BIO *BIO_new_fp(stream,close_flag)
+FILE *stream;
+int close_flag;
+        {
+        BIO *ret;
+        if ((ret=BIO_new(BIO_s_file())) == NULL)
+                return(NULL);
+        BIO_set_fp(ret,stream,close_flag);
+        return(ret);
+        }
+BIO_METHOD *BIO_s_file()
+        {
+        return(&methods_filep);
+        }
+static int MS_CALLBACK file_new(bi)
+BIO *bi;
+        {
+        bi->init=0;
+        bi->num=0;
+        bi->ptr=NULL;
+        return(1);
+        }
+static int MS_CALLBACK file_free(a)
+BIO *a;
+        {
+        if (a == NULL) return(0);
+        if (a->shutdown)
+                {
+                if ((a->init) && (a->ptr != NULL))
+                        {
+                        fclose((FILE *)a->ptr);
+                        a->ptr=NULL;
+                        }
+                a->init=0;
+                }
+        return(1);
+        }
+        
+static int MS_CALLBACK file_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        int ret=0;
+        if (b->init && (out != NULL))
+                {
+                ret=fread(out,1,(int)outl,(FILE *)b->ptr);
+                }
+        return(ret);
+        }
+static int MS_CALLBACK file_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+        {
+        int ret=0;
+        if (b->init && (in != NULL))
+                {
+                if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
+                        ret=inl;
+                /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
+                /* acording to Tim Hudson <tjh@cryptsoft.com>, the commented
+                 * out version above can cause 'inl' write calls under
+                 * some stupid stdio implementations (VMS) */
+                }
+        return(ret);
+        }
+static long MS_CALLBACK file_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        long ret=1;
+        FILE *fp=(FILE *)b->ptr;
+        FILE **fpp;
+        char p[4];
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ret=(long)fseek(fp,num,0);
+                break;
+        case BIO_CTRL_EOF:
+                ret=(long)feof(fp);
+                break;
+        case BIO_CTRL_INFO:
+                ret=ftell(fp);
+                break;
+        case BIO_C_SET_FILE_PTR:
+                file_free(b);
+                b->shutdown=(int)num;
+                b->ptr=(char *)ptr;
+                b->init=1;
+#if defined(MSDOS) || defined(WINDOWS)
+                /* Set correct text/binary mode */
+                if (num & BIO_FP_TEXT)
+                        _setmode(fileno((FILE *)ptr),_O_TEXT);
+                else
+                        _setmode(fileno((FILE *)ptr),_O_BINARY);
+#endif
+                break;
+        case BIO_C_SET_FILENAME:
+                file_free(b);
+                b->shutdown=(int)num&BIO_CLOSE;
+                if (num & BIO_FP_APPEND)
+                        {
+                        if (num & BIO_FP_READ)
+                                strcpy(p,"a+");
+                        else    strcpy(p,"a");
+                        }
+                else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
+                        strcpy(p,"r+");
+                else if (num & BIO_FP_WRITE)
+                        strcpy(p,"w");
+                else if (num & BIO_FP_READ)
+                        strcpy(p,"r");
+                else
+                        {
+                        BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
+                        ret=0;
+                        break;
+                        }
+#if defined(MSDOS) || defined(WINDOWS)
+                if (!(num & BIO_FP_TEXT))
+                        strcat(p,"b");
+                else
+                        strcat(p,"t");
+#endif
+                fp=fopen(ptr,p);
+                if (fp == NULL)
+                        {
+                        SYSerr(SYS_F_FOPEN,get_last_sys_error());
+                        ERR_add_error_data(5,"fopen('",ptr,"','",p,"')");
+                        BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
+                        ret=0;
+                        break;
+                        }
+                b->ptr=(char *)fp;
+                b->init=1;
+                break;
+        case BIO_C_GET_FILE_PTR:
+                /* the ptr parameter is actually a FILE ** in this case. */
+                if (ptr != NULL)
+                        {
+                        fpp=(FILE **)ptr;
+                        *fpp=(FILE *)b->ptr;
+                        }
+                break;
+        case BIO_CTRL_GET_CLOSE:
+                ret=(long)b->shutdown;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+                b->shutdown=(int)num;
+                break;
+        case BIO_CTRL_FLUSH:
+                fflush((FILE *)b->ptr);
+                break;
+        case BIO_CTRL_DUP:
+                ret=1;
+                break;
+        case BIO_CTRL_WPENDING:
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_PUSH:
+        case BIO_CTRL_POP:
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+static int MS_CALLBACK file_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+        {
+        int ret=0;
+        buf[0]='\0';
+        fgets(buf,size,(FILE *)bp->ptr);
+        if (buf[0] != '\0')
+                ret=strlen(buf);
+        return(ret);
+        }
+static int MS_CALLBACK file_puts(bp,str)
+BIO *bp;
+char *str;
+        {
+        int n,ret;
+        n=strlen(str);
+        ret=file_write(bp,str,n);
+        return(ret);
+        }
+#endif /* NO_STDIO */
+#endif /* HEADER_BSS_FILE_C */
diff --git a/src/lib/libssl/src/crypto/bio/bss_mem.c b/src/lib/libssl/src/crypto/bio/bss_mem.c
new file mode 100644
index 0000000000..40c4e39f02
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bss_mem.c
@@ -0,0 +1,297 @@
+/* crypto/bio/bss_mem.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "bio.h"
+#ifndef NOPROTO
+static int mem_write(BIO *h,char *buf,int num);
+static int mem_read(BIO *h,char *buf,int size);
+static int mem_puts(BIO *h,char *str);
+static int mem_gets(BIO *h,char *str,int size);
+static long mem_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int mem_new(BIO *h);
+static int mem_free(BIO *data);
+#else
+static int mem_write();
+static int mem_read();
+static int mem_puts();
+static int mem_gets();
+static long mem_ctrl();
+static int mem_new();
+static int mem_free();
+#endif
+static BIO_METHOD mem_method=
+        {
+        BIO_TYPE_MEM,
+        "memory buffer",
+        mem_write,
+        mem_read,
+        mem_puts,
+        mem_gets,
+        mem_ctrl,
+        mem_new,
+        mem_free,
+        };
+BIO_METHOD *BIO_s_mem()
+        {
+        return(&mem_method);
+        }
+static int mem_new(bi)
+BIO *bi;
+        {
+        BUF_MEM *b;
+        if ((b=BUF_MEM_new()) == NULL)
+                return(0);
+        bi->shutdown=1;
+        bi->init=1;
+        bi->num=0;
+        bi->ptr=(char *)b;
+        return(1);
+        }
+static int mem_free(a)
+BIO *a;
+        {
+        if (a == NULL) return(0);
+        if (a->shutdown)
+                {
+                if ((a->init) && (a->ptr != NULL))
+                        {
+                        BUF_MEM_free((BUF_MEM *)a->ptr);
+                        a->ptr=NULL;
+                        }
+                }
+        return(1);
+        }
+        
+static int mem_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        int ret= -1;
+        BUF_MEM *bm;
+        int i;
+        char *from,*to;
+        bm=(BUF_MEM *)b->ptr;
+        BIO_clear_retry_flags(b);
+        ret=(outl > bm->length)?bm->length:outl;
+        if ((out != NULL) && (ret > 0))
+                {
+                memcpy(out,bm->data,ret);
+                bm->length-=ret;
+                /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */
+                from=(char *)&(bm->data[ret]);
+                to=(char *)&(bm->data[0]);
+                for (i=0; i<bm->length; i++)
+                        to[i]=from[i];
+                }
+        else if (bm->length == 0)
+                {
+                BIO_set_retry_read(b);
+                ret= -1;
+                }
+        return(ret);
+        }
+static int mem_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+        {
+        int ret= -1;
+        int blen;
+        BUF_MEM *bm;
+        bm=(BUF_MEM *)b->ptr;
+        if (in == NULL)
+                {
+                BIOerr(BIO_F_MEM_WRITE,BIO_R_NULL_PARAMETER);
+                goto end;
+                }
+        BIO_clear_retry_flags(b);
+        blen=bm->length;
+        if (BUF_MEM_grow(bm,blen+inl) != (blen+inl))
+                goto end;
+        memcpy(&(bm->data[blen]),in,inl);
+        ret=inl;
+end:
+        return(ret);
+        }
+static long mem_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        long ret=1;
+        char **pptr;
+        BUF_MEM *bm=(BUF_MEM *)b->ptr;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                if (bm->data != NULL)
+                        memset(bm->data,0,bm->max);
+                bm->length=0;
+                break;
+        case BIO_CTRL_EOF:
+                ret=(long)(bm->length == 0);
+                break;
+        case BIO_CTRL_INFO:
+                ret=(long)bm->length;
+                if (ptr != NULL)
+                        {
+                        pptr=(char **)ptr;
+                        *pptr=(char *)&(bm->data[0]);
+                        }
+                break;
+        case BIO_C_SET_BUF_MEM:
+                mem_free(b);
+                b->shutdown=(int)num;
+                b->ptr=ptr;
+                break;
+        case BIO_C_GET_BUF_MEM_PTR:
+                if (ptr != NULL)
+                        {
+                        pptr=(char **)ptr;
+                        *pptr=(char *)bm;
+                        }
+                break;
+        case BIO_CTRL_GET_CLOSE:
+                ret=(long)b->shutdown;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+                b->shutdown=(int)num;
+                break;
+        case BIO_CTRL_WPENDING:
+                ret=0L;
+                break;
+        case BIO_CTRL_PENDING:
+                ret=(long)bm->length;
+                break;
+        case BIO_CTRL_DUP:
+        case BIO_CTRL_FLUSH:
+                ret=1;
+                break;
+        case BIO_CTRL_PUSH:
+        case BIO_CTRL_POP:
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+static int mem_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+        {
+        int i,j;
+        int ret= -1;
+        char *p;
+        BUF_MEM *bm=(BUF_MEM *)bp->ptr;
+        BIO_clear_retry_flags(bp);
+        j=bm->length;
+        if (j <= 0) return(0);
+        p=bm->data;
+        for (i=0; i<j; i++)
+                {
+                if (p[i] == '\n') break;
+                }
+        if (i == j)
+                {
+                BIO_set_retry_read(bp);
+                /* return(-1);  change the semantics 0.6.6a */ 
+                }
+        else
+                i++;
+        /* i is the max to copy */
+        if ((size-1) < i) i=size-1;
+        i=mem_read(bp,buf,i);
+        if (i > 0) buf[i]='\0';
+        ret=i;
+        return(ret);
+        }
+static int mem_puts(bp,str)
+BIO *bp;
+char *str;
+        {
+        int n,ret;
+        n=strlen(str);
+        ret=mem_write(bp,str,n);
+        /* memory semantics is that it will always work */
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/bio/bss_null.c b/src/lib/libssl/src/crypto/bio/bss_null.c
new file mode 100644
index 0000000000..0791a2471a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bss_null.c
@@ -0,0 +1,177 @@
+/* crypto/bio/bss_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "bio.h"
+#ifndef NOPROTO
+static int null_write(BIO *h,char *buf,int num);
+static int null_read(BIO *h,char *buf,int size);
+static int null_puts(BIO *h,char *str);
+static int null_gets(BIO *h,char *str,int size);
+static long null_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int null_new(BIO *h);
+static int null_free(BIO *data);
+#else
+static int null_write();
+static int null_read();
+static int null_puts();
+static int null_gets();
+static long null_ctrl();
+static int null_new();
+static int null_free();
+#endif
+static BIO_METHOD null_method=
+        {
+        BIO_TYPE_NULL,
+        "NULL",
+        null_write,
+        null_read,
+        null_puts,
+        null_gets,
+        null_ctrl,
+        null_new,
+        null_free,
+        };
+BIO_METHOD *BIO_s_null()
+        {
+        return(&null_method);
+        }
+static int null_new(bi)
+BIO *bi;
+        {
+        bi->init=1;
+        bi->num=0;
+        bi->ptr=(NULL);
+        return(1);
+        }
+static int null_free(a)
+BIO *a;
+        {
+        if (a == NULL) return(0);
+        return(1);
+        }
+        
+static int null_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        return(0);
+        }
+static int null_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+        {
+        return(inl);
+        }
+static long null_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        long ret=1;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+        case BIO_CTRL_EOF:
+        case BIO_CTRL_SET:
+        case BIO_CTRL_SET_CLOSE:
+        case BIO_CTRL_FLUSH:
+        case BIO_CTRL_DUP:
+                ret=1;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+        case BIO_CTRL_INFO:
+        case BIO_CTRL_GET:
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_WPENDING:
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+static int null_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+        {
+        return(0);
+        }
+static int null_puts(bp,str)
+BIO *bp;
+char *str;
+        {
+        if (str == NULL) return(0);
+        return(strlen(str));
+        }
diff --git a/src/lib/libssl/src/crypto/bio/bss_rtcp.c b/src/lib/libssl/src/crypto/bio/bss_rtcp.c
new file mode 100644
index 0000000000..6eb434dee8
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bss_rtcp.c
@@ -0,0 +1,297 @@
+/* crypto/bio/bss_rtcp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* Written by David L. Jones <jonesd@kcgl1.eng.ohio-state.edu>
+ * Date:   22-JUL-1996
+ */
+/* VMS */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "bio.h"
+#include <iodef.h>              /* VMS IO$_ definitions */
+extern int SYS$QIOW();
+typedef unsigned short io_channel;
+/*************************************************************************/
+struct io_status { short status, count; long flags; };
+struct rpc_msg {                /* Should have member alignment inhibited */
+   char channel;                /* 'A'-app data. 'R'-remote client 'G'-global */
+   char function;               /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+   unsigned short int length;   /* Amount of data returned or max to return */
+   char data[4092];             /* variable data */
+};
+#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
+struct rpc_ctx {
+    int filled, pos;
+    struct rpc_msg msg;
+};
+static int rtcp_write(BIO *h,char *buf,int num);
+static int rtcp_read(BIO *h,char *buf,int size);
+static int rtcp_puts(BIO *h,char *str);
+static int rtcp_gets(BIO *h,char *str,int size);
+static long rtcp_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int rtcp_new(BIO *h);
+static int rtcp_free(BIO *data);
+static BIO_METHOD rtcp_method=
+        {
+        BIO_TYPE_FD,
+        "RTCP",
+        rtcp_write,
+        rtcp_read,
+        rtcp_puts,
+        rtcp_gets,
+        rtcp_ctrl,
+        rtcp_new,
+        rtcp_free,
+        };
+BIO_METHOD *BIO_s_rtcp()
+        {
+        return(&rtcp_method);
+        }
+/*****************************************************************************/
+/* Decnet I/O routines.
+ */
+static int get ( io_channel chan, char *buffer, int maxlen, int *length )
+{
+    int status;
+    struct io_status iosb;
+    status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
+        buffer, maxlen, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    if ( (status&1) == 1 ) *length = iosb.count;
+    return status;
+}
+static int put ( io_channel chan, char *buffer, int length )
+{
+    int status;
+    struct io_status iosb;
+    status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
+        buffer, length, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    return status;
+}
+/***************************************************************************/
+static int rtcp_new(bi)
+BIO *bi;
+{
+    struct rpc_ctx *ctx;
+        bi->init=1;
+        bi->num=0;
+        bi->flags = 0;
+        bi->ptr=Malloc(sizeof(struct rpc_ctx));
+        ctx = (struct rpc_ctx *) bi->ptr;
+        ctx->filled = 0;
+        ctx->pos = 0;
+        return(1);
+}
+static int rtcp_free(a)
+BIO *a;
+{
+        if (a == NULL) return(0);
+        if ( a->ptr ) Free ( a->ptr );
+        a->ptr = NULL;
+        return(1);
+}
+        
+static int rtcp_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+{
+    int status, length;
+    struct rpc_ctx *ctx;
+    /*
+     * read data, return existing.
+     */
+    ctx = (struct rpc_ctx *) b->ptr;
+    if ( ctx->pos < ctx->filled ) {
+        length = ctx->filled - ctx->pos;
+        if ( length > outl ) length = outl;
+        memmove ( out, &ctx->msg.data[ctx->pos], length );
+        ctx->pos += length;
+        return length;
+    }
+    /*
+     * Requst more data from R channel.
+     */
+    ctx->msg.channel = 'R';
+    ctx->msg.function = 'G';
+    ctx->msg.length = sizeof(ctx->msg.data);
+    status = put ( b->num, (char *) &ctx->msg, RPC_HDR_SIZE );
+    if ( (status&1) == 0 ) {
+        return -1;
+    }
+    /*
+     * Read.
+     */
+    ctx->pos = ctx->filled = 0;
+    status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+    if ( (status&1) == 0 ) length = -1;
+    if ( ctx->msg.channel != 'R' || ctx->msg.function != 'C' ) {
+        length = -1;
+    }
+    ctx->filled = length - RPC_HDR_SIZE;
+    
+    if ( ctx->pos < ctx->filled ) {
+        length = ctx->filled - ctx->pos;
+        if ( length > outl ) length = outl;
+        memmove ( out, ctx->msg.data, length );
+        ctx->pos += length;
+        return length;
+    }
+    return length;
+}
+static int rtcp_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+{
+    int status, i, segment, length;
+    struct rpc_ctx *ctx;
+    /*
+     * Output data, send in chunks no larger that sizeof(ctx->msg.data).
+     */
+    ctx = (struct rpc_ctx *) b->ptr;
+    for ( i = 0; i < inl; i += segment ) {
+        segment = inl - i;
+        if ( segment > sizeof(ctx->msg.data) ) segment = sizeof(ctx->msg.data);
+        ctx->msg.channel = 'R';
+        ctx->msg.function = 'P';
+        ctx->msg.length = segment;
+        memmove ( ctx->msg.data, &in[i], segment );
+        status = put ( b->num, (char *) &ctx->msg, segment + RPC_HDR_SIZE );
+        if ((status&1) == 0 ) { i = -1; break; }
+        status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+        if ( ((status&1) == 0) || (length < RPC_HDR_SIZE) ) { i = -1; break; }
+        if ( (ctx->msg.channel != 'R') || (ctx->msg.function != 'C') ) {
+           printf("unexpected response when confirming put %c %c\n",
+                ctx->msg.channel, ctx->msg.function );
+        }
+    }
+    return(i);
+}
+static long rtcp_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        long ret=1;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+        case BIO_CTRL_EOF:
+                ret = 1;
+                break;
+        case BIO_CTRL_SET:
+                b->num = num;
+                ret = 1;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+        case BIO_CTRL_FLUSH:
+        case BIO_CTRL_DUP:
+                ret=1;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+        case BIO_CTRL_INFO:
+        case BIO_CTRL_GET:
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_WPENDING:
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+static int rtcp_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+        {
+        return(0);
+        }
+static int rtcp_puts(bp,str)
+BIO *bp;
+char *str;
+{
+    int length;
+    if (str == NULL) return(0);
+    length = strlen ( str );
+    if ( length == 0 ) return (0);
+    return rtcp_write ( bp,str, length );
+}
diff --git a/src/lib/libssl/src/crypto/bio/bss_sock.c b/src/lib/libssl/src/crypto/bio/bss_sock.c
new file mode 100644
index 0000000000..d907a2867b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bss_sock.c
@@ -0,0 +1,461 @@
+/* crypto/bio/bss_sock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#if !defined(NO_SOCK) || defined(BIO_FD)
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include "bio.h"
+#ifndef BIO_FD
+#ifndef NOPROTO
+static int sock_write(BIO *h,char *buf,int num);
+static int sock_read(BIO *h,char *buf,int size);
+static int sock_puts(BIO *h,char *str);
+static long sock_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int sock_new(BIO *h);
+static int sock_free(BIO *data);
+int BIO_sock_should_retry(int s);
+#else
+static int sock_write();
+static int sock_read();
+static int sock_puts();
+static long sock_ctrl();
+static int sock_new();
+static int sock_free();
+int BIO_sock_should_retry();
+#endif
+#else
+#ifndef NOPROTO
+static int fd_write(BIO *h,char *buf,int num);
+static int fd_read(BIO *h,char *buf,int size);
+static int fd_puts(BIO *h,char *str);
+static long fd_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int fd_new(BIO *h);
+static int fd_free(BIO *data);
+int BIO_fd_should_retry(int s);
+#else
+static int fd_write();
+static int fd_read();
+static int fd_puts();
+static long fd_ctrl();
+static int fd_new();
+static int fd_free();
+int BIO_fd_should_retry();
+#endif
+#endif
+#ifndef BIO_FD
+static BIO_METHOD methods_sockp=
+        {
+        BIO_TYPE_SOCKET,
+        "socket",
+        sock_write,
+        sock_read,
+        sock_puts,
+        NULL, /* sock_gets, */
+        sock_ctrl,
+        sock_new,
+        sock_free,
+        };
+BIO_METHOD *BIO_s_socket()
+        {
+        return(&methods_sockp);
+        }
+#else
+static BIO_METHOD methods_fdp=
+        {
+        BIO_TYPE_FD,"file descriptor",
+        fd_write,
+        fd_read,
+        fd_puts,
+        NULL, /* fd_gets, */
+        fd_ctrl,
+        fd_new,
+        fd_free,
+        };
+BIO_METHOD *BIO_s_fd()
+        {
+        return(&methods_fdp);
+        }
+#endif
+#ifndef BIO_FD
+BIO *BIO_new_socket(fd,close_flag)
+#else
+BIO *BIO_new_fd(fd,close_flag)
+#endif
+int fd;
+int close_flag;
+        {
+        BIO *ret;
+#ifndef BIO_FD
+        ret=BIO_new(BIO_s_socket());
+#else
+        ret=BIO_new(BIO_s_fd());
+#endif
+        if (ret == NULL) return(NULL);
+        BIO_set_fd(ret,fd,close_flag);
+        return(ret);
+        }
+#ifndef BIO_FD
+static int sock_new(bi)
+#else
+static int fd_new(bi)
+#endif
+BIO *bi;
+        {
+        bi->init=0;
+        bi->num=0;
+        bi->ptr=NULL;
+        bi->flags=0;
+        return(1);
+        }
+#ifndef BIO_FD
+static int sock_free(a)
+#else
+static int fd_free(a)
+#endif
+BIO *a;
+        {
+        if (a == NULL) return(0);
+        if (a->shutdown)
+                {
+                if (a->init)
+                        {
+#ifndef BIO_FD
+                        shutdown(a->num,2);
+# ifdef WINDOWS
+                        closesocket(a->num);
+# else
+                        close(a->num);
+# endif
+#else                   /* BIO_FD */
+                        close(a->num);
+#endif
+                        }
+                a->init=0;
+                a->flags=0;
+                }
+        return(1);
+        }
+        
+#ifndef BIO_FD
+static int sock_read(b,out,outl)
+#else
+static int fd_read(b,out,outl)
+#endif
+BIO *b;
+char *out;
+int outl;
+        {
+        int ret=0;
+        if (out != NULL)
+                {
+#if defined(WINDOWS) && !defined(BIO_FD)
+                clear_socket_error();
+                ret=recv(b->num,out,outl,0);
+#else
+                clear_sys_error();
+                ret=read(b->num,out,outl);
+#endif
+                BIO_clear_retry_flags(b);
+                if (ret <= 0)
+                        {
+#ifndef BIO_FD
+                        if (BIO_sock_should_retry(ret))
+#else
+                        if (BIO_fd_should_retry(ret))
+#endif
+                                BIO_set_retry_read(b);
+                        }
+                }
+        return(ret);
+        }
+#ifndef BIO_FD
+static int sock_write(b,in,inl)
+#else
+static int fd_write(b,in,inl)
+#endif
+BIO *b;
+char *in;
+int inl;
+        {
+        int ret;
+        
+#if defined(WINDOWS) && !defined(BIO_FD)
+        clear_socket_error();
+        ret=send(b->num,in,inl,0);
+#else
+        clear_sys_error();
+        ret=write(b->num,in,inl);
+#endif
+        BIO_clear_retry_flags(b);
+        if (ret <= 0)
+                {
+#ifndef BIO_FD
+                if (BIO_sock_should_retry(ret))
+#else
+                if (BIO_fd_should_retry(ret))
+#endif
+                        BIO_set_retry_write(b);
+                }
+        return(ret);
+        }
+#ifndef BIO_FD
+static long sock_ctrl(b,cmd,num,ptr)
+#else
+static long fd_ctrl(b,cmd,num,ptr)
+#endif
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        long ret=1;
+        int *ip;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+#ifdef BIO_FD
+                ret=(long)lseek(b->num,0,0);
+#else
+                ret=0;
+#endif
+                break;
+        case BIO_CTRL_INFO:
+                ret=0;
+                break;
+        case BIO_C_SET_FD:
+#ifndef BIO_FD
+                sock_free(b);
+#else
+                fd_free(b);
+#endif
+                b->num= *((int *)ptr);
+                b->shutdown=(int)num;
+                b->init=1;
+                break;
+        case BIO_C_GET_FD:
+                if (b->init)
+                        {
+                        ip=(int *)ptr;
+                        if (ip != NULL) *ip=b->num;
+                        ret=b->num;
+                        }
+                else
+                        ret= -1;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+                ret=b->shutdown;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+                b->shutdown=(int)num;
+                break;
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_WPENDING:
+                ret=0;
+                break;
+        case BIO_CTRL_DUP:
+        case BIO_CTRL_FLUSH:
+                ret=1;
+                break;
+                break;
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+#ifdef undef
+static int sock_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+        {
+        return(-1);
+        }
+#endif
+#ifndef BIO_FD
+static int sock_puts(bp,str)
+#else
+static int fd_puts(bp,str)
+#endif
+BIO *bp;
+char *str;
+        {
+        int n,ret;
+        n=strlen(str);
+#ifndef BIO_FD
+        ret=sock_write(bp,str,n);
+#else
+        ret=fd_write(bp,str,n);
+#endif
+        return(ret);
+        }
+#ifndef BIO_FD
+int BIO_sock_should_retry(i)
+#else
+int BIO_fd_should_retry(i)
+#endif
+int i;
+        {
+        int err;
+        if ((i == 0) || (i == -1))
+                {
+#if !defined(BIO_FD) && defined(WINDOWS)
+                err=get_last_socket_error();
+#else
+                err=get_last_sys_error();
+#endif
+#if defined(WINDOWS) /* more microsoft stupidity */
+                if ((i == -1) && (err == 0))
+                        return(1);
+#endif
+#ifndef BIO_FD
+                return(BIO_sock_non_fatal_error(err));
+#else
+                return(BIO_fd_non_fatal_error(err));
+#endif
+                }
+        return(0);
+        }
+#ifndef BIO_FD
+int BIO_sock_non_fatal_error(err)
+#else
+int BIO_fd_non_fatal_error(err)
+#endif
+int err;
+        {
+        switch (err)
+                {
+#if !defined(BIO_FD) && defined(WINDOWS)
+# if defined(WSAEWOULDBLOCK)
+        case WSAEWOULDBLOCK:
+# endif
+# if defined(WSAENOTCONN)
+        case WSAENOTCONN:
+# endif
+#endif
+#ifdef EWOULDBLOCK
+# ifdef WSAEWOULDBLOCK
+#  if WSAEWOULDBLOCK != EWOULDBLOCK
+        case EWOULDBLOCK:
+#  endif
+# else
+        case EWOULDBLOCK:
+# endif
+#endif
+#if defined(ENOTCONN)
+        case ENOTCONN:
+#endif
+#ifdef EINTR
+        case EINTR:
+#endif
+#ifdef EAGAIN
+#if EWOULDBLOCK != EAGAIN
+        case EAGAIN:
+# endif
+#endif
+#ifdef EPROTO
+        case EPROTO:
+#endif
+#ifdef EINPROGRESS
+        case EINPROGRESS:
+#endif
+#ifdef EALREADY
+        case EALREADY:
+#endif
+                return(1);
+                break;
+        default:
+                break;
+                }
+        return(0);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/bn/asm/README b/src/lib/libssl/src/crypto/bn/asm/README
new file mode 100644
index 0000000000..d93fbff77f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/asm/README
@@ -0,0 +1,30 @@
+All assember in this directory are just version of the file
+crypto/bn/bn_mulw.c.
+Quite a few of these files are just the assember output from gcc since on 
+quite a few machines they are 2 times faster than the system compiler.
+For the x86, I have hand written assember because of the bad job all
+compilers seem to do on it.  This normally gives a 2 time speed up in the RSA
+routines.
+For the DEC alpha, I also hand wrote the assember (except the division which
+is just the output from the C compiler pasted on the end of the file).
+On the 2 alpha C compilers I had access to, it was not possible to do
+64b x 64b -> 128b calculations (both long and the long long data types
+were 64 bits).  So the hand assember gives access to the 128 bit result and
+a 2 times speedup :-).
+The x86xxxx.obj files are the assembled version of x86xxxx.asm files.
+I had such a hard time finding a macro assember for Microsoft, I decided to
+include the object file to save others the hassle :-).
+I have also included uu encoded versions of the .obj incase they get
+trashed.
+There are 2 versions of assember for the HP PA-RISC.
+pa-risc.s is the origional one which works fine.
+pa-risc2.s is a new version that often generates warnings but if the
+tests pass, it gives performance that is over 2 times faster than
+pa-risc.s.
+Both were generated using gcc :-)
diff --git a/src/lib/libssl/src/crypto/bn/asm/alpha.s b/src/lib/libssl/src/crypto/bn/asm/alpha.s
new file mode 100644
index 0000000000..1d17b1d619
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/asm/alpha.s
@@ -0,0 +1,344 @@
+ # DEC Alpha assember
+ # The bn_div64 is actually gcc output but the other parts are hand done.
+ # Thanks to tzeruch@ceddec.com for sending me the gcc output for
+ # bn_div64.
+        .file   1 "bn_mulw.c"
+        .set noat
+gcc2_compiled.:
+__gnu_compiled_c:
+        .text
+        .align 3
+        .globl bn_mul_add_words
+        .ent bn_mul_add_words
+bn_mul_add_words:
+bn_mul_add_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        subq $18,2,$25  # num=-2
+        bis $31,$31,$0
+        blt $25,$42
+        .align 5
+$142:
+        subq $18,2,$18  # num-=2
+        subq $25,2,$25  # num-=2
+        ldq $1,0($17)   # a[0]
+        ldq $2,8($17)   # a[1]
+        mulq $19,$1,$3  # a[0]*w low part       r3
+        umulh $19,$1,$1 # a[0]*w high part      r1
+        mulq $19,$2,$4  # a[1]*w low part       r4
+        umulh $19,$2,$2 # a[1]*w high part      r2
+        ldq $22,0($16)  # r[0]                  r22
+        ldq $23,8($16)  # r[1]                  r23
+        addq $3,$22,$3  # a0 low part + r[0]    
+        addq $4,$23,$4  # a1 low part + r[1]    
+        cmpult $3,$22,$5 # overflow?
+        cmpult $4,$23,$6 # overflow?
+        addq $5,$1,$1   # high part + overflow 
+        addq $6,$2,$2   # high part + overflow 
+        addq $3,$0,$3   # add c
+        cmpult $3,$0,$5 # overflow?
+        stq $3,0($16)
+        addq $5,$1,$0   # c=high part + overflow 
+        addq $4,$0,$4   # add c
+        cmpult $4,$0,$5 # overflow?
+        stq $4,8($16)
+        addq $5,$2,$0   # c=high part + overflow 
+        ble $18,$43
+        addq $16,16,$16
+        addq $17,16,$17
+        blt $25,$42
+        br $31,$142
+$42:
+        ldq $1,0($17)   # a[0]
+        umulh $19,$1,$3 # a[0]*w high part
+        mulq $19,$1,$1  # a[0]*w low part
+        ldq $2,0($16)   # r[0]
+        addq $1,$2,$1   # low part + r[0]
+        cmpult $1,$2,$4 # overflow?
+        addq $4,$3,$3   # high part + overflow 
+        addq $1,$0,$1   # add c
+        cmpult $1,$0,$4 # overflow?
+        addq $4,$3,$0   # c=high part + overflow 
+        stq $1,0($16)
+        .align 4
+$43:
+        ret $31,($26),1
+        .end bn_mul_add_words
+        .align 3
+        .globl bn_mul_words
+        .ent bn_mul_words
+bn_mul_words:
+bn_mul_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        subq $18,2,$25  # num=-2
+        bis $31,$31,$0
+        blt $25,$242
+        .align 5
+$342:
+        subq $18,2,$18  # num-=2
+        subq $25,2,$25  # num-=2
+        ldq $1,0($17)   # a[0]
+        ldq $2,8($17)   # a[1]
+        mulq $19,$1,$3  # a[0]*w low part       r3
+        umulh $19,$1,$1 # a[0]*w high part      r1
+        mulq $19,$2,$4  # a[1]*w low part       r4
+        umulh $19,$2,$2 # a[1]*w high part      r2
+        addq $3,$0,$3   # add c
+        cmpult $3,$0,$5 # overflow?
+        stq $3,0($16)
+        addq $5,$1,$0   # c=high part + overflow 
+        addq $4,$0,$4   # add c
+        cmpult $4,$0,$5 # overflow?
+        stq $4,8($16)
+        addq $5,$2,$0   # c=high part + overflow 
+        ble $18,$243
+        addq $16,16,$16
+        addq $17,16,$17
+        blt $25,$242
+        br $31,$342
+$242:
+        ldq $1,0($17)   # a[0]
+        umulh $19,$1,$3 # a[0]*w high part
+        mulq $19,$1,$1  # a[0]*w low part
+        addq $1,$0,$1   # add c
+        cmpult $1,$0,$4 # overflow?
+        addq $4,$3,$0   # c=high part + overflow 
+        stq $1,0($16)
+$243:
+        ret $31,($26),1
+        .end bn_mul_words
+        .align 3
+        .globl bn_sqr_words
+        .ent bn_sqr_words
+bn_sqr_words:
+bn_sqr_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        
+        subq $18,2,$25  # num=-2
+        blt $25,$442
+        .align 5
+$542:
+        subq $18,2,$18  # num-=2
+        subq $25,2,$25  # num-=2
+        ldq $1,0($17)   # a[0]
+        ldq $4,8($17)   # a[1]
+        mulq $1,$1,$2   # a[0]*w low part       r2
+        umulh $1,$1,$3 # a[0]*w high part       r3
+        mulq $4,$4,$5   # a[1]*w low part       r5
+        umulh $4,$4,$6 # a[1]*w high part       r6
+        stq $2,0($16)   # r[0]
+        stq $3,8($16)   # r[1]
+        stq $5,16($16)  # r[3]
+        stq $6,24($16)  # r[4]
+        ble $18,$443
+        addq $16,32,$16
+        addq $17,16,$17
+        blt $25,$442
+        br $31,$542
+$442:
+        ldq $1,0($17)   # a[0]
+        mulq $1,$1,$2   # a[0]*w low part       r2
+        umulh $1,$1,$3  # a[0]*w high part       r3
+        stq $2,0($16)   # r[0]
+        stq $3,8($16)   # r[1]
+        .align 4
+$443:
+        ret $31,($26),1
+        .end bn_sqr_words
+        .align 3
+        .globl bn_add_words
+        .ent bn_add_words
+bn_add_words:
+bn_add_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        bis     $31,$31,$8      # carry = 0
+        ble     $19,$900
+$901:
+        ldq     $0,0($17)       # a[0]
+        ldq     $1,0($18)       # a[1]
+        addq    $0,$1,$3        # c=a+b;
+         addq   $17,8,$17       # a++
+        cmpult  $3,$1,$7        # did we overflow?
+         addq   $18,8,$18       # b++
+        addq    $8,$3,$3        # c+=carry
+        cmpult  $3,$8,$8        # did we overflow?
+         stq    $3,($16)        # r[0]=c
+        addq    $7,$8,$8        # add into overflow
+         subq   $19,1,$19       # loop--
+        addq    $16,8,$16       # r++
+         bgt    $19,$901
+$900:
+        bis     $8,$8,$0        # return carry
+        ret $31,($26),1
+        .end bn_add_words
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+        .align 3
+        .globl bn_div64
+        .ent bn_div64
+bn_div64:
+        ldgp $29,0($27)
+bn_div64..ng:
+        lda $30,-48($30)
+        .frame $30,48,$26,0
+        stq $26,0($30)
+        stq $9,8($30)
+        stq $10,16($30)
+        stq $11,24($30)
+        stq $12,32($30)
+        stq $13,40($30)
+        .mask 0x4003e00,-48
+        .prologue 1
+        bis $16,$16,$9
+        bis $17,$17,$10
+        bis $18,$18,$11
+        bis $31,$31,$13
+        bis $31,2,$12
+        bne $11,$119
+        lda $0,-1
+        br $31,$136
+        .align 4
+$119:
+        bis $11,$11,$16
+        jsr $26,BN_num_bits_word
+        ldgp $29,0($26)
+        subq $0,64,$1
+        beq $1,$120
+        bis $31,1,$1
+        sll $1,$0,$1
+        cmpule $9,$1,$1
+        bne $1,$120
+ #      lda $16,_IO_stderr_
+ #      lda $17,$C32
+ #      bis $0,$0,$18
+ #      jsr $26,fprintf
+ #      ldgp $29,0($26)
+        jsr $26,abort
+        ldgp $29,0($26)
+        .align 4
+$120:
+        bis $31,64,$3
+        cmpult $9,$11,$2
+        subq $3,$0,$1
+        addl $1,$31,$0
+        subq $9,$11,$1
+        cmoveq $2,$1,$9
+        beq $0,$122
+        zapnot $0,15,$2
+        subq $3,$0,$1
+        sll $11,$2,$11
+        sll $9,$2,$3
+        srl $10,$1,$1
+        sll $10,$2,$10
+        bis $3,$1,$9
+$122:
+        srl $11,32,$5
+        zapnot $11,15,$6
+        lda $7,-1
+        .align 5
+$123:
+        srl $9,32,$1
+        subq $1,$5,$1
+        bne $1,$126
+        zapnot $7,15,$27
+        br $31,$127
+        .align 4
+$126:
+        bis $9,$9,$24
+        bis $5,$5,$25
+        divqu $24,$25,$27
+$127:
+        srl $10,32,$4
+        .align 5
+$128:
+        mulq $27,$5,$1
+        subq $9,$1,$3
+        zapnot $3,240,$1
+        bne $1,$129
+        mulq $6,$27,$2
+        sll $3,32,$1
+        addq $1,$4,$1
+        cmpule $2,$1,$2
+        bne $2,$129
+        subq $27,1,$27
+        br $31,$128
+        .align 4
+$129:
+        mulq $27,$6,$1
+        mulq $27,$5,$4
+        srl $1,32,$3
+        sll $1,32,$1
+        addq $4,$3,$4
+        cmpult $10,$1,$2
+        subq $10,$1,$10
+        addq $2,$4,$2
+        cmpult $9,$2,$1
+        bis $2,$2,$4
+        beq $1,$134
+        addq $9,$11,$9
+        subq $27,1,$27
+$134:
+        subl $12,1,$12
+        subq $9,$4,$9
+        beq $12,$124
+        sll $27,32,$13
+        sll $9,32,$2
+        srl $10,32,$1
+        sll $10,32,$10
+        bis $2,$1,$9
+        br $31,$123
+        .align 4
+$124:
+        bis $13,$27,$0
+$136:
+        ldq $26,0($30)
+        ldq $9,8($30)
+        ldq $10,16($30)
+        ldq $11,24($30)
+        ldq $12,32($30)
+        ldq $13,40($30)
+        addq $30,48,$30
+        ret $31,($26),1
+        .end bn_div64
+        .ident  "GCC: (GNU) 2.7.2.1"
diff --git a/src/lib/libssl/src/crypto/bn/asm/bn-586.pl b/src/lib/libssl/src/crypto/bn/asm/bn-586.pl
new file mode 100644
index 0000000000..19d425ee96
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/asm/bn-586.pl
@@ -0,0 +1,314 @@
+#!/usr/bin/perl
+#
+#!/usr/local/bin/perl
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+&asm_init($ARGV[0],"bn-586.pl");
+&bn_mul_add_words("bn_mul_add_words");
+&bn_mul_words("bn_mul_words");
+&bn_sqr_words("bn_sqr_words");
+&bn_div64("bn_div64");
+&bn_add_words("bn_add_words");
+&asm_finish();
+sub bn_mul_add_words
+        {
+        local($name)=@_;
+        &function_begin($name,"");
+        &comment("");
+        $Low="eax";
+        $High="edx";
+        $a="ebx";
+        $w="ebp";
+        $r="edi";
+        $c="esi";
+        &xor($c,$c);            # clear carry
+        &mov($r,&wparam(0));    #
+        &mov("ecx",&wparam(2)); #
+        &mov($a,&wparam(1));    #
+        &and("ecx",0xfffffff8); # num / 8
+        &mov($w,&wparam(3));    #
+        &push("ecx");           # Up the stack for a tmp variable
+        &jz(&label("maw_finish"));
+        &set_label("maw_loop",0);
+        &mov(&swtmp(0),"ecx");  #
+        for ($i=0; $i<32; $i+=4)
+                {
+                &comment("Round $i");
+                 &mov("eax",&DWP($i,$a,"",0));  # *a
+                &mul($w);                       # *a * w
+                &add("eax",$c);         # L(t)+= *r
+                 &mov($c,&DWP($i,$r,"",0));     # L(t)+= *r
+                &adc("edx",0);                  # H(t)+=carry
+                 &add("eax",$c);                # L(t)+=c
+                &adc("edx",0);                  # H(t)+=carry
+                 &mov(&DWP($i,$r,"",0),"eax");  # *r= L(t);
+                &mov($c,"edx");                 # c=  H(t);
+                }
+        &comment("");
+        &mov("ecx",&swtmp(0));  #
+        &add($a,32);
+        &add($r,32);
+        &sub("ecx",8);
+        &jnz(&label("maw_loop"));
+        &set_label("maw_finish",0);
+        &mov("ecx",&wparam(2)); # get num
+        &and("ecx",7);
+        &jnz(&label("maw_finish2"));    # helps branch prediction
+        &jmp(&label("maw_end"));
+        &set_label("maw_finish2",1);
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                 &mov("eax",&DWP($i*4,$a,"",0));# *a
+                &mul($w);                       # *a * w
+                &add("eax",$c);                 # L(t)+=c
+                 &mov($c,&DWP($i*4,$r,"",0));   # L(t)+= *r
+                &adc("edx",0);                  # H(t)+=carry
+                 &add("eax",$c);
+                &adc("edx",0);                  # H(t)+=carry
+                 &dec("ecx") if ($i != 7-1);
+                &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t);
+                 &mov($c,"edx");                        # c=  H(t);
+                &jz(&label("maw_end")) if ($i != 7-1);
+                }
+        &set_label("maw_end",0);
+        &mov("eax",$c);
+        &pop("ecx");    # clear variable from
+        &function_end($name);
+        }
+sub bn_mul_words
+        {
+        local($name)=@_;
+        &function_begin($name,"");
+        &comment("");
+        $Low="eax";
+        $High="edx";
+        $a="ebx";
+        $w="ecx";
+        $r="edi";
+        $c="esi";
+        $num="ebp";
+        &xor($c,$c);            # clear carry
+        &mov($r,&wparam(0));    #
+        &mov($a,&wparam(1));    #
+        &mov($num,&wparam(2));  #
+        &mov($w,&wparam(3));    #
+        &and($num,0xfffffff8);  # num / 8
+        &jz(&label("mw_finish"));
+        &set_label("mw_loop",0);
+        for ($i=0; $i<32; $i+=4)
+                {
+                &comment("Round $i");
+                 &mov("eax",&DWP($i,$a,"",0));  # *a
+                &mul($w);                       # *a * w
+                &add("eax",$c);                 # L(t)+=c
+                 # XXX
+                &adc("edx",0);                  # H(t)+=carry
+                 &mov(&DWP($i,$r,"",0),"eax");  # *r= L(t);
+                &mov($c,"edx");                 # c=  H(t);
+                }
+        &comment("");
+        &add($a,32);
+        &add($r,32);
+        &sub($num,8);
+        &jz(&label("mw_finish"));
+        &jmp(&label("mw_loop"));
+        &set_label("mw_finish",0);
+        &mov($num,&wparam(2));  # get num
+        &and($num,7);
+        &jnz(&label("mw_finish2"));
+        &jmp(&label("mw_end"));
+        &set_label("mw_finish2",1);
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                 &mov("eax",&DWP($i*4,$a,"",0));# *a
+                &mul($w);                       # *a * w
+                &add("eax",$c);                 # L(t)+=c
+                 # XXX
+                &adc("edx",0);                  # H(t)+=carry
+                 &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);
+                &mov($c,"edx");                 # c=  H(t);
+                 &dec($num) if ($i != 7-1);
+                &jz(&label("mw_end")) if ($i != 7-1);
+                }
+        &set_label("mw_end",0);
+        &mov("eax",$c);
+        &function_end($name);
+        }
+sub bn_sqr_words
+        {
+        local($name)=@_;
+        &function_begin($name,"");
+        &comment("");
+        $r="esi";
+        $a="edi";
+        $num="ebx";
+        &mov($r,&wparam(0));    #
+        &mov($a,&wparam(1));    #
+        &mov($num,&wparam(2));  #
+        &and($num,0xfffffff8);  # num / 8
+        &jz(&label("sw_finish"));
+        &set_label("sw_loop",0);
+        for ($i=0; $i<32; $i+=4)
+                {
+                &comment("Round $i");
+                &mov("eax",&DWP($i,$a,"",0));   # *a
+                 # XXX
+                &mul("eax");                    # *a * *a
+                &mov(&DWP($i*2,$r,"",0),"eax"); #
+                 &mov(&DWP($i*2+4,$r,"",0),"edx");#
+                }
+        &comment("");
+        &add($a,32);
+        &add($r,64);
+        &sub($num,8);
+        &jnz(&label("sw_loop"));
+        &set_label("sw_finish",0);
+        &mov($num,&wparam(2));  # get num
+        &and($num,7);
+        &jz(&label("sw_end"));
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                &mov("eax",&DWP($i*4,$a,"",0)); # *a
+                 # XXX
+                &mul("eax");                    # *a * *a
+                &mov(&DWP($i*8,$r,"",0),"eax"); #
+                 &dec($num) if ($i != 7-1);
+                &mov(&DWP($i*8+4,$r,"",0),"edx");
+                 &jz(&label("sw_end")) if ($i != 7-1);
+                }
+        &set_label("sw_end",0);
+        &function_end($name);
+        }
+sub bn_div64
+        {
+        local($name)=@_;
+        &function_begin($name,"");
+        &mov("edx",&wparam(0)); #
+        &mov("eax",&wparam(1)); #
+        &mov("ebx",&wparam(2)); #
+        &div("ebx");
+        &function_end($name);
+        }
+sub bn_add_words
+        {
+        local($name)=@_;
+        &function_begin($name,"");
+        &comment("");
+        $a="esi";
+        $b="edi";
+        $c="eax";
+        $r="ebx";
+        $tmp1="ecx";
+        $tmp2="edx";
+        $num="ebp";
+        &mov($r,&wparam(0));    # get r
+         &mov($a,&wparam(1));   # get a
+        &mov($b,&wparam(2));    # get b
+         &mov($num,&wparam(3)); # get num
+        &xor($c,$c);            # clear carry
+         &and($num,0xfffffff8); # num / 8
+        &jz(&label("aw_finish"));
+        &set_label("aw_loop",0);
+        for ($i=0; $i<8; $i++)
+                {
+                &comment("Round $i");
+                &mov($tmp1,&DWP($i*4,$a,"",0));         # *a
+                 &mov($tmp2,&DWP($i*4,$b,"",0));        # *b
+                &add($tmp1,$c);
+                 &mov($c,0);
+                &adc($c,$c);
+                 &add($tmp1,$tmp2);
+                &adc($c,0);
+                 &mov(&DWP($i*4,$r,"",0),$tmp1);        # *r
+                }
+        &comment("");
+        &add($a,32);
+         &add($b,32);
+        &add($r,32);
+         &sub($num,8);
+        &jnz(&label("aw_loop"));
+        &set_label("aw_finish",0);
+        &mov($num,&wparam(3));  # get num
+        &and($num,7);
+         &jz(&label("aw_end"));
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+                 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+                &add($tmp1,$c);
+                 &mov($c,0);
+                &adc($c,$c);
+                 &add($tmp1,$tmp2);
+                &adc($c,0);
+                 &dec($num) if ($i != 6);
+                &mov(&DWP($i*4,$r,"",0),$tmp1); # *a
+                 &jz(&label("aw_end")) if ($i != 6);
+                }
+        &set_label("aw_end",0);
+        &mov("eax",$c);
+        &function_end($name);
+        }
diff --git a/src/lib/libssl/src/crypto/bn/asm/pa-risc.s b/src/lib/libssl/src/crypto/bn/asm/pa-risc.s
new file mode 100644
index 0000000000..775130a191
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/asm/pa-risc.s
@@ -0,0 +1,710 @@
+        .SPACE $PRIVATE$
+        .SUBSPA $DATA$,QUAD=1,ALIGN=8,ACCESS=31
+        .SUBSPA $BSS$,QUAD=1,ALIGN=8,ACCESS=31,ZERO,SORT=82
+        .SPACE $TEXT$
+        .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=44
+        .SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44,CODE_ONLY
+        .IMPORT $global$,DATA
+        .IMPORT $$dyncall,MILLICODE
+; gcc_compiled.:
+        .SPACE $TEXT$
+        .SUBSPA $CODE$
+        .align 4
+        .EXPORT bn_mul_add_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_add_words
+        .PROC
+        .CALLINFO FRAME=0,CALLS,SAVE_RP
+        .ENTRY
+        stw %r2,-20(0,%r30)
+        ldi 0,%r28
+        extru %r23,31,16,%r2
+        stw %r2,-16(0,%r30)
+        extru %r23,15,16,%r23
+        ldil L'65536,%r31
+        fldws -16(0,%r30),%fr11R
+        stw %r23,-16(0,%r30)
+        ldo 12(%r25),%r29
+        ldo 12(%r26),%r23
+        fldws -16(0,%r30),%fr11L
+L$0002
+        ldw 0(0,%r25),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0005
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi 1,%r19,%r19
+        ldw 0(0,%r26),%r28
+        addl %r20,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0003
+        stw %r20,0(0,%r26)
+        ldw -8(0,%r29),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0010
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi 1,%r19,%r19
+        ldw -8(0,%r23),%r28
+        addl %r20,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0003
+        stw %r20,-8(0,%r23)
+        ldw -4(0,%r29),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0015
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi 1,%r19,%r19
+        ldw -4(0,%r23),%r28
+        addl %r20,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0003
+        stw %r20,-4(0,%r23)
+        ldw 0(0,%r29),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0020
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi 1,%r19,%r19
+        ldw 0(0,%r23),%r28
+        addl %r20,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0003
+        stw %r20,0(0,%r23)
+        ldo 16(%r29),%r29
+        ldo 16(%r25),%r25
+        ldo 16(%r23),%r23
+        bl L$0002,0
+        ldo 16(%r26),%r26
+L$0003
+        ldw -20(0,%r30),%r2
+        bv,n 0(%r2)
+        .EXIT
+        .PROCEND
+        .align 4
+        .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_words
+        .PROC
+        .CALLINFO FRAME=0,CALLS,SAVE_RP
+        .ENTRY
+        stw %r2,-20(0,%r30)
+        ldi 0,%r28
+        extru %r23,31,16,%r2
+        stw %r2,-16(0,%r30)
+        extru %r23,15,16,%r23
+        ldil L'65536,%r31
+        fldws -16(0,%r30),%fr11R
+        stw %r23,-16(0,%r30)
+        ldo 12(%r26),%r29
+        ldo 12(%r25),%r23
+        fldws -16(0,%r30),%fr11L
+L$0026
+        ldw 0(0,%r25),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0029
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0027
+        stw %r20,0(0,%r26)
+        ldw -8(0,%r23),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0033
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0027
+        stw %r20,-8(0,%r29)
+        ldw -4(0,%r23),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0037
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0027
+        stw %r20,-4(0,%r29)
+        ldw 0(0,%r23),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0041
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0027
+        stw %r20,0(0,%r29)
+        ldo 16(%r23),%r23
+        ldo 16(%r25),%r25
+        ldo 16(%r29),%r29
+        bl L$0026,0
+        ldo 16(%r26),%r26
+L$0027
+        ldw -20(0,%r30),%r2
+        bv,n 0(%r2)
+        .EXIT
+        .PROCEND
+        .align 4
+        .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR
+bn_sqr_words
+        .PROC
+        .CALLINFO FRAME=0,NO_CALLS
+        .ENTRY
+        ldo 28(%r26),%r23
+        ldo 12(%r25),%r28
+L$0046
+        ldw 0(0,%r25),%r21
+        extru %r21,31,16,%r22
+        stw %r22,-16(0,%r30)
+        extru %r21,15,16,%r21
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        stw %r22,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r21,-16(0,%r30)
+        copy %r29,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,16,17,%r20
+        zdep %r19,14,15,%r19
+        ldw -16(0,%r30),%r29
+        xmpyu %fr10L,%fr10R,%fr9
+        addl %r29,%r19,%r22
+        stw %r22,0(0,%r26)
+        fstws %fr9R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        addl %r29,%r20,%r21
+        comclr,<<= %r19,%r22,0
+        addi 1,%r21,%r21
+        addib,= -1,%r24,L$0057
+        stw %r21,-24(0,%r23)
+        ldw -8(0,%r28),%r21
+        extru %r21,31,16,%r22
+        stw %r22,-16(0,%r30)
+        extru %r21,15,16,%r21
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        stw %r22,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r21,-16(0,%r30)
+        copy %r29,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,16,17,%r20
+        zdep %r19,14,15,%r19
+        ldw -16(0,%r30),%r29
+        xmpyu %fr10L,%fr10R,%fr9
+        addl %r29,%r19,%r22
+        stw %r22,-20(0,%r23)
+        fstws %fr9R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        addl %r29,%r20,%r21
+        comclr,<<= %r19,%r22,0
+        addi 1,%r21,%r21
+        addib,= -1,%r24,L$0057
+        stw %r21,-16(0,%r23)
+        ldw -4(0,%r28),%r21
+        extru %r21,31,16,%r22
+        stw %r22,-16(0,%r30)
+        extru %r21,15,16,%r21
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        stw %r22,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r21,-16(0,%r30)
+        copy %r29,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,16,17,%r20
+        zdep %r19,14,15,%r19
+        ldw -16(0,%r30),%r29
+        xmpyu %fr10L,%fr10R,%fr9
+        addl %r29,%r19,%r22
+        stw %r22,-12(0,%r23)
+        fstws %fr9R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        addl %r29,%r20,%r21
+        comclr,<<= %r19,%r22,0
+        addi 1,%r21,%r21
+        addib,= -1,%r24,L$0057
+        stw %r21,-8(0,%r23)
+        ldw 0(0,%r28),%r21
+        extru %r21,31,16,%r22
+        stw %r22,-16(0,%r30)
+        extru %r21,15,16,%r21
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        stw %r22,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r21,-16(0,%r30)
+        copy %r29,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,16,17,%r20
+        zdep %r19,14,15,%r19
+        ldw -16(0,%r30),%r29
+        xmpyu %fr10L,%fr10R,%fr9
+        addl %r29,%r19,%r22
+        stw %r22,-4(0,%r23)
+        fstws %fr9R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        addl %r29,%r20,%r21
+        comclr,<<= %r19,%r22,0
+        addi 1,%r21,%r21
+        addib,= -1,%r24,L$0057
+        stw %r21,0(0,%r23)
+        ldo 16(%r28),%r28
+        ldo 16(%r25),%r25
+        ldo 32(%r23),%r23
+        bl L$0046,0
+        ldo 32(%r26),%r26
+L$0057
+        bv,n 0(%r2)
+        .EXIT
+        .PROCEND
+        .IMPORT BN_num_bits_word,CODE
+        .IMPORT fprintf,CODE
+        .IMPORT __iob,DATA
+        .SPACE $TEXT$
+        .SUBSPA $LIT$
+        .align 4
+L$C0000
+        .STRING "Division would overflow\x0a\x00"
+        .IMPORT abort,CODE
+        .SPACE $TEXT$
+        .SUBSPA $CODE$
+        .align 4
+        .EXPORT bn_div64,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR
+bn_div64
+        .PROC
+        .CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=8
+        .ENTRY
+        stw %r2,-20(0,%r30)
+        stwm %r8,128(0,%r30)
+        stw %r7,-124(0,%r30)
+        stw %r4,-112(0,%r30)
+        stw %r3,-108(0,%r30)
+        copy %r26,%r3
+        copy %r25,%r4
+        stw %r6,-120(0,%r30)
+        ldi 0,%r7
+        stw %r5,-116(0,%r30)
+        movb,<> %r24,%r5,L$0059
+        ldi 2,%r6
+        bl L$0076,0
+        ldi -1,%r28
+L$0059
+        .CALL ARGW0=GR
+        bl BN_num_bits_word,%r2
+        copy %r5,%r26
+        ldi 32,%r19
+        comb,= %r19,%r28,L$0060
+        subi 31,%r28,%r19
+        mtsar %r19
+        zvdepi 1,32,%r19
+        comb,>>= %r19,%r3,L$0060
+        addil LR'__iob-$global$+32,%r27
+        ldo RR'__iob-$global$+32(%r1),%r26
+        ldil LR'L$C0000,%r25
+        .CALL ARGW0=GR,ARGW1=GR
+        bl fprintf,%r2
+        ldo RR'L$C0000(%r25),%r25
+        .CALL 
+        bl abort,%r2
+        nop
+L$0060
+        comb,>> %r5,%r3,L$0061
+        subi 32,%r28,%r28
+        sub %r3,%r5,%r3
+L$0061
+        comib,= 0,%r28,L$0062
+        subi 31,%r28,%r19
+        mtsar %r19
+        zvdep %r5,32,%r5
+        zvdep %r3,32,%r21
+        subi 32,%r28,%r20
+        mtsar %r20
+        vshd 0,%r4,%r20
+        or %r21,%r20,%r3
+        mtsar %r19
+        zvdep %r4,32,%r4
+L$0062
+        extru %r5,15,16,%r23
+        extru %r5,31,16,%r28
+L$0063
+        extru %r3,15,16,%r19
+        comb,<> %r23,%r19,L$0066
+        copy %r3,%r26
+        bl L$0067,0
+        zdepi -1,31,16,%r29
+L$0066
+        .IMPORT $$divU,MILLICODE
+        bl $$divU,%r31
+        copy %r23,%r25
+L$0067
+        stw %r29,-16(0,%r30)
+        fldws -16(0,%r30),%fr10L
+        stw %r28,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r23,-16(0,%r30)
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr10L,%fr10R,%fr9
+        ldw -16(0,%r30),%r8
+        fstws %fr9R,-16(0,%r30)
+        copy %r8,%r22
+        ldw -16(0,%r30),%r8
+        extru %r4,15,16,%r24
+        copy %r8,%r21
+L$0068
+        sub %r3,%r21,%r20
+        copy %r20,%r19
+        depi 0,31,16,%r19
+        comib,<> 0,%r19,L$0069
+        zdep %r20,15,16,%r19
+        addl %r19,%r24,%r19
+        comb,>>= %r19,%r22,L$0069
+        sub %r22,%r28,%r22
+        sub %r21,%r23,%r21
+        bl L$0068,0
+        ldo -1(%r29),%r29
+L$0069
+        stw %r29,-16(0,%r30)
+        fldws -16(0,%r30),%fr10L
+        stw %r28,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r8
+        stw %r23,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        copy %r8,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,15,16,%r20
+        ldw -16(0,%r30),%r8
+        zdep %r19,15,16,%r19
+        addl %r8,%r20,%r20
+        comclr,<<= %r19,%r4,0
+        addi 1,%r20,%r20
+        comb,<<= %r20,%r3,L$0074
+        sub %r4,%r19,%r4
+        addl %r3,%r5,%r3
+        ldo -1(%r29),%r29
+L$0074
+        addib,= -1,%r6,L$0064
+        sub %r3,%r20,%r3
+        zdep %r29,15,16,%r7
+        shd %r3,%r4,16,%r3
+        bl L$0063,0
+        zdep %r4,15,16,%r4
+L$0064
+        or %r7,%r29,%r28
+L$0076
+        ldw -148(0,%r30),%r2
+        ldw -124(0,%r30),%r7
+        ldw -120(0,%r30),%r6
+        ldw -116(0,%r30),%r5
+        ldw -112(0,%r30),%r4
+        ldw -108(0,%r30),%r3
+        bv 0(%r2)
+        ldwm -128(0,%r30),%r8
+        .EXIT
+        .PROCEND
diff --git a/src/lib/libssl/src/crypto/bn/asm/pa-risc2.s b/src/lib/libssl/src/crypto/bn/asm/pa-risc2.s
new file mode 100644
index 0000000000..c2725996a4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/asm/pa-risc2.s
@@ -0,0 +1,416 @@
+        .SPACE $PRIVATE$
+        .SUBSPA $DATA$,QUAD=1,ALIGN=8,ACCESS=31
+        .SUBSPA $BSS$,QUAD=1,ALIGN=8,ACCESS=31,ZERO,SORT=82
+        .SPACE $TEXT$
+        .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=44
+        .SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44,CODE_ONLY
+        .IMPORT $global$,DATA
+        .IMPORT $$dyncall,MILLICODE
+; gcc_compiled.:
+        .SPACE $TEXT$
+        .SUBSPA $CODE$
+        .align 4
+        .EXPORT bn_mul_add_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_add_words
+        .PROC
+        .CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=4
+        .ENTRY
+        stw %r2,-20(0,%r30)
+        stwm %r4,64(0,%r30)
+        copy %r24,%r31
+        stw %r3,-60(0,%r30)
+        ldi 0,%r20
+        ldo 12(%r26),%r2
+        stw %r23,-16(0,%r30)
+        copy %r25,%r3
+        ldo 12(%r3),%r1
+        fldws -16(0,%r30),%fr8L
+L$0010
+        copy %r20,%r25
+        ldi 0,%r24
+        fldws 0(0,%r3),%fr9L
+        ldw 0(0,%r26),%r19
+        xmpyu %fr8L,%fr9L,%fr9
+        fstds %fr9,-16(0,%r30)
+        copy %r19,%r23
+        ldw -16(0,%r30),%r28
+        ldw -12(0,%r30),%r29
+        ldi 0,%r22
+        add %r23,%r29,%r29
+        addc %r22,%r28,%r28
+        add %r25,%r29,%r29
+        addc %r24,%r28,%r28
+        copy %r28,%r21
+        ldi 0,%r20
+        copy %r21,%r20
+        addib,= -1,%r31,L$0011
+        stw %r29,0(0,%r26)
+        copy %r20,%r25
+        ldi 0,%r24
+        fldws -8(0,%r1),%fr9L
+        ldw -8(0,%r2),%r19
+        xmpyu %fr8L,%fr9L,%fr9
+        fstds %fr9,-16(0,%r30)
+        copy %r19,%r23
+        ldw -16(0,%r30),%r28
+        ldw -12(0,%r30),%r29
+        ldi 0,%r22
+        add %r23,%r29,%r29
+        addc %r22,%r28,%r28
+        add %r25,%r29,%r29
+        addc %r24,%r28,%r28
+        copy %r28,%r21
+        ldi 0,%r20
+        copy %r21,%r20
+        addib,= -1,%r31,L$0011
+        stw %r29,-8(0,%r2)
+        copy %r20,%r25
+        ldi 0,%r24
+        fldws -4(0,%r1),%fr9L
+        ldw -4(0,%r2),%r19
+        xmpyu %fr8L,%fr9L,%fr9
+        fstds %fr9,-16(0,%r30)
+        copy %r19,%r23
+        ldw -16(0,%r30),%r28
+        ldw -12(0,%r30),%r29
+        ldi 0,%r22
+        add %r23,%r29,%r29
+        addc %r22,%r28,%r28
+        add %r25,%r29,%r29
+        addc %r24,%r28,%r28
+        copy %r28,%r21
+        ldi 0,%r20
+        copy %r21,%r20
+        addib,= -1,%r31,L$0011
+        stw %r29,-4(0,%r2)
+        copy %r20,%r25
+        ldi 0,%r24
+        fldws 0(0,%r1),%fr9L
+        ldw 0(0,%r2),%r19
+        xmpyu %fr8L,%fr9L,%fr9
+        fstds %fr9,-16(0,%r30)
+        copy %r19,%r23
+        ldw -16(0,%r30),%r28
+        ldw -12(0,%r30),%r29
+        ldi 0,%r22
+        add %r23,%r29,%r29
+        addc %r22,%r28,%r28
+        add %r25,%r29,%r29
+        addc %r24,%r28,%r28
+        copy %r28,%r21
+        ldi 0,%r20
+        copy %r21,%r20
+        addib,= -1,%r31,L$0011
+        stw %r29,0(0,%r2)
+        ldo 16(%r1),%r1
+        ldo 16(%r3),%r3
+        ldo 16(%r2),%r2
+        bl L$0010,0
+        ldo 16(%r26),%r26
+L$0011
+        copy %r20,%r28
+        ldw -84(0,%r30),%r2
+        ldw -60(0,%r30),%r3
+        bv 0(%r2)
+        ldwm -64(0,%r30),%r4
+        .EXIT
+        .PROCEND
+        .align 4
+        .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_words
+        .PROC
+        .CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=3
+        .ENTRY
+        stw %r2,-20(0,%r30)
+        copy %r25,%r2
+        stwm %r4,64(0,%r30)
+        copy %r24,%r19
+        ldi 0,%r28
+        stw %r23,-16(0,%r30)
+        ldo 12(%r26),%r31
+        ldo 12(%r2),%r29
+        fldws -16(0,%r30),%fr8L
+L$0026
+        fldws 0(0,%r2),%fr9L
+        xmpyu %fr8L,%fr9L,%fr9
+        fstds %fr9,-16(0,%r30)
+        copy %r28,%r21
+        ldi 0,%r20
+        ldw -16(0,%r30),%r24
+        ldw -12(0,%r30),%r25
+        add %r21,%r25,%r25
+        addc %r20,%r24,%r24
+        copy %r24,%r23
+        ldi 0,%r22
+        copy %r23,%r28
+        addib,= -1,%r19,L$0027
+        stw %r25,0(0,%r26)
+        fldws -8(0,%r29),%fr9L
+        xmpyu %fr8L,%fr9L,%fr9
+        fstds %fr9,-16(0,%r30)
+        copy %r28,%r21
+        ldi 0,%r20
+        ldw -16(0,%r30),%r24
+        ldw -12(0,%r30),%r25
+        add %r21,%r25,%r25
+        addc %r20,%r24,%r24
+        copy %r24,%r23
+        ldi 0,%r22
+        copy %r23,%r28
+        addib,= -1,%r19,L$0027
+        stw %r25,-8(0,%r31)
+        fldws -4(0,%r29),%fr9L
+        xmpyu %fr8L,%fr9L,%fr9
+        fstds %fr9,-16(0,%r30)
+        copy %r28,%r21
+        ldi 0,%r20
+        ldw -16(0,%r30),%r24
+        ldw -12(0,%r30),%r25
+        add %r21,%r25,%r25
+        addc %r20,%r24,%r24
+        copy %r24,%r23
+        ldi 0,%r22
+        copy %r23,%r28
+        addib,= -1,%r19,L$0027
+        stw %r25,-4(0,%r31)
+        fldws 0(0,%r29),%fr9L
+        xmpyu %fr8L,%fr9L,%fr9
+        fstds %fr9,-16(0,%r30)
+        copy %r28,%r21
+        ldi 0,%r20
+        ldw -16(0,%r30),%r24
+        ldw -12(0,%r30),%r25
+        add %r21,%r25,%r25
+        addc %r20,%r24,%r24
+        copy %r24,%r23
+        ldi 0,%r22
+        copy %r23,%r28
+        addib,= -1,%r19,L$0027
+        stw %r25,0(0,%r31)
+        ldo 16(%r29),%r29
+        ldo 16(%r2),%r2
+        ldo 16(%r31),%r31
+        bl L$0026,0
+        ldo 16(%r26),%r26
+L$0027
+        ldw -84(0,%r30),%r2
+        bv 0(%r2)
+        ldwm -64(0,%r30),%r4
+        .EXIT
+        .PROCEND
+        .align 4
+        .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR
+bn_sqr_words
+        .PROC
+        .CALLINFO FRAME=0,NO_CALLS
+        .ENTRY
+        ldo 28(%r26),%r19
+        ldo 12(%r25),%r28
+L$0042
+        fldws 0(0,%r25),%fr8L
+        fldws 0(0,%r25),%fr8R
+        xmpyu %fr8L,%fr8R,%fr8
+        fstds %fr8,-16(0,%r30)
+        ldw -16(0,%r30),%r22
+        ldw -12(0,%r30),%r23
+        stw %r23,0(0,%r26)
+        copy %r22,%r21
+        ldi 0,%r20
+        addib,= -1,%r24,L$0049
+        stw %r21,-24(0,%r19)
+        fldws -8(0,%r28),%fr8L
+        fldws -8(0,%r28),%fr8R
+        xmpyu %fr8L,%fr8R,%fr8
+        fstds %fr8,-16(0,%r30)
+        ldw -16(0,%r30),%r22
+        ldw -12(0,%r30),%r23
+        stw %r23,-20(0,%r19)
+        copy %r22,%r21
+        ldi 0,%r20
+        addib,= -1,%r24,L$0049
+        stw %r21,-16(0,%r19)
+        fldws -4(0,%r28),%fr8L
+        fldws -4(0,%r28),%fr8R
+        xmpyu %fr8L,%fr8R,%fr8
+        fstds %fr8,-16(0,%r30)
+        ldw -16(0,%r30),%r22
+        ldw -12(0,%r30),%r23
+        stw %r23,-12(0,%r19)
+        copy %r22,%r21
+        ldi 0,%r20
+        addib,= -1,%r24,L$0049
+        stw %r21,-8(0,%r19)
+        fldws 0(0,%r28),%fr8L
+        fldws 0(0,%r28),%fr8R
+        xmpyu %fr8L,%fr8R,%fr8
+        fstds %fr8,-16(0,%r30)
+        ldw -16(0,%r30),%r22
+        ldw -12(0,%r30),%r23
+        stw %r23,-4(0,%r19)
+        copy %r22,%r21
+        ldi 0,%r20
+        addib,= -1,%r24,L$0049
+        stw %r21,0(0,%r19)
+        ldo 16(%r28),%r28
+        ldo 16(%r25),%r25
+        ldo 32(%r19),%r19
+        bl L$0042,0
+        ldo 32(%r26),%r26
+L$0049
+        bv,n 0(%r2)
+        .EXIT
+        .PROCEND
+        .IMPORT BN_num_bits_word,CODE
+        .IMPORT fprintf,CODE
+        .IMPORT __iob,DATA
+        .SPACE $TEXT$
+        .SUBSPA $LIT$
+        .align 4
+L$C0000
+        .STRING "Division would overflow (%d)\x0a\x00"
+        .IMPORT abort,CODE
+        .SPACE $TEXT$
+        .SUBSPA $CODE$
+        .align 4
+        .EXPORT bn_div64,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR
+bn_div64
+        .PROC
+        .CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=8
+        .ENTRY
+        stw %r2,-20(0,%r30)
+        stwm %r8,128(0,%r30)
+        stw %r7,-124(0,%r30)
+        stw %r4,-112(0,%r30)
+        stw %r3,-108(0,%r30)
+        copy %r26,%r3
+        copy %r25,%r4
+        stw %r6,-120(0,%r30)
+        ldi 0,%r7
+        stw %r5,-116(0,%r30)
+        movb,<> %r24,%r5,L$0051
+        ldi 2,%r6
+        bl L$0068,0
+        ldi -1,%r28
+L$0051
+        .CALL ARGW0=GR
+        bl BN_num_bits_word,%r2
+        copy %r5,%r26
+        copy %r28,%r24
+        ldi 32,%r19
+        comb,= %r19,%r24,L$0052
+        subi 31,%r24,%r19
+        mtsar %r19
+        zvdepi 1,32,%r19
+        comb,>>= %r19,%r3,L$0052
+        addil LR'__iob-$global$+32,%r27
+        ldo RR'__iob-$global$+32(%r1),%r26
+        ldil LR'L$C0000,%r25
+        .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR
+        bl fprintf,%r2
+        ldo RR'L$C0000(%r25),%r25
+        .CALL 
+        bl abort,%r2
+        nop
+L$0052
+        comb,>> %r5,%r3,L$0053
+        subi 32,%r24,%r24
+        sub %r3,%r5,%r3
+L$0053
+        comib,= 0,%r24,L$0054
+        subi 31,%r24,%r19
+        mtsar %r19
+        zvdep %r5,32,%r5
+        zvdep %r3,32,%r21
+        subi 32,%r24,%r20
+        mtsar %r20
+        vshd 0,%r4,%r20
+        or %r21,%r20,%r3
+        mtsar %r19
+        zvdep %r4,32,%r4
+L$0054
+        extru %r5,15,16,%r23
+        extru %r5,31,16,%r28
+L$0055
+        extru %r3,15,16,%r19
+        comb,<> %r23,%r19,L$0058
+        copy %r3,%r26
+        bl L$0059,0
+        zdepi -1,31,16,%r29
+L$0058
+        .IMPORT $$divU,MILLICODE
+        bl $$divU,%r31
+        copy %r23,%r25
+L$0059
+        stw %r29,-16(0,%r30)
+        fldws -16(0,%r30),%fr10L
+        stw %r28,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r23,-16(0,%r30)
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr10L,%fr10R,%fr9
+        ldw -16(0,%r30),%r8
+        fstws %fr9R,-16(0,%r30)
+        copy %r8,%r22
+        ldw -16(0,%r30),%r8
+        extru %r4,15,16,%r24
+        copy %r8,%r21
+L$0060
+        sub %r3,%r21,%r20
+        copy %r20,%r19
+        depi 0,31,16,%r19
+        comib,<> 0,%r19,L$0061
+        zdep %r20,15,16,%r19
+        addl %r19,%r24,%r19
+        comb,>>= %r19,%r22,L$0061
+        sub %r22,%r28,%r22
+        sub %r21,%r23,%r21
+        bl L$0060,0
+        ldo -1(%r29),%r29
+L$0061
+        stw %r29,-16(0,%r30)
+        fldws -16(0,%r30),%fr10L
+        stw %r28,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r8
+        stw %r23,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        copy %r8,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,15,16,%r20
+        ldw -16(0,%r30),%r8
+        zdep %r19,15,16,%r19
+        addl %r8,%r20,%r20
+        comclr,<<= %r19,%r4,0
+        addi 1,%r20,%r20
+        comb,<<= %r20,%r3,L$0066
+        sub %r4,%r19,%r4
+        addl %r3,%r5,%r3
+        ldo -1(%r29),%r29
+L$0066
+        addib,= -1,%r6,L$0056
+        sub %r3,%r20,%r3
+        zdep %r29,15,16,%r7
+        shd %r3,%r4,16,%r3
+        bl L$0055,0
+        zdep %r4,15,16,%r4
+L$0056
+        or %r7,%r29,%r28
+L$0068
+        ldw -148(0,%r30),%r2
+        ldw -124(0,%r30),%r7
+        ldw -120(0,%r30),%r6
+        ldw -116(0,%r30),%r5
+        ldw -112(0,%r30),%r4
+        ldw -108(0,%r30),%r3
+        bv 0(%r2)
+        ldwm -128(0,%r30),%r8
+        .EXIT
+        .PROCEND
diff --git a/src/lib/libssl/src/crypto/bn/asm/r3000.s b/src/lib/libssl/src/crypto/bn/asm/r3000.s
new file mode 100644
index 0000000000..e95269afa3
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/asm/r3000.s
@@ -0,0 +1,646 @@
+        .file   1 "../bn_mulw.c"
+        .set    nobopt
+        .option pic2
+ # GNU C 2.6.3 [AL 1.1, MM 40] SGI running IRIX 5.0 compiled by GNU C
+ # Cc1 defaults:
+ # -mabicalls
+ # Cc1 arguments (-G value = 0, Cpu = 3000, ISA = 1):
+ # -quiet -dumpbase -O2 -o
+gcc2_compiled.:
+__gnu_compiled_c:
+        .rdata
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x34,0x39,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x33,0x34,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x35,0x20,0x24
+        .byte   0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x38,0x20,0x24
+        .byte   0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x32,0x33,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x37,0x38,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x33,0x2e,0x37,0x30,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x32,0x20,0x24
+        .byte   0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x34,0x20,0x24
+        .byte   0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x38,0x20,0x24
+        .byte   0x0
+        .text
+        .align  2
+        .globl  bn_mul_add_words
+        .ent    bn_mul_add_words
+bn_mul_add_words:
+        .frame  $sp,0,$31               # vars= 0, regs= 0/0, args= 0, extra= 0
+        .mask   0x00000000,0
+        .fmask  0x00000000,0
+        .set    noreorder
+        .cpload $25
+        .set    reorder
+        move    $12,$4
+        move    $14,$5
+        move    $9,$6
+        move    $13,$7
+        move    $8,$0
+        addu    $10,$12,12
+        addu    $11,$14,12
+$L2:
+        lw      $6,0($14)
+        #nop
+        multu   $13,$6
+        mfhi    $6
+        mflo    $7
+        #nop
+        move    $5,$8
+        move    $4,$0
+        lw      $3,0($12)
+        addu    $9,$9,-1
+        move    $2,$0
+        addu    $7,$7,$3
+        sltu    $8,$7,$3
+        addu    $6,$6,$2
+        addu    $6,$6,$8
+        addu    $7,$7,$5
+        sltu    $2,$7,$5
+        addu    $6,$6,$4
+        addu    $6,$6,$2
+        srl     $3,$6,0
+        move    $2,$0
+        move    $8,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $9,$0,$L3
+        sw      $7,0($12)
+        .set    macro
+        .set    reorder
+        lw      $6,-8($11)
+        #nop
+        multu   $13,$6
+        mfhi    $6
+        mflo    $7
+        #nop
+        move    $5,$8
+        move    $4,$0
+        lw      $3,-8($10)
+        addu    $9,$9,-1
+        move    $2,$0
+        addu    $7,$7,$3
+        sltu    $8,$7,$3
+        addu    $6,$6,$2
+        addu    $6,$6,$8
+        addu    $7,$7,$5
+        sltu    $2,$7,$5
+        addu    $6,$6,$4
+        addu    $6,$6,$2
+        srl     $3,$6,0
+        move    $2,$0
+        move    $8,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $9,$0,$L3
+        sw      $7,-8($10)
+        .set    macro
+        .set    reorder
+        lw      $6,-4($11)
+        #nop
+        multu   $13,$6
+        mfhi    $6
+        mflo    $7
+        #nop
+        move    $5,$8
+        move    $4,$0
+        lw      $3,-4($10)
+        addu    $9,$9,-1
+        move    $2,$0
+        addu    $7,$7,$3
+        sltu    $8,$7,$3
+        addu    $6,$6,$2
+        addu    $6,$6,$8
+        addu    $7,$7,$5
+        sltu    $2,$7,$5
+        addu    $6,$6,$4
+        addu    $6,$6,$2
+        srl     $3,$6,0
+        move    $2,$0
+        move    $8,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $9,$0,$L3
+        sw      $7,-4($10)
+        .set    macro
+        .set    reorder
+        lw      $6,0($11)
+        #nop
+        multu   $13,$6
+        mfhi    $6
+        mflo    $7
+        #nop
+        move    $5,$8
+        move    $4,$0
+        lw      $3,0($10)
+        addu    $9,$9,-1
+        move    $2,$0
+        addu    $7,$7,$3
+        sltu    $8,$7,$3
+        addu    $6,$6,$2
+        addu    $6,$6,$8
+        addu    $7,$7,$5
+        sltu    $2,$7,$5
+        addu    $6,$6,$4
+        addu    $6,$6,$2
+        srl     $3,$6,0
+        move    $2,$0
+        move    $8,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $9,$0,$L3
+        sw      $7,0($10)
+        .set    macro
+        .set    reorder
+        addu    $11,$11,16
+        addu    $14,$14,16
+        addu    $10,$10,16
+        .set    noreorder
+        .set    nomacro
+        j       $L2
+        addu    $12,$12,16
+        .set    macro
+        .set    reorder
+$L3:
+        .set    noreorder
+        .set    nomacro
+        j       $31
+        move    $2,$8
+        .set    macro
+        .set    reorder
+        .end    bn_mul_add_words
+        .align  2
+        .globl  bn_mul_words
+        .ent    bn_mul_words
+bn_mul_words:
+        .frame  $sp,0,$31               # vars= 0, regs= 0/0, args= 0, extra= 0
+        .mask   0x00000000,0
+        .fmask  0x00000000,0
+        .set    noreorder
+        .cpload $25
+        .set    reorder
+        move    $11,$4
+        move    $12,$5
+        move    $8,$6
+        move    $6,$0
+        addu    $10,$11,12
+        addu    $9,$12,12
+$L10:
+        lw      $4,0($12)
+        #nop
+        multu   $7,$4
+        mfhi    $4
+        mflo    $5
+        #nop
+        move    $3,$6
+        move    $2,$0
+        addu    $8,$8,-1
+        addu    $5,$5,$3
+        sltu    $6,$5,$3
+        addu    $4,$4,$2
+        addu    $4,$4,$6
+        srl     $3,$4,0
+        move    $2,$0
+        move    $6,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $8,$0,$L11
+        sw      $5,0($11)
+        .set    macro
+        .set    reorder
+        lw      $4,-8($9)
+        #nop
+        multu   $7,$4
+        mfhi    $4
+        mflo    $5
+        #nop
+        move    $3,$6
+        move    $2,$0
+        addu    $8,$8,-1
+        addu    $5,$5,$3
+        sltu    $6,$5,$3
+        addu    $4,$4,$2
+        addu    $4,$4,$6
+        srl     $3,$4,0
+        move    $2,$0
+        move    $6,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $8,$0,$L11
+        sw      $5,-8($10)
+        .set    macro
+        .set    reorder
+        lw      $4,-4($9)
+        #nop
+        multu   $7,$4
+        mfhi    $4
+        mflo    $5
+        #nop
+        move    $3,$6
+        move    $2,$0
+        addu    $8,$8,-1
+        addu    $5,$5,$3
+        sltu    $6,$5,$3
+        addu    $4,$4,$2
+        addu    $4,$4,$6
+        srl     $3,$4,0
+        move    $2,$0
+        move    $6,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $8,$0,$L11
+        sw      $5,-4($10)
+        .set    macro
+        .set    reorder
+        lw      $4,0($9)
+        #nop
+        multu   $7,$4
+        mfhi    $4
+        mflo    $5
+        #nop
+        move    $3,$6
+        move    $2,$0
+        addu    $8,$8,-1
+        addu    $5,$5,$3
+        sltu    $6,$5,$3
+        addu    $4,$4,$2
+        addu    $4,$4,$6
+        srl     $3,$4,0
+        move    $2,$0
+        move    $6,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $8,$0,$L11
+        sw      $5,0($10)
+        .set    macro
+        .set    reorder
+        addu    $9,$9,16
+        addu    $12,$12,16
+        addu    $10,$10,16
+        .set    noreorder
+        .set    nomacro
+        j       $L10
+        addu    $11,$11,16
+        .set    macro
+        .set    reorder
+$L11:
+        .set    noreorder
+        .set    nomacro
+        j       $31
+        move    $2,$6
+        .set    macro
+        .set    reorder
+        .end    bn_mul_words
+        .align  2
+        .globl  bn_sqr_words
+        .ent    bn_sqr_words
+bn_sqr_words:
+        .frame  $sp,0,$31               # vars= 0, regs= 0/0, args= 0, extra= 0
+        .mask   0x00000000,0
+        .fmask  0x00000000,0
+        .set    noreorder
+        .cpload $25
+        .set    reorder
+        move    $9,$4
+        addu    $7,$9,28
+        addu    $8,$5,12
+$L18:
+        lw      $2,0($5)
+        #nop
+        multu   $2,$2
+        mfhi    $2
+        mflo    $3
+        #nop
+        addu    $6,$6,-1
+        sw      $3,0($9)
+        srl     $3,$2,0
+        move    $2,$0
+        .set    noreorder
+        .set    nomacro
+        beq     $6,$0,$L19
+        sw      $3,-24($7)
+        .set    macro
+        .set    reorder
+        lw      $2,-8($8)
+        #nop
+        multu   $2,$2
+        mfhi    $2
+        mflo    $3
+        #nop
+        addu    $6,$6,-1
+        sw      $3,-20($7)
+        srl     $3,$2,0
+        move    $2,$0
+        .set    noreorder
+        .set    nomacro
+        beq     $6,$0,$L19
+        sw      $3,-16($7)
+        .set    macro
+        .set    reorder
+        lw      $2,-4($8)
+        #nop
+        multu   $2,$2
+        mfhi    $2
+        mflo    $3
+        #nop
+        addu    $6,$6,-1
+        sw      $3,-12($7)
+        srl     $3,$2,0
+        move    $2,$0
+        .set    noreorder
+        .set    nomacro
+        beq     $6,$0,$L19
+        sw      $3,-8($7)
+        .set    macro
+        .set    reorder
+        lw      $2,0($8)
+        #nop
+        multu   $2,$2
+        mfhi    $2
+        mflo    $3
+        #nop
+        addu    $6,$6,-1
+        sw      $3,-4($7)
+        srl     $3,$2,0
+        move    $2,$0
+        .set    noreorder
+        .set    nomacro
+        beq     $6,$0,$L19
+        sw      $3,0($7)
+        .set    macro
+        .set    reorder
+        addu    $8,$8,16
+        addu    $5,$5,16
+        addu    $7,$7,32
+        .set    noreorder
+        .set    nomacro
+        j       $L18
+        addu    $9,$9,32
+        .set    macro
+        .set    reorder
+$L19:
+        j       $31
+        .end    bn_sqr_words
+        .rdata
+        .align  2
+$LC0:
+        .byte   0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e
+        .byte   0x20,0x77,0x6f,0x75,0x6c,0x64,0x20,0x6f
+        .byte   0x76,0x65,0x72,0x66,0x6c,0x6f,0x77,0xa
+        .byte   0x0
+        .text
+        .align  2
+        .globl  bn_div64
+        .ent    bn_div64
+bn_div64:
+        .frame  $sp,56,$31              # vars= 0, regs= 7/0, args= 16, extra= 8
+        .mask   0x901f0000,-8
+        .fmask  0x00000000,0
+        .set    noreorder
+        .cpload $25
+        .set    reorder
+        subu    $sp,$sp,56
+        .cprestore 16
+        sw      $16,24($sp)
+        move    $16,$4
+        sw      $17,28($sp)
+        move    $17,$5
+        sw      $18,32($sp)
+        move    $18,$6
+        sw      $20,40($sp)
+        move    $20,$0
+        sw      $19,36($sp)
+        li      $19,0x00000002          # 2
+        sw      $31,48($sp)
+        .set    noreorder
+        .set    nomacro
+        bne     $18,$0,$L26
+        sw      $28,44($sp)
+        .set    macro
+        .set    reorder
+        .set    noreorder
+        .set    nomacro
+        j       $L43
+        li      $2,-1                   # 0xffffffff
+        .set    macro
+        .set    reorder
+$L26:
+        move    $4,$18
+        jal     BN_num_bits_word
+        move    $4,$2
+        li      $2,0x00000020           # 32
+        .set    noreorder
+        .set    nomacro
+        beq     $4,$2,$L27
+        li      $2,0x00000001           # 1
+        .set    macro
+        .set    reorder
+        sll     $2,$2,$4
+        sltu    $2,$2,$16
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$0,$L44
+        li      $5,0x00000020           # 32
+        .set    macro
+        .set    reorder
+        la      $4,__iob+32
+        la      $5,$LC0
+        jal     fprintf
+        jal     abort
+$L27:
+        li      $5,0x00000020           # 32
+$L44:
+        sltu    $2,$16,$18
+        .set    noreorder
+        .set    nomacro
+        bne     $2,$0,$L28
+        subu    $4,$5,$4
+        .set    macro
+        .set    reorder
+        subu    $16,$16,$18
+$L28:
+        .set    noreorder
+        .set    nomacro
+        beq     $4,$0,$L29
+        li      $10,-65536                      # 0xffff0000
+        .set    macro
+        .set    reorder
+        sll     $18,$18,$4
+        sll     $3,$16,$4
+        subu    $2,$5,$4
+        srl     $2,$17,$2
+        or      $16,$3,$2
+        sll     $17,$17,$4
+$L29:
+        srl     $7,$18,16
+        andi    $9,$18,0xffff
+$L30:
+        srl     $2,$16,16
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$7,$L34
+        li      $6,0x0000ffff           # 65535
+        .set    macro
+        .set    reorder
+        divu    $6,$16,$7
+$L34:
+        mult    $6,$9
+        mflo    $5
+        #nop
+        #nop
+        mult    $6,$7
+        and     $2,$17,$10
+        srl     $8,$2,16
+        mflo    $4
+$L35:
+        subu    $3,$16,$4
+        and     $2,$3,$10
+        .set    noreorder
+        .set    nomacro
+        bne     $2,$0,$L36
+        sll     $2,$3,16
+        .set    macro
+        .set    reorder
+        addu    $2,$2,$8
+        sltu    $2,$2,$5
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$0,$L36
+        subu    $5,$5,$9
+        .set    macro
+        .set    reorder
+        subu    $4,$4,$7
+        .set    noreorder
+        .set    nomacro
+        j       $L35
+        addu    $6,$6,-1
+        .set    macro
+        .set    reorder
+$L36:
+        mult    $6,$7
+        mflo    $5
+        #nop
+        #nop
+        mult    $6,$9
+        mflo    $4
+        #nop
+        #nop
+        srl     $3,$4,16
+        sll     $2,$4,16
+        and     $4,$2,$10
+        sltu    $2,$17,$4
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$0,$L40
+        addu    $5,$5,$3
+        .set    macro
+        .set    reorder
+        addu    $5,$5,1
+$L40:
+        sltu    $2,$16,$5
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$0,$L41
+        subu    $17,$17,$4
+        .set    macro
+        .set    reorder
+        addu    $16,$16,$18
+        addu    $6,$6,-1
+$L41:
+        addu    $19,$19,-1
+        .set    noreorder
+        .set    nomacro
+        beq     $19,$0,$L31
+        subu    $16,$16,$5
+        .set    macro
+        .set    reorder
+        sll     $20,$6,16
+        sll     $3,$16,16
+        srl     $2,$17,16
+        or      $16,$3,$2
+        .set    noreorder
+        .set    nomacro
+        j       $L30
+        sll     $17,$17,16
+        .set    macro
+        .set    reorder
+$L31:
+        or      $2,$20,$6
+$L43:
+        lw      $31,48($sp)
+        lw      $20,40($sp)
+        lw      $19,36($sp)
+        lw      $18,32($sp)
+        lw      $17,28($sp)
+        lw      $16,24($sp)
+        addu    $sp,$sp,56
+        j       $31
+        .end    bn_div64
+        .globl abort .text
+        .globl fprintf .text
+        .globl BN_num_bits_word .text
diff --git a/src/lib/libssl/src/crypto/bn/bn_add.c b/src/lib/libssl/src/crypto/bn/bn_add.c
new file mode 100644
index 0000000000..efb2e312e8
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_add.c
@@ -0,0 +1,167 @@
+/* crypto/bn/bn_add.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+/* r can == a or b */
+int BN_add(r, a, b)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+        {
+        int i;
+        BIGNUM *tmp;
+        /*  a +  b      a+b
+         *  a + -b      a-b
+         * -a +  b      b-a
+         * -a + -b      -(a+b)
+         */
+        if (a->neg ^ b->neg)
+                {
+                /* only one is negative */
+                if (a->neg)
+                        { tmp=a; a=b; b=tmp; }
+                /* we are now a - b */
+                if (BN_ucmp(a,b) < 0)
+                        {
+                        if (bn_wexpand(r,b->top) == NULL) return(0);
+                        bn_qsub(r,b,a);
+                        r->neg=1;
+                        }
+                else
+                        {
+                        if (bn_wexpand(r,a->top) == NULL) return(0);
+                        bn_qsub(r,a,b);
+                        r->neg=0;
+                        }
+                return(1);
+                }
+        if (a->neg) /* both are neg */
+                r->neg=1;
+        else
+                r->neg=0;
+        i=(a->top > b->top);
+        if (i)
+                {
+                if (bn_wexpand(r,a->top+1) == NULL) return(0);
+                bn_qadd(r,a,b);
+                }
+        else
+                {
+                if (bn_wexpand(r,b->top+1) == NULL) return(0);
+                bn_qadd(r,b,a);
+                }
+        return(1);
+        }
+/* unsigned add of b to a, r must be large enough */
+void bn_qadd(r,a,b)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+        {
+        register int i;
+        int max,min;
+        BN_ULONG *ap,*bp,*rp,carry,t1;
+        max=a->top;
+        min=b->top;
+        r->top=max;
+        ap=a->d;
+        bp=b->d;
+        rp=r->d;
+        carry=0;
+        carry=bn_add_words(rp,ap,bp,min);
+        rp+=min;
+        ap+=min;
+        bp+=min;
+        i=min;
+        if (carry)
+                {
+                while (i < max)
+                        {
+                        i++;
+                        t1= *(ap++);
+                        if ((*(rp++)=(t1+1)&BN_MASK2) >= t1)
+                                {
+                                carry=0;
+                                break;
+                                }
+                        }
+                if ((i >= max) && carry)
+                        {
+                        *(rp++)=1;
+                        r->top++;
+                        }
+                }
+        for (; i<max; i++)
+                *(rp++)= *(ap++);
+        /* memcpy(rp,ap,sizeof(*ap)*(max-i));*/
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_blind.c b/src/lib/libssl/src/crypto/bn/bn_blind.c
new file mode 100644
index 0000000000..a7b34f0bf0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_blind.c
@@ -0,0 +1,143 @@
+/* crypto/bn/bn_blind.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+BN_BLINDING *BN_BLINDING_new(A,Ai,mod)
+BIGNUM *A;
+BIGNUM *Ai;
+BIGNUM *mod;
+        {
+        BN_BLINDING *ret=NULL;
+        if ((ret=(BN_BLINDING *)Malloc(sizeof(BN_BLINDING))) == NULL)
+                BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
+        memset(ret,0,sizeof(BN_BLINDING));
+        if ((ret->A=BN_new()) == NULL) goto err;
+        if ((ret->Ai=BN_new()) == NULL) goto err;
+        if (!BN_copy(ret->A,A)) goto err;
+        if (!BN_copy(ret->Ai,Ai)) goto err;
+        ret->mod=mod;
+        return(ret);
+err:
+        if (ret != NULL) BN_BLINDING_free(ret);
+        return(ret);
+        }
+void BN_BLINDING_free(r)
+BN_BLINDING *r;
+        {
+        if (r->A  != NULL) BN_free(r->A );
+        if (r->Ai != NULL) BN_free(r->Ai);
+        Free(r);
+        }
+int BN_BLINDING_update(b,ctx)
+BN_BLINDING *b;
+BN_CTX *ctx;
+        {
+        int ret=0;
+        if ((b->A == NULL) || (b->Ai == NULL))
+                {
+                BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITALISED);
+                goto err;
+                }
+                
+        if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;
+        if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;
+        ret=1;
+err:
+        return(ret);
+        }
+int BN_BLINDING_convert(n,b,ctx)
+BIGNUM *n;
+BN_BLINDING *b;
+BN_CTX *ctx;
+        {
+        if ((b->A == NULL) || (b->Ai == NULL))
+                {
+                BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITALISED);
+                return(0);
+                }
+        return(BN_mod_mul(n,n,b->A,b->mod,ctx));
+        }
+int BN_BLINDING_invert(n,b,ctx)
+BIGNUM *n;
+BN_BLINDING *b;
+BN_CTX *ctx;
+        {
+        int ret;
+        if ((b->A == NULL) || (b->Ai == NULL))
+                {
+                BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITALISED);
+                return(0);
+                }
+        if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0)
+                {
+                if (!BN_BLINDING_update(b,ctx))
+                        return(0);
+                }
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_div.c b/src/lib/libssl/src/crypto/bn/bn_div.c
new file mode 100644
index 0000000000..2263bdc7da
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_div.c
@@ -0,0 +1,286 @@
+/* crypto/bn/bn_div.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+/* The old slow way */
+#if 0
+int BN_div(dv, rem, m, d,ctx)
+BIGNUM *dv;
+BIGNUM *rem;
+BIGNUM *m;
+BIGNUM *d;
+BN_CTX *ctx;
+        {
+        int i,nm,nd;
+        BIGNUM *D;
+        if (BN_is_zero(d))
+                {
+                BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
+                return(0);
+                }
+        if (BN_ucmp(m,d) < 0)
+                {
+                if (rem != NULL)
+                        { if (BN_copy(rem,m) == NULL) return(0); }
+                if (dv != NULL) BN_zero(dv);
+                return(1);
+                }
+        D=ctx->bn[ctx->tos];
+        if (dv == NULL) dv=ctx->bn[ctx->tos+1];
+        if (rem == NULL) rem=ctx->bn[ctx->tos+2];
+        nd=BN_num_bits(d);
+        nm=BN_num_bits(m);
+        if (BN_copy(D,d) == NULL) return(0);
+        if (BN_copy(rem,m) == NULL) return(0);
+        /* The next 2 are needed so we can do a dv->d[0]|=1 later
+         * since BN_lshift1 will only work once there is a value :-) */
+        BN_zero(dv);
+        dv->top=1;
+        if (!BN_lshift(D,D,nm-nd)) return(0);
+        for (i=nm-nd; i>=0; i--)
+                {
+                if (!BN_lshift1(dv,dv)) return(0);
+                if (BN_ucmp(rem,D) >= 0)
+                        {
+                        dv->d[0]|=1;
+                        bn_qsub(rem,rem,D);
+                        }
+/* CAN IMPROVE (and have now :=) */
+                if (!BN_rshift1(D,D)) return(0);
+                }
+        rem->neg=BN_is_zero(rem)?0:m->neg;
+        dv->neg=m->neg^d->neg;
+        return(1);
+        }
+#else
+int BN_div(dv, rm, num, divisor,ctx)
+BIGNUM *dv;
+BIGNUM *rm;
+BIGNUM *num;
+BIGNUM *divisor;
+BN_CTX *ctx;
+        {
+        int norm_shift,i,j,loop;
+        BIGNUM *tmp,wnum,*snum,*sdiv,*res;
+        BN_ULONG *resp,*wnump;
+        BN_ULONG d0,d1;
+        int num_n,div_n;
+        if (BN_is_zero(divisor))
+                {
+                BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
+                return(0);
+                }
+        if (BN_ucmp(num,divisor) < 0)
+                {
+                if (rm != NULL)
+                        { if (BN_copy(rm,num) == NULL) return(0); }
+                if (dv != NULL) BN_zero(dv);
+                return(1);
+                }
+        tmp=ctx->bn[ctx->tos]; 
+        tmp->neg=0;
+        snum=ctx->bn[ctx->tos+1];
+        sdiv=ctx->bn[ctx->tos+2];
+        if (dv == NULL)
+                res=ctx->bn[ctx->tos+3];
+        else    res=dv;
+        /* First we normalise the numbers */
+        norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
+        BN_lshift(sdiv,divisor,norm_shift);
+        sdiv->neg=0;
+        norm_shift+=BN_BITS2;
+        BN_lshift(snum,num,norm_shift);
+        snum->neg=0;
+        div_n=sdiv->top;
+        num_n=snum->top;
+        loop=num_n-div_n;
+        /* Lets setup a 'window' into snum
+         * This is the part that corresponds to the current
+         * 'area' being divided */
+        wnum.d=  &(snum->d[loop]);
+        wnum.top= div_n;
+        wnum.max= snum->max; /* a bit of a lie */
+        wnum.neg= 0;
+        /* Get the top 2 words of sdiv */
+        /* i=sdiv->top; */
+        d0=sdiv->d[div_n-1];
+        d1=(div_n == 1)?0:sdiv->d[div_n-2];
+        /* pointer to the 'top' of snum */
+        wnump= &(snum->d[num_n-1]);
+        /* Setup to 'res' */
+        res->neg= (num->neg^divisor->neg);
+        res->top=loop;
+        if (!bn_wexpand(res,(loop+1))) goto err;
+        resp= &(res->d[loop-1]);
+        /* space for temp */
+        if (!bn_wexpand(tmp,(div_n+1))) goto err;
+        if (BN_ucmp(&wnum,sdiv) >= 0)
+                {
+                bn_qsub(&wnum,&wnum,sdiv);
+                *resp=1;
+                res->d[res->top-1]=1;
+                }
+        else
+                res->top--;
+        resp--;
+        for (i=0; i<loop-1; i++)
+                {
+                BN_ULONG q,n0,n1;
+                BN_ULONG l0;
+                wnum.d--; wnum.top++;
+                n0=wnump[0];
+                n1=wnump[-1];
+                if (n0 == d0)
+                        q=BN_MASK2;
+                else
+                        q=bn_div64(n0,n1,d0);
+                {
+#ifdef BN_LLONG
+                BN_ULLONG t1,t2,rem;
+                t1=((BN_ULLONG)n0<<BN_BITS2)|n1;
+                for (;;)
+                        {
+                        t2=(BN_ULLONG)d1*q;
+                        rem=t1-(BN_ULLONG)q*d0;
+                        if ((rem>>BN_BITS2) ||
+                                (t2 <= ((BN_ULLONG)(rem<<BN_BITS2)+wnump[-2])))
+                                break;
+                        q--;
+                        }
+#else
+                BN_ULONG t1l,t1h,t2l,t2h,t3l,t3h,ql,qh,t3t;
+                t1h=n0;
+                t1l=n1;
+                for (;;)
+                        {
+                        t2l=LBITS(d1); t2h=HBITS(d1);
+                        ql =LBITS(q);  qh =HBITS(q);
+                        mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+                        t3t=LBITS(d0); t3h=HBITS(d0);
+                        mul64(t3t,t3h,ql,qh); /* t3=t1-(BN_ULLONG)q*d0; */
+                        t3l=(t1l-t3t)&BN_MASK2;
+                        if (t3l > t1l) t3h++;
+                        t3h=(t1h-t3h)&BN_MASK2;
+                        /*if ((t3>>BN_BITS2) ||
+                                (t2 <= ((t3<<BN_BITS2)+wnump[-2])))
+                                break; */
+                        if (t3h) break;
+                        if (t2h < t3l) break;
+                        if ((t2h == t3l) && (t2l <= wnump[-2])) break;
+                        q--;
+                        }
+#endif
+                }
+                l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
+                tmp->d[div_n]=l0;
+                for (j=div_n+1; j>0; j--)
+                        if (tmp->d[j-1]) break;
+                tmp->top=j;
+                j=wnum.top;
+                BN_sub(&wnum,&wnum,tmp);
+                snum->top=snum->top+wnum.top-j;
+                if (wnum.neg)
+                        {
+                        q--;
+                        j=wnum.top;
+                        BN_add(&wnum,&wnum,sdiv);
+                        snum->top+=wnum.top-j;
+                        }
+                *(resp--)=q;
+                wnump--;
+                }
+        if (rm != NULL)
+                {
+                BN_rshift(rm,snum,norm_shift);
+                rm->neg=num->neg;
+                }
+        return(1);
+err:
+        return(0);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/bn/bn_err.c b/src/lib/libssl/src/crypto/bn/bn_err.c
new file mode 100644
index 0000000000..029ae810d5
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_err.c
@@ -0,0 +1,111 @@
+/* lib/bn/bn_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "bn.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA BN_str_functs[]=
+        {
+{ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0),        "BN_BLINDING_convert"},
+{ERR_PACK(0,BN_F_BN_BLINDING_INVERT,0), "BN_BLINDING_invert"},
+{ERR_PACK(0,BN_F_BN_BLINDING_NEW,0),    "BN_BLINDING_new"},
+{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"},
+{ERR_PACK(0,BN_F_BN_BN2DEC,0),  "BN_bn2dec"},
+{ERR_PACK(0,BN_F_BN_BN2HEX,0),  "BN_bn2hex"},
+{ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"},
+{ERR_PACK(0,BN_F_BN_DIV,0),     "BN_div"},
+{ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"},
+{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0),    "BN_mod_exp_mont"},
+{ERR_PACK(0,BN_F_BN_MOD_INVERSE,0),     "BN_mod_inverse"},
+{ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0),      "BN_mod_mul_reciprocal"},
+{ERR_PACK(0,BN_F_BN_MPI2BN,0),  "BN_mpi2bn"},
+{ERR_PACK(0,BN_F_BN_NEW,0),     "BN_new"},
+{ERR_PACK(0,BN_F_BN_RAND,0),    "BN_rand"},
+{0,NULL},
+        };
+static ERR_STRING_DATA BN_str_reasons[]=
+        {
+{BN_R_BAD_RECIPROCAL                     ,"bad reciprocal"},
+{BN_R_CALLED_WITH_EVEN_MODULUS           ,"called with even modulus"},
+{BN_R_DIV_BY_ZERO                        ,"div by zero"},
+{BN_R_ENCODING_ERROR                     ,"encoding error"},
+{BN_R_INVALID_LENGTH                     ,"invalid length"},
+{BN_R_NOT_INITALISED                     ,"not initalised"},
+{BN_R_NO_INVERSE                         ,"no inverse"},
+{0,NULL},
+        };
+#endif
+void ERR_load_BN_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_BN,BN_str_functs);
+                ERR_load_strings(ERR_LIB_BN,BN_str_reasons);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_exp.c b/src/lib/libssl/src/crypto/bn/bn_exp.c
new file mode 100644
index 0000000000..c056a5083f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_exp.c
@@ -0,0 +1,553 @@
+/* crypto/bn/bn_exp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+/* slow but works */
+int BN_mod_mul(ret, a, b, m, ctx)
+BIGNUM *ret;
+BIGNUM *a;
+BIGNUM *b;
+BIGNUM *m;
+BN_CTX *ctx;
+        {
+        BIGNUM *t;
+        int r=0;
+        t=ctx->bn[ctx->tos++];
+        if (a == b)
+                { if (!BN_sqr(t,a,ctx)) goto err; }
+        else
+                { if (!BN_mul(t,a,b)) goto err; }
+        if (!BN_mod(ret,t,m,ctx)) goto err;
+        r=1;
+err:
+        ctx->tos--;
+        return(r);
+        }
+#if 0
+/* this one works - simple but works */
+int BN_mod_exp(r,a,p,m,ctx)
+BIGNUM *r,*a,*p,*m;
+BN_CTX *ctx;
+        {
+        int i,bits,ret=0;
+        BIGNUM *v,*tmp;
+        v=ctx->bn[ctx->tos++];
+        tmp=ctx->bn[ctx->tos++];
+        if (BN_copy(v,a) == NULL) goto err;
+        bits=BN_num_bits(p);
+        if (BN_is_odd(p))
+                { if (BN_copy(r,a) == NULL) goto err; }
+        else    { if (BN_one(r)) goto err; }
+        for (i=1; i<bits; i++)
+                {
+                if (!BN_sqr(tmp,v,ctx)) goto err;
+                if (!BN_mod(v,tmp,m,ctx)) goto err;
+                if (BN_is_bit_set(p,i))
+                        {
+                        if (!BN_mul(tmp,r,v)) goto err;
+                        if (!BN_mod(r,tmp,m,ctx)) goto err;
+                        }
+                }
+        ret=1;
+err:
+        ctx->tos-=2;
+        return(ret);
+        }
+#endif
+/* this one works - simple but works */
+int BN_exp(r,a,p,ctx)
+BIGNUM *r,*a,*p;
+BN_CTX *ctx;
+        {
+        int i,bits,ret=0;
+        BIGNUM *v,*tmp;
+        v=ctx->bn[ctx->tos++];
+        tmp=ctx->bn[ctx->tos++];
+        if (BN_copy(v,a) == NULL) goto err;
+        bits=BN_num_bits(p);
+        if (BN_is_odd(p))
+                { if (BN_copy(r,a) == NULL) goto err; }
+        else    { if (BN_one(r)) goto err; }
+        for (i=1; i<bits; i++)
+                {
+                if (!BN_sqr(tmp,v,ctx)) goto err;
+                if (BN_is_bit_set(p,i))
+                        {
+                        if (!BN_mul(tmp,r,v)) goto err;
+                        }
+                }
+        ret=1;
+err:
+        ctx->tos-=2;
+        return(ret);
+        }
+int BN_mod_exp(r,a,p,m,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *p;
+BIGNUM *m;
+BN_CTX *ctx;
+        {
+        int ret;
+#ifdef MONT_MUL_MOD
+        /* I have finally been able to take out this pre-condition of
+         * the top bit being set.  It was caused by an error in BN_div
+         * with negatives.  There was also another problem when for a^b%m
+         * a >= m.  eay 07-May-97 */
+/*      if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
+        if (BN_is_odd(m))
+                { ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); }
+        else
+#endif
+#ifdef RECP_MUL_MOD
+                { ret=BN_mod_exp_recp(r,a,p,m,ctx); }
+#else
+                { ret=BN_mod_exp_simple(r,a,p,m,ctx); }
+#endif
+        return(ret);
+        }
+/* #ifdef RECP_MUL_MOD */
+int BN_mod_exp_recp(r,a,p,m,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *p;
+BIGNUM *m;
+BN_CTX *ctx;
+        {
+        int nb,i,j,bits,ret=0,wstart,wend,window,wvalue;
+        int start=1;
+        BIGNUM *d,*aa;
+        BIGNUM *val[16];
+        d=ctx->bn[ctx->tos++];
+        aa=ctx->bn[ctx->tos++];
+        bits=BN_num_bits(p);
+        if (bits == 0)
+                {
+                BN_one(r);
+                return(1);
+                }
+        nb=BN_reciprocal(d,m,ctx);
+        if (nb == -1) goto err;
+        val[0]=BN_new();
+        if (!BN_mod(val[0],a,m,ctx)) goto err;          /* 1 */
+        if (!BN_mod_mul_reciprocal(aa,val[0],val[0],m,d,nb,ctx))
+                goto err;                               /* 2 */
+        if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
+                window=1;
+        else if (bits >= 256)
+                window=5;       /* max size of window */
+        else if (bits >= 128)
+                window=4;
+        else
+                window=3;
+        j=1<<(window-1);
+        for (i=1; i<j; i++)
+                {
+                val[i]=BN_new();
+                if (!BN_mod_mul_reciprocal(val[i],val[i-1],aa,m,d,nb,ctx))
+                        goto err;
+                }
+        for (; i<16; i++)
+                val[i]=NULL;
+        start=1;        /* This is used to avoid multiplication etc
+                         * when there is only the value '1' in the
+                         * buffer. */
+        wvalue=0;       /* The 'value' of the window */
+        wstart=bits-1;  /* The top bit of the window */
+        wend=0;         /* The bottom bit of the window */
+        if (!BN_one(r)) goto err;
+        for (;;)
+                {
+                if (BN_is_bit_set(p,wstart) == 0)
+                        {
+                        if (!start)
+                                if (!BN_mod_mul_reciprocal(r,r,r,m,d,nb,ctx))
+                                goto err;
+                        if (wstart == 0) break;
+                        wstart--;
+                        continue;
+                        }
+                /* We now have wstart on a 'set' bit, we now need to work out
+                 * how bit a window to do.  To do this we need to scan
+                 * forward until the last set bit before the end of the
+                 * window */
+                j=wstart;
+                wvalue=1;
+                wend=0;
+                for (i=1; i<window; i++)
+                        {
+                        if (wstart-i < 0) break;
+                        if (BN_is_bit_set(p,wstart-i))
+                                {
+                                wvalue<<=(i-wend);
+                                wvalue|=1;
+                                wend=i;
+                                }
+                        }
+                /* wend is the size of the current window */
+                j=wend+1;
+                /* add the 'bytes above' */
+                if (!start)
+                        for (i=0; i<j; i++)
+                                {
+                                if (!BN_mod_mul_reciprocal(r,r,r,m,d,nb,ctx))
+                                        goto err;
+                                }
+                
+                /* wvalue will be an odd number < 2^window */
+                if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],m,d,nb,ctx))
+                        goto err;
+                /* move the 'window' down further */
+                wstart-=wend+1;
+                wvalue=0;
+                start=0;
+                if (wstart < 0) break;
+                }
+        ret=1;
+err:
+        ctx->tos-=2;
+        for (i=0; i<16; i++)
+                if (val[i] != NULL) BN_clear_free(val[i]);
+        return(ret);
+        }
+/* #endif */
+/* #ifdef MONT_MUL_MOD */
+int BN_mod_exp_mont(r,a,p,m,ctx,in_mont)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *p;
+BIGNUM *m;
+BN_CTX *ctx;
+BN_MONT_CTX *in_mont;
+        {
+#define TABLE_SIZE      16
+        int i,j,bits,ret=0,wstart,wend,window,wvalue;
+        int start=1;
+        BIGNUM *d,*aa;
+        BIGNUM *val[TABLE_SIZE];
+        BN_MONT_CTX *mont=NULL;
+        if (!(m->d[0] & 1))
+                {
+                BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
+                return(0);
+                }
+        d=ctx->bn[ctx->tos++];
+        bits=BN_num_bits(p);
+        if (bits == 0)
+                {
+                BN_one(r);
+                return(1);
+                }
+        /* If this is not done, things will break in the montgomery
+         * part */
+#if 1
+        if (in_mont != NULL)
+                mont=in_mont;
+        else
+#endif
+                {
+                if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+                if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+                }
+        val[0]=BN_new();
+        if (BN_ucmp(a,m) >= 0)
+                {
+                BN_mod(val[0],a,m,ctx);
+                aa=val[0];
+                }
+        else
+                aa=a;
+        if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */
+        if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */
+        if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */
+                window=1;
+        else if (bits > 250)
+                window=5;       /* max size of window */
+        else if (bits >= 120)
+                window=4;
+        else
+                window=3;
+        j=1<<(window-1);
+        for (i=1; i<j; i++)
+                {
+                val[i]=BN_new();
+                if (!BN_mod_mul_montgomery(val[i],val[i-1],d,mont,ctx))
+                        goto err;
+                }
+        for (; i<TABLE_SIZE; i++)
+                val[i]=NULL;
+        start=1;        /* This is used to avoid multiplication etc
+                         * when there is only the value '1' in the
+                         * buffer. */
+        wvalue=0;       /* The 'value' of the window */
+        wstart=bits-1;  /* The top bit of the window */
+        wend=0;         /* The bottom bit of the window */
+        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+        for (;;)
+                {
+                if (BN_is_bit_set(p,wstart) == 0)
+                        {
+                        if (!start)
+                                {
+                                if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+                                goto err;
+                                }
+                        if (wstart == 0) break;
+                        wstart--;
+                        continue;
+                        }
+                /* We now have wstart on a 'set' bit, we now need to work out
+                 * how bit a window to do.  To do this we need to scan
+                 * forward until the last set bit before the end of the
+                 * window */
+                j=wstart;
+                wvalue=1;
+                wend=0;
+                for (i=1; i<window; i++)
+                        {
+                        if (wstart-i < 0) break;
+                        if (BN_is_bit_set(p,wstart-i))
+                                {
+                                wvalue<<=(i-wend);
+                                wvalue|=1;
+                                wend=i;
+                                }
+                        }
+                /* wend is the size of the current window */
+                j=wend+1;
+                /* add the 'bytes above' */
+                if (!start)
+                        for (i=0; i<j; i++)
+                                {
+                                if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+                                        goto err;
+                                }
+                
+                /* wvalue will be an odd number < 2^window */
+                if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx))
+                        goto err;
+                /* move the 'window' down further */
+                wstart-=wend+1;
+                wvalue=0;
+                start=0;
+                if (wstart < 0) break;
+                }
+        BN_from_montgomery(r,r,mont,ctx);
+        ret=1;
+err:
+        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+        ctx->tos--;
+        for (i=0; i<TABLE_SIZE; i++)
+                if (val[i] != NULL) BN_clear_free(val[i]);
+        return(ret);
+        }
+/* #endif */
+/* The old fallback, simple version :-) */
+int BN_mod_exp_simple(r,a,p,m,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *p;
+BIGNUM *m;
+BN_CTX *ctx;
+        {
+        int i,j,bits,ret=0,wstart,wend,window,wvalue;
+        int start=1;
+        BIGNUM *d;
+        BIGNUM *val[16];
+        d=ctx->bn[ctx->tos++];
+        bits=BN_num_bits(p);
+        if (bits == 0)
+                {
+                BN_one(r);
+                return(1);
+                }
+        val[0]=BN_new();
+        if (!BN_mod(val[0],a,m,ctx)) goto err;          /* 1 */
+        if (!BN_mod_mul(d,val[0],val[0],m,ctx))
+                goto err;                               /* 2 */
+        if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
+                window=1;
+        else if (bits >= 256)
+                window=5;       /* max size of window */
+        else if (bits >= 128)
+                window=4;
+        else
+                window=3;
+        j=1<<(window-1);
+        for (i=1; i<j; i++)
+                {
+                val[i]=BN_new();
+                if (!BN_mod_mul(val[i],val[i-1],d,m,ctx))
+                        goto err;
+                }
+        for (; i<16; i++)
+                val[i]=NULL;
+        start=1;        /* This is used to avoid multiplication etc
+                         * when there is only the value '1' in the
+                         * buffer. */
+        wvalue=0;       /* The 'value' of the window */
+        wstart=bits-1;  /* The top bit of the window */
+        wend=0;         /* The bottom bit of the window */
+        if (!BN_one(r)) goto err;
+        for (;;)
+                {
+                if (BN_is_bit_set(p,wstart) == 0)
+                        {
+                        if (!start)
+                                if (!BN_mod_mul(r,r,r,m,ctx))
+                                goto err;
+                        if (wstart == 0) break;
+                        wstart--;
+                        continue;
+                        }
+                /* We now have wstart on a 'set' bit, we now need to work out
+                 * how bit a window to do.  To do this we need to scan
+                 * forward until the last set bit before the end of the
+                 * window */
+                j=wstart;
+                wvalue=1;
+                wend=0;
+                for (i=1; i<window; i++)
+                        {
+                        if (wstart-i < 0) break;
+                        if (BN_is_bit_set(p,wstart-i))
+                                {
+                                wvalue<<=(i-wend);
+                                wvalue|=1;
+                                wend=i;
+                                }
+                        }
+                /* wend is the size of the current window */
+                j=wend+1;
+                /* add the 'bytes above' */
+                if (!start)
+                        for (i=0; i<j; i++)
+                                {
+                                if (!BN_mod_mul(r,r,r,m,ctx))
+                                        goto err;
+                                }
+                
+                /* wvalue will be an odd number < 2^window */
+                if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx))
+                        goto err;
+                /* move the 'window' down further */
+                wstart-=wend+1;
+                wvalue=0;
+                start=0;
+                if (wstart < 0) break;
+                }
+        ret=1;
+err:
+        ctx->tos--;
+        for (i=0; i<16; i++)
+                if (val[i] != NULL) BN_clear_free(val[i]);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_gcd.c b/src/lib/libssl/src/crypto/bn/bn_gcd.c
new file mode 100644
index 0000000000..071bba3b4b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_gcd.c
@@ -0,0 +1,203 @@
+/* crypto/bn/bn_gcd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#ifndef NOPROTO
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
+#else
+static BIGNUM *euclid();
+#endif
+int BN_gcd(r,in_a,in_b,ctx)
+BIGNUM *r,*in_a,*in_b;
+BN_CTX *ctx;
+        {
+        BIGNUM *a,*b,*t;
+        int ret=0;
+        a=ctx->bn[ctx->tos];
+        b=ctx->bn[ctx->tos+1];
+        if (BN_copy(a,in_a) == NULL) goto err;
+        if (BN_copy(b,in_b) == NULL) goto err;
+        if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }
+        t=euclid(a,b);
+        if (t == NULL) goto err;
+        if (BN_copy(r,t) == NULL) goto err;
+        ret=1;
+err:
+        return(ret);
+        }
+static BIGNUM *euclid(a,b)
+BIGNUM *a,*b;
+        {
+        BIGNUM *t;
+        int shifts=0;
+        for (;;)
+                {
+                if (BN_is_zero(b))
+                        break;
+                if (BN_is_odd(a))
+                        {
+                        if (BN_is_odd(b))
+                                {
+                                if (!BN_sub(a,a,b)) goto err;
+                                if (!BN_rshift1(a,a)) goto err;
+                                if (BN_cmp(a,b) < 0)
+                                        { t=a; a=b; b=t; }
+                                }
+                        else            /* a odd - b even */
+                                {
+                                if (!BN_rshift1(b,b)) goto err;
+                                if (BN_cmp(a,b) < 0)
+                                        { t=a; a=b; b=t; }
+                                }
+                        }
+                else                    /* a is even */
+                        {
+                        if (BN_is_odd(b))
+                                {
+                                if (!BN_rshift1(a,a)) goto err;
+                                if (BN_cmp(a,b) < 0)
+                                        { t=a; a=b; b=t; }
+                                }
+                        else            /* a even - b even */
+                                {
+                                if (!BN_rshift1(a,a)) goto err;
+                                if (!BN_rshift1(b,b)) goto err;
+                                shifts++;
+                                }
+                        }
+                }
+        if (shifts)
+                {
+                if (!BN_lshift(a,a,shifts)) goto err;
+                }
+        return(a);
+err:
+        return(NULL);
+        }
+/* solves ax == 1 (mod n) */
+BIGNUM *BN_mod_inverse(a, n, ctx)
+BIGNUM *a;
+BIGNUM *n;
+BN_CTX *ctx;
+        {
+        BIGNUM *A,*B,*X,*Y,*M,*D,*R;
+        BIGNUM *ret=NULL,*T;
+        int sign;
+        A=ctx->bn[ctx->tos];
+        B=ctx->bn[ctx->tos+1];
+        X=ctx->bn[ctx->tos+2];
+        D=ctx->bn[ctx->tos+3];
+        M=ctx->bn[ctx->tos+4];
+        Y=ctx->bn[ctx->tos+5];
+        ctx->tos+=6;
+        R=BN_new();
+        if (R == NULL) goto err;
+        BN_zero(X);
+        BN_one(Y);
+        if (BN_copy(A,a) == NULL) goto err;
+        if (BN_copy(B,n) == NULL) goto err;
+        sign=1;
+        while (!BN_is_zero(B))
+                {
+                if (!BN_div(D,M,A,B,ctx)) goto err;
+                T=A;
+                A=B;
+                B=M;
+                /* T has a struct, M does not */
+                if (!BN_mul(T,D,X)) goto err;
+                if (!BN_add(T,T,Y)) goto err;
+                M=Y;
+                Y=X;
+                X=T;
+                sign= -sign;
+                }
+        if (sign < 0)
+                {
+                if (!BN_sub(Y,n,Y)) goto err;
+                }
+        if (BN_is_one(A))
+                { if (!BN_mod(R,Y,n,ctx)) goto err; }
+        else
+                {
+                BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
+                goto err;
+                }
+        ret=R;
+err:
+        if ((ret == NULL) && (R != NULL)) BN_free(R);
+        ctx->tos-=6;
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_lcl.h b/src/lib/libssl/src/crypto/bn/bn_lcl.h
new file mode 100644
index 0000000000..edfd788338
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_lcl.h
@@ -0,0 +1,199 @@
+/* crypto/bn/bn_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_BN_LCL_H
+#define HEADER_BN_LCL_H
+#include "bn.h"
+#ifdef  __cplusplus
+extern "C" {
+#endif
+/*************************************************************
+ * Using the long long type
+ */
+#define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
+#define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
+#define bn_fix_top(a) \
+        { \
+        BN_ULONG *fix_top_l; \
+        for (fix_top_l= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+                if (*(fix_top_l--)) break; \
+        }
+/* #define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b))) */
+#ifdef BN_LLONG
+#define mul_add(r,a,w,c) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)w * (a) + (r) + (c); \
+        (r)= Lw(t); \
+        (c)= Hw(t); \
+        }
+#define mul(r,a,w,c) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)w * (a) + (c); \
+        (r)= Lw(t); \
+        (c)= Hw(t); \
+        }
+#else
+/*************************************************************
+ * No long long type
+ */
+#define LBITS(a)        ((a)&BN_MASK2l)
+#define HBITS(a)        (((a)>>BN_BITS4)&BN_MASK2l)
+#define L2HBITS(a)      ((BN_ULONG)((a)&BN_MASK2l)<<BN_BITS4)
+#define LLBITS(a)       ((a)&BN_MASKl)
+#define LHBITS(a)       (((a)>>BN_BITS2)&BN_MASKl)
+#define LL2HBITS(a)     ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)
+#define mul64(l,h,bl,bh) \
+        { \
+        BN_ULONG m,m1,lt,ht; \
+ \
+        lt=l; \
+        ht=h; \
+        m =(bh)*(lt); \
+        lt=(bl)*(lt); \
+        m1=(bl)*(ht); \
+        ht =(bh)*(ht); \
+        m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS(1L); \
+        ht+=HBITS(m); \
+        m1=L2HBITS(m); \
+        lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
+        (l)=lt; \
+        (h)=ht; \
+        }
+#define sqr64(lo,ho,in) \
+        { \
+        BN_ULONG l,h,m; \
+ \
+        h=(in); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        m =(l)*(h); \
+        l*=l; \
+        h*=h; \
+        h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
+        m =(m&BN_MASK2l)<<(BN_BITS4+1); \
+        l=(l+m)&BN_MASK2; if (l < m) h++; \
+        (lo)=l; \
+        (ho)=h; \
+        }
+#define mul_add(r,a,bl,bh,c) { \
+        BN_ULONG l,h; \
+ \
+        h= (a); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        mul64(l,h,(bl),(bh)); \
+ \
+        /* non-multiply part */ \
+        l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+        (c)=(r); \
+        l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+        (c)=h&BN_MASK2; \
+        (r)=l; \
+        }
+#define mul(r,a,bl,bh,c) { \
+        BN_ULONG l,h; \
+ \
+        h= (a); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        mul64(l,h,(bl),(bh)); \
+ \
+        /* non-multiply part */ \
+        l+=(c); if ((l&BN_MASK2) < (c)) h++; \
+        (c)=h&BN_MASK2; \
+        (r)=l&BN_MASK2; \
+        }
+#endif
+#ifndef NOPROTO
+BIGNUM *bn_expand2(BIGNUM *b, int bits);
+#ifdef X86_ASM
+void bn_add_words(BN_ULONG *r,BN_ULONG *a,int num);
+#endif
+#else
+BIGNUM *bn_expand2();
+#ifdef X86_ASM
+BN_ULONG bn_add_words();
+#endif
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c
new file mode 100644
index 0000000000..bfe7628ad4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_lib.c
@@ -0,0 +1,611 @@
+/* crypto/bn/bn_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+char *BN_version="Big Number part of SSLeay 0.9.0b 29-Jun-1998";
+BIGNUM *BN_value_one()
+        {
+        static BN_ULONG data_one=1L;
+        static BIGNUM const_one={&data_one,1,1,0};
+        return(&const_one);
+        }
+char *BN_options()
+        {
+        static int init=0;
+        static char data[16];
+        if (!init)
+                {
+                init++;
+#ifdef BN_LLONG
+                sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8,
+                        (int)sizeof(BN_ULONG)*8);
+#else
+                sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8,
+                        (int)sizeof(BN_ULONG)*8);
+#endif
+                }
+        return(data);
+        }
+int BN_num_bits_word(l)
+BN_ULONG l;
+        {
+        static char bits[256]={
+                0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
+                5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
+                6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
+                6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
+                7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+                7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+                7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+                7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                };
+#ifdef SIXTY_FOUR_BIT_LONG
+        if (l & 0xffffffff00000000L)
+                {
+                if (l & 0xffff000000000000L)
+                        {
+                        if (l & 0xff00000000000000L)
+                                {
+                                return(bits[l>>56]+56);
+                                }
+                        else    return(bits[l>>48]+48);
+                        }
+                else
+                        {
+                        if (l & 0x0000ff0000000000L)
+                                {
+                                return(bits[l>>40]+40);
+                                }
+                        else    return(bits[l>>32]+32);
+                        }
+                }
+        else
+#else
+#ifdef SIXTY_FOUR_BIT
+        if (l & 0xffffffff00000000LL)
+                {
+                if (l & 0xffff000000000000LL)
+                        {
+                        if (l & 0xff00000000000000LL)
+                                {
+                                return(bits[l>>56]+56);
+                                }
+                        else    return(bits[l>>48]+48);
+                        }
+                else
+                        {
+                        if (l & 0x0000ff0000000000LL)
+                                {
+                                return(bits[l>>40]+40);
+                                }
+                        else    return(bits[l>>32]+32);
+                        }
+                }
+        else
+#endif
+#endif
+                {
+#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+                if (l & 0xffff0000L)
+                        {
+                        if (l & 0xff000000L)
+                                return(bits[l>>24L]+24);
+                        else    return(bits[l>>16L]+16);
+                        }
+                else
+#endif
+                        {
+#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+                        if (l & 0xff00L)
+                                return(bits[l>>8]+8);
+                        else    
+#endif
+                                return(bits[l   ]  );
+                        }
+                }
+        }
+int BN_num_bits(a)
+BIGNUM *a;
+        {
+        BN_ULONG l;
+        int i;
+        if (a->top == 0) return(0);
+        l=a->d[a->top-1];
+        i=(a->top-1)*BN_BITS2;
+        if (l == 0)
+                {
+#if !defined(NO_STDIO) && !defined(WIN16)
+                fprintf(stderr,"BAD TOP VALUE\n");
+#endif
+                abort();
+                }
+        return(i+BN_num_bits_word(l));
+        }
+void BN_clear_free(a)
+BIGNUM *a;
+        {
+        if (a == NULL) return;
+        if (a->d != NULL)
+                {
+                memset(a->d,0,a->max*sizeof(a->d[0]));
+                Free(a->d);
+                }
+        memset(a,0,sizeof(BIGNUM));
+        Free(a);
+        }
+void BN_free(a)
+BIGNUM *a;
+        {
+        if (a == NULL) return;
+        if (a->d != NULL) Free(a->d);
+        Free(a);
+        }
+BIGNUM *BN_new()
+        {
+        BIGNUM *ret;
+        BN_ULONG *p;
+        ret=(BIGNUM *)Malloc(sizeof(BIGNUM));
+        if (ret == NULL) goto err;
+        ret->top=0;
+        ret->neg=0;
+        ret->max=(BN_DEFAULT_BITS/BN_BITS2);
+        p=(BN_ULONG *)Malloc(sizeof(BN_ULONG)*(ret->max+1));
+        if (p == NULL) goto err;
+        ret->d=p;
+        memset(p,0,(ret->max+1)*sizeof(p[0]));
+        return(ret);
+err:
+        BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
+        return(NULL);
+        }
+BN_CTX *BN_CTX_new()
+        {
+        BN_CTX *ret;
+        BIGNUM *n;
+        int i,j;
+        ret=(BN_CTX *)Malloc(sizeof(BN_CTX));
+        if (ret == NULL) goto err2;
+        for (i=0; i<BN_CTX_NUM; i++)
+                {
+                n=BN_new();
+                if (n == NULL) goto err;
+                ret->bn[i]=n;
+                }
+        /* There is actually an extra one, this is for debugging my
+         * stuff */
+        ret->bn[BN_CTX_NUM]=NULL;
+        ret->tos=0;
+        return(ret);
+err:
+        for (j=0; j<i; j++)
+                BN_free(ret->bn[j]);
+        Free(ret);
+err2:
+        BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
+        return(NULL);
+        }
+void BN_CTX_free(c)
+BN_CTX *c;
+        {
+        int i;
+        for (i=0; i<BN_CTX_NUM; i++)
+                BN_clear_free(c->bn[i]);
+        Free(c);
+        }
+BIGNUM *bn_expand2(b, words)
+BIGNUM *b;
+int words;
+        {
+        BN_ULONG *p;
+        if (words > b->max)
+                {
+                p=(BN_ULONG *)Realloc(b->d,sizeof(BN_ULONG)*(words+1));
+                if (p == NULL)
+                        {
+                        BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                b->d=p;
+                memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG));
+                b->max=words;
+                }
+        return(b);
+        }
+BIGNUM *BN_dup(a)
+BIGNUM *a;
+        {
+        BIGNUM *r;
+        r=BN_new();
+        if (r == NULL) return(NULL);
+        return((BIGNUM *)BN_copy(r,a));
+        }
+BIGNUM *BN_copy(a, b)
+BIGNUM *a;
+BIGNUM *b;
+        {
+        int i;
+        BN_ULONG *A,*B;
+        if (a == b) return(a);
+        if (bn_wexpand(a,b->top) == NULL) return(NULL);
+#if 1
+        A=a->d;
+        B=b->d;
+        for (i=b->top&(~7); i>0; i-=8)
+                {
+                A[0]=B[0];
+                A[1]=B[1];
+                A[2]=B[2];
+                A[3]=B[3];
+                A[4]=B[4];
+                A[5]=B[5];
+                A[6]=B[6];
+                A[7]=B[7];
+                A+=8;
+                B+=8;
+                }
+        switch (b->top&7)
+                {
+        case 7:
+                A[6]=B[6];
+        case 6:
+                A[5]=B[5];
+        case 5:
+                A[4]=B[4];
+        case 4:
+                A[3]=B[3];
+        case 3:
+                A[2]=B[2];
+        case 2:
+                A[1]=B[1];
+        case 1:
+                A[0]=B[0];
+                }
+#else
+        memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
+#endif
+/*      memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
+        a->top=b->top;
+        if (a->top == 0)
+                a->d[0]=0;
+        a->neg=b->neg;
+        return(a);
+        }
+void BN_clear(a)
+BIGNUM *a;
+        {
+        memset(a->d,0,a->max*sizeof(a->d[0]));
+        a->top=0;
+        a->neg=0;
+        }
+unsigned long BN_get_word(a)
+BIGNUM *a;
+        {
+        int i,n;
+        unsigned long ret=0;
+        n=BN_num_bytes(a);
+        if (n > sizeof(unsigned long))
+#ifdef SIXTY_FOUR_BIT_LONG
+                return(BN_MASK2);
+#else
+                return(0xFFFFFFFFL);
+#endif
+        for (i=a->top-1; i>=0; i--)
+                {
+#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
+                ret<<=BN_BITS4; /* stops the compiler complaining */
+                ret<<=BN_BITS4;
+#endif
+                ret|=a->d[i];
+                }
+        return(ret);
+        }
+int BN_set_word(a,w)
+BIGNUM *a;
+unsigned long w;
+        {
+        int i,n;
+        if (bn_expand(a,sizeof(unsigned long)*8) == NULL) return(0);
+        n=sizeof(unsigned long)/BN_BYTES;
+        a->neg=0;
+        a->top=0;
+        a->d[0]=(BN_ULONG)w&BN_MASK2;
+        if (a->d[0] != 0) a->top=1;
+        for (i=1; i<n; i++)
+                {
+                /* the following is done instead of
+                 * w>>=BN_BITS2 so compilers don't complain
+                 * on builds where sizeof(long) == BN_TYPES */
+#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
+                w>>=BN_BITS4;
+                w>>=BN_BITS4;
+#endif
+                a->d[i]=(BN_ULONG)w&BN_MASK2;
+                if (a->d[i] != 0) a->top=i+1;
+                }
+        return(1);
+        }
+/* ignore negative */
+BIGNUM *BN_bin2bn(s, len, ret)
+unsigned char *s;
+int len;
+BIGNUM *ret;
+        {
+        unsigned int i,m;
+        unsigned int n;
+        BN_ULONG l;
+        if (ret == NULL) ret=BN_new();
+        if (ret == NULL) return(NULL);
+        l=0;
+        n=len;
+        if (n == 0)
+                {
+                ret->top=0;
+                return(ret);
+                }
+        if (bn_expand(ret,(int)(n+2)*8) == NULL)
+                return(NULL);
+        i=((n-1)/BN_BYTES)+1;
+        m=((n-1)%(BN_BYTES));
+        ret->top=i;
+        while (n-- > 0)
+                {
+                l=(l<<8L)| *(s++);
+                if (m-- == 0)
+                        {
+                        ret->d[--i]=l;
+                        l=0;
+                        m=BN_BYTES-1;
+                        }
+                }
+        /* need to call this due to clear byte at top if avoiding
+         * having the top bit set (-ve number) */
+        bn_fix_top(ret);
+        return(ret);
+        }
+/* ignore negative */
+int BN_bn2bin(a, to)
+BIGNUM *a;
+unsigned char *to;
+        {
+        int n,i;
+        BN_ULONG l;
+        n=i=BN_num_bytes(a);
+        while (i-- > 0)
+                {
+                l=a->d[i/BN_BYTES];
+                *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
+                }
+        return(n);
+        }
+int BN_ucmp(a, b)
+BIGNUM *a;
+BIGNUM *b;
+        {
+        int i;
+        BN_ULONG t1,t2,*ap,*bp;
+        i=a->top-b->top;
+        if (i != 0) return(i);
+        ap=a->d;
+        bp=b->d;
+        for (i=a->top-1; i>=0; i--)
+                {
+                t1= ap[i];
+                t2= bp[i];
+                if (t1 != t2)
+                        return(t1 > t2?1:-1);
+                }
+        return(0);
+        }
+int BN_cmp(a, b)
+BIGNUM *a;
+BIGNUM *b;
+        {
+        int i;
+        int gt,lt;
+        BN_ULONG t1,t2;
+        if ((a == NULL) || (b == NULL))
+                {
+                if (a != NULL)
+                        return(-1);
+                else if (b != NULL)
+                        return(1);
+                else
+                        return(0);
+                }
+        if (a->neg != b->neg)
+                {
+                if (a->neg)
+                        return(-1);
+                else    return(1);
+                }
+        if (a->neg == 0)
+                { gt=1; lt= -1; }
+        else    { gt= -1; lt=1; }
+        if (a->top > b->top) return(gt);
+        if (a->top < b->top) return(lt);
+        for (i=a->top-1; i>=0; i--)
+                {
+                t1=a->d[i];
+                t2=b->d[i];
+                if (t1 > t2) return(gt);
+                if (t1 < t2) return(lt);
+                }
+        return(0);
+        }
+int BN_set_bit(a, n)
+BIGNUM *a;
+int n;
+        {
+        int i,j;
+        i=n/BN_BITS2;
+        j=n%BN_BITS2;
+        if (a->top <= i)
+                {
+                if (bn_expand(a,n) == NULL) return(0);
+                a->top=i+1;
+                }
+        a->d[i]|=(1L<<j);
+        return(1);
+        }
+int BN_clear_bit(a, n)
+BIGNUM *a;
+int n;
+        {
+        int i,j;
+        i=n/BN_BITS2;
+        j=n%BN_BITS2;
+        if (a->top <= i) return(0);
+        a->d[i]&=(~(1L<<j));
+        return(1);
+        }
+int BN_is_bit_set(a, n)
+BIGNUM *a;
+int n;
+        {
+        int i,j;
+        if (n < 0) return(0);
+        i=n/BN_BITS2;
+        j=n%BN_BITS2;
+        if (a->top <= i) return(0);
+        return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
+        }
+int BN_mask_bits(a,n)
+BIGNUM *a;
+int n;
+        {
+        int b,w;
+        w=n/BN_BITS2;
+        b=n%BN_BITS2;
+        if (w >= a->top) return(0);
+        if (b == 0)
+                a->top=w;
+        else
+                {
+                a->top=w+1;
+                a->d[w]&= ~(BN_MASK2<<b);
+                while ((w >= 0) && (a->d[w] == 0))
+                        {
+                        a->top--;
+                        w--;
+                        }
+                }
+        return(1);
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_mod.c b/src/lib/libssl/src/crypto/bn/bn_mod.c
new file mode 100644
index 0000000000..c351aac14f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_mod.c
@@ -0,0 +1,97 @@
+/* crypto/bn/bn_mod.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+/* rem != m */
+int BN_mod(rem, m, d,ctx)
+BIGNUM *rem;
+BIGNUM *m;
+BIGNUM *d;
+BN_CTX *ctx;
+        {
+#if 0 /* The old slow way */
+        int i,nm,nd;
+        BIGNUM *dv;
+        if (BN_ucmp(m,d) < 0)
+                return((BN_copy(rem,m) == NULL)?0:1);
+        dv=ctx->bn[ctx->tos];
+        if (!BN_copy(rem,m)) return(0);
+        nm=BN_num_bits(rem);
+        nd=BN_num_bits(d);
+        if (!BN_lshift(dv,d,nm-nd)) return(0);
+        for (i=nm-nd; i>=0; i--)
+                {
+                if (BN_cmp(rem,dv) >= 0)
+                        {
+                        if (!BN_sub(rem,rem,dv)) return(0);
+                        }
+                if (!BN_rshift1(dv,dv)) return(0);
+                }
+        return(1);
+#else
+        return(BN_div(NULL,rem,m,d,ctx));
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_mont.c b/src/lib/libssl/src/crypto/bn/bn_mont.c
new file mode 100644
index 0000000000..e435df61f8
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_mont.c
@@ -0,0 +1,306 @@
+/* crypto/bn/bn_mont.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+int BN_mod_mul_montgomery(r,a,b,mont,ctx)
+BIGNUM *r,*a,*b;
+BN_MONT_CTX *mont;
+BN_CTX *ctx;
+        {
+        BIGNUM *tmp;
+        tmp=ctx->bn[ctx->tos++];
+        if (a == b)
+                {
+                if (!BN_sqr(tmp,a,ctx)) goto err;
+                }
+        else
+                {
+                if (!BN_mul(tmp,a,b)) goto err;
+                }
+        /* reduce from aRR to aR */
+        if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
+        ctx->tos--;
+        return(1);
+err:
+        return(0);
+        }
+#define MONT_WORD
+#ifdef MONT_WORD
+int BN_from_montgomery(ret,a,mont,ctx)
+BIGNUM *ret;
+BIGNUM *a;
+BN_MONT_CTX *mont;
+BN_CTX *ctx;
+        {
+        BIGNUM *n,*t1,*r;
+        BN_ULONG *ap,*np,*rp,n0,v;
+        int al,nl,max,i,x,ri;
+        int retn=0;
+        t1=ctx->bn[ctx->tos];
+        r=ctx->bn[ctx->tos+1];
+        if (!BN_copy(r,a)) goto err;
+        n=mont->N;
+        ap=a->d;
+        /* mont->ri is the size of mont->N in bits/words */
+        al=ri=mont->ri/BN_BITS2;
+        nl=n->top;
+        if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
+        max=(nl+al+1); /* allow for overflow (no?) XXX */
+        if (bn_wexpand(r,max) == NULL) goto err;
+        if (bn_wexpand(ret,max) == NULL) goto err;
+        r->neg=a->neg^n->neg;
+        np=n->d;
+        rp=r->d;
+        /* clear the top words of T */
+#if 1
+        for (i=r->top; i<max; i++) /* memset? XXX */
+                r->d[i]=0;
+#else
+        memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
+#endif
+        r->top=max;
+        n0=mont->n0;
+        for (i=0; i<nl; i++)
+                {
+#if 0
+                int x1,x2;
+                if (i+4 > nl)
+                        {
+                        x2=nl;
+                        x1=0;
+                        }
+                else
+                        {
+                        x2=i+4;
+                        x1=nl-x2;
+                        }
+                v=bn_mul_add_words(&(rp[x1]),&(np[x1]),x2,(rp[x1]*n0)&BN_MASK2);
+#else
+                v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
+#endif
+                if (((rp[nl]+=v)&BN_MASK2) < v)
+                        {
+                        for (x=(nl+1); (((++rp[x])&BN_MASK2) == 0); x++)
+                                ;
+                        }
+                rp++;
+                }
+        while (r->d[r->top-1] == 0)
+                r->top--;
+        /* mont->ri will be a multiple of the word size */
+#if 0
+        BN_rshift(ret,r,mont->ri);
+#else
+        ap=r->d;
+        rp=ret->d;
+        x=ri;
+        al=r->top-x;
+        for (i=0; i<al; i++)
+                {
+                rp[i]=ap[i+x];
+                }
+        ret->top=al;
+#endif
+        if (BN_ucmp(ret,mont->N) >= 0)
+                {
+                bn_qsub(ret,ret,mont->N); /* XXX */
+                }
+        retn=1;
+err:
+        return(retn);
+        }
+#else
+int BN_from_montgomery(r,a,mont,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BN_MONT_CTX *mont;
+BN_CTX *ctx;
+        {
+        BIGNUM *t1,*t2;
+        t1=ctx->bn[ctx->tos];
+        t2=ctx->bn[ctx->tos+1];
+        if (!BN_copy(t1,a)) goto err;
+        /* can cheat */
+        BN_mask_bits(t1,mont->ri);
+        if (!BN_mul(t2,t1,mont->Ni)) goto err;
+        BN_mask_bits(t2,mont->ri);
+        if (!BN_mul(t1,t2,mont->N)) goto err;
+        if (!BN_add(t2,a,t1)) goto err;
+        BN_rshift(r,t2,mont->ri);
+        if (BN_ucmp(r,mont->N) >= 0)
+                bn_qsub(r,r,mont->N);
+        return(1);
+err:
+        return(0);
+        }
+#endif
+BN_MONT_CTX *BN_MONT_CTX_new()
+        {
+        BN_MONT_CTX *ret;
+        if ((ret=(BN_MONT_CTX *)Malloc(sizeof(BN_MONT_CTX))) == NULL)
+                return(NULL);
+        ret->ri=0;
+        ret->RR=BN_new();
+        ret->N=BN_new();
+        ret->Ni=NULL;
+        if ((ret->RR == NULL) || (ret->N == NULL))
+                {
+                BN_MONT_CTX_free(ret);
+                return(NULL);
+                }
+        return(ret);
+        }
+void BN_MONT_CTX_free(mont)
+BN_MONT_CTX *mont;
+        {
+        if (mont->RR != NULL) BN_free(mont->RR);
+        if (mont->N != NULL) BN_free(mont->N);
+        if (mont->Ni != NULL) BN_free(mont->Ni);
+        Free(mont);
+        }
+int BN_MONT_CTX_set(mont,mod,ctx)
+BN_MONT_CTX *mont;
+BIGNUM *mod;
+BN_CTX *ctx;
+        {
+        BIGNUM *Ri=NULL,*R=NULL;
+        if (mont->RR == NULL) mont->RR=BN_new();
+        if (mont->N == NULL)  mont->N=BN_new();
+        R=mont->RR;                                     /* grab RR as a temp */
+        BN_copy(mont->N,mod);                           /* Set N */
+#ifdef MONT_WORD
+{
+        BIGNUM tmod;
+        BN_ULONG buf[2];
+        /* int z; */
+        mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+        BN_lshift(R,BN_value_one(),BN_BITS2);           /* R */
+        /* I was bad, this modification of a passed variable was
+         * breaking the multithreaded stuff :-(
+         * z=mod->top;
+         * mod->top=1; */
+        buf[0]=mod->d[0];
+        buf[1]=0;
+        tmod.d=buf;
+        tmod.top=1;
+        tmod.max=mod->max;
+        tmod.neg=mod->neg;
+        if ((Ri=BN_mod_inverse(R,&tmod,ctx)) == NULL) goto err; /* Ri */
+        BN_lshift(Ri,Ri,BN_BITS2);                      /* R*Ri */
+        bn_qsub(Ri,Ri,BN_value_one());                  /* R*Ri - 1 */
+        BN_div(Ri,NULL,Ri,&tmod,ctx);
+        mont->n0=Ri->d[0];
+        BN_free(Ri);
+        /* mod->top=z; */
+}
+#else
+        mont->ri=BN_num_bits(mod);
+        BN_lshift(R,BN_value_one(),mont->ri);                   /* R */
+        if ((Ri=BN_mod_inverse(R,mod,ctx)) == NULL) goto err;   /* Ri */
+        BN_lshift(Ri,Ri,mont->ri);                              /* R*Ri */
+        bn_qsub(Ri,Ri,BN_value_one());                          /* R*Ri - 1 */
+        BN_div(Ri,NULL,Ri,mod,ctx);
+        if (mont->Ni != NULL) BN_free(mont->Ni);
+        mont->Ni=Ri;                                    /* Ni=(R*Ri-1)/N */
+#endif
+        /* setup RR for conversions */
+        BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
+        BN_mod(mont->RR,mont->RR,mont->N,ctx);
+        return(1);
+err:
+        return(0);
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_mpi.c b/src/lib/libssl/src/crypto/bn/bn_mpi.c
new file mode 100644
index 0000000000..53945c1057
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_mpi.c
@@ -0,0 +1,134 @@
+/* crypto/bn/bn_mpi.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+int BN_bn2mpi(a,d)
+BIGNUM *a;
+unsigned char *d;
+        {
+        int bits;
+        int num=0;
+        int ext=0;
+        long l;
+        bits=BN_num_bits(a);
+        num=(bits+7)/8;
+        if (bits > 0)
+                {
+                ext=((bits & 0x07) == 0);
+                }
+        if (d == NULL)
+                return(num+4+ext);
+        l=num+ext;
+        d[0]=(unsigned char)(l>>24)&0xff;
+        d[1]=(unsigned char)(l>>16)&0xff;
+        d[2]=(unsigned char)(l>> 8)&0xff;
+        d[3]=(unsigned char)(l    )&0xff;
+        if (ext) d[4]=0;
+        num=BN_bn2bin(a,&(d[4+ext]));
+        if (a->neg)
+                d[4]|=0x80;
+        return(num+4+ext);
+        }
+BIGNUM *BN_mpi2bn(d,n,a)
+unsigned char *d;
+int n;
+BIGNUM *a;
+        {
+        long len;
+        int neg=0;
+        if (n < 4)
+                {
+                BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH);
+                return(NULL);
+                }
+        len=(d[0]<<24)|(d[1]<<16)|(d[2]<<8)|d[3];
+        if ((len+4) != n)
+                {
+                BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR);
+                return(NULL);
+                }
+        if (a == NULL) a=BN_new();
+        if (a == NULL) return(NULL);
+        if (len == 0)
+                {
+                a->neg=0;
+                a->top=0;
+                return(a);
+                }
+        d+=4;
+        if ((*d) & 0x80)
+                neg=1;
+        if (BN_bin2bn(d,(int)len,a) == NULL)
+                return(NULL);
+        a->neg=neg;
+        if (neg)
+                {
+                BN_clear_bit(a,BN_num_bits(a)-1);
+                }
+        return(a);
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_mul.c b/src/lib/libssl/src/crypto/bn/bn_mul.c
new file mode 100644
index 0000000000..d0c04e1d4b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_mul.c
@@ -0,0 +1,209 @@
+/* crypto/bn/bn_mul.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+/* r must be different to a and b */
+/* int BN_mmul(r, a, b) */
+int BN_mul(r, a, b)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+        {
+        int i;
+        int max,al,bl;
+        BN_ULONG *ap,*bp,*rp;
+        al=a->top;
+        bl=b->top;
+        if ((al == 0) || (bl == 0))
+                {
+                r->top=0;
+                return(1);
+                }
+        max=(al+bl);
+        if (bn_wexpand(r,max) == NULL) return(0);
+        r->top=max;
+        r->neg=a->neg^b->neg;
+        ap=a->d;
+        bp=b->d;
+        rp=r->d;
+        rp[al]=bn_mul_words(rp,ap,al,*(bp++));
+        rp++;
+        for (i=1; i<bl; i++)
+                {
+                rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
+                rp++;
+                }
+        if (r->d[max-1] == 0) r->top--;
+        return(1);
+        }
+#if 0
+#include "stack.h"
+int limit=16;
+typedef struct bn_pool_st
+        {
+        int used;
+        int tos;
+        STACK *sk; 
+        } BN_POOL;
+BIGNUM *BN_POOL_push(bp)
+BN_POOL *bp;
+        {
+        BIGNUM *ret;
+        if (bp->used >= bp->tos)
+                {
+                ret=BN_new();
+                sk_push(bp->sk,(char *)ret);
+                bp->tos++;
+                bp->used++;
+                }
+        else
+                {
+                ret=(BIGNUM *)sk_value(bp->sk,bp->used);
+                bp->used++;
+                }
+        return(ret);
+        }
+void BN_POOL_pop(bp,num)
+BN_POOL *bp;
+int num;
+        {
+        bp->used-=num;
+        }
+int BN_mul(r,a,b)
+BIGNUM *r,*a,*b;
+        {
+        static BN_POOL bp;
+        static init=1;
+        if (init)
+                {
+                bp.used=0;
+                bp.tos=0;
+                bp.sk=sk_new_null();
+                init=0;
+                }
+        return(BN_mm(r,a,b,&bp));
+        }
+/* r must be different to a and b */
+int BN_mm(m, A, B, bp)
+BIGNUM *m,*A,*B;
+BN_POOL *bp;
+        {
+        int i,num;
+        int an,bn;
+        BIGNUM *a,*b,*c,*d,*ac,*bd;
+        an=A->top;
+        bn=B->top;
+        if ((an <= limit) || (bn <= limit))
+                {
+                return(BN_mmul(m,A,B));
+                }
+        a=BN_POOL_push(bp);
+        b=BN_POOL_push(bp);
+        c=BN_POOL_push(bp);
+        d=BN_POOL_push(bp);
+        ac=BN_POOL_push(bp);
+        bd=BN_POOL_push(bp);
+        num=(an <= bn)?an:bn;
+        num=1<<(BN_num_bits_word(num-1)-1);
+        /* Are going to now chop things into 'num' word chunks. */
+        num*=BN_BITS2;
+        BN_copy(a,A);
+        BN_mask_bits(a,num);
+        BN_rshift(b,A,num);
+        BN_copy(c,B);
+        BN_mask_bits(c,num);
+        BN_rshift(d,B,num);
+        BN_sub(ac ,b,a);
+        BN_sub(bd,c,d);
+        BN_mm(m,ac,bd,bp);
+        BN_mm(ac,a,c,bp);
+        BN_mm(bd,b,d,bp);
+        BN_add(m,m,ac);
+        BN_add(m,m,bd);
+        BN_lshift(m,m,num);
+        BN_lshift(bd,bd,num*2);
+        BN_add(m,m,ac);
+        BN_add(m,m,bd);
+        BN_POOL_pop(bp,6);
+        return(1);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/bn/bn_prime.c b/src/lib/libssl/src/crypto/bn/bn_prime.c
new file mode 100644
index 0000000000..0c85f70b59
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_prime.c
@@ -0,0 +1,473 @@
+/* crypto/bn/bn_prime.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include "rand.h"
+/* The quick seive algorithm approach to weeding out primes is
+ * Philip Zimmermann's, as implemented in PGP.  I have had a read of
+ * his comments and implemented my own version.
+ */
+#include "bn_prime.h"
+#ifndef NOPROTO
+static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx,BN_CTX *ctx2,
+        BN_MONT_CTX *mont);
+static int probable_prime(BIGNUM *rnd, int bits);
+static int probable_prime_dh(BIGNUM *rnd, int bits,
+        BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
+static int probable_prime_dh_strong(BIGNUM *rnd, int bits,
+        BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
+#else
+static int witness();
+static int probable_prime();
+static int probable_prime_dh();
+static int probable_prime_dh_strong();
+#endif
+BIGNUM *BN_generate_prime(bits,strong,add,rem,callback,cb_arg)
+int bits;
+int strong;
+BIGNUM *add;
+BIGNUM *rem;
+void (*callback)(P_I_I_P); 
+char *cb_arg;
+        {
+        BIGNUM *rnd=NULL;
+        BIGNUM *ret=NULL;
+        BIGNUM *t=NULL;
+        int i,j,c1=0;
+        BN_CTX *ctx;
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        if ((rnd=BN_new()) == NULL) goto err;
+        if (strong)
+                if ((t=BN_new()) == NULL) goto err;
+loop: 
+        /* make a random number and set the top and bottom bits */
+        if (add == NULL)
+                {
+                if (!probable_prime(rnd,bits)) goto err;
+                }
+        else
+                {
+                if (strong)
+                        {
+                        if (!probable_prime_dh_strong(rnd,bits,add,rem,ctx))
+                                 goto err;
+                        }
+                else
+                        {
+                        if (!probable_prime_dh(rnd,bits,add,rem,ctx))
+                                goto err;
+                        }
+                }
+        /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */
+        if (callback != NULL) callback(0,c1++,cb_arg);
+        if (!strong)
+                {
+                i=BN_is_prime(rnd,BN_prime_checks,callback,ctx,cb_arg);
+                if (i == -1) goto err;
+                if (i == 0) goto loop;
+                }
+        else
+                {
+                /* for a strong prime generation,
+                 * check that (p-1)/2 is prime.
+                 * Since a prime is odd, We just
+                 * need to divide by 2 */
+                if (!BN_rshift1(t,rnd)) goto err;
+                for (i=0; i<BN_prime_checks; i++)
+                        {
+                        j=BN_is_prime(rnd,1,callback,ctx,cb_arg);
+                        if (j == -1) goto err;
+                        if (j == 0) goto loop;
+                        j=BN_is_prime(t,1,callback,ctx,cb_arg);
+                        if (j == -1) goto err;
+                        if (j == 0) goto loop;
+                        if (callback != NULL) callback(2,c1-1,cb_arg);
+                        /* We have a strong prime test pass */
+                        }
+                }
+        /* we have a prime :-) */
+        ret=rnd;
+err:
+        if ((ret == NULL) && (rnd != NULL)) BN_free(rnd);
+        if (t != NULL) BN_free(t);
+        if (ctx != NULL) BN_CTX_free(ctx);
+        return(ret);
+        }
+int BN_is_prime(a,checks,callback,ctx_passed,cb_arg)
+BIGNUM *a;
+int checks;
+void (*callback)(P_I_I_P);
+BN_CTX *ctx_passed;
+char *cb_arg;
+        {
+        int i,j,c2=0,ret= -1;
+        BIGNUM *check;
+        BN_CTX *ctx=NULL,*ctx2=NULL;
+        BN_MONT_CTX *mont=NULL;
+        if (!BN_is_odd(a))
+                return(0);
+        if (ctx_passed != NULL)
+                ctx=ctx_passed;
+        else
+                if ((ctx=BN_CTX_new()) == NULL) goto err;
+        if ((ctx2=BN_CTX_new()) == NULL) goto err;
+        if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+        check=ctx->bn[ctx->tos++];
+        /* Setup the montgomery structure */
+        if (!BN_MONT_CTX_set(mont,a,ctx2)) goto err;
+        for (i=0; i<checks; i++)
+                {
+                if (!BN_rand(check,BN_num_bits(a)-1,0,0)) goto err;
+                j=witness(check,a,ctx,ctx2,mont);
+                if (j == -1) goto err;
+                if (j)
+                        {
+                        ret=0;
+                        goto err;
+                        }
+                if (callback != NULL) callback(1,c2++,cb_arg);
+                }
+        ret=1;
+err:
+        ctx->tos--;
+        if ((ctx_passed == NULL) && (ctx != NULL))
+                BN_CTX_free(ctx);
+        if (ctx2 != NULL)
+                BN_CTX_free(ctx2);
+        if (mont != NULL) BN_MONT_CTX_free(mont);
+                
+        return(ret);
+        }
+#define RECP_MUL_MOD
+static int witness(a,n,ctx,ctx2,mont)
+BIGNUM *a;
+BIGNUM *n;
+BN_CTX *ctx,*ctx2;
+BN_MONT_CTX *mont;
+        {
+        int k,i,ret= -1,good;
+        BIGNUM *d,*dd,*tmp,*d1,*d2,*n1;
+        BIGNUM *mont_one,*mont_n1,*mont_a;
+        d1=ctx->bn[ctx->tos];
+        d2=ctx->bn[ctx->tos+1];
+        n1=ctx->bn[ctx->tos+2];
+        ctx->tos+=3;
+        mont_one=ctx2->bn[ctx2->tos];
+        mont_n1=ctx2->bn[ctx2->tos+1];
+        mont_a=ctx2->bn[ctx2->tos+2];
+        ctx2->tos+=3;
+        d=d1;
+        dd=d2;
+        if (!BN_one(d)) goto err;
+        if (!BN_sub(n1,n,d)) goto err; /* n1=n-1; */
+        k=BN_num_bits(n1);
+        if (!BN_to_montgomery(mont_one,BN_value_one(),mont,ctx2)) goto err;
+        if (!BN_to_montgomery(mont_n1,n1,mont,ctx2)) goto err;
+        if (!BN_to_montgomery(mont_a,a,mont,ctx2)) goto err;
+        BN_copy(d,mont_one);
+        for (i=k-1; i>=0; i--)
+                {
+                if (    (BN_cmp(d,mont_one) != 0) &&
+                        (BN_cmp(d,mont_n1) != 0))
+                        good=1;
+                else
+                        good=0;
+                BN_mod_mul_montgomery(dd,d,d,mont,ctx2);
+                
+                if (good && (BN_cmp(dd,mont_one) == 0))
+                        {
+                        ret=1;
+                        goto err;
+                        }
+                if (BN_is_bit_set(n1,i))
+                        {
+                        BN_mod_mul_montgomery(d,dd,mont_a,mont,ctx2);
+                        }
+                else
+                        {
+                        tmp=d;
+                        d=dd;
+                        dd=tmp;
+                        }
+                }
+        if (BN_cmp(d,mont_one) == 0)
+                i=0;
+        else    i=1;
+        ret=i;
+err:
+        ctx->tos-=3;
+        ctx2->tos-=3;
+        return(ret);
+        }
+static int probable_prime(rnd, bits)
+BIGNUM *rnd;
+int bits;
+        {
+        int i;
+        MS_STATIC BN_ULONG mods[NUMPRIMES];
+        BN_ULONG delta;
+        if (!BN_rand(rnd,bits,1,1)) return(0);
+        /* we now have a random number 'rand' to test. */
+        for (i=1; i<NUMPRIMES; i++)
+                mods[i]=BN_mod_word(rnd,(BN_ULONG)primes[i]);
+        delta=0;
+        loop: for (i=1; i<NUMPRIMES; i++)
+                {
+                /* check that rnd is not a prime and also
+                 * that gcd(rnd-1,primes) == 1 (except for 2) */
+                if (((mods[i]+delta)%primes[i]) <= 1)
+                        {
+                        delta+=2;
+                        /* perhaps need to check for overflow of
+                         * delta (but delta can be upto 2^32) */
+                        goto loop;
+                        }
+                }
+        if (!BN_add_word(rnd,delta)) return(0);
+        return(1);
+        }
+static int probable_prime_dh(rnd, bits, add, rem,ctx)
+BIGNUM *rnd;
+int bits;
+BIGNUM *add;
+BIGNUM *rem;
+BN_CTX *ctx;
+        {
+        int i,ret=0;
+        BIGNUM *t1;
+        t1=ctx->bn[ctx->tos++];
+        if (!BN_rand(rnd,bits,0,1)) goto err;
+        /* we need ((rnd-rem) % add) == 0 */
+        if (!BN_mod(t1,rnd,add,ctx)) goto err;
+        if (!BN_sub(rnd,rnd,t1)) goto err;
+        if (rem == NULL)
+                { if (!BN_add_word(rnd,1)) goto err; }
+        else
+                { if (!BN_add(rnd,rnd,rem)) goto err; }
+        /* we now have a random number 'rand' to test. */
+        loop: for (i=1; i<NUMPRIMES; i++)
+                {
+                /* check that rnd is a prime */
+                if (BN_mod_word(rnd,(BN_LONG)primes[i]) <= 1)
+                        {
+                        if (!BN_add(rnd,rnd,add)) goto err;
+                        goto loop;
+                        }
+                }
+        ret=1;
+err:
+        ctx->tos--;
+        return(ret);
+        }
+static int probable_prime_dh_strong(p, bits, padd, rem,ctx)
+BIGNUM *p;
+int bits;
+BIGNUM *padd;
+BIGNUM *rem;
+BN_CTX *ctx;
+        {
+        int i,ret=0;
+        BIGNUM *t1,*qadd=NULL,*q=NULL;
+        bits--;
+        t1=ctx->bn[ctx->tos++];
+        q=ctx->bn[ctx->tos++];
+        qadd=ctx->bn[ctx->tos++];
+        if (!BN_rshift1(qadd,padd)) goto err;
+                
+        if (!BN_rand(q,bits,0,1)) goto err;
+        /* we need ((rnd-rem) % add) == 0 */
+        if (!BN_mod(t1,q,qadd,ctx)) goto err;
+        if (!BN_sub(q,q,t1)) goto err;
+        if (rem == NULL)
+                { if (!BN_add_word(q,1)) goto err; }
+        else
+                {
+                if (!BN_rshift1(t1,rem)) goto err;
+                if (!BN_add(q,q,t1)) goto err;
+                }
+        /* we now have a random number 'rand' to test. */
+        if (!BN_lshift1(p,q)) goto err;
+        if (!BN_add_word(p,1)) goto err;
+        loop: for (i=1; i<NUMPRIMES; i++)
+                {
+                /* check that p and q are prime */
+                /* check that for p and q
+                 * gcd(p-1,primes) == 1 (except for 2) */
+                if (    (BN_mod_word(p,(BN_LONG)primes[i]) == 0) ||
+                        (BN_mod_word(q,(BN_LONG)primes[i]) == 0))
+                        {
+                        if (!BN_add(p,p,padd)) goto err;
+                        if (!BN_add(q,q,qadd)) goto err;
+                        goto loop;
+                        }
+                }
+        ret=1;
+err:
+        ctx->tos-=3;
+        return(ret);
+        }
+#if 0
+static int witness(a, n,ctx)
+BIGNUM *a;
+BIGNUM *n;
+BN_CTX *ctx;
+        {
+        int k,i,nb,ret= -1;
+        BIGNUM *d,*dd,*tmp;
+        BIGNUM *d1,*d2,*x,*n1,*inv;
+        d1=ctx->bn[ctx->tos];
+        d2=ctx->bn[ctx->tos+1];
+        x=ctx->bn[ctx->tos+2];
+        n1=ctx->bn[ctx->tos+3];
+        inv=ctx->bn[ctx->tos+4];
+        ctx->tos+=5;
+        d=d1;
+        dd=d2;
+        if (!BN_one(d)) goto err;
+        if (!BN_sub(n1,n,d)) goto err; /* n1=n-1; */
+        k=BN_num_bits(n1);
+        /* i=BN_num_bits(n); */
+#ifdef RECP_MUL_MOD
+        nb=BN_reciprocal(inv,n,ctx); /**/
+        if (nb == -1) goto err;
+#endif
+        for (i=k-1; i>=0; i--)
+                {
+                if (BN_copy(x,d) == NULL) goto err;
+#ifndef RECP_MUL_MOD
+                if (!BN_mod_mul(dd,d,d,n,ctx)) goto err;
+#else
+                if (!BN_mod_mul_reciprocal(dd,d,d,n,inv,nb,ctx)) goto err;
+#endif
+                if (    BN_is_one(dd) &&
+                        !BN_is_one(x) &&
+                        (BN_cmp(x,n1) != 0))
+                        {
+                        ret=1;
+                        goto err;
+                        }
+                if (BN_is_bit_set(n1,i))
+                        {
+#ifndef RECP_MUL_MOD
+                        if (!BN_mod_mul(d,dd,a,n,ctx)) goto err;
+#else
+                        if (!BN_mod_mul_reciprocal(d,dd,a,n,inv,nb,ctx)) goto err; 
+#endif
+                        }
+                else
+                        {
+                        tmp=d;
+                        d=dd;
+                        dd=tmp;
+                        }
+                }
+        if (BN_is_one(d))
+                i=0;
+        else    i=1;
+        ret=i;
+err:
+        ctx->tos-=5;
+        return(ret);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/bn/bn_prime.h b/src/lib/libssl/src/crypto/bn/bn_prime.h
new file mode 100644
index 0000000000..6fce0210cd
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_prime.h
@@ -0,0 +1,325 @@
+/* crypto/bn/bn_prime.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef EIGHT_BIT
+#define NUMPRIMES 2048
+#else
+#define NUMPRIMES 54
+#endif
+static unsigned int primes[NUMPRIMES]=
+        {
+           2,   3,   5,   7,  11,  13,  17,  19,
+          23,  29,  31,  37,  41,  43,  47,  53,
+          59,  61,  67,  71,  73,  79,  83,  89,
+          97, 101, 103, 107, 109, 113, 127, 131,
+         137, 139, 149, 151, 157, 163, 167, 173,
+         179, 181, 191, 193, 197, 199, 211, 223,
+         227, 229, 233, 239, 241, 251,
+#ifndef EIGHT_BIT
+         257, 263,
+         269, 271, 277, 281, 283, 293, 307, 311,
+         313, 317, 331, 337, 347, 349, 353, 359,
+         367, 373, 379, 383, 389, 397, 401, 409,
+         419, 421, 431, 433, 439, 443, 449, 457,
+         461, 463, 467, 479, 487, 491, 499, 503,
+         509, 521, 523, 541, 547, 557, 563, 569,
+         571, 577, 587, 593, 599, 601, 607, 613,
+         617, 619, 631, 641, 643, 647, 653, 659,
+         661, 673, 677, 683, 691, 701, 709, 719,
+         727, 733, 739, 743, 751, 757, 761, 769,
+         773, 787, 797, 809, 811, 821, 823, 827,
+         829, 839, 853, 857, 859, 863, 877, 881,
+         883, 887, 907, 911, 919, 929, 937, 941,
+         947, 953, 967, 971, 977, 983, 991, 997,
+        1009,1013,1019,1021,1031,1033,1039,1049,
+        1051,1061,1063,1069,1087,1091,1093,1097,
+        1103,1109,1117,1123,1129,1151,1153,1163,
+        1171,1181,1187,1193,1201,1213,1217,1223,
+        1229,1231,1237,1249,1259,1277,1279,1283,
+        1289,1291,1297,1301,1303,1307,1319,1321,
+        1327,1361,1367,1373,1381,1399,1409,1423,
+        1427,1429,1433,1439,1447,1451,1453,1459,
+        1471,1481,1483,1487,1489,1493,1499,1511,
+        1523,1531,1543,1549,1553,1559,1567,1571,
+        1579,1583,1597,1601,1607,1609,1613,1619,
+        1621,1627,1637,1657,1663,1667,1669,1693,
+        1697,1699,1709,1721,1723,1733,1741,1747,
+        1753,1759,1777,1783,1787,1789,1801,1811,
+        1823,1831,1847,1861,1867,1871,1873,1877,
+        1879,1889,1901,1907,1913,1931,1933,1949,
+        1951,1973,1979,1987,1993,1997,1999,2003,
+        2011,2017,2027,2029,2039,2053,2063,2069,
+        2081,2083,2087,2089,2099,2111,2113,2129,
+        2131,2137,2141,2143,2153,2161,2179,2203,
+        2207,2213,2221,2237,2239,2243,2251,2267,
+        2269,2273,2281,2287,2293,2297,2309,2311,
+        2333,2339,2341,2347,2351,2357,2371,2377,
+        2381,2383,2389,2393,2399,2411,2417,2423,
+        2437,2441,2447,2459,2467,2473,2477,2503,
+        2521,2531,2539,2543,2549,2551,2557,2579,
+        2591,2593,2609,2617,2621,2633,2647,2657,
+        2659,2663,2671,2677,2683,2687,2689,2693,
+        2699,2707,2711,2713,2719,2729,2731,2741,
+        2749,2753,2767,2777,2789,2791,2797,2801,
+        2803,2819,2833,2837,2843,2851,2857,2861,
+        2879,2887,2897,2903,2909,2917,2927,2939,
+        2953,2957,2963,2969,2971,2999,3001,3011,
+        3019,3023,3037,3041,3049,3061,3067,3079,
+        3083,3089,3109,3119,3121,3137,3163,3167,
+        3169,3181,3187,3191,3203,3209,3217,3221,
+        3229,3251,3253,3257,3259,3271,3299,3301,
+        3307,3313,3319,3323,3329,3331,3343,3347,
+        3359,3361,3371,3373,3389,3391,3407,3413,
+        3433,3449,3457,3461,3463,3467,3469,3491,
+        3499,3511,3517,3527,3529,3533,3539,3541,
+        3547,3557,3559,3571,3581,3583,3593,3607,
+        3613,3617,3623,3631,3637,3643,3659,3671,
+        3673,3677,3691,3697,3701,3709,3719,3727,
+        3733,3739,3761,3767,3769,3779,3793,3797,
+        3803,3821,3823,3833,3847,3851,3853,3863,
+        3877,3881,3889,3907,3911,3917,3919,3923,
+        3929,3931,3943,3947,3967,3989,4001,4003,
+        4007,4013,4019,4021,4027,4049,4051,4057,
+        4073,4079,4091,4093,4099,4111,4127,4129,
+        4133,4139,4153,4157,4159,4177,4201,4211,
+        4217,4219,4229,4231,4241,4243,4253,4259,
+        4261,4271,4273,4283,4289,4297,4327,4337,
+        4339,4349,4357,4363,4373,4391,4397,4409,
+        4421,4423,4441,4447,4451,4457,4463,4481,
+        4483,4493,4507,4513,4517,4519,4523,4547,
+        4549,4561,4567,4583,4591,4597,4603,4621,
+        4637,4639,4643,4649,4651,4657,4663,4673,
+        4679,4691,4703,4721,4723,4729,4733,4751,
+        4759,4783,4787,4789,4793,4799,4801,4813,
+        4817,4831,4861,4871,4877,4889,4903,4909,
+        4919,4931,4933,4937,4943,4951,4957,4967,
+        4969,4973,4987,4993,4999,5003,5009,5011,
+        5021,5023,5039,5051,5059,5077,5081,5087,
+        5099,5101,5107,5113,5119,5147,5153,5167,
+        5171,5179,5189,5197,5209,5227,5231,5233,
+        5237,5261,5273,5279,5281,5297,5303,5309,
+        5323,5333,5347,5351,5381,5387,5393,5399,
+        5407,5413,5417,5419,5431,5437,5441,5443,
+        5449,5471,5477,5479,5483,5501,5503,5507,
+        5519,5521,5527,5531,5557,5563,5569,5573,
+        5581,5591,5623,5639,5641,5647,5651,5653,
+        5657,5659,5669,5683,5689,5693,5701,5711,
+        5717,5737,5741,5743,5749,5779,5783,5791,
+        5801,5807,5813,5821,5827,5839,5843,5849,
+        5851,5857,5861,5867,5869,5879,5881,5897,
+        5903,5923,5927,5939,5953,5981,5987,6007,
+        6011,6029,6037,6043,6047,6053,6067,6073,
+        6079,6089,6091,6101,6113,6121,6131,6133,
+        6143,6151,6163,6173,6197,6199,6203,6211,
+        6217,6221,6229,6247,6257,6263,6269,6271,
+        6277,6287,6299,6301,6311,6317,6323,6329,
+        6337,6343,6353,6359,6361,6367,6373,6379,
+        6389,6397,6421,6427,6449,6451,6469,6473,
+        6481,6491,6521,6529,6547,6551,6553,6563,
+        6569,6571,6577,6581,6599,6607,6619,6637,
+        6653,6659,6661,6673,6679,6689,6691,6701,
+        6703,6709,6719,6733,6737,6761,6763,6779,
+        6781,6791,6793,6803,6823,6827,6829,6833,
+        6841,6857,6863,6869,6871,6883,6899,6907,
+        6911,6917,6947,6949,6959,6961,6967,6971,
+        6977,6983,6991,6997,7001,7013,7019,7027,
+        7039,7043,7057,7069,7079,7103,7109,7121,
+        7127,7129,7151,7159,7177,7187,7193,7207,
+        7211,7213,7219,7229,7237,7243,7247,7253,
+        7283,7297,7307,7309,7321,7331,7333,7349,
+        7351,7369,7393,7411,7417,7433,7451,7457,
+        7459,7477,7481,7487,7489,7499,7507,7517,
+        7523,7529,7537,7541,7547,7549,7559,7561,
+        7573,7577,7583,7589,7591,7603,7607,7621,
+        7639,7643,7649,7669,7673,7681,7687,7691,
+        7699,7703,7717,7723,7727,7741,7753,7757,
+        7759,7789,7793,7817,7823,7829,7841,7853,
+        7867,7873,7877,7879,7883,7901,7907,7919,
+        7927,7933,7937,7949,7951,7963,7993,8009,
+        8011,8017,8039,8053,8059,8069,8081,8087,
+        8089,8093,8101,8111,8117,8123,8147,8161,
+        8167,8171,8179,8191,8209,8219,8221,8231,
+        8233,8237,8243,8263,8269,8273,8287,8291,
+        8293,8297,8311,8317,8329,8353,8363,8369,
+        8377,8387,8389,8419,8423,8429,8431,8443,
+        8447,8461,8467,8501,8513,8521,8527,8537,
+        8539,8543,8563,8573,8581,8597,8599,8609,
+        8623,8627,8629,8641,8647,8663,8669,8677,
+        8681,8689,8693,8699,8707,8713,8719,8731,
+        8737,8741,8747,8753,8761,8779,8783,8803,
+        8807,8819,8821,8831,8837,8839,8849,8861,
+        8863,8867,8887,8893,8923,8929,8933,8941,
+        8951,8963,8969,8971,8999,9001,9007,9011,
+        9013,9029,9041,9043,9049,9059,9067,9091,
+        9103,9109,9127,9133,9137,9151,9157,9161,
+        9173,9181,9187,9199,9203,9209,9221,9227,
+        9239,9241,9257,9277,9281,9283,9293,9311,
+        9319,9323,9337,9341,9343,9349,9371,9377,
+        9391,9397,9403,9413,9419,9421,9431,9433,
+        9437,9439,9461,9463,9467,9473,9479,9491,
+        9497,9511,9521,9533,9539,9547,9551,9587,
+        9601,9613,9619,9623,9629,9631,9643,9649,
+        9661,9677,9679,9689,9697,9719,9721,9733,
+        9739,9743,9749,9767,9769,9781,9787,9791,
+        9803,9811,9817,9829,9833,9839,9851,9857,
+        9859,9871,9883,9887,9901,9907,9923,9929,
+        9931,9941,9949,9967,9973,10007,10009,10037,
+        10039,10061,10067,10069,10079,10091,10093,10099,
+        10103,10111,10133,10139,10141,10151,10159,10163,
+        10169,10177,10181,10193,10211,10223,10243,10247,
+        10253,10259,10267,10271,10273,10289,10301,10303,
+        10313,10321,10331,10333,10337,10343,10357,10369,
+        10391,10399,10427,10429,10433,10453,10457,10459,
+        10463,10477,10487,10499,10501,10513,10529,10531,
+        10559,10567,10589,10597,10601,10607,10613,10627,
+        10631,10639,10651,10657,10663,10667,10687,10691,
+        10709,10711,10723,10729,10733,10739,10753,10771,
+        10781,10789,10799,10831,10837,10847,10853,10859,
+        10861,10867,10883,10889,10891,10903,10909,10937,
+        10939,10949,10957,10973,10979,10987,10993,11003,
+        11027,11047,11057,11059,11069,11071,11083,11087,
+        11093,11113,11117,11119,11131,11149,11159,11161,
+        11171,11173,11177,11197,11213,11239,11243,11251,
+        11257,11261,11273,11279,11287,11299,11311,11317,
+        11321,11329,11351,11353,11369,11383,11393,11399,
+        11411,11423,11437,11443,11447,11467,11471,11483,
+        11489,11491,11497,11503,11519,11527,11549,11551,
+        11579,11587,11593,11597,11617,11621,11633,11657,
+        11677,11681,11689,11699,11701,11717,11719,11731,
+        11743,11777,11779,11783,11789,11801,11807,11813,
+        11821,11827,11831,11833,11839,11863,11867,11887,
+        11897,11903,11909,11923,11927,11933,11939,11941,
+        11953,11959,11969,11971,11981,11987,12007,12011,
+        12037,12041,12043,12049,12071,12073,12097,12101,
+        12107,12109,12113,12119,12143,12149,12157,12161,
+        12163,12197,12203,12211,12227,12239,12241,12251,
+        12253,12263,12269,12277,12281,12289,12301,12323,
+        12329,12343,12347,12373,12377,12379,12391,12401,
+        12409,12413,12421,12433,12437,12451,12457,12473,
+        12479,12487,12491,12497,12503,12511,12517,12527,
+        12539,12541,12547,12553,12569,12577,12583,12589,
+        12601,12611,12613,12619,12637,12641,12647,12653,
+        12659,12671,12689,12697,12703,12713,12721,12739,
+        12743,12757,12763,12781,12791,12799,12809,12821,
+        12823,12829,12841,12853,12889,12893,12899,12907,
+        12911,12917,12919,12923,12941,12953,12959,12967,
+        12973,12979,12983,13001,13003,13007,13009,13033,
+        13037,13043,13049,13063,13093,13099,13103,13109,
+        13121,13127,13147,13151,13159,13163,13171,13177,
+        13183,13187,13217,13219,13229,13241,13249,13259,
+        13267,13291,13297,13309,13313,13327,13331,13337,
+        13339,13367,13381,13397,13399,13411,13417,13421,
+        13441,13451,13457,13463,13469,13477,13487,13499,
+        13513,13523,13537,13553,13567,13577,13591,13597,
+        13613,13619,13627,13633,13649,13669,13679,13681,
+        13687,13691,13693,13697,13709,13711,13721,13723,
+        13729,13751,13757,13759,13763,13781,13789,13799,
+        13807,13829,13831,13841,13859,13873,13877,13879,
+        13883,13901,13903,13907,13913,13921,13931,13933,
+        13963,13967,13997,13999,14009,14011,14029,14033,
+        14051,14057,14071,14081,14083,14087,14107,14143,
+        14149,14153,14159,14173,14177,14197,14207,14221,
+        14243,14249,14251,14281,14293,14303,14321,14323,
+        14327,14341,14347,14369,14387,14389,14401,14407,
+        14411,14419,14423,14431,14437,14447,14449,14461,
+        14479,14489,14503,14519,14533,14537,14543,14549,
+        14551,14557,14561,14563,14591,14593,14621,14627,
+        14629,14633,14639,14653,14657,14669,14683,14699,
+        14713,14717,14723,14731,14737,14741,14747,14753,
+        14759,14767,14771,14779,14783,14797,14813,14821,
+        14827,14831,14843,14851,14867,14869,14879,14887,
+        14891,14897,14923,14929,14939,14947,14951,14957,
+        14969,14983,15013,15017,15031,15053,15061,15073,
+        15077,15083,15091,15101,15107,15121,15131,15137,
+        15139,15149,15161,15173,15187,15193,15199,15217,
+        15227,15233,15241,15259,15263,15269,15271,15277,
+        15287,15289,15299,15307,15313,15319,15329,15331,
+        15349,15359,15361,15373,15377,15383,15391,15401,
+        15413,15427,15439,15443,15451,15461,15467,15473,
+        15493,15497,15511,15527,15541,15551,15559,15569,
+        15581,15583,15601,15607,15619,15629,15641,15643,
+        15647,15649,15661,15667,15671,15679,15683,15727,
+        15731,15733,15737,15739,15749,15761,15767,15773,
+        15787,15791,15797,15803,15809,15817,15823,15859,
+        15877,15881,15887,15889,15901,15907,15913,15919,
+        15923,15937,15959,15971,15973,15991,16001,16007,
+        16033,16057,16061,16063,16067,16069,16073,16087,
+        16091,16097,16103,16111,16127,16139,16141,16183,
+        16187,16189,16193,16217,16223,16229,16231,16249,
+        16253,16267,16273,16301,16319,16333,16339,16349,
+        16361,16363,16369,16381,16411,16417,16421,16427,
+        16433,16447,16451,16453,16477,16481,16487,16493,
+        16519,16529,16547,16553,16561,16567,16573,16603,
+        16607,16619,16631,16633,16649,16651,16657,16661,
+        16673,16691,16693,16699,16703,16729,16741,16747,
+        16759,16763,16787,16811,16823,16829,16831,16843,
+        16871,16879,16883,16889,16901,16903,16921,16927,
+        16931,16937,16943,16963,16979,16981,16987,16993,
+        17011,17021,17027,17029,17033,17041,17047,17053,
+        17077,17093,17099,17107,17117,17123,17137,17159,
+        17167,17183,17189,17191,17203,17207,17209,17231,
+        17239,17257,17291,17293,17299,17317,17321,17327,
+        17333,17341,17351,17359,17377,17383,17387,17389,
+        17393,17401,17417,17419,17431,17443,17449,17467,
+        17471,17477,17483,17489,17491,17497,17509,17519,
+        17539,17551,17569,17573,17579,17581,17597,17599,
+        17609,17623,17627,17657,17659,17669,17681,17683,
+        17707,17713,17729,17737,17747,17749,17761,17783,
+        17789,17791,17807,17827,17837,17839,17851,17863,
+#endif
+        };
diff --git a/src/lib/libssl/src/crypto/bn/bn_prime.pl b/src/lib/libssl/src/crypto/bn/bn_prime.pl
new file mode 100644
index 0000000000..1b00c21a77
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_prime.pl
@@ -0,0 +1,56 @@
+#!/usr/bin/perl
+# bn_prime.pl
+$num=2048;
+$num=$ARGV[0] if ($#ARGV >= 0);
+push(@primes,2);
+$p=1;
+loop: while ($#primes < $num-1)
+        {
+        $p+=2;
+        $s=int(sqrt($p));
+        for ($i=0; $primes[$i]<=$s; $i++)
+                {
+                next loop if (($p%$primes[$i]) == 0);
+                }
+        push(@primes,$p);
+        }
+print <<"EOF";
+/* Auto generated by bn_prime.pl */
+/* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au).
+ * All rights reserved.
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * See the COPYRIGHT file in the SSLeay distribution for more details.
+ */
+EOF
+for ($i=0; $i <= $#primes; $i++)
+        {
+        if ($primes[$i] > 256)
+                {
+                $eight=$i;
+                last;
+                }
+        }
+printf "#ifndef EIGHT_BIT\n";
+printf "#define NUMPRIMES %d\n",$num;
+printf "#else\n";
+printf "#define NUMPRIMES %d\n",$eight;
+printf "#endif\n";
+print "static unsigned int primes[NUMPRIMES]=\n\t{\n\t";
+$init=0;
+for ($i=0; $i <= $#primes; $i++)
+        {
+        printf "\n#ifndef EIGHT_BIT\n\t" if ($primes[$i] > 256) && !($init++);
+        printf("\n\t") if (($i%8) == 0) && ($i != 0);
+        printf("%4d,",$primes[$i]);
+        }
+print "\n#endif\n\t};\n";
diff --git a/src/lib/libssl/src/crypto/bn/bn_print.c b/src/lib/libssl/src/crypto/bn/bn_print.c
new file mode 100644
index 0000000000..2bcc11c852
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_print.c
@@ -0,0 +1,333 @@
+/* crypto/bn/bn_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "bn_lcl.h"
+static char *Hex="0123456789ABCDEF";
+/* Must 'Free' the returned data */
+char *BN_bn2hex(a)
+BIGNUM *a;
+        {
+        int i,j,v,z=0;
+        char *buf;
+        char *p;
+        buf=(char *)Malloc(a->top*BN_BYTES*2+2);
+        if (buf == NULL)
+                {
+                BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p=buf;
+        if (a->neg) *(p++)='-';
+        if (a->top == 0) *(p++)='0';
+        for (i=a->top-1; i >=0; i--)
+                {
+                for (j=BN_BITS2-8; j >= 0; j-=8)
+                        {
+                        /* strip leading zeros */
+                        v=((int)(a->d[i]>>(long)j))&0xff;
+                        if (z || (v != 0))
+                                {
+                                *(p++)=Hex[v>>4];
+                                *(p++)=Hex[v&0x0f];
+                                z=1;
+                                }
+                        }
+                }
+        *p='\0';
+err:
+        return(buf);
+        }
+/* Must 'Free' the returned data */
+char *BN_bn2dec(a)
+BIGNUM *a;
+        {
+        int i=0,num;
+        char *buf=NULL;
+        char *p;
+        BIGNUM *t=NULL;
+        BN_ULONG *bn_data=NULL,*lp;
+        i=BN_num_bits(a)*3;
+        num=(i/10+i/1000+3)+1;
+        bn_data=(BN_ULONG *)Malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
+        buf=(char *)Malloc(num+3);
+        if ((buf == NULL) || (bn_data == NULL))
+                {
+                BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if ((t=BN_dup(a)) == NULL) goto err;
+        p=buf;
+        lp=bn_data;
+        if (t->neg) *(p++)='-';
+        if (t->top == 0)
+                {
+                *(p++)='0';
+                *(p++)='\0';
+                }
+        else
+                {
+                i=0;
+                while (!BN_is_zero(t))
+                        {
+                        *lp=BN_div_word(t,BN_DEC_CONV);
+                        lp++;
+                        }
+                lp--;
+                /* We now have a series of blocks, BN_DEC_NUM chars
+                 * in length, where the last one needs trucation.
+                 * The blocks need to be reversed in order. */
+                sprintf(p,BN_DEC_FMT1,*lp);
+                while (*p) p++;
+                while (lp != bn_data)
+                        {
+                        lp--;
+                        sprintf(p,BN_DEC_FMT2,*lp);
+                        while (*p) p++;
+                        }
+                }
+err:
+        if (bn_data != NULL) Free(bn_data);
+        if (t != NULL) BN_free(t);
+        return(buf);
+        }
+int BN_hex2bn(bn,a)
+BIGNUM **bn;
+char *a;
+        {
+        BIGNUM *ret=NULL;
+        BN_ULONG l=0;
+        int neg=0,h,m,i,j,k,c;
+        int num;
+        if ((a == NULL) || (*a == '\0')) return(0);
+        if (*a == '-') { neg=1; a++; }
+        for (i=0; isxdigit(a[i]); i++)
+                ;
+        num=i+neg;
+        if (bn == NULL) return(num);
+        /* a is the start of the hex digets, and it is 'i' long */
+        if (*bn == NULL)
+                {
+                if ((ret=BN_new()) == NULL) return(0);
+                }
+        else
+                {
+                ret= *bn;
+                BN_zero(ret);
+                }
+        /* i is the number of hex digests; */
+        if (bn_expand(ret,i*4) == NULL) goto err;
+        j=i; /* least significate 'hex' */
+        m=0;
+        h=0;
+        while (j > 0)
+                {
+                m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j;
+                l=0;
+                for (;;)
+                        {
+                        c=a[j-m];
+                        if ((c >= '0') && (c <= '9')) k=c-'0';
+                        else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10;
+                        else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10;
+                        else k=0; /* paranoia */
+                        l=(l<<4)|k;
+                        if (--m <= 0)
+                                {
+                                ret->d[h++]=l;
+                                break;
+                                }
+                        }
+                j-=(BN_BYTES*2);
+                }
+        ret->top=h;
+        bn_fix_top(ret);
+        ret->neg=neg;
+        *bn=ret;
+        return(num);
+err:
+        if (*bn == NULL) BN_free(ret);
+        return(0);
+        }
+int BN_dec2bn(bn,a)
+BIGNUM **bn;
+char *a;
+        {
+        BIGNUM *ret=NULL;
+        BN_ULONG l=0;
+        int neg=0,i,j;
+        int num;
+        if ((a == NULL) || (*a == '\0')) return(0);
+        if (*a == '-') { neg=1; a++; }
+        for (i=0; isdigit(a[i]); i++)
+                ;
+        num=i+neg;
+        if (bn == NULL) return(num);
+        /* a is the start of the digets, and it is 'i' long.
+         * We chop it into BN_DEC_NUM digets at a time */
+        if (*bn == NULL)
+                {
+                if ((ret=BN_new()) == NULL) return(0);
+                }
+        else
+                {
+                ret= *bn;
+                BN_zero(ret);
+                }
+        /* i is the number of digests, a bit of an over expand; */
+        if (bn_expand(ret,i*4) == NULL) goto err;
+        j=BN_DEC_NUM-(i%BN_DEC_NUM);
+        if (j == BN_DEC_NUM) j=0;
+        l=0;
+        while (*a)
+                {
+                l*=10;
+                l+= *a-'0';
+                a++;
+                if (++j == BN_DEC_NUM)
+                        {
+                        BN_mul_word(ret,BN_DEC_CONV);
+                        BN_add_word(ret,l);
+                        l=0;
+                        j=0;
+                        }
+                }
+        ret->neg=neg;
+        bn_fix_top(ret);
+        *bn=ret;
+        return(num);
+err:
+        if (*bn == NULL) BN_free(ret);
+        return(0);
+        }
+#ifndef NO_BIO
+#ifndef NO_FP_API
+int BN_print_fp(fp, a)
+FILE *fp;
+BIGNUM *a;
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                return(0);
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=BN_print(b,a);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int BN_print(bp, a)
+BIO *bp;
+BIGNUM *a;
+        {
+        int i,j,v,z=0;
+        int ret=0;
+        if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
+        if ((a->top == 0) && (BIO_write(bp,"0",1) != 1)) goto end;
+        for (i=a->top-1; i >=0; i--)
+                {
+                for (j=BN_BITS2-4; j >= 0; j-=4)
+                        {
+                        /* strip leading zeros */
+                        v=((int)(a->d[i]>>(long)j))&0x0f;
+                        if (z || (v != 0))
+                                {
+                                if (BIO_write(bp,&(Hex[v]),1) != 1)
+                                        goto end;
+                                z=1;
+                                }
+                        }
+                }
+        ret=1;
+end:
+        return(ret);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/bn/bn_rand.c b/src/lib/libssl/src/crypto/bn/bn_rand.c
new file mode 100644
index 0000000000..75b6b0493b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_rand.c
@@ -0,0 +1,121 @@
+/* crypto/bn/bn_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include "rand.h"
+int BN_rand(rnd, bits, top, bottom)
+BIGNUM *rnd;
+int bits;
+int top;
+int bottom;
+        {
+        unsigned char *buf=NULL;
+        int ret=0,bit,bytes,mask;
+        time_t tim;
+        bytes=(bits+7)/8;
+        bit=(bits-1)%8;
+        mask=0xff<<bit;
+        buf=(unsigned char *)Malloc(bytes);
+        if (buf == NULL)
+                {
+                BNerr(BN_F_BN_RAND,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        /* make a random number and set the top and bottom bits */
+        time(&tim);
+        RAND_seed((unsigned char *)&tim,sizeof(tim));
+        RAND_bytes(buf,(int)bytes);
+        if (top)
+                {
+                if (bit == 0)
+                        {
+                        buf[0]=1;
+                        buf[1]|=0x80;
+                        }
+                else
+                        {
+                        buf[0]|=(3<<(bit-1));
+                        buf[0]&= ~(mask<<1);
+                        }
+                }
+        else
+                {
+                buf[0]|=(1<<bit);
+                buf[0]&= ~(mask<<1);
+                }
+        if (bottom) /* set bottom bits to whatever odd is */
+                buf[bytes-1]|=1;
+        if (!BN_bin2bn(buf,bytes,rnd)) goto err;
+        ret=1;
+err:
+        if (buf != NULL)
+                {
+                memset(buf,0,bytes);
+                Free(buf);
+                }
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_recp.c b/src/lib/libssl/src/crypto/bn/bn_recp.c
new file mode 100644
index 0000000000..72cd69d3fc
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_recp.c
@@ -0,0 +1,125 @@
+/* crypto/bn/bn_recp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+int BN_mod_mul_reciprocal(r, x, y, m, i, nb, ctx)
+BIGNUM *r;
+BIGNUM *x;
+BIGNUM *y;
+BIGNUM *m;
+BIGNUM *i;
+int nb;
+BN_CTX *ctx;
+        {
+        int ret=0,j;
+        BIGNUM *a,*b,*c,*d;
+        a=ctx->bn[ctx->tos++];
+        b=ctx->bn[ctx->tos++];
+        c=ctx->bn[ctx->tos++];
+        d=ctx->bn[ctx->tos++];
+        if (x == y)
+                { if (!BN_sqr(a,x,ctx)) goto err; }
+        else
+                { if (!BN_mul(a,x,y)) goto err; }
+        if (!BN_rshift(d,a,nb)) goto err;
+        if (!BN_mul(b,d,i)) goto err;
+        if (!BN_rshift(c,b,nb)) goto err;
+        if (!BN_mul(b,m,c)) goto err;
+        if (!BN_sub(r,a,b)) goto err;
+        j=0;
+        while (BN_cmp(r,m) >= 0)
+                {
+                if (j++ > 2)
+                        {
+                        BNerr(BN_F_BN_MOD_MUL_RECIPROCAL,BN_R_BAD_RECIPROCAL);
+                        goto err;
+                        }
+                if (!BN_sub(r,r,m)) goto err;
+                }
+        ret=1;
+err:
+        ctx->tos-=4;
+        return(ret);
+        }
+int BN_reciprocal(r, m,ctx)
+BIGNUM *r;
+BIGNUM *m;
+BN_CTX *ctx;
+        {
+        int nm,ret= -1;
+        BIGNUM *t;
+        t=ctx->bn[ctx->tos++];
+        nm=BN_num_bits(m);
+        if (!BN_lshift(t,BN_value_one(),nm*2)) goto err;
+        if (!BN_div(r,NULL,t,m,ctx)) goto err;
+        ret=nm;
+err:
+        ctx->tos--;
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_shift.c b/src/lib/libssl/src/crypto/bn/bn_shift.c
new file mode 100644
index 0000000000..944bf1794b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_shift.c
@@ -0,0 +1,210 @@
+/* crypto/bn/bn_shift.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+int BN_lshift1(r, a)
+BIGNUM *r;
+BIGNUM *a;
+        {
+        register BN_ULONG *ap,*rp,t,c;
+        int i;
+        if (r != a)
+                {
+                r->neg=a->neg;
+                if (bn_wexpand(r,a->top+1) == NULL) return(0);
+                r->top=a->top;
+                }
+        else
+                {
+                if (bn_wexpand(r,a->top+1) == NULL) return(0);
+                }
+        ap=a->d;
+        rp=r->d;
+        c=0;
+        for (i=0; i<a->top; i++)
+                {
+                t= *(ap++);
+                *(rp++)=((t<<1)|c)&BN_MASK2;
+                c=(t & BN_TBIT)?1:0;
+                }
+        if (c)
+                {
+                *rp=1;
+                r->top++;
+                }
+        return(1);
+        }
+int BN_rshift1(r, a)
+BIGNUM *r;
+BIGNUM *a;
+        {
+        BN_ULONG *ap,*rp,t,c;
+        int i;
+        if (BN_is_zero(a))
+                {
+                BN_zero(r);
+                return(1);
+                }
+        if (a != r)
+                {
+                if (bn_wexpand(r,a->top) == NULL) return(0);
+                r->top=a->top;
+                r->neg=a->neg;
+                }
+        ap=a->d;
+        rp=r->d;
+        c=0;
+        for (i=a->top-1; i>=0; i--)
+                {
+                t=ap[i];
+                rp[i]=((t>>1)&BN_MASK2)|c;
+                c=(t&1)?BN_TBIT:0;
+                }
+        bn_fix_top(r);
+        return(1);
+        }
+int BN_lshift(r, a, n)
+BIGNUM *r;
+BIGNUM *a;
+int n;
+        {
+        int i,nw,lb,rb;
+        BN_ULONG *t,*f;
+        BN_ULONG l;
+        r->neg=a->neg;
+        if (bn_wexpand(r,a->top+(n/BN_BITS2)+1) == NULL) return(0);
+        nw=n/BN_BITS2;
+        lb=n%BN_BITS2;
+        rb=BN_BITS2-lb;
+        f=a->d;
+        t=r->d;
+        t[a->top+nw]=0;
+        if (lb == 0)
+                for (i=a->top-1; i>=0; i--)
+                        t[nw+i]=f[i];
+        else
+                for (i=a->top-1; i>=0; i--)
+                        {
+                        l=f[i];
+                        t[nw+i+1]|=(l>>rb)&BN_MASK2;
+                        t[nw+i]=(l<<lb)&BN_MASK2;
+                        }
+        memset(t,0,nw*sizeof(t[0]));
+/*      for (i=0; i<nw; i++)
+                t[i]=0;*/
+        r->top=a->top+nw+1;
+        bn_fix_top(r);
+        return(1);
+        }
+int BN_rshift(r, a, n)
+BIGNUM *r;
+BIGNUM *a;
+int n;
+        {
+        int i,j,nw,lb,rb;
+        BN_ULONG *t,*f;
+        BN_ULONG l,tmp;
+        nw=n/BN_BITS2;
+        rb=n%BN_BITS2;
+        lb=BN_BITS2-rb;
+        if (nw > a->top)
+                {
+                BN_zero(r);
+                return(1);
+                }
+        if (r != a)
+                {
+                r->neg=a->neg;
+                if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
+                }
+        f= &(a->d[nw]);
+        t=r->d;
+        j=a->top-nw;
+        r->top=j;
+        if (rb == 0)
+                {
+                for (i=j+1; i > 0; i--)
+                        *(t++)= *(f++);
+                }
+        else
+                {
+                l= *(f++);
+                for (i=1; i<j; i++)
+                        {
+                        tmp =(l>>rb)&BN_MASK2;
+                        l= *(f++);
+                        *(t++) =(tmp|(l<<lb))&BN_MASK2;
+                        }
+                *(t++) =(l>>rb)&BN_MASK2;
+                }
+        *t=0;
+        bn_fix_top(r);
+        return(1);
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_sqr.c b/src/lib/libssl/src/crypto/bn/bn_sqr.c
new file mode 100644
index 0000000000..a8464610e5
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_sqr.c
@@ -0,0 +1,122 @@
+/* crypto/bn/bn_sqr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+/* r must not be a */
+/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
+int BN_sqr(r, a, ctx)
+BIGNUM *r;
+BIGNUM *a;
+BN_CTX *ctx;
+        {
+        int i,j,max,al;
+        BIGNUM *tmp;
+        BN_ULONG *ap,*rp;
+        tmp=ctx->bn[ctx->tos];
+        al=a->top;
+        if (al == 0)
+                {
+                r->top=0;
+                return(1);
+                }
+        max=(al*2);
+        if (bn_wexpand(r,1+max) == NULL) return(0);
+        if (bn_wexpand(tmp,1+max) == NULL) return(0);
+        r->neg=0;
+        ap=a->d;
+        rp=r->d;
+        rp[0]=rp[max-1]=0;
+        rp++;
+        j=al;
+        if (--j > 0)
+                {
+                ap++;
+                rp[j]=bn_mul_words(rp,ap,j,ap[-1]);
+                rp+=2;
+                }
+        for (i=2; i<al; i++)
+                {
+                j--;
+                ap++;
+                rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]);
+                rp+=2;
+                }
+        bn_add_words(r->d,r->d,r->d,max);
+        /* There will not be a carry */
+        bn_sqr_words(tmp->d,a->d,al);
+        bn_add_words(r->d,r->d,tmp->d,max);
+        r->top=max;
+        if (r->d[max-1] == 0) r->top--;
+        return(1);
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_word.c b/src/lib/libssl/src/crypto/bn/bn_word.c
new file mode 100644
index 0000000000..4b3d0f011d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_word.c
@@ -0,0 +1,204 @@
+/* crypto/bn/bn_word.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+BN_ULONG BN_mod_word(a, w)
+BIGNUM *a;
+unsigned long w;
+        {
+#ifndef BN_LLONG
+        BN_ULONG ret=0;
+#else
+        BN_ULLONG ret=0;
+#endif
+        int i;
+        w&=BN_MASK2;
+        for (i=a->top-1; i>=0; i--)
+                {
+#ifndef BN_LLONG
+                ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%(unsigned long)w;
+                ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%(unsigned long)w;
+#else
+                ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%
+                        (BN_ULLONG)w);
+#endif
+                }
+        return((BN_ULONG)ret);
+        }
+BN_ULONG BN_div_word(a, w)
+BIGNUM *a;
+unsigned long w;
+        {
+        BN_ULONG ret;
+        int i;
+        if (a->top == 0) return(0);
+        ret=0;
+        w&=BN_MASK2;
+        for (i=a->top-1; i>=0; i--)
+                {
+                BN_ULONG l,d;
+                
+                l=a->d[i];
+                d=bn_div64(ret,l,w);
+                ret=(l-((d*w)&BN_MASK2))&BN_MASK2;
+                a->d[i]=d;
+                }
+        if (a->d[a->top-1] == 0)
+                a->top--;
+        return(ret);
+        }
+int BN_add_word(a, w)
+BIGNUM *a;
+unsigned long w;
+        {
+        BN_ULONG l;
+        int i;
+        if (a->neg)
+                {
+                a->neg=0;
+                i=BN_sub_word(a,w);
+                if (!BN_is_zero(a))
+                        a->neg=1;
+                return(i);
+                }
+        w&=BN_MASK2;
+        if (bn_wexpand(a,a->top+1) == NULL) return(0);
+        i=0;
+        for (;;)
+                {
+                l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+                a->d[i]=l;
+                if (w > l)
+                        w=1;
+                else
+                        break;
+                i++;
+                }
+        if (i >= a->top)
+                a->top++;
+        return(1);
+        }
+int BN_sub_word(a, w)
+BIGNUM *a;
+unsigned long w;
+        {
+        int i;
+        if (a->neg)
+                {
+                a->neg=0;
+                i=BN_add_word(a,w);
+                a->neg=1;
+                return(i);
+                }
+        w&=BN_MASK2;
+        if ((a->top == 1) && (a->d[0] < w))
+                {
+                a->d[0]=w-a->d[0];
+                a->neg=1;
+                return(1);
+                }
+        i=0;
+        for (;;)
+                {
+                if (a->d[i] >= w)
+                        {
+                        a->d[i]-=w;
+                        break;
+                        }
+                else
+                        {
+                        a->d[i]=(a->d[i]-w)&BN_MASK2;
+                        i++;
+                        w=1;
+                        }
+                }
+        if ((a->d[i] == 0) && (i == (a->top-1)))
+                a->top--;
+        return(1);
+        }
+int BN_mul_word(a,w)
+BIGNUM *a;
+unsigned long w;
+        {
+        BN_ULONG ll;
+        w&=BN_MASK2;
+        if (a->top)
+                {
+                ll=bn_mul_words(a->d,a->d,a->top,w);
+                if (ll)
+                        {
+                        if (bn_wexpand(a,a->top+1) == NULL) return(0);
+                        a->d[a->top++]=ll;
+                        }
+                }
+        return(0);
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bnspeed.c b/src/lib/libssl/src/crypto/bn/bnspeed.c
new file mode 100644
index 0000000000..f7c2790fff
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bnspeed.c
@@ -0,0 +1,248 @@
+/* crypto/bn/bnspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* most of this code has been pilfered from my libdes speed.c program */
+#define BASENUM 1000000
+#undef PROG
+#define PROG bnspeed_main
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include "crypto.h"
+#include "err.h"
+#ifndef MSDOS
+#define TIMES
+#endif
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "bn.h"
+#include "x509.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8)
+int run=0;
+#ifndef NOPROTO
+static double Time_F(int s);
+#else
+static double Time_F();
+#endif
+#define START   0
+#define STOP    1
+static double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret < 1e-3)?1e-3:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret < 0.001)?0.001:ret);
+                }
+#endif
+        }
+#define NUM_SIZES       5
+static int sizes[NUM_SIZES]={128,256,512,1024,2048};
+/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
+void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx); 
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        BN_CTX *ctx;
+        BIGNUM *a,*b,*c,*r;
+        ctx=BN_CTX_new();
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        r=BN_new();
+        do_mul(a,b,c,ctx);
+        }
+void do_mul(r,a,b,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+BN_CTX *ctx;
+        {
+        int i,j,k;
+        double tm;
+        long num;
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                num=BASENUM;
+                if (i) num/=(i*3);
+                BN_rand(a,sizes[i],1,0);
+                for (j=i; j<NUM_SIZES; j++)
+                        {
+                        BN_rand(b,sizes[j],1,0);
+                        Time_F(START);
+                        for (k=0; k<num; k++)
+                                BN_mul(r,b,a);
+                        tm=Time_F(STOP);
+                        printf("mul %4d x %4d -> %8.3fms\n",sizes[i],sizes[j],tm*1000.0/num);
+                        }
+                }
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                num=BASENUM;
+                if (i) num/=(i*3);
+                BN_rand(a,sizes[i],1,0);
+                Time_F(START);
+                for (k=0; k<num; k++)
+                        BN_sqr(r,a,ctx);
+                tm=Time_F(STOP);
+                printf("sqr %4d x %4d -> %8.3fms\n",sizes[i],sizes[i],tm*1000.0/num);
+                }
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                num=BASENUM/10;
+                if (i) num/=(i*3);
+                BN_rand(a,sizes[i]-1,1,0);
+                for (j=i; j<NUM_SIZES; j++)
+                        {
+                        BN_rand(b,sizes[j],1,0);
+                        Time_F(START);
+                        for (k=0; k<100000; k++)
+                                BN_div(r, NULL, b, a,ctx);
+                        tm=Time_F(STOP);
+                        printf("div %4d / %4d -> %8.3fms\n",sizes[j],sizes[i]-1,tm*1000.0/num);
+                        }
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/bn/bntest.c b/src/lib/libssl/src/crypto/bn/bntest.c
new file mode 100644
index 0000000000..9ebd68b429
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bntest.c
@@ -0,0 +1,777 @@
+/* crypto/bn/bntest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "e_os.h"
+#include "bio.h"
+#include "bn.h"
+#include "rand.h"
+#include "x509.h"
+#include "err.h"
+#ifdef WINDOWS
+#include "../bio/bss_file.c"
+#endif
+#ifndef NOPROTO
+int test_add (BIO *bp);
+int test_sub (BIO *bp);
+int test_lshift1 (BIO *bp);
+int test_lshift (BIO *bp);
+int test_rshift1 (BIO *bp);
+int test_rshift (BIO *bp);
+int test_div (BIO *bp,BN_CTX *ctx);
+int test_mul (BIO *bp);
+int test_sqr (BIO *bp,BN_CTX *ctx);
+int test_mont (BIO *bp,BN_CTX *ctx);
+int test_mod (BIO *bp,BN_CTX *ctx);
+int test_mod_mul (BIO *bp,BN_CTX *ctx);
+int test_mod_exp (BIO *bp,BN_CTX *ctx);
+int rand_neg(void);
+#else
+int test_add ();
+int test_sub ();
+int test_lshift1 ();
+int test_lshift ();
+int test_rshift1 ();
+int test_rshift ();
+int test_div ();
+int test_mul ();
+int test_sqr ();
+int test_mont ();
+int test_mod ();
+int test_mod_mul ();
+int test_mod_exp ();
+int rand_neg();
+#endif
+static int results=0;
+#ifdef NO_STDIO
+#define APPS_WIN16
+#include "bss_file.c"
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        BN_CTX *ctx;
+        BIO *out;
+        char *outfile=NULL;
+        srand((unsigned int)time(NULL));
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if (strcmp(*argv,"-results") == 0)
+                        results=1;
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) break;
+                        outfile= *(++argv);
+                        }
+                argc--;
+                argv++;
+                }
+        ctx=BN_CTX_new();
+        if (ctx == NULL) exit(1);
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) exit(1);
+        if (outfile == NULL)
+                {
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+                }
+        else
+                {
+                if (!BIO_write_filename(out,outfile))
+                        {
+                        perror(outfile);
+                        exit(1);
+                        }
+                }
+        if (!results)
+                BIO_puts(out,"obase=16\nibase=16\n");
+        fprintf(stderr,"test BN_add\n");
+        if (!test_add(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_sub\n");
+        if (!test_sub(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_lshift1\n");
+        if (!test_lshift1(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_lshift\n");
+        if (!test_lshift(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_rshift1\n");
+        if (!test_rshift1(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_rshift\n");
+        if (!test_rshift(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_sqr\n");
+        if (!test_sqr(out,ctx)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_mul\n");
+        if (!test_mul(out)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_div\n");
+        if (!test_div(out,ctx)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_mod\n");
+        if (!test_mod(out,ctx)) goto err;
+        fflush(stdout);
+        fprintf(stderr,"test BN_mod_mul\n");
+        if (!test_mod_mul(out,ctx)) goto err;
+        fflush(stdout);
+/*
+        fprintf(stderr,"test BN_mont\n");
+        if (!test_mont(out,ctx)) goto err;
+        fflush(stdout);
+*/
+        fprintf(stderr,"test BN_mod_exp\n");
+        if (!test_mod_exp(out,ctx)) goto err;
+        fflush(stdout);
+/**/
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors(out);
+        exit(1);
+        return(1);
+        }
+int test_add(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        int j;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_rand(a,512,0,0);
+        for (i=0; i<100; i++)
+                {
+                BN_rand(b,450+i,0,0);
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                if (bp == NULL)
+                        for (j=0; j<10000; j++)
+                                BN_add(c,a,b);
+                BN_add(c,a,b);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," + ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_sub(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        int j;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_rand(a,512,0,0);
+        for (i=0; i<100; i++)
+                {
+                BN_rand(b,400+i,0,0);
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                if (bp == NULL)
+                        for (j=0; j<10000; j++)
+                                BN_sub(c,a,b);
+                BN_sub(c,a,b);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," - ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_div(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+        {
+        BIGNUM *a,*b,*c,*d;
+        int i;
+        int j;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        BN_rand(a,400,0,0);
+        for (i=0; i<100; i++)
+                {
+                BN_rand(b,50+i,0,0);
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                if (bp == NULL)
+                        for (j=0; j<100; j++)
+                                BN_div(d,c,a,b,ctx);
+                BN_div(d,c,a,b,ctx);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," / ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,d);
+                        BIO_puts(bp,"\n");
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        return(1);
+        }
+int test_mul(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        int j;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_rand(a,200,0,0);
+        for (i=0; i<100; i++)
+                {
+                BN_rand(b,250+i,0,0);
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                if (bp == NULL)
+                        for (j=0; j<100; j++)
+                                BN_mul(c,a,b);
+                BN_mul(c,a,b);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_sqr(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+        {
+        BIGNUM *a,*c;
+        int i;
+        int j;
+        a=BN_new();
+        c=BN_new();
+        for (i=0; i<40; i++)
+                {
+                BN_rand(a,40+i*10,0,0);
+                a->neg=rand_neg();
+                if (bp == NULL)
+                        for (j=0; j<100; j++)
+                                BN_sqr(c,a,ctx);
+                BN_sqr(c,a,ctx);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,a);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(c);
+        return(1);
+        }
+int test_mont(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+        {
+        BIGNUM *a,*b,*c,*A,*B;
+        BIGNUM *n;
+        int i;
+        int j;
+        BN_MONT_CTX *mont;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        A=BN_new();
+        B=BN_new();
+        n=BN_new();
+        mont=BN_MONT_CTX_new();
+        BN_rand(a,100,0,0); /**/
+        BN_rand(b,100,0,0); /**/
+        for (i=0; i<10; i++)
+                {
+                BN_rand(n,(100%BN_BITS2+1)*BN_BITS2*i*BN_BITS2,0,1); /**/
+                BN_MONT_CTX_set(mont,n,ctx);
+                BN_to_montgomery(A,a,mont,ctx);
+                BN_to_montgomery(B,b,mont,ctx);
+                if (bp == NULL)
+                        for (j=0; j<100; j++)
+                                BN_mod_mul_montgomery(c,A,B,mont,ctx);/**/
+                BN_mod_mul_montgomery(c,A,B,mont,ctx);/**/
+                BN_from_montgomery(A,c,mont,ctx);/**/
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+#ifdef undef
+fprintf(stderr,"%d * %d %% %d\n",
+BN_num_bits(a),
+BN_num_bits(b),
+BN_num_bits(mont->N));
+#endif
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,mont->N);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,A);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_MONT_CTX_free(mont);
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_mod(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        int j;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_rand(a,1024,0,0); /**/
+        for (i=0; i<20; i++)
+                {
+                BN_rand(b,450+i*10,0,0); /**/
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                if (bp == NULL)
+                        for (j=0; j<100; j++)
+                                BN_mod(c,a,b,ctx);/**/
+                BN_mod(c,a,b,ctx);/**/
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_mod_mul(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        BN_rand(c,1024,0,0); /**/
+        for (i=0; i<10; i++)
+                {
+                BN_rand(a,475+i*10,0,0); /**/
+                BN_rand(b,425+i*10,0,0); /**/
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+        /*      if (bp == NULL)
+                        for (j=0; j<100; j++)
+                                BN_mod_mul(d,a,b,c,ctx);*/ /**/
+                if (!BN_mod_mul(e,a,b,c,ctx))
+                        {
+                        unsigned long l;
+                        while ((l=ERR_get_error()))
+                                fprintf(stderr,"ERROR:%s\n",
+                                        ERR_error_string(l,NULL));
+                        exit(1);
+                        }
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,e);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+int test_mod_exp(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        BN_rand(c,30,0,1); /* must be odd for montgomery */
+        for (i=0; i<6; i++)
+                {
+                BN_rand(a,20+i*5,0,0); /**/
+                BN_rand(b,2+i,0,0); /**/
+                if (!BN_mod_exp(d,a,b,c,ctx))
+                        return(00);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," ^ ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,d);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+int test_lshift(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_one(c);
+        BN_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<70; i++)
+                {
+                BN_lshift(b,a,i+1);
+                BN_add(c,c,c);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_lshift1(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        BN_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<70; i++)
+                {
+                BN_lshift1(b,a);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * 2");
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_copy(a,b);
+                }
+        BN_free(a);
+        BN_free(b);
+        return(1);
+        }
+int test_rshift(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_one(c);
+        BN_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<70; i++)
+                {
+                BN_rshift(b,a,i+1);
+                BN_add(c,c,c);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," / ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_rshift1(bp)
+BIO *bp;
+        {
+        BIGNUM *a,*b;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        BN_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<70; i++)
+                {
+                BN_rshift1(b,a);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," / 2");
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_copy(a,b);
+                }
+        BN_free(a);
+        BN_free(b);
+        return(1);
+        }
+int rand_neg()
+        {
+        static unsigned int neg=0;
+        static int sign[8]={0,0,0,1,1,0,1,1};
+        return(sign[(neg++)%8]);
+        }
diff --git a/src/lib/libssl/src/crypto/bn/expspeed.c b/src/lib/libssl/src/crypto/bn/expspeed.c
new file mode 100644
index 0000000000..344f883d35
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/expspeed.c
@@ -0,0 +1,230 @@
+/* crypto/bn/expspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* most of this code has been pilfered from my libdes speed.c program */
+#define BASENUM 5000
+#undef PROG
+#define PROG bnspeed_main
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include "crypto.h"
+#include "err.h"
+#ifndef MSDOS
+#define TIMES
+#endif
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "bn.h"
+#include "x509.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8)
+int run=0;
+#ifndef NOPROTO
+static double Time_F(int s);
+#else
+static double Time_F();
+#endif
+#define START   0
+#define STOP    1
+static double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret < 1e-3)?1e-3:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret < 0.001)?0.001:ret);
+                }
+#endif
+        }
+#define NUM_SIZES       6
+static int sizes[NUM_SIZES]={256,512,1024,2048,4096,8192};
+static int mul_c[NUM_SIZES]={8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};
+/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
+void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx); 
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        BN_CTX *ctx;
+        BIGNUM *a,*b,*c,*r;
+        ctx=BN_CTX_new();
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        r=BN_new();
+        do_mul_exp(r,a,b,c,ctx);
+        }
+void do_mul_exp(r,a,b,c,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+BIGNUM *c;
+BN_CTX *ctx;
+        {
+        int i,k;
+        double tm;
+        long num;
+        BN_MONT_CTX m;
+        memset(&m,0,sizeof(m));
+        num=BASENUM;
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                BN_rand(a,sizes[i],1,0);
+                BN_rand(b,sizes[i],1,0);
+                BN_rand(c,sizes[i],1,1);
+                BN_mod(a,a,c,ctx);
+                BN_mod(b,b,c,ctx);
+                BN_MONT_CTX_set(&m,c,ctx);
+                Time_F(START);
+                for (k=0; k<num; k++)
+                        BN_mod_exp_mont(r,a,b,c,ctx,&m);
+                tm=Time_F(STOP);
+                printf("mul %4d ^ %4d %% %d -> %8.3fms %5.1f\n",sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num);
+                num/=7;
+                if (num <= 0) num=1;
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/bn/exptest.c b/src/lib/libssl/src/crypto/bn/exptest.c
new file mode 100644
index 0000000000..67dc95d726
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/exptest.c
@@ -0,0 +1,148 @@
+/* crypto/bn/exptest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "bio.h"
+#include "bn.h"
+#include "rand.h"
+#include "err.h"
+#ifdef WINDOWS
+#include "../bio/bss_file.c"
+#endif
+#define NUM_BITS        (BN_BITS*2)
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        BN_CTX *ctx;
+        BIO *out=NULL;
+        int i,ret;
+        unsigned char c;
+        BIGNUM *r_mont,*r_recp,*a,*b,*m;
+        ctx=BN_CTX_new();
+        if (ctx == NULL) exit(1);
+        r_mont=BN_new();
+        r_recp=BN_new();
+        a=BN_new();
+        b=BN_new();
+        m=BN_new();
+        if (    (r_mont == NULL) || (r_recp == NULL) ||
+                (a == NULL) || (b == NULL))
+                goto err;
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) exit(1);
+        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        for (i=0; i<200; i++)
+                {
+                RAND_bytes(&c,1);
+                c=(c%BN_BITS)-BN_BITS2;
+                BN_rand(a,NUM_BITS+c,0,0);
+                RAND_bytes(&c,1);
+                c=(c%BN_BITS)-BN_BITS2;
+                BN_rand(b,NUM_BITS+c,0,0);
+                RAND_bytes(&c,1);
+                c=(c%BN_BITS)-BN_BITS2;
+                BN_rand(m,NUM_BITS+c,0,1);
+                BN_mod(a,a,m,ctx);
+                BN_mod(b,b,m,ctx);
+                ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
+                if (ret <= 0)
+                        { printf("BN_mod_exp_mont() problems\n"); exit(1); }
+                ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+                if (ret <= 0)
+                        { printf("BN_mod_exp_recp() problems\n"); exit(1); }
+                
+                if (BN_cmp(r_mont,r_recp) != 0)
+                        {
+                        printf("\nmont and recp results differ\n");
+                        printf("a (%3d) = ",BN_num_bits(a));   BN_print(out,a);
+                        printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
+                        printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
+                        printf("\nrecp     ="); BN_print(out,r_recp);
+                        printf("\nmont     ="); BN_print(out,r_mont);
+                        printf("\n");
+                        exit(1);
+                        }
+                else
+                        {
+                        printf(".");
+                        fflush(stdout);
+                        }
+                }
+        printf(" done\n");
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors(out);
+        exit(1);
+        return(1);
+        }
diff --git a/src/lib/libssl/src/crypto/buffer/buf_err.c b/src/lib/libssl/src/crypto/buffer/buf_err.c
new file mode 100644
index 0000000000..ff988852cc
--- /dev/null
+++ b/src/lib/libssl/src/crypto/buffer/buf_err.c
@@ -0,0 +1,87 @@
+/* lib/buf/buf_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "buffer.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA BUF_str_functs[]=
+        {
+{ERR_PACK(0,BUF_F_BUF_MEM_GROW,0),      "BUF_MEM_grow"},
+{ERR_PACK(0,BUF_F_BUF_MEM_NEW,0),       "BUF_MEM_new"},
+{ERR_PACK(0,BUF_F_BUF_STRDUP,0),        "BUF_strdup"},
+{ERR_PACK(0,BUF_F_PXYCLNT_READ,0),      "PXYCLNT_READ"},
+{0,NULL},
+        };
+#endif
+void ERR_load_BUF_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_BUF,BUF_str_functs);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/buffer/buffer.c b/src/lib/libssl/src/crypto/buffer/buffer.c
new file mode 100644
index 0000000000..7e8af9e2fa
--- /dev/null
+++ b/src/lib/libssl/src/crypto/buffer/buffer.c
@@ -0,0 +1,145 @@
+/* crypto/buffer/buffer.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+BUF_MEM *BUF_MEM_new()
+        {
+        BUF_MEM *ret;
+        ret=(BUF_MEM *)Malloc(sizeof(BUF_MEM));
+        if (ret == NULL)
+                {
+                BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->length=0;
+        ret->max=0;
+        ret->data=NULL;
+        return(ret);
+        }
+void BUF_MEM_free(a)
+BUF_MEM *a;
+        {
+        if (a->data != NULL)
+                {
+                memset(a->data,0,(unsigned int)a->max);
+                Free(a->data);
+                }
+        Free(a);
+        }
+int BUF_MEM_grow(str, len)
+BUF_MEM *str;
+int len;
+        {
+        char *ret;
+        unsigned int n;
+        if (str->length >= len)
+                {
+                str->length=len;
+                return(len);
+                }
+        if (str->max >= len)
+                {
+                memset(&(str->data[str->length]),0,len-str->length);
+                str->length=len;
+                return(len);
+                }
+        n=(len+3)/3*4;
+        if (str->data == NULL)
+                ret=(char *)Malloc(n);
+        else
+                ret=(char *)Realloc(str->data,n);
+        if (ret == NULL)
+                {
+                BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+                len=0;
+                }
+        else
+                {
+                str->data=ret;
+                str->length=len;
+                str->max=n;
+                }
+        return(len);
+        }
+char *BUF_strdup(str)
+char *str;
+        {
+        char *ret;
+        int n;
+        if (str == NULL) return(NULL);
+        n=strlen(str);
+        ret=Malloc(n+1);
+        if (ret == NULL) 
+                {
+                BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        memcpy(ret,str,n+1);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/buffer/buffer.h b/src/lib/libssl/src/crypto/buffer/buffer.h
new file mode 100644
index 0000000000..417548c04a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/buffer/buffer.h
@@ -0,0 +1,107 @@
+/* crypto/buffer/buffer.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_BUFFER_H
+#define HEADER_BUFFER_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+typedef struct buf_mem_st
+        {
+        int length;     /* current number of bytes */
+        char *data;
+        int max;        /* size of buffer */
+        } BUF_MEM;
+#ifndef NOPROTO
+BUF_MEM *BUF_MEM_new(void);
+void    BUF_MEM_free(BUF_MEM *a);
+int     BUF_MEM_grow(BUF_MEM *str, int len);
+char *  BUF_strdup(char *str);
+void ERR_load_BUF_strings(void );
+#else
+BUF_MEM *BUF_MEM_new();
+void    BUF_MEM_free();
+int     BUF_MEM_grow();
+char *  BUF_strdup();
+void ERR_load_BUF_strings();
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the BUF functions. */
+/* Function codes. */
+#define BUF_F_BUF_MEM_GROW                               100
+#define BUF_F_BUF_MEM_NEW                                101
+#define BUF_F_BUF_STRDUP                                 102
+#define BUF_F_PXYCLNT_READ                               103
+/* Reason codes. */
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/cast/asm/cast-586.pl b/src/lib/libssl/src/crypto/cast/asm/cast-586.pl
new file mode 100644
index 0000000000..d0be004c99
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/asm/cast-586.pl
@@ -0,0 +1,167 @@
+#!/usr/bin/perl
+# define for pentium pro friendly version
+$ppro=1;
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+&asm_init($ARGV[0],"cast-586.pl");
+$CAST_ROUNDS=16;
+$L="edi";
+$R="esi";
+$K="ebp";
+$tmp1="ecx";
+$tmp2="ebx";
+$tmp3="eax";
+$tmp4="edx";
+$S1="CAST_S_table0";
+$S2="CAST_S_table1";
+$S3="CAST_S_table2";
+$S4="CAST_S_table3";
+@F1=("add","xor","sub");
+@F2=("xor","sub","add");
+@F3=("sub","add","xor");
+&CAST_encrypt("CAST_encrypt",1);
+&CAST_encrypt("CAST_decrypt",0);
+&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1);
+&asm_finish();
+sub CAST_encrypt
+        {
+        local($name,$enc)=@_;
+        local($win_ex)=<<"EOF";
+EXTERN  _CAST_S_table0:DWORD
+EXTERN  _CAST_S_table1:DWORD
+EXTERN  _CAST_S_table2:DWORD
+EXTERN  _CAST_S_table3:DWORD
+EOF
+        &main'external_label(
+                "CAST_S_table0",
+                "CAST_S_table1",
+                "CAST_S_table2",
+                "CAST_S_table3",
+                );
+        &function_begin_B($name,$win_ex);
+        &comment("");
+        &push("ebp");
+        &push("ebx");
+        &mov($tmp2,&wparam(0));
+        &mov($K,&wparam(1));
+        &push("esi");
+        &push("edi");
+        &comment("Load the 2 words");
+        &mov($L,&DWP(0,$tmp2,"",0));
+        &mov($R,&DWP(4,$tmp2,"",0));
+        &xor(   $tmp3,  $tmp3);
+        # encrypting part
+        if ($enc)
+                {
+                &E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4,1);
+                }
+        else
+                {
+                &E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+                &E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4,1);
+                }
+        &nop();
+        &mov(&DWP(4,$tmp3,"",0),$L);
+        &mov(&DWP(0,$tmp3,"",0),$R);
+        &function_end($name);
+        }
+sub E_CAST
+        {
+        local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4,$lst)=@_;
+        # Ri needs to have 16 pre added.
+        &comment("round $i");
+        &mov(   $tmp4,          &DWP($i*8,$K,"",1));
+        &mov(   $tmp1,          &DWP($i*8+4,$K,"",1));# must be word
+        &$OP1(  $tmp4,          $R);
+        &rotl(  $tmp4,          &LB($tmp1));
+        if ($ppro)
+                {
+                &mov(   $tmp2,          $tmp4);         # B
+                &xor(   $tmp1,          $tmp1);
+                &movb(  &LB($tmp1),     &HB($tmp4));    # A
+                &and(   $tmp2,          0xff);
+                &shr(   $tmp4,          16);            #
+                &xor(   $tmp3,          $tmp3);
+                }
+        else
+                {
+                &mov(   $tmp2,          $tmp4);         # B
+                &movb(  &LB($tmp1),     &HB($tmp4));    # A     # BAD BAD BAD
+                &shr(   $tmp4,          16);            #
+                &and(   $tmp2,          0xff);
+                }
+        &movb(  &LB($tmp3),     &HB($tmp4));    # C     # BAD BAD BAD
+        &and(   $tmp4,          0xff);          # D
+        &mov(   $tmp1,          &DWP($S1,"",$tmp1,4));
+        &mov(   $tmp2,          &DWP($S2,"",$tmp2,4));
+        &$OP2(  $tmp1,          $tmp2);
+        &mov(   $tmp2,          &DWP($S3,"",$tmp3,4));
+        &$OP3(  $tmp1,          $tmp2);
+        &mov(   $tmp2,          &DWP($S4,"",$tmp4,4));
+        &$OP1(  $tmp1,          $tmp2);
+         &mov($tmp3,&wparam(0)) if $lst;
+         # XXX
+        &xor(   $L,             $tmp1);
+         # XXX
+        }
diff --git a/src/lib/libssl/src/crypto/cast/asm/readme b/src/lib/libssl/src/crypto/cast/asm/readme
new file mode 100644
index 0000000000..fbcd76289e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/asm/readme
@@ -0,0 +1,7 @@
+There is a ppro flag in cast-586 which turns on/off
+generation of pentium pro/II friendly code
+This flag makes the inner loop one cycle longer, but generates 
+code that runs %30 faster on the pentium pro/II, while only %7 slower
+on the pentium.  By default, this flag is on.
diff --git a/src/lib/libssl/src/crypto/cast/c_cfb64.c b/src/lib/libssl/src/crypto/cast/c_cfb64.c
new file mode 100644
index 0000000000..c46c375f75
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/c_cfb64.c
@@ -0,0 +1,127 @@
+/* crypto/cast/c_cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "cast.h"
+#include "cast_lcl.h"
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void CAST_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
+unsigned char *in;
+unsigned char *out;
+long length;
+CAST_KEY *schedule;
+unsigned char *ivec;
+int *num;
+int encrypt;
+        {
+        register CAST_LONG v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        CAST_LONG ti[2];
+        unsigned char *iv,c,cc;
+        iv=(unsigned char *)ivec;
+        if (encrypt)
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                n2l(iv,v0); ti[0]=v0;
+                                n2l(iv,v1); ti[1]=v1;
+                                CAST_encrypt((CAST_LONG *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2n(t,iv);
+                                t=ti[1]; l2n(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
+                }
+        else
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                n2l(iv,v0); ti[0]=v0;
+                                n2l(iv,v1); ti[1]=v1;
+                                CAST_encrypt((CAST_LONG *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2n(t,iv);
+                                t=ti[1]; l2n(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
+                }
+        v0=v1=ti[0]=ti[1]=t=c=cc=0;
+        *num=n;
+        }
diff --git a/src/lib/libssl/src/crypto/cast/c_ecb.c b/src/lib/libssl/src/crypto/cast/c_ecb.c
new file mode 100644
index 0000000000..f0f2f4df0e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/c_ecb.c
@@ -0,0 +1,82 @@
+/* crypto/cast/c_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "cast.h"
+#include "cast_lcl.h"
+char *CAST_version="CAST part of SSLeay 0.9.0b 29-Jun-1998";
+void CAST_ecb_encrypt(in, out, ks, encrypt)
+unsigned char *in;
+unsigned char *out;
+CAST_KEY *ks;
+int encrypt;
+        {
+        CAST_LONG l,d[2];
+        n2l(in,l); d[0]=l;
+        n2l(in,l); d[1]=l;
+        if (encrypt)
+                CAST_encrypt(d,ks);
+        else
+                CAST_decrypt(d,ks);
+        l=d[0]; l2n(l,out);
+        l=d[1]; l2n(l,out);
+        l=d[0]=d[1]=0;
+        }
diff --git a/src/lib/libssl/src/crypto/cast/c_enc.c b/src/lib/libssl/src/crypto/cast/c_enc.c
new file mode 100644
index 0000000000..d998dd4953
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/c_enc.c
@@ -0,0 +1,210 @@
+/* crypto/cast/c_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "cast.h"
+#include "cast_lcl.h"
+void CAST_encrypt(data,key)
+CAST_LONG *data;
+CAST_KEY *key;
+        {
+        register CAST_LONG l,r,*k,t;
+        k= &(key->data[0]);
+        l=data[0];
+        r=data[1];
+        E_CAST( 0,k,l,r,+,^,-);
+        E_CAST( 1,k,r,l,^,-,+);
+        E_CAST( 2,k,l,r,-,+,^);
+        E_CAST( 3,k,r,l,+,^,-);
+        E_CAST( 4,k,l,r,^,-,+);
+        E_CAST( 5,k,r,l,-,+,^);
+        E_CAST( 6,k,l,r,+,^,-);
+        E_CAST( 7,k,r,l,^,-,+);
+        E_CAST( 8,k,l,r,-,+,^);
+        E_CAST( 9,k,r,l,+,^,-);
+        E_CAST(10,k,l,r,^,-,+);
+        E_CAST(11,k,r,l,-,+,^);
+        E_CAST(12,k,l,r,+,^,-);
+        E_CAST(13,k,r,l,^,-,+);
+        E_CAST(14,k,l,r,-,+,^);
+        E_CAST(15,k,r,l,+,^,-);
+        data[1]=l&0xffffffffL;
+        data[0]=r&0xffffffffL;
+        }
+void CAST_decrypt(data,key)
+CAST_LONG *data;
+CAST_KEY *key;
+        {
+        register CAST_LONG l,r,*k,t;
+        k= &(key->data[0]);
+        l=data[0];
+        r=data[1];
+        E_CAST(15,k,l,r,+,^,-);
+        E_CAST(14,k,r,l,-,+,^);
+        E_CAST(13,k,l,r,^,-,+);
+        E_CAST(12,k,r,l,+,^,-);
+        E_CAST(11,k,l,r,-,+,^);
+        E_CAST(10,k,r,l,^,-,+);
+        E_CAST( 9,k,l,r,+,^,-);
+        E_CAST( 8,k,r,l,-,+,^);
+        E_CAST( 7,k,l,r,^,-,+);
+        E_CAST( 6,k,r,l,+,^,-);
+        E_CAST( 5,k,l,r,-,+,^);
+        E_CAST( 4,k,r,l,^,-,+);
+        E_CAST( 3,k,l,r,+,^,-);
+        E_CAST( 2,k,r,l,-,+,^);
+        E_CAST( 1,k,l,r,^,-,+);
+        E_CAST( 0,k,r,l,+,^,-);
+        data[1]=l&0xffffffffL;
+        data[0]=r&0xffffffffL;
+        }
+void CAST_cbc_encrypt(in, out, length, ks, iv, encrypt)
+unsigned char *in;
+unsigned char *out;
+long length;
+CAST_KEY *ks;
+unsigned char *iv;
+int encrypt;
+        {
+        register CAST_LONG tin0,tin1;
+        register CAST_LONG tout0,tout1,xor0,xor1;
+        register long l=length;
+        CAST_LONG tin[2];
+        if (encrypt)
+                {
+                n2l(iv,tout0);
+                n2l(iv,tout1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        CAST_encrypt(tin,ks);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        n2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        CAST_encrypt(tin,ks);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        }
+                l2n(tout0,iv);
+                l2n(tout1,iv);
+                }
+        else
+                {
+                n2l(iv,xor0);
+                n2l(iv,xor1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        CAST_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        CAST_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2nn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                l2n(xor0,iv);
+                l2n(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
diff --git a/src/lib/libssl/src/crypto/cast/c_ofb64.c b/src/lib/libssl/src/crypto/cast/c_ofb64.c
new file mode 100644
index 0000000000..2aad2d6d96
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/c_ofb64.c
@@ -0,0 +1,115 @@
+/* crypto/cast/c_ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "cast.h"
+#include "cast_lcl.h"
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void CAST_ofb64_encrypt(in, out, length, schedule, ivec, num)
+unsigned char *in;
+unsigned char *out;
+long length;
+CAST_KEY *schedule;
+unsigned char *ivec;
+int *num;
+        {
+        register CAST_LONG v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned char d[8];
+        register char *dp;
+        CAST_LONG ti[2];
+        unsigned char *iv;
+        int save=0;
+        iv=(unsigned char *)ivec;
+        n2l(iv,v0);
+        n2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        dp=(char *)d;
+        l2n(v0,dp);
+        l2n(v1,dp);
+        while (l--)
+                {
+                if (n == 0)
+                        {
+                        CAST_encrypt((CAST_LONG *)ti,schedule);
+                        dp=(char *)d;
+                        t=ti[0]; l2n(t,dp);
+                        t=ti[1]; l2n(t,dp);
+                        save++;
+                        }
+                *(out++)= *(in++)^d[n];
+                n=(n+1)&0x07;
+                }
+        if (save)
+                {
+                v0=ti[0];
+                v1=ti[1];
+                iv=(unsigned char *)ivec;
+                l2n(v0,iv);
+                l2n(v1,iv);
+                }
+        t=v0=v1=ti[0]=ti[1]=0;
+        *num=n;
+        }
diff --git a/src/lib/libssl/src/crypto/cast/c_skey.c b/src/lib/libssl/src/crypto/cast/c_skey.c
new file mode 100644
index 0000000000..2fc3363dcd
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/c_skey.c
@@ -0,0 +1,165 @@
+/* crypto/cast/c_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "cast.h"
+#include "cast_lcl.h"
+#include "cast_s.h"
+#define CAST_exp(l,A,a,n) \
+        A[n/4]=l; \
+        a[n+3]=(l    )&0xff; \
+        a[n+2]=(l>> 8)&0xff; \
+        a[n+1]=(l>>16)&0xff; \
+        a[n+0]=(l>>24)&0xff;
+#define S4 CAST_S_table4
+#define S5 CAST_S_table5
+#define S6 CAST_S_table6
+#define S7 CAST_S_table7
+void CAST_set_key(key,len,data)
+CAST_KEY *key;
+int len;
+unsigned char *data;
+        {
+        CAST_LONG x[16];
+        CAST_LONG z[16];
+        CAST_LONG k[32];
+        CAST_LONG X[4],Z[4];
+        CAST_LONG l,*K;
+        int i;
+        for (i=0; i<16; i++) x[i]=0;
+        if (len > 16) len=16;
+        for (i=0; i<len; i++)
+                x[i]=data[i];
+        K= &k[0];
+        X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
+        X[1]=((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL;
+        X[2]=((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL;
+        X[3]=((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL;
+        for (;;)
+                {
+        l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
+        CAST_exp(l,Z,z, 0);
+        l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
+        CAST_exp(l,Z,z, 4);
+        l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
+        CAST_exp(l,Z,z, 8);
+        l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
+        CAST_exp(l,Z,z,12);
+        K[ 0]= S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]];
+        K[ 1]= S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]];
+        K[ 2]= S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]];
+        K[ 3]= S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]];
+        l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
+        CAST_exp(l,X,x, 0);
+        l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
+        CAST_exp(l,X,x, 4);
+        l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
+        CAST_exp(l,X,x, 8);
+        l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
+        CAST_exp(l,X,x,12);
+        K[ 4]= S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]];
+        K[ 5]= S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]];
+        K[ 6]= S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]];
+        K[ 7]= S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]];
+        l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
+        CAST_exp(l,Z,z, 0);
+        l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
+        CAST_exp(l,Z,z, 4);
+        l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
+        CAST_exp(l,Z,z, 8);
+        l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
+        CAST_exp(l,Z,z,12);
+        K[ 8]= S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]];
+        K[ 9]= S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]];
+        K[10]= S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]];
+        K[11]= S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]];
+        l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
+        CAST_exp(l,X,x, 0);
+        l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
+        CAST_exp(l,X,x, 4);
+        l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
+        CAST_exp(l,X,x, 8);
+        l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
+        CAST_exp(l,X,x,12);
+        K[12]= S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]];
+        K[13]= S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]];
+        K[14]= S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]];
+        K[15]= S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]];
+        if (K != k)  break;
+        K+=16;
+                }
+        for (i=0; i<16; i++)
+                {
+                key->data[i*2]=k[i];
+                key->data[i*2+1]=((k[i+16])+16)&0x1f;
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/cast/cast.h b/src/lib/libssl/src/crypto/cast/cast.h
new file mode 100644
index 0000000000..528cb7c824
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/cast.h
@@ -0,0 +1,109 @@
+/* crypto/cast/cast.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_CAST_H
+#define HEADER_CAST_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#define CAST_ENCRYPT    1
+#define CAST_DECRYPT    0
+#define CAST_LONG unsigned long
+#define CAST_BLOCK      8
+#define CAST_KEY_LENGTH 16
+typedef struct cast_key_st
+        {
+        CAST_LONG data[32];
+        } CAST_KEY;
+#ifndef NOPROTO
+ 
+void CAST_set_key(CAST_KEY *key, int len, unsigned char *data);
+void CAST_ecb_encrypt(unsigned char *in,unsigned char *out,CAST_KEY *key,
+        int enc);
+void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);
+void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);
+void CAST_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+        CAST_KEY *ks, unsigned char *iv, int enc);
+void CAST_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        CAST_KEY *schedule, unsigned char *ivec, int *num, int enc);
+void CAST_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        CAST_KEY *schedule, unsigned char *ivec, int *num);
+#else
+void CAST_set_key();
+void CAST_ecb_encrypt();
+void CAST_encrypt();
+void CAST_decrypt();
+void CAST_cbc_encrypt();
+void CAST_cfb64_encrypt();
+void CAST_ofb64_encrypt();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/cast/cast_lcl.h b/src/lib/libssl/src/crypto/cast/cast_lcl.h
new file mode 100644
index 0000000000..6587952a96
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/cast_lcl.h
@@ -0,0 +1,224 @@
+/* crypto/cast/cast_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifdef WIN32
+#include <stdlib.h>
+#endif
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+#if defined(WIN32)
+#define ROTL(a,n)     (_lrotl(a,n))
+#else
+#define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n))))
+#endif
+#define C_M    0x3fc
+#define C_0    22L
+#define C_1    14L
+#define C_2     6L
+#define C_3     2L /* left shift */
+/* The rotate has an extra 16 added to it to help the x86 asm */
+#if defined(CAST_PTR)
+#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        int i; \
+        t=(key[n*2] OP1 R)&0xffffffffL; \
+        i=key[n*2+1]; \
+        t=ROTL(t,i); \
+        L^= (((((*(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table0+((t>>C_2)&C_M)) OP2 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table1+((t<<C_3)&C_M)))&0xffffffffL) OP3 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table2+((t>>C_0)&C_M)))&0xffffffffL) OP1 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \
+        }
+#elif defined(CAST_PTR2)
+#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        int i; \
+        CAST_LONG u,v,w; \
+        w=(key[n*2] OP1 R)&0xffffffffL; \
+        i=key[n*2+1]; \
+        w=ROTL(w,i); \
+        u=w>>C_2; \
+        v=w<<C_3; \
+        u&=C_M; \
+        v&=C_M; \
+        t= *(CAST_LONG *)((unsigned char *)CAST_S_table0+u); \
+        u=w>>C_0; \
+        t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\
+        v=w>>C_1; \
+        u&=C_M; \
+        v&=C_M; \
+        t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\
+        t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\
+        L^=(t&0xffffffff); \
+        }
+#else
+#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        CAST_LONG a,b,c,d; \
+        t=(key[n*2] OP1 R)&0xffffffff; \
+        t=ROTL(t,(key[n*2+1])); \
+        a=CAST_S_table0[(t>> 8)&0xff]; \
+        b=CAST_S_table1[(t    )&0xff]; \
+        c=CAST_S_table2[(t>>24)&0xff]; \
+        d=CAST_S_table3[(t>>16)&0xff]; \
+        L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \
+        }
+#endif
+extern CAST_LONG CAST_S_table0[256];
+extern CAST_LONG CAST_S_table1[256];
+extern CAST_LONG CAST_S_table2[256];
+extern CAST_LONG CAST_S_table3[256];
+extern CAST_LONG CAST_S_table4[256];
+extern CAST_LONG CAST_S_table5[256];
+extern CAST_LONG CAST_S_table6[256];
+extern CAST_LONG CAST_S_table7[256];
diff --git a/src/lib/libssl/src/crypto/cast/cast_s.h b/src/lib/libssl/src/crypto/cast/cast_s.h
new file mode 100644
index 0000000000..8fe0152149
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/cast_s.h
@@ -0,0 +1,585 @@
+/* crypto/cast/cast_s.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+CAST_LONG CAST_S_table0[256]={
+        0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a,
+        0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949,
+        0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675,
+        0x6e63a0e0,0x15c361d2,0xc2e7661d,0x22d4ff8e,
+        0x28683b6f,0xc07fd059,0xff2379c8,0x775f50e2,
+        0x43c340d3,0xdf2f8656,0x887ca41a,0xa2d2bd2d,
+        0xa1c9e0d6,0x346c4819,0x61b76d87,0x22540f2f,
+        0x2abe32e1,0xaa54166b,0x22568e3a,0xa2d341d0,
+        0x66db40c8,0xa784392f,0x004dff2f,0x2db9d2de,
+        0x97943fac,0x4a97c1d8,0x527644b7,0xb5f437a7,
+        0xb82cbaef,0xd751d159,0x6ff7f0ed,0x5a097a1f,
+        0x827b68d0,0x90ecf52e,0x22b0c054,0xbc8e5935,
+        0x4b6d2f7f,0x50bb64a2,0xd2664910,0xbee5812d,
+        0xb7332290,0xe93b159f,0xb48ee411,0x4bff345d,
+        0xfd45c240,0xad31973f,0xc4f6d02e,0x55fc8165,
+        0xd5b1caad,0xa1ac2dae,0xa2d4b76d,0xc19b0c50,
+        0x882240f2,0x0c6e4f38,0xa4e4bfd7,0x4f5ba272,
+        0x564c1d2f,0xc59c5319,0xb949e354,0xb04669fe,
+        0xb1b6ab8a,0xc71358dd,0x6385c545,0x110f935d,
+        0x57538ad5,0x6a390493,0xe63d37e0,0x2a54f6b3,
+        0x3a787d5f,0x6276a0b5,0x19a6fcdf,0x7a42206a,
+        0x29f9d4d5,0xf61b1891,0xbb72275e,0xaa508167,
+        0x38901091,0xc6b505eb,0x84c7cb8c,0x2ad75a0f,
+        0x874a1427,0xa2d1936b,0x2ad286af,0xaa56d291,
+        0xd7894360,0x425c750d,0x93b39e26,0x187184c9,
+        0x6c00b32d,0x73e2bb14,0xa0bebc3c,0x54623779,
+        0x64459eab,0x3f328b82,0x7718cf82,0x59a2cea6,
+        0x04ee002e,0x89fe78e6,0x3fab0950,0x325ff6c2,
+        0x81383f05,0x6963c5c8,0x76cb5ad6,0xd49974c9,
+        0xca180dcf,0x380782d5,0xc7fa5cf6,0x8ac31511,
+        0x35e79e13,0x47da91d0,0xf40f9086,0xa7e2419e,
+        0x31366241,0x051ef495,0xaa573b04,0x4a805d8d,
+        0x548300d0,0x00322a3c,0xbf64cddf,0xba57a68e,
+        0x75c6372b,0x50afd341,0xa7c13275,0x915a0bf5,
+        0x6b54bfab,0x2b0b1426,0xab4cc9d7,0x449ccd82,
+        0xf7fbf265,0xab85c5f3,0x1b55db94,0xaad4e324,
+        0xcfa4bd3f,0x2deaa3e2,0x9e204d02,0xc8bd25ac,
+        0xeadf55b3,0xd5bd9e98,0xe31231b2,0x2ad5ad6c,
+        0x954329de,0xadbe4528,0xd8710f69,0xaa51c90f,
+        0xaa786bf6,0x22513f1e,0xaa51a79b,0x2ad344cc,
+        0x7b5a41f0,0xd37cfbad,0x1b069505,0x41ece491,
+        0xb4c332e6,0x032268d4,0xc9600acc,0xce387e6d,
+        0xbf6bb16c,0x6a70fb78,0x0d03d9c9,0xd4df39de,
+        0xe01063da,0x4736f464,0x5ad328d8,0xb347cc96,
+        0x75bb0fc3,0x98511bfb,0x4ffbcc35,0xb58bcf6a,
+        0xe11f0abc,0xbfc5fe4a,0xa70aec10,0xac39570a,
+        0x3f04442f,0x6188b153,0xe0397a2e,0x5727cb79,
+        0x9ceb418f,0x1cacd68d,0x2ad37c96,0x0175cb9d,
+        0xc69dff09,0xc75b65f0,0xd9db40d8,0xec0e7779,
+        0x4744ead4,0xb11c3274,0xdd24cb9e,0x7e1c54bd,
+        0xf01144f9,0xd2240eb1,0x9675b3fd,0xa3ac3755,
+        0xd47c27af,0x51c85f4d,0x56907596,0xa5bb15e6,
+        0x580304f0,0xca042cf1,0x011a37ea,0x8dbfaadb,
+        0x35ba3e4a,0x3526ffa0,0xc37b4d09,0xbc306ed9,
+        0x98a52666,0x5648f725,0xff5e569d,0x0ced63d0,
+        0x7c63b2cf,0x700b45e1,0xd5ea50f1,0x85a92872,
+        0xaf1fbda7,0xd4234870,0xa7870bf3,0x2d3b4d79,
+        0x42e04198,0x0cd0ede7,0x26470db8,0xf881814c,
+        0x474d6ad7,0x7c0c5e5c,0xd1231959,0x381b7298,
+        0xf5d2f4db,0xab838653,0x6e2f1e23,0x83719c9e,
+        0xbd91e046,0x9a56456e,0xdc39200c,0x20c8c571,
+        0x962bda1c,0xe1e696ff,0xb141ab08,0x7cca89b9,
+        0x1a69e783,0x02cc4843,0xa2f7c579,0x429ef47d,
+        0x427b169c,0x5ac9f049,0xdd8f0f00,0x5c8165bf,
+        };
+CAST_LONG CAST_S_table1[256]={
+        0x1f201094,0xef0ba75b,0x69e3cf7e,0x393f4380,
+        0xfe61cf7a,0xeec5207a,0x55889c94,0x72fc0651,
+        0xada7ef79,0x4e1d7235,0xd55a63ce,0xde0436ba,
+        0x99c430ef,0x5f0c0794,0x18dcdb7d,0xa1d6eff3,
+        0xa0b52f7b,0x59e83605,0xee15b094,0xe9ffd909,
+        0xdc440086,0xef944459,0xba83ccb3,0xe0c3cdfb,
+        0xd1da4181,0x3b092ab1,0xf997f1c1,0xa5e6cf7b,
+        0x01420ddb,0xe4e7ef5b,0x25a1ff41,0xe180f806,
+        0x1fc41080,0x179bee7a,0xd37ac6a9,0xfe5830a4,
+        0x98de8b7f,0x77e83f4e,0x79929269,0x24fa9f7b,
+        0xe113c85b,0xacc40083,0xd7503525,0xf7ea615f,
+        0x62143154,0x0d554b63,0x5d681121,0xc866c359,
+        0x3d63cf73,0xcee234c0,0xd4d87e87,0x5c672b21,
+        0x071f6181,0x39f7627f,0x361e3084,0xe4eb573b,
+        0x602f64a4,0xd63acd9c,0x1bbc4635,0x9e81032d,
+        0x2701f50c,0x99847ab4,0xa0e3df79,0xba6cf38c,
+        0x10843094,0x2537a95e,0xf46f6ffe,0xa1ff3b1f,
+        0x208cfb6a,0x8f458c74,0xd9e0a227,0x4ec73a34,
+        0xfc884f69,0x3e4de8df,0xef0e0088,0x3559648d,
+        0x8a45388c,0x1d804366,0x721d9bfd,0xa58684bb,
+        0xe8256333,0x844e8212,0x128d8098,0xfed33fb4,
+        0xce280ae1,0x27e19ba5,0xd5a6c252,0xe49754bd,
+        0xc5d655dd,0xeb667064,0x77840b4d,0xa1b6a801,
+        0x84db26a9,0xe0b56714,0x21f043b7,0xe5d05860,
+        0x54f03084,0x066ff472,0xa31aa153,0xdadc4755,
+        0xb5625dbf,0x68561be6,0x83ca6b94,0x2d6ed23b,
+        0xeccf01db,0xa6d3d0ba,0xb6803d5c,0xaf77a709,
+        0x33b4a34c,0x397bc8d6,0x5ee22b95,0x5f0e5304,
+        0x81ed6f61,0x20e74364,0xb45e1378,0xde18639b,
+        0x881ca122,0xb96726d1,0x8049a7e8,0x22b7da7b,
+        0x5e552d25,0x5272d237,0x79d2951c,0xc60d894c,
+        0x488cb402,0x1ba4fe5b,0xa4b09f6b,0x1ca815cf,
+        0xa20c3005,0x8871df63,0xb9de2fcb,0x0cc6c9e9,
+        0x0beeff53,0xe3214517,0xb4542835,0x9f63293c,
+        0xee41e729,0x6e1d2d7c,0x50045286,0x1e6685f3,
+        0xf33401c6,0x30a22c95,0x31a70850,0x60930f13,
+        0x73f98417,0xa1269859,0xec645c44,0x52c877a9,
+        0xcdff33a6,0xa02b1741,0x7cbad9a2,0x2180036f,
+        0x50d99c08,0xcb3f4861,0xc26bd765,0x64a3f6ab,
+        0x80342676,0x25a75e7b,0xe4e6d1fc,0x20c710e6,
+        0xcdf0b680,0x17844d3b,0x31eef84d,0x7e0824e4,
+        0x2ccb49eb,0x846a3bae,0x8ff77888,0xee5d60f6,
+        0x7af75673,0x2fdd5cdb,0xa11631c1,0x30f66f43,
+        0xb3faec54,0x157fd7fa,0xef8579cc,0xd152de58,
+        0xdb2ffd5e,0x8f32ce19,0x306af97a,0x02f03ef8,
+        0x99319ad5,0xc242fa0f,0xa7e3ebb0,0xc68e4906,
+        0xb8da230c,0x80823028,0xdcdef3c8,0xd35fb171,
+        0x088a1bc8,0xbec0c560,0x61a3c9e8,0xbca8f54d,
+        0xc72feffa,0x22822e99,0x82c570b4,0xd8d94e89,
+        0x8b1c34bc,0x301e16e6,0x273be979,0xb0ffeaa6,
+        0x61d9b8c6,0x00b24869,0xb7ffce3f,0x08dc283b,
+        0x43daf65a,0xf7e19798,0x7619b72f,0x8f1c9ba4,
+        0xdc8637a0,0x16a7d3b1,0x9fc393b7,0xa7136eeb,
+        0xc6bcc63e,0x1a513742,0xef6828bc,0x520365d6,
+        0x2d6a77ab,0x3527ed4b,0x821fd216,0x095c6e2e,
+        0xdb92f2fb,0x5eea29cb,0x145892f5,0x91584f7f,
+        0x5483697b,0x2667a8cc,0x85196048,0x8c4bacea,
+        0x833860d4,0x0d23e0f9,0x6c387e8a,0x0ae6d249,
+        0xb284600c,0xd835731d,0xdcb1c647,0xac4c56ea,
+        0x3ebd81b3,0x230eabb0,0x6438bc87,0xf0b5b1fa,
+        0x8f5ea2b3,0xfc184642,0x0a036b7a,0x4fb089bd,
+        0x649da589,0xa345415e,0x5c038323,0x3e5d3bb9,
+        0x43d79572,0x7e6dd07c,0x06dfdf1e,0x6c6cc4ef,
+        0x7160a539,0x73bfbe70,0x83877605,0x4523ecf1,
+        };
+CAST_LONG CAST_S_table2[256]={
+        0x8defc240,0x25fa5d9f,0xeb903dbf,0xe810c907,
+        0x47607fff,0x369fe44b,0x8c1fc644,0xaececa90,
+        0xbeb1f9bf,0xeefbcaea,0xe8cf1950,0x51df07ae,
+        0x920e8806,0xf0ad0548,0xe13c8d83,0x927010d5,
+        0x11107d9f,0x07647db9,0xb2e3e4d4,0x3d4f285e,
+        0xb9afa820,0xfade82e0,0xa067268b,0x8272792e,
+        0x553fb2c0,0x489ae22b,0xd4ef9794,0x125e3fbc,
+        0x21fffcee,0x825b1bfd,0x9255c5ed,0x1257a240,
+        0x4e1a8302,0xbae07fff,0x528246e7,0x8e57140e,
+        0x3373f7bf,0x8c9f8188,0xa6fc4ee8,0xc982b5a5,
+        0xa8c01db7,0x579fc264,0x67094f31,0xf2bd3f5f,
+        0x40fff7c1,0x1fb78dfc,0x8e6bd2c1,0x437be59b,
+        0x99b03dbf,0xb5dbc64b,0x638dc0e6,0x55819d99,
+        0xa197c81c,0x4a012d6e,0xc5884a28,0xccc36f71,
+        0xb843c213,0x6c0743f1,0x8309893c,0x0feddd5f,
+        0x2f7fe850,0xd7c07f7e,0x02507fbf,0x5afb9a04,
+        0xa747d2d0,0x1651192e,0xaf70bf3e,0x58c31380,
+        0x5f98302e,0x727cc3c4,0x0a0fb402,0x0f7fef82,
+        0x8c96fdad,0x5d2c2aae,0x8ee99a49,0x50da88b8,
+        0x8427f4a0,0x1eac5790,0x796fb449,0x8252dc15,
+        0xefbd7d9b,0xa672597d,0xada840d8,0x45f54504,
+        0xfa5d7403,0xe83ec305,0x4f91751a,0x925669c2,
+        0x23efe941,0xa903f12e,0x60270df2,0x0276e4b6,
+        0x94fd6574,0x927985b2,0x8276dbcb,0x02778176,
+        0xf8af918d,0x4e48f79e,0x8f616ddf,0xe29d840e,
+        0x842f7d83,0x340ce5c8,0x96bbb682,0x93b4b148,
+        0xef303cab,0x984faf28,0x779faf9b,0x92dc560d,
+        0x224d1e20,0x8437aa88,0x7d29dc96,0x2756d3dc,
+        0x8b907cee,0xb51fd240,0xe7c07ce3,0xe566b4a1,
+        0xc3e9615e,0x3cf8209d,0x6094d1e3,0xcd9ca341,
+        0x5c76460e,0x00ea983b,0xd4d67881,0xfd47572c,
+        0xf76cedd9,0xbda8229c,0x127dadaa,0x438a074e,
+        0x1f97c090,0x081bdb8a,0x93a07ebe,0xb938ca15,
+        0x97b03cff,0x3dc2c0f8,0x8d1ab2ec,0x64380e51,
+        0x68cc7bfb,0xd90f2788,0x12490181,0x5de5ffd4,
+        0xdd7ef86a,0x76a2e214,0xb9a40368,0x925d958f,
+        0x4b39fffa,0xba39aee9,0xa4ffd30b,0xfaf7933b,
+        0x6d498623,0x193cbcfa,0x27627545,0x825cf47a,
+        0x61bd8ba0,0xd11e42d1,0xcead04f4,0x127ea392,
+        0x10428db7,0x8272a972,0x9270c4a8,0x127de50b,
+        0x285ba1c8,0x3c62f44f,0x35c0eaa5,0xe805d231,
+        0x428929fb,0xb4fcdf82,0x4fb66a53,0x0e7dc15b,
+        0x1f081fab,0x108618ae,0xfcfd086d,0xf9ff2889,
+        0x694bcc11,0x236a5cae,0x12deca4d,0x2c3f8cc5,
+        0xd2d02dfe,0xf8ef5896,0xe4cf52da,0x95155b67,
+        0x494a488c,0xb9b6a80c,0x5c8f82bc,0x89d36b45,
+        0x3a609437,0xec00c9a9,0x44715253,0x0a874b49,
+        0xd773bc40,0x7c34671c,0x02717ef6,0x4feb5536,
+        0xa2d02fff,0xd2bf60c4,0xd43f03c0,0x50b4ef6d,
+        0x07478cd1,0x006e1888,0xa2e53f55,0xb9e6d4bc,
+        0xa2048016,0x97573833,0xd7207d67,0xde0f8f3d,
+        0x72f87b33,0xabcc4f33,0x7688c55d,0x7b00a6b0,
+        0x947b0001,0x570075d2,0xf9bb88f8,0x8942019e,
+        0x4264a5ff,0x856302e0,0x72dbd92b,0xee971b69,
+        0x6ea22fde,0x5f08ae2b,0xaf7a616d,0xe5c98767,
+        0xcf1febd2,0x61efc8c2,0xf1ac2571,0xcc8239c2,
+        0x67214cb8,0xb1e583d1,0xb7dc3e62,0x7f10bdce,
+        0xf90a5c38,0x0ff0443d,0x606e6dc6,0x60543a49,
+        0x5727c148,0x2be98a1d,0x8ab41738,0x20e1be24,
+        0xaf96da0f,0x68458425,0x99833be5,0x600d457d,
+        0x282f9350,0x8334b362,0xd91d1120,0x2b6d8da0,
+        0x642b1e31,0x9c305a00,0x52bce688,0x1b03588a,
+        0xf7baefd5,0x4142ed9c,0xa4315c11,0x83323ec5,
+        0xdfef4636,0xa133c501,0xe9d3531c,0xee353783,
+        };
+CAST_LONG CAST_S_table3[256]={
+        0x9db30420,0x1fb6e9de,0xa7be7bef,0xd273a298,
+        0x4a4f7bdb,0x64ad8c57,0x85510443,0xfa020ed1,
+        0x7e287aff,0xe60fb663,0x095f35a1,0x79ebf120,
+        0xfd059d43,0x6497b7b1,0xf3641f63,0x241e4adf,
+        0x28147f5f,0x4fa2b8cd,0xc9430040,0x0cc32220,
+        0xfdd30b30,0xc0a5374f,0x1d2d00d9,0x24147b15,
+        0xee4d111a,0x0fca5167,0x71ff904c,0x2d195ffe,
+        0x1a05645f,0x0c13fefe,0x081b08ca,0x05170121,
+        0x80530100,0xe83e5efe,0xac9af4f8,0x7fe72701,
+        0xd2b8ee5f,0x06df4261,0xbb9e9b8a,0x7293ea25,
+        0xce84ffdf,0xf5718801,0x3dd64b04,0xa26f263b,
+        0x7ed48400,0x547eebe6,0x446d4ca0,0x6cf3d6f5,
+        0x2649abdf,0xaea0c7f5,0x36338cc1,0x503f7e93,
+        0xd3772061,0x11b638e1,0x72500e03,0xf80eb2bb,
+        0xabe0502e,0xec8d77de,0x57971e81,0xe14f6746,
+        0xc9335400,0x6920318f,0x081dbb99,0xffc304a5,
+        0x4d351805,0x7f3d5ce3,0xa6c866c6,0x5d5bcca9,
+        0xdaec6fea,0x9f926f91,0x9f46222f,0x3991467d,
+        0xa5bf6d8e,0x1143c44f,0x43958302,0xd0214eeb,
+        0x022083b8,0x3fb6180c,0x18f8931e,0x281658e6,
+        0x26486e3e,0x8bd78a70,0x7477e4c1,0xb506e07c,
+        0xf32d0a25,0x79098b02,0xe4eabb81,0x28123b23,
+        0x69dead38,0x1574ca16,0xdf871b62,0x211c40b7,
+        0xa51a9ef9,0x0014377b,0x041e8ac8,0x09114003,
+        0xbd59e4d2,0xe3d156d5,0x4fe876d5,0x2f91a340,
+        0x557be8de,0x00eae4a7,0x0ce5c2ec,0x4db4bba6,
+        0xe756bdff,0xdd3369ac,0xec17b035,0x06572327,
+        0x99afc8b0,0x56c8c391,0x6b65811c,0x5e146119,
+        0x6e85cb75,0xbe07c002,0xc2325577,0x893ff4ec,
+        0x5bbfc92d,0xd0ec3b25,0xb7801ab7,0x8d6d3b24,
+        0x20c763ef,0xc366a5fc,0x9c382880,0x0ace3205,
+        0xaac9548a,0xeca1d7c7,0x041afa32,0x1d16625a,
+        0x6701902c,0x9b757a54,0x31d477f7,0x9126b031,
+        0x36cc6fdb,0xc70b8b46,0xd9e66a48,0x56e55a79,
+        0x026a4ceb,0x52437eff,0x2f8f76b4,0x0df980a5,
+        0x8674cde3,0xedda04eb,0x17a9be04,0x2c18f4df,
+        0xb7747f9d,0xab2af7b4,0xefc34d20,0x2e096b7c,
+        0x1741a254,0xe5b6a035,0x213d42f6,0x2c1c7c26,
+        0x61c2f50f,0x6552daf9,0xd2c231f8,0x25130f69,
+        0xd8167fa2,0x0418f2c8,0x001a96a6,0x0d1526ab,
+        0x63315c21,0x5e0a72ec,0x49bafefd,0x187908d9,
+        0x8d0dbd86,0x311170a7,0x3e9b640c,0xcc3e10d7,
+        0xd5cad3b6,0x0caec388,0xf73001e1,0x6c728aff,
+        0x71eae2a1,0x1f9af36e,0xcfcbd12f,0xc1de8417,
+        0xac07be6b,0xcb44a1d8,0x8b9b0f56,0x013988c3,
+        0xb1c52fca,0xb4be31cd,0xd8782806,0x12a3a4e2,
+        0x6f7de532,0x58fd7eb6,0xd01ee900,0x24adffc2,
+        0xf4990fc5,0x9711aac5,0x001d7b95,0x82e5e7d2,
+        0x109873f6,0x00613096,0xc32d9521,0xada121ff,
+        0x29908415,0x7fbb977f,0xaf9eb3db,0x29c9ed2a,
+        0x5ce2a465,0xa730f32c,0xd0aa3fe8,0x8a5cc091,
+        0xd49e2ce7,0x0ce454a9,0xd60acd86,0x015f1919,
+        0x77079103,0xdea03af6,0x78a8565e,0xdee356df,
+        0x21f05cbe,0x8b75e387,0xb3c50651,0xb8a5c3ef,
+        0xd8eeb6d2,0xe523be77,0xc2154529,0x2f69efdf,
+        0xafe67afb,0xf470c4b2,0xf3e0eb5b,0xd6cc9876,
+        0x39e4460c,0x1fda8538,0x1987832f,0xca007367,
+        0xa99144f8,0x296b299e,0x492fc295,0x9266beab,
+        0xb5676e69,0x9bd3ddda,0xdf7e052f,0xdb25701c,
+        0x1b5e51ee,0xf65324e6,0x6afce36c,0x0316cc04,
+        0x8644213e,0xb7dc59d0,0x7965291f,0xccd6fd43,
+        0x41823979,0x932bcdf6,0xb657c34d,0x4edfd282,
+        0x7ae5290c,0x3cb9536b,0x851e20fe,0x9833557e,
+        0x13ecf0b0,0xd3ffb372,0x3f85c5c1,0x0aef7ed2,
+        };
+CAST_LONG CAST_S_table4[256]={
+        0x7ec90c04,0x2c6e74b9,0x9b0e66df,0xa6337911,
+        0xb86a7fff,0x1dd358f5,0x44dd9d44,0x1731167f,
+        0x08fbf1fa,0xe7f511cc,0xd2051b00,0x735aba00,
+        0x2ab722d8,0x386381cb,0xacf6243a,0x69befd7a,
+        0xe6a2e77f,0xf0c720cd,0xc4494816,0xccf5c180,
+        0x38851640,0x15b0a848,0xe68b18cb,0x4caadeff,
+        0x5f480a01,0x0412b2aa,0x259814fc,0x41d0efe2,
+        0x4e40b48d,0x248eb6fb,0x8dba1cfe,0x41a99b02,
+        0x1a550a04,0xba8f65cb,0x7251f4e7,0x95a51725,
+        0xc106ecd7,0x97a5980a,0xc539b9aa,0x4d79fe6a,
+        0xf2f3f763,0x68af8040,0xed0c9e56,0x11b4958b,
+        0xe1eb5a88,0x8709e6b0,0xd7e07156,0x4e29fea7,
+        0x6366e52d,0x02d1c000,0xc4ac8e05,0x9377f571,
+        0x0c05372a,0x578535f2,0x2261be02,0xd642a0c9,
+        0xdf13a280,0x74b55bd2,0x682199c0,0xd421e5ec,
+        0x53fb3ce8,0xc8adedb3,0x28a87fc9,0x3d959981,
+        0x5c1ff900,0xfe38d399,0x0c4eff0b,0x062407ea,
+        0xaa2f4fb1,0x4fb96976,0x90c79505,0xb0a8a774,
+        0xef55a1ff,0xe59ca2c2,0xa6b62d27,0xe66a4263,
+        0xdf65001f,0x0ec50966,0xdfdd55bc,0x29de0655,
+        0x911e739a,0x17af8975,0x32c7911c,0x89f89468,
+        0x0d01e980,0x524755f4,0x03b63cc9,0x0cc844b2,
+        0xbcf3f0aa,0x87ac36e9,0xe53a7426,0x01b3d82b,
+        0x1a9e7449,0x64ee2d7e,0xcddbb1da,0x01c94910,
+        0xb868bf80,0x0d26f3fd,0x9342ede7,0x04a5c284,
+        0x636737b6,0x50f5b616,0xf24766e3,0x8eca36c1,
+        0x136e05db,0xfef18391,0xfb887a37,0xd6e7f7d4,
+        0xc7fb7dc9,0x3063fcdf,0xb6f589de,0xec2941da,
+        0x26e46695,0xb7566419,0xf654efc5,0xd08d58b7,
+        0x48925401,0xc1bacb7f,0xe5ff550f,0xb6083049,
+        0x5bb5d0e8,0x87d72e5a,0xab6a6ee1,0x223a66ce,
+        0xc62bf3cd,0x9e0885f9,0x68cb3e47,0x086c010f,
+        0xa21de820,0xd18b69de,0xf3f65777,0xfa02c3f6,
+        0x407edac3,0xcbb3d550,0x1793084d,0xb0d70eba,
+        0x0ab378d5,0xd951fb0c,0xded7da56,0x4124bbe4,
+        0x94ca0b56,0x0f5755d1,0xe0e1e56e,0x6184b5be,
+        0x580a249f,0x94f74bc0,0xe327888e,0x9f7b5561,
+        0xc3dc0280,0x05687715,0x646c6bd7,0x44904db3,
+        0x66b4f0a3,0xc0f1648a,0x697ed5af,0x49e92ff6,
+        0x309e374f,0x2cb6356a,0x85808573,0x4991f840,
+        0x76f0ae02,0x083be84d,0x28421c9a,0x44489406,
+        0x736e4cb8,0xc1092910,0x8bc95fc6,0x7d869cf4,
+        0x134f616f,0x2e77118d,0xb31b2be1,0xaa90b472,
+        0x3ca5d717,0x7d161bba,0x9cad9010,0xaf462ba2,
+        0x9fe459d2,0x45d34559,0xd9f2da13,0xdbc65487,
+        0xf3e4f94e,0x176d486f,0x097c13ea,0x631da5c7,
+        0x445f7382,0x175683f4,0xcdc66a97,0x70be0288,
+        0xb3cdcf72,0x6e5dd2f3,0x20936079,0x459b80a5,
+        0xbe60e2db,0xa9c23101,0xeba5315c,0x224e42f2,
+        0x1c5c1572,0xf6721b2c,0x1ad2fff3,0x8c25404e,
+        0x324ed72f,0x4067b7fd,0x0523138e,0x5ca3bc78,
+        0xdc0fd66e,0x75922283,0x784d6b17,0x58ebb16e,
+        0x44094f85,0x3f481d87,0xfcfeae7b,0x77b5ff76,
+        0x8c2302bf,0xaaf47556,0x5f46b02a,0x2b092801,
+        0x3d38f5f7,0x0ca81f36,0x52af4a8a,0x66d5e7c0,
+        0xdf3b0874,0x95055110,0x1b5ad7a8,0xf61ed5ad,
+        0x6cf6e479,0x20758184,0xd0cefa65,0x88f7be58,
+        0x4a046826,0x0ff6f8f3,0xa09c7f70,0x5346aba0,
+        0x5ce96c28,0xe176eda3,0x6bac307f,0x376829d2,
+        0x85360fa9,0x17e3fe2a,0x24b79767,0xf5a96b20,
+        0xd6cd2595,0x68ff1ebf,0x7555442c,0xf19f06be,
+        0xf9e0659a,0xeeb9491d,0x34010718,0xbb30cab8,
+        0xe822fe15,0x88570983,0x750e6249,0xda627e55,
+        0x5e76ffa8,0xb1534546,0x6d47de08,0xefe9e7d4,
+        };
+CAST_LONG CAST_S_table5[256]={
+        0xf6fa8f9d,0x2cac6ce1,0x4ca34867,0xe2337f7c,
+        0x95db08e7,0x016843b4,0xeced5cbc,0x325553ac,
+        0xbf9f0960,0xdfa1e2ed,0x83f0579d,0x63ed86b9,
+        0x1ab6a6b8,0xde5ebe39,0xf38ff732,0x8989b138,
+        0x33f14961,0xc01937bd,0xf506c6da,0xe4625e7e,
+        0xa308ea99,0x4e23e33c,0x79cbd7cc,0x48a14367,
+        0xa3149619,0xfec94bd5,0xa114174a,0xeaa01866,
+        0xa084db2d,0x09a8486f,0xa888614a,0x2900af98,
+        0x01665991,0xe1992863,0xc8f30c60,0x2e78ef3c,
+        0xd0d51932,0xcf0fec14,0xf7ca07d2,0xd0a82072,
+        0xfd41197e,0x9305a6b0,0xe86be3da,0x74bed3cd,
+        0x372da53c,0x4c7f4448,0xdab5d440,0x6dba0ec3,
+        0x083919a7,0x9fbaeed9,0x49dbcfb0,0x4e670c53,
+        0x5c3d9c01,0x64bdb941,0x2c0e636a,0xba7dd9cd,
+        0xea6f7388,0xe70bc762,0x35f29adb,0x5c4cdd8d,
+        0xf0d48d8c,0xb88153e2,0x08a19866,0x1ae2eac8,
+        0x284caf89,0xaa928223,0x9334be53,0x3b3a21bf,
+        0x16434be3,0x9aea3906,0xefe8c36e,0xf890cdd9,
+        0x80226dae,0xc340a4a3,0xdf7e9c09,0xa694a807,
+        0x5b7c5ecc,0x221db3a6,0x9a69a02f,0x68818a54,
+        0xceb2296f,0x53c0843a,0xfe893655,0x25bfe68a,
+        0xb4628abc,0xcf222ebf,0x25ac6f48,0xa9a99387,
+        0x53bddb65,0xe76ffbe7,0xe967fd78,0x0ba93563,
+        0x8e342bc1,0xe8a11be9,0x4980740d,0xc8087dfc,
+        0x8de4bf99,0xa11101a0,0x7fd37975,0xda5a26c0,
+        0xe81f994f,0x9528cd89,0xfd339fed,0xb87834bf,
+        0x5f04456d,0x22258698,0xc9c4c83b,0x2dc156be,
+        0x4f628daa,0x57f55ec5,0xe2220abe,0xd2916ebf,
+        0x4ec75b95,0x24f2c3c0,0x42d15d99,0xcd0d7fa0,
+        0x7b6e27ff,0xa8dc8af0,0x7345c106,0xf41e232f,
+        0x35162386,0xe6ea8926,0x3333b094,0x157ec6f2,
+        0x372b74af,0x692573e4,0xe9a9d848,0xf3160289,
+        0x3a62ef1d,0xa787e238,0xf3a5f676,0x74364853,
+        0x20951063,0x4576698d,0xb6fad407,0x592af950,
+        0x36f73523,0x4cfb6e87,0x7da4cec0,0x6c152daa,
+        0xcb0396a8,0xc50dfe5d,0xfcd707ab,0x0921c42f,
+        0x89dff0bb,0x5fe2be78,0x448f4f33,0x754613c9,
+        0x2b05d08d,0x48b9d585,0xdc049441,0xc8098f9b,
+        0x7dede786,0xc39a3373,0x42410005,0x6a091751,
+        0x0ef3c8a6,0x890072d6,0x28207682,0xa9a9f7be,
+        0xbf32679d,0xd45b5b75,0xb353fd00,0xcbb0e358,
+        0x830f220a,0x1f8fb214,0xd372cf08,0xcc3c4a13,
+        0x8cf63166,0x061c87be,0x88c98f88,0x6062e397,
+        0x47cf8e7a,0xb6c85283,0x3cc2acfb,0x3fc06976,
+        0x4e8f0252,0x64d8314d,0xda3870e3,0x1e665459,
+        0xc10908f0,0x513021a5,0x6c5b68b7,0x822f8aa0,
+        0x3007cd3e,0x74719eef,0xdc872681,0x073340d4,
+        0x7e432fd9,0x0c5ec241,0x8809286c,0xf592d891,
+        0x08a930f6,0x957ef305,0xb7fbffbd,0xc266e96f,
+        0x6fe4ac98,0xb173ecc0,0xbc60b42a,0x953498da,
+        0xfba1ae12,0x2d4bd736,0x0f25faab,0xa4f3fceb,
+        0xe2969123,0x257f0c3d,0x9348af49,0x361400bc,
+        0xe8816f4a,0x3814f200,0xa3f94043,0x9c7a54c2,
+        0xbc704f57,0xda41e7f9,0xc25ad33a,0x54f4a084,
+        0xb17f5505,0x59357cbe,0xedbd15c8,0x7f97c5ab,
+        0xba5ac7b5,0xb6f6deaf,0x3a479c3a,0x5302da25,
+        0x653d7e6a,0x54268d49,0x51a477ea,0x5017d55b,
+        0xd7d25d88,0x44136c76,0x0404a8c8,0xb8e5a121,
+        0xb81a928a,0x60ed5869,0x97c55b96,0xeaec991b,
+        0x29935913,0x01fdb7f1,0x088e8dfa,0x9ab6f6f5,
+        0x3b4cbf9f,0x4a5de3ab,0xe6051d35,0xa0e1d855,
+        0xd36b4cf1,0xf544edeb,0xb0e93524,0xbebb8fbd,
+        0xa2d762cf,0x49c92f54,0x38b5f331,0x7128a454,
+        0x48392905,0xa65b1db8,0x851c97bd,0xd675cf2f,
+        };
+CAST_LONG CAST_S_table6[256]={
+        0x85e04019,0x332bf567,0x662dbfff,0xcfc65693,
+        0x2a8d7f6f,0xab9bc912,0xde6008a1,0x2028da1f,
+        0x0227bce7,0x4d642916,0x18fac300,0x50f18b82,
+        0x2cb2cb11,0xb232e75c,0x4b3695f2,0xb28707de,
+        0xa05fbcf6,0xcd4181e9,0xe150210c,0xe24ef1bd,
+        0xb168c381,0xfde4e789,0x5c79b0d8,0x1e8bfd43,
+        0x4d495001,0x38be4341,0x913cee1d,0x92a79c3f,
+        0x089766be,0xbaeeadf4,0x1286becf,0xb6eacb19,
+        0x2660c200,0x7565bde4,0x64241f7a,0x8248dca9,
+        0xc3b3ad66,0x28136086,0x0bd8dfa8,0x356d1cf2,
+        0x107789be,0xb3b2e9ce,0x0502aa8f,0x0bc0351e,
+        0x166bf52a,0xeb12ff82,0xe3486911,0xd34d7516,
+        0x4e7b3aff,0x5f43671b,0x9cf6e037,0x4981ac83,
+        0x334266ce,0x8c9341b7,0xd0d854c0,0xcb3a6c88,
+        0x47bc2829,0x4725ba37,0xa66ad22b,0x7ad61f1e,
+        0x0c5cbafa,0x4437f107,0xb6e79962,0x42d2d816,
+        0x0a961288,0xe1a5c06e,0x13749e67,0x72fc081a,
+        0xb1d139f7,0xf9583745,0xcf19df58,0xbec3f756,
+        0xc06eba30,0x07211b24,0x45c28829,0xc95e317f,
+        0xbc8ec511,0x38bc46e9,0xc6e6fa14,0xbae8584a,
+        0xad4ebc46,0x468f508b,0x7829435f,0xf124183b,
+        0x821dba9f,0xaff60ff4,0xea2c4e6d,0x16e39264,
+        0x92544a8b,0x009b4fc3,0xaba68ced,0x9ac96f78,
+        0x06a5b79a,0xb2856e6e,0x1aec3ca9,0xbe838688,
+        0x0e0804e9,0x55f1be56,0xe7e5363b,0xb3a1f25d,
+        0xf7debb85,0x61fe033c,0x16746233,0x3c034c28,
+        0xda6d0c74,0x79aac56c,0x3ce4e1ad,0x51f0c802,
+        0x98f8f35a,0x1626a49f,0xeed82b29,0x1d382fe3,
+        0x0c4fb99a,0xbb325778,0x3ec6d97b,0x6e77a6a9,
+        0xcb658b5c,0xd45230c7,0x2bd1408b,0x60c03eb7,
+        0xb9068d78,0xa33754f4,0xf430c87d,0xc8a71302,
+        0xb96d8c32,0xebd4e7be,0xbe8b9d2d,0x7979fb06,
+        0xe7225308,0x8b75cf77,0x11ef8da4,0xe083c858,
+        0x8d6b786f,0x5a6317a6,0xfa5cf7a0,0x5dda0033,
+        0xf28ebfb0,0xf5b9c310,0xa0eac280,0x08b9767a,
+        0xa3d9d2b0,0x79d34217,0x021a718d,0x9ac6336a,
+        0x2711fd60,0x438050e3,0x069908a8,0x3d7fedc4,
+        0x826d2bef,0x4eeb8476,0x488dcf25,0x36c9d566,
+        0x28e74e41,0xc2610aca,0x3d49a9cf,0xbae3b9df,
+        0xb65f8de6,0x92aeaf64,0x3ac7d5e6,0x9ea80509,
+        0xf22b017d,0xa4173f70,0xdd1e16c3,0x15e0d7f9,
+        0x50b1b887,0x2b9f4fd5,0x625aba82,0x6a017962,
+        0x2ec01b9c,0x15488aa9,0xd716e740,0x40055a2c,
+        0x93d29a22,0xe32dbf9a,0x058745b9,0x3453dc1e,
+        0xd699296e,0x496cff6f,0x1c9f4986,0xdfe2ed07,
+        0xb87242d1,0x19de7eae,0x053e561a,0x15ad6f8c,
+        0x66626c1c,0x7154c24c,0xea082b2a,0x93eb2939,
+        0x17dcb0f0,0x58d4f2ae,0x9ea294fb,0x52cf564c,
+        0x9883fe66,0x2ec40581,0x763953c3,0x01d6692e,
+        0xd3a0c108,0xa1e7160e,0xe4f2dfa6,0x693ed285,
+        0x74904698,0x4c2b0edd,0x4f757656,0x5d393378,
+        0xa132234f,0x3d321c5d,0xc3f5e194,0x4b269301,
+        0xc79f022f,0x3c997e7e,0x5e4f9504,0x3ffafbbd,
+        0x76f7ad0e,0x296693f4,0x3d1fce6f,0xc61e45be,
+        0xd3b5ab34,0xf72bf9b7,0x1b0434c0,0x4e72b567,
+        0x5592a33d,0xb5229301,0xcfd2a87f,0x60aeb767,
+        0x1814386b,0x30bcc33d,0x38a0c07d,0xfd1606f2,
+        0xc363519b,0x589dd390,0x5479f8e6,0x1cb8d647,
+        0x97fd61a9,0xea7759f4,0x2d57539d,0x569a58cf,
+        0xe84e63ad,0x462e1b78,0x6580f87e,0xf3817914,
+        0x91da55f4,0x40a230f3,0xd1988f35,0xb6e318d2,
+        0x3ffa50bc,0x3d40f021,0xc3c0bdae,0x4958c24c,
+        0x518f36b2,0x84b1d370,0x0fedce83,0x878ddada,
+        0xf2a279c7,0x94e01be8,0x90716f4b,0x954b8aa3,
+        };
+CAST_LONG CAST_S_table7[256]={
+        0xe216300d,0xbbddfffc,0xa7ebdabd,0x35648095,
+        0x7789f8b7,0xe6c1121b,0x0e241600,0x052ce8b5,
+        0x11a9cfb0,0xe5952f11,0xece7990a,0x9386d174,
+        0x2a42931c,0x76e38111,0xb12def3a,0x37ddddfc,
+        0xde9adeb1,0x0a0cc32c,0xbe197029,0x84a00940,
+        0xbb243a0f,0xb4d137cf,0xb44e79f0,0x049eedfd,
+        0x0b15a15d,0x480d3168,0x8bbbde5a,0x669ded42,
+        0xc7ece831,0x3f8f95e7,0x72df191b,0x7580330d,
+        0x94074251,0x5c7dcdfa,0xabbe6d63,0xaa402164,
+        0xb301d40a,0x02e7d1ca,0x53571dae,0x7a3182a2,
+        0x12a8ddec,0xfdaa335d,0x176f43e8,0x71fb46d4,
+        0x38129022,0xce949ad4,0xb84769ad,0x965bd862,
+        0x82f3d055,0x66fb9767,0x15b80b4e,0x1d5b47a0,
+        0x4cfde06f,0xc28ec4b8,0x57e8726e,0x647a78fc,
+        0x99865d44,0x608bd593,0x6c200e03,0x39dc5ff6,
+        0x5d0b00a3,0xae63aff2,0x7e8bd632,0x70108c0c,
+        0xbbd35049,0x2998df04,0x980cf42a,0x9b6df491,
+        0x9e7edd53,0x06918548,0x58cb7e07,0x3b74ef2e,
+        0x522fffb1,0xd24708cc,0x1c7e27cd,0xa4eb215b,
+        0x3cf1d2e2,0x19b47a38,0x424f7618,0x35856039,
+        0x9d17dee7,0x27eb35e6,0xc9aff67b,0x36baf5b8,
+        0x09c467cd,0xc18910b1,0xe11dbf7b,0x06cd1af8,
+        0x7170c608,0x2d5e3354,0xd4de495a,0x64c6d006,
+        0xbcc0c62c,0x3dd00db3,0x708f8f34,0x77d51b42,
+        0x264f620f,0x24b8d2bf,0x15c1b79e,0x46a52564,
+        0xf8d7e54e,0x3e378160,0x7895cda5,0x859c15a5,
+        0xe6459788,0xc37bc75f,0xdb07ba0c,0x0676a3ab,
+        0x7f229b1e,0x31842e7b,0x24259fd7,0xf8bef472,
+        0x835ffcb8,0x6df4c1f2,0x96f5b195,0xfd0af0fc,
+        0xb0fe134c,0xe2506d3d,0x4f9b12ea,0xf215f225,
+        0xa223736f,0x9fb4c428,0x25d04979,0x34c713f8,
+        0xc4618187,0xea7a6e98,0x7cd16efc,0x1436876c,
+        0xf1544107,0xbedeee14,0x56e9af27,0xa04aa441,
+        0x3cf7c899,0x92ecbae6,0xdd67016d,0x151682eb,
+        0xa842eedf,0xfdba60b4,0xf1907b75,0x20e3030f,
+        0x24d8c29e,0xe139673b,0xefa63fb8,0x71873054,
+        0xb6f2cf3b,0x9f326442,0xcb15a4cc,0xb01a4504,
+        0xf1e47d8d,0x844a1be5,0xbae7dfdc,0x42cbda70,
+        0xcd7dae0a,0x57e85b7a,0xd53f5af6,0x20cf4d8c,
+        0xcea4d428,0x79d130a4,0x3486ebfb,0x33d3cddc,
+        0x77853b53,0x37effcb5,0xc5068778,0xe580b3e6,
+        0x4e68b8f4,0xc5c8b37e,0x0d809ea2,0x398feb7c,
+        0x132a4f94,0x43b7950e,0x2fee7d1c,0x223613bd,
+        0xdd06caa2,0x37df932b,0xc4248289,0xacf3ebc3,
+        0x5715f6b7,0xef3478dd,0xf267616f,0xc148cbe4,
+        0x9052815e,0x5e410fab,0xb48a2465,0x2eda7fa4,
+        0xe87b40e4,0xe98ea084,0x5889e9e1,0xefd390fc,
+        0xdd07d35b,0xdb485694,0x38d7e5b2,0x57720101,
+        0x730edebc,0x5b643113,0x94917e4f,0x503c2fba,
+        0x646f1282,0x7523d24a,0xe0779695,0xf9c17a8f,
+        0x7a5b2121,0xd187b896,0x29263a4d,0xba510cdf,
+        0x81f47c9f,0xad1163ed,0xea7b5965,0x1a00726e,
+        0x11403092,0x00da6d77,0x4a0cdd61,0xad1f4603,
+        0x605bdfb0,0x9eedc364,0x22ebe6a8,0xcee7d28a,
+        0xa0e736a0,0x5564a6b9,0x10853209,0xc7eb8f37,
+        0x2de705ca,0x8951570f,0xdf09822b,0xbd691a6c,
+        0xaa12e4f2,0x87451c0f,0xe0f6a27a,0x3ada4819,
+        0x4cf1764f,0x0d771c2b,0x67cdb156,0x350d8384,
+        0x5938fa0f,0x42399ef3,0x36997b07,0x0e84093d,
+        0x4aa93e61,0x8360d87b,0x1fa98b0c,0x1149382c,
+        0xe97625a5,0x0614d1b7,0x0e25244b,0x0c768347,
+        0x589e8d82,0x0d2059d1,0xa466bb1e,0xf8da0a82,
+        0x04f19130,0xba6e4ec0,0x99265164,0x1ee7230d,
+        0x50b2ad80,0xeaee6801,0x8db2a283,0xea8bf59e,
+        };
diff --git a/src/lib/libssl/src/crypto/cast/cast_spd.c b/src/lib/libssl/src/crypto/cast/cast_spd.c
new file mode 100644
index 0000000000..ab75e65386
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/cast_spd.c
@@ -0,0 +1,294 @@
+/* crypto/cast/cast_spd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern int exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "cast.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#ifndef VMS
+#define HZ      100.0
+#else /* VMS */
+#define HZ      100.0
+#endif
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        CAST_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+#ifndef TIMES
+        printf("To get the most acurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        CAST_set_key(&sch,16,key);
+        count=10;
+        do      {
+                long i;
+                CAST_LONG data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        CAST_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing CAST_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing CAST_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                CAST_set_key(&sch,16,key);
+                CAST_set_key(&sch,16,key);
+                CAST_set_key(&sch,16,key);
+                CAST_set_key(&sch,16,key);
+                }
+        d=Time_F(STOP);
+        printf("%ld cast set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing CAST_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing CAST_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                CAST_LONG data[2];
+                CAST_encrypt(data,&sch);
+                CAST_encrypt(data,&sch);
+                CAST_encrypt(data,&sch);
+                CAST_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld CAST_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+#ifdef SIGALRM
+        printf("Doing CAST_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing CAST_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                CAST_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),CAST_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld CAST_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+        printf("CAST set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("CAST raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("CAST cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/cast/castopts.c b/src/lib/libssl/src/crypto/cast/castopts.c
new file mode 100644
index 0000000000..68cf5a4a60
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/castopts.c
@@ -0,0 +1,358 @@
+/* crypto/cast/castopts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern void exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "cast.h"
+#define CAST_DEFAULT_OPTIONS
+#undef E_CAST
+#define CAST_encrypt  CAST_encrypt_normal
+#define CAST_decrypt  CAST_decrypt_normal
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_normal
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+#define CAST_PTR
+#undef CAST_PTR2
+#undef E_CAST
+#undef CAST_encrypt
+#undef CAST_decrypt
+#undef CAST_cbc_encrypt
+#define CAST_encrypt  CAST_encrypt_ptr
+#define CAST_decrypt  CAST_decrypt_ptr
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+#undef CAST_PTR
+#define CAST_PTR2
+#undef E_CAST
+#undef CAST_encrypt
+#undef CAST_decrypt
+#undef CAST_cbc_encrypt
+#define CAST_encrypt  CAST_encrypt_ptr2
+#define CAST_decrypt  CAST_decrypt_ptr2
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr2
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+        
+#define time_it(func,name,index) \
+        print_name(name); \
+        Time_F(START); \
+        for (count=0,run=1; COND(cb); count+=4) \
+                { \
+                unsigned long d[2]; \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                } \
+        tm[index]=Time_F(STOP); \
+        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+        tm[index]=((double)COUNT(cb))/tm[index];
+#define print_it(name,index) \
+        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+                tm[index]*8,1.0e6/tm[index]);
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static char key[16]={   0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                                0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        CAST_KEY sch;
+        double d,tm[16],max=0;
+        int rank[16];
+        char *str[16];
+        int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+        long ca,cb,cc,cd,ce;
+#endif
+        for (i=0; i<12; i++)
+                {
+                tm[i]=0.0;
+                rank[i]=0;
+                }
+#ifndef TIMES
+        fprintf(stderr,"To get the most acurate results, try to run this\n");
+        fprintf(stderr,"program when this computer is idle.\n");
+#endif
+        CAST_set_key(&sch,16,key);
+#ifndef SIGALRM
+        fprintf(stderr,"First we calculate the approximate speed ...\n");
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        CAST_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+        ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+        time_it(CAST_encrypt_normal,    "CAST_encrypt_normal ", 0);
+        time_it(CAST_encrypt_ptr,       "CAST_encrypt_ptr    ", 1);
+        time_it(CAST_encrypt_ptr2,      "CAST_encrypt_ptr2   ", 2);
+        num+=3;
+        str[0]="<nothing>";
+        print_it("CAST_encrypt_normal ",0);
+        max=tm[0];
+        max_idx=0;
+        str[1]="ptr      ";
+        print_it("CAST_encrypt_ptr ",1);
+        if (max < tm[1]) { max=tm[1]; max_idx=1; }
+        str[2]="ptr2     ";
+        print_it("CAST_encrypt_ptr2 ",2);
+        if (max < tm[2]) { max=tm[2]; max_idx=2; }
+        printf("options    CAST ecb/s\n");
+        printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+        d=tm[max_idx];
+        tm[max_idx]= -2.0;
+        max= -1.0;
+        for (;;)
+                {
+                for (i=0; i<3; i++)
+                        {
+                        if (max < tm[i]) { max=tm[i]; j=i; }
+                        }
+                if (max < 0.0) break;
+                printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+                tm[j]= -2.0;
+                max= -1.0;
+                }
+        switch (max_idx)
+                {
+        case 0:
+                printf("-DCAST_DEFAULT_OPTIONS\n");
+                break;
+        case 1:
+                printf("-DCAST_PTR\n");
+                break;
+        case 2:
+                printf("-DCAST_PTR2\n");
+                break;
+                }
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/cast/casts.cpp b/src/lib/libssl/src/crypto/cast/casts.cpp
new file mode 100644
index 0000000000..bac7be2c9c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/casts.cpp
@@ -0,0 +1,70 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "cast.h"
+void main(int argc,char *argv[])
+        {
+        CAST_KEY key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+        CAST_set_key(&key, 16,d);
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(s1);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(e2);
+                        CAST_encrypt(&data[0],&key);
+                        }
+                printf("cast %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/cast/casttest.c b/src/lib/libssl/src/crypto/cast/casttest.c
new file mode 100644
index 0000000000..8b009bc249
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cast/casttest.c
@@ -0,0 +1,223 @@
+/* crypto/cast/casttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "cast.h"
+/* #define FULL_TEST */
+unsigned char k[16]={
+        0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A
+        };
+unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+int k_len[3]={16,10};
+unsigned char c[3][8]={
+        {0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
+        {0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
+        {0x7A,0xC8,0x16,0xD1,0x6E,0x9B,0x30,0x2E},
+        };
+unsigned char out[80];
+unsigned char in_a[16]={
+        0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
+unsigned char in_b[16]={
+        0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
+unsigned char c_a[16]={
+        0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
+        0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92};
+unsigned char c_b[16]={
+        0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
+        0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E};
+#if 0
+char *text="Hello to all people out there";
+static unsigned char cfb_key[16]={
+        0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+        0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+        };
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+        0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+        0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+        0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+/*      0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+        0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+        0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+        }; 
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+#ifdef FULL_TEST
+        long l;
+        CAST_KEY key_b;
+#endif
+        int i,z,err=0;
+        CAST_KEY key;
+        for (z=0; z<1; z++)
+                {
+        CAST_set_key(&key,k_len[z],k);
+        CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);
+        if (memcmp(out,&(c[z][0]),8) != 0)
+                {
+                printf("ecb cast error encrypting\n");
+                printf("got     :");
+                for (i=0; i<8; i++)
+                        printf("%02X ",out[i]);
+                printf("\n");
+                printf("expected:");
+                for (i=0; i<8; i++)
+                        printf("%02X ",c[z][i]);
+                err=20;
+                printf("\n");
+                }
+        CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);
+        if (memcmp(out,in,8) != 0)
+                {
+                printf("ecb cast error decrypting\n");
+                printf("got     :");
+                for (i=0; i<8; i++)
+                        printf("%02X ",out[i]);
+                printf("\n");
+                printf("expected:");
+                for (i=0; i<8; i++)
+                        printf("%02X ",in[i]);
+                printf("\n");
+                err=3;
+                }
+        }
+        if (err == 0) printf("ecb cast5 ok\n");
+#ifdef FULL_TEST
+        {
+        unsigned char out_a[16],out_b[16];
+        static char *hex="0123456789ABCDEF";
+        printf("This test will take some time....");
+        fflush(stdout);
+        memcpy(out_a,in_a,sizeof(in_a));
+        memcpy(out_b,in_b,sizeof(in_b));
+        i=1;
+        for (l=0; l<1000000L; l++)
+                {
+                CAST_set_key(&key_b,16,out_b);
+                CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
+                CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
+                CAST_set_key(&key,16,out_a);
+                CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
+                CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
+                if ((l & 0xffff) == 0xffff)
+                        {
+                        printf("%c",hex[i&0x0f]);
+                        fflush(stdout);
+                        i++;
+                        }
+                }
+        if (    (memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
+                (memcmp(out_b,c_b,sizeof(c_b)) != 0))
+                {
+                printf("\n");
+                printf("Error\n");
+                printf("A out =");
+                for (i=0; i<16; i++) printf("%02X ",out_a[i]);
+                printf("\nactual=");
+                for (i=0; i<16; i++) printf("%02X ",c_a[i]);
+                printf("\n");
+                printf("B out =");
+                for (i=0; i<16; i++) printf("%02X ",out_b[i]);
+                printf("\nactual=");
+                for (i=0; i<16; i++) printf("%02X ",c_b[i]);
+                printf("\n");
+                }
+        else
+                printf(" ok\n");
+        }
+#endif
+        exit(err);
+        return(err);
+        }
diff --git a/src/lib/libssl/src/crypto/conf/cnf_save.c b/src/lib/libssl/src/crypto/conf/cnf_save.c
new file mode 100644
index 0000000000..c9018de10e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/conf/cnf_save.c
@@ -0,0 +1,106 @@
+/* crypto/conf/cnf_save.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "conf.h"
+void print_conf(CONF_VALUE *cv);
+main()
+        {
+        LHASH *conf;
+        long l;
+        conf=CONF_load(NULL,"../../apps/ssleay.cnf",&l);
+        if (conf == NULL)
+                {
+                fprintf(stderr,"error loading config, line %ld\n",l);
+                exit(1);
+                }
+        lh_doall(conf,print_conf);
+        }
+void print_conf(cv)
+CONF_VALUE *cv;
+        {
+        int i;
+        CONF_VALUE *v;
+        char *section;
+        char *name;
+        char *value;
+        STACK *s;
+        /* If it is a single entry, return */
+        if (cv->name != NULL) return;
+        printf("[ %s ]\n",cv->section);
+        s=(STACK *)cv->value;
+        for (i=0; i<sk_num(s); i++)
+                {
+                v=(CONF_VALUE *)sk_value(s,i);
+                section=(v->section == NULL)?"None":v->section;
+                name=(v->name == NULL)?"None":v->name;
+                value=(v->value == NULL)?"None":v->value;
+                printf("%s=%s\n",name,value);
+                }
+        printf("\n");
+        }
diff --git a/src/lib/libssl/src/crypto/conf/conf.h b/src/lib/libssl/src/crypto/conf/conf.h
new file mode 100644
index 0000000000..1446226a16
--- /dev/null
+++ b/src/lib/libssl/src/crypto/conf/conf.h
@@ -0,0 +1,114 @@
+/* crypto/conf/conf.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef  HEADER_CONF_H
+#define HEADER_CONF_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "stack.h"
+#include "lhash.h"
+typedef struct
+        {
+        char *section;
+        char *name;
+        char *value;
+        } CONF_VALUE;
+#ifndef NOPROTO
+LHASH *CONF_load(LHASH *conf,char *file,long *eline);
+STACK *CONF_get_section(LHASH *conf,char *section);
+char *CONF_get_string(LHASH *conf,char *group,char *name);
+long CONF_get_number(LHASH *conf,char *group,char *name);
+void CONF_free(LHASH *conf);
+void ERR_load_CONF_strings(void );
+#else
+LHASH *CONF_load();
+STACK *CONF_get_section();
+char *CONF_get_string();
+long CONF_get_number();
+void CONF_free();
+void ERR_load_CONF_strings();
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the CONF functions. */
+/* Function codes. */
+#define CONF_F_CONF_LOAD                                 100
+#define CONF_F_STR_COPY                                  101
+/* Reason codes. */
+#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET              100
+#define CONF_R_MISSING_EQUAL_SIGN                        101
+#define CONF_R_NO_CLOSE_BRACE                            102
+#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION              103
+#define CONF_R_VARIABLE_HAS_NO_VALUE                     104
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/conf/conf_err.c b/src/lib/libssl/src/crypto/conf/conf_err.c
new file mode 100644
index 0000000000..a8db8f266f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/conf/conf_err.c
@@ -0,0 +1,96 @@
+/* lib/conf/conf_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "conf.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA CONF_str_functs[]=
+        {
+{ERR_PACK(0,CONF_F_CONF_LOAD,0),        "CONF_load"},
+{ERR_PACK(0,CONF_F_STR_COPY,0), "STR_COPY"},
+{0,NULL},
+        };
+static ERR_STRING_DATA CONF_str_reasons[]=
+        {
+{CONF_R_MISSING_CLOSE_SQUARE_BRACKET     ,"missing close square bracket"},
+{CONF_R_MISSING_EQUAL_SIGN               ,"missing equal sign"},
+{CONF_R_NO_CLOSE_BRACE                   ,"no close brace"},
+{CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
+{CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
+{0,NULL},
+        };
+#endif
+void ERR_load_CONF_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_CONF,CONF_str_functs);
+                ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/conf/keysets.pl b/src/lib/libssl/src/crypto/conf/keysets.pl
new file mode 100644
index 0000000000..e40fed0ca1
--- /dev/null
+++ b/src/lib/libssl/src/crypto/conf/keysets.pl
@@ -0,0 +1,61 @@
+#!/usr/bin/perl
+$NUMBER=0x01;
+$UPPER=0x02;
+$LOWER=0x04;
+$EOF=0x08;
+$WS=0x10;
+$ESC=0x20;
+$QUOTE=0x40;
+$COMMENT=0x80;
+$UNDER=0x100;
+foreach (0 .. 127)
+        {
+        $v=0;
+        $c=sprintf("%c",$_);
+        $v|=$NUMBER     if ($c =~ /[0-9]/);
+        $v|=$UPPER      if ($c =~ /[A-Z]/);
+        $v|=$LOWER      if ($c =~ /[a-z]/);
+        $v|=$UNDER      if ($c =~ /_/);
+        $v|=$WS         if ($c =~ / \t\r\n/);
+        $v|=$ESC        if ($c =~ /\\/);
+        $v|=$QUOTE      if ($c =~ /['`"]/);
+        $v|=$COMMENT    if ($c =~ /\#/);
+        $v|=$EOF        if ($c =~ /\0/);
+        push(@V,$v);
+        }
+print <<"EOF";
+#define CONF_NUMBER             $NUMBER
+#define CONF_UPPER              $UPPER
+#define CONF_LOWER              $LOWER
+#define CONF_EOF                $EOF
+#define CONF_WS                 $WS
+#define CONF_ESC                $ESC
+#define CONF_QUOTE              $QUOTE
+#define CONF_COMMENT            $COMMENT
+#define CONF_ALPHA              (CONF_UPPER|CONF_LOWER)
+#define CONF_ALPHA_NUMERIC      (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_UNDER              $UNDER
+#define IS_COMMENT(a)           (CONF_COMMENT&(CONF_type[(a)&0x7f]))
+#define IS_EOF(a)               ((a) == '\\0')
+#define IS_ESC(a)               ((a) == '\\\\')
+#define IS_NUMER(a)             (CONF_type[(a)&0x7f]&CONF_NUMBER)
+#define IS_WS(a)                (CONF_type[(a)&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(a)     (CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_QUOTE(a)             (CONF_type[(a)&0x7f]&CONF_QUOTE)
+EOF
+print "static unsigned short CONF_type[128]={";
+for ($i=0; $i<128; $i++)
+        {
+        print "\n\t" if ($i % 8) == 0;
+        printf "0x%03X,",$V[$i];
+        }
+print "\n\t};\n";
diff --git a/src/lib/libssl/src/crypto/conf/ssleay.cnf b/src/lib/libssl/src/crypto/conf/ssleay.cnf
new file mode 100644
index 0000000000..ed33af601e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/conf/ssleay.cnf
@@ -0,0 +1,78 @@
+#
+# This is a test configuration file for use in SSLeay etc...
+#
+init = 5
+in\#it1 =10
+init2='10'
+init3='10\''
+init4="10'"
+init5='='10\'' again'
+SSLeay::version = 0.5.0
+[genrsa]
+default_bits    = 512
+SSLEAY::version = 0.5.0
+[gendh]
+default_bits    = 512
+def_generator   = 2
+[s_client]
+cipher1         = DES_CBC_MD5:DES_CBC_SHA:DES_EDE_SHA:RC4_MD5\
+cipher2         = 'DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5'
+cipher3         = "DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5"
+cipher4         = DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5
+[ default ]
+cert_dir        = $ENV::HOME/.ca_certs
+HOME            = /tmp/eay
+tmp_cert_dir    = $HOME/.ca_certs
+tmp2_cert_dir   = thisis$(HOME)stuff
+LOGNAME = Eric Young (home=$HOME)
+[ special ]
+H=$HOME
+H=$default::HOME
+H=$ENV::HOME
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+RANDFILE                = $HOME/.rand
+[ req ]
+default_bits            = 512
+default_keyfile         = privkey.pem
+Attribute_type_1        = countryName
+Attribute_text_1        = Country Name (2 letter code)
+Attribute_default_1     = AU
+Attribute_type_2        = stateOrProvinceName
+Attribute_text_2        = State or Province Name (full name)
+Attribute_default_2     = Queensland
+Attribute_type_3        = localityName
+Attribute_text_3        = Locality Name (eg, city)
+Attribute_type_4        = organizationName
+Attribute_text_4        = Organization Name (eg, company)
+Attribute_default_4     = Mincom Pty Ltd
+Attribute_type_5        = organizationalUnitName
+Attribute_text_5        = Organizational Unit Name (eg, section)
+Attribute_default_5     = TR
+Attribute_type_6        = commonName
+Attribute_text_6        = Common Name (eg, YOUR name)
+Attribute_type_7        = emailAddress
+Attribute_text_7        = Email Address
diff --git a/src/lib/libssl/src/crypto/conf/test.c b/src/lib/libssl/src/crypto/conf/test.c
new file mode 100644
index 0000000000..899ee2a067
--- /dev/null
+++ b/src/lib/libssl/src/crypto/conf/test.c
@@ -0,0 +1,91 @@
+/* crypto/conf/test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "conf.h"
+main()
+        {
+        LHASH *conf;
+        long eline;
+        char *s,*s2;
+        conf=CONF_load(NULL,"ssleay.conf",&eline);
+        if (conf == NULL)
+                {
+                ERR_load_crypto_strings();
+                printf("unable to load configuration, line %ld\n",eline);
+                ERR_print_errors_fp(stderr);
+                exit(1);
+                }
+        lh_stats(conf,stdout);
+        lh_node_stats(conf,stdout);
+        lh_node_usage_stats(conf,stdout);
+        s=CONF_get_string(conf,NULL,"init2");
+        printf("init2=%s\n",(s == NULL)?"NULL":s);
+        s=CONF_get_string(conf,NULL,"cipher1");
+        printf("cipher1=%s\n",(s == NULL)?"NULL":s);
+        s=CONF_get_string(conf,"s_client","cipher1");
+        printf("s_client:cipher1=%s\n",(s == NULL)?"NULL":s);
+        exit(0);
+        }
diff --git a/src/lib/libssl/src/crypto/cpt_err.c b/src/lib/libssl/src/crypto/cpt_err.c
new file mode 100644
index 0000000000..ea3c135d39
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cpt_err.c
@@ -0,0 +1,86 @@
+/* lib/crypto/crypto_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "crypto.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA CRYPTO_str_functs[]=
+        {
+{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0),        "CRYPTO_get_ex_new_index"},
+{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0),  "CRYPTO_get_new_lockid"},
+{ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0),     "CRYPTO_set_ex_data"},
+{0,NULL},
+        };
+#endif
+void ERR_load_CRYPTO_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/cryptlib.c b/src/lib/libssl/src/crypto/cryptlib.c
new file mode 100644
index 0000000000..9a7e80b7f8
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cryptlib.c
@@ -0,0 +1,307 @@
+/* crypto/cryptlib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include "crypto.h"
+#include "date.h"
+#if defined(WIN32) || defined(WIN16)
+static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
+#endif
+/* real #defines in crypto.h, keep these upto date */
+static char* lock_names[CRYPTO_NUM_LOCKS] =
+        {
+        "<<ERROR>>",
+        "err",
+        "err_hash",
+        "x509",
+        "x509_info",
+        "x509_pkey",
+        "x509_crl",
+        "x509_req",
+        "dsa",
+        "rsa",
+        "evp_pkey",
+        "x509_store",
+        "ssl_ctx",
+        "ssl_cert",
+        "ssl_session",
+        "ssl",
+        "rand",
+        "debug_malloc",
+        "BIO",
+        "bio_gethostbyname",
+        "RSA_blinding",
+        };
+static STACK *app_locks=NULL;
+#ifndef NOPROTO
+static void (MS_FAR *locking_callback)(int mode,int type,
+        char *file,int line)=NULL;
+static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
+        int type,char *file,int line)=NULL;
+static unsigned long (MS_FAR *id_callback)(void)=NULL;
+#else
+static void (MS_FAR *locking_callback)()=NULL;
+static int (MS_FAR *add_lock_callback)()=NULL;
+static unsigned long (MS_FAR *id_callback)()=NULL;
+#endif
+int CRYPTO_get_new_lockid(name)
+char *name;
+        {
+        char *str;
+        int i;
+        /* A hack to make Visual C++ 5.0 work correctly when linking as
+         * a DLL using /MT. Without this, the application cannot use
+         * and floating point printf's.
+         * It also seems to be needed for Visual C 1.5 (win16) */
+#if defined(WIN32) || defined(WIN16)
+        SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
+#endif
+        if (app_locks == NULL)
+                if ((app_locks=sk_new_null()) == NULL)
+                        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+                        return(0);
+        if ((str=BUF_strdup(name)) == NULL)
+                return(0);
+        i=sk_push(app_locks,str);
+        if (!i)
+                Free(str);
+        else
+                i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
+        return(i);
+        }
+void (*CRYPTO_get_locking_callback(P_V))(P_I_I_P_I)
+        {
+        return(locking_callback);
+        }
+int (*CRYPTO_get_add_lock_callback(P_V))(P_IP_I_I_P_I)
+        {
+        return(add_lock_callback);
+        }
+void CRYPTO_set_locking_callback(func)
+void (*func)(P_I_I_P_I);
+        {
+        locking_callback=func;
+        }
+void CRYPTO_set_add_lock_callback(func)
+int (*func)(P_IP_I_I_P_I);
+        {
+        add_lock_callback=func;
+        }
+unsigned long (*CRYPTO_get_id_callback(P_V))(P_V)
+        {
+        return(id_callback);
+        }
+void CRYPTO_set_id_callback(func)
+unsigned long (*func)(P_V);
+        {
+        id_callback=func;
+        }
+unsigned long CRYPTO_thread_id()
+        {
+        unsigned long ret=0;
+        if (id_callback == NULL)
+                {
+#ifdef WIN16
+                ret=(unsigned long)GetCurrentTask();
+#elif defined(WIN32)
+                ret=(unsigned long)GetCurrentThreadId();
+#elif defined(MSDOS)
+                ret=1L;
+#else
+                ret=(unsigned long)getpid();
+#endif
+                }
+        else
+                ret=id_callback();
+        return(ret);
+        }
+void CRYPTO_lock(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+        {
+#ifdef LOCK_DEBUG
+                {
+                char *rw_text,*operation_text;
+                if (mode & CRYPTO_LOCK)
+                        operation_text="lock  ";
+                else if (mode & CRYPTO_UNLOCK)
+                        operation_text="unlock";
+                else
+                        operation_text="ERROR ";
+                if (mode & CRYPTO_READ)
+                        rw_text="r";
+                else if (mode & CRYPTO_WRITE)
+                        rw_text="w";
+                else
+                        rw_text="ERROR";
+                fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n",
+                        CRYPTO_thread_id(), rw_text, operation_text,
+                        CRYPTO_get_lock_name(type), file, line);
+                }
+#endif
+        if (locking_callback != NULL)
+                locking_callback(mode,type,file,line);
+        }
+int CRYPTO_add_lock(pointer,amount,type,file,line)
+int *pointer;
+int amount;
+int type;
+char *file;
+int line;
+        {
+        int ret;
+        if (add_lock_callback != NULL)
+                {
+#ifdef LOCK_DEBUG
+                int before= *pointer;
+#endif
+                ret=add_lock_callback(pointer,amount,type,file,line);
+#ifdef LOCK_DEBUG
+                fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
+                        CRYPTO_thread_id(),
+                        before,amount,ret,
+                        CRYPTO_get_lock_name(type),
+                        file,line);
+#endif
+                *pointer=ret;
+                }
+        else
+                {
+                CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line);
+                ret= *pointer+amount;
+#ifdef LOCK_DEBUG
+                fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
+                        CRYPTO_thread_id(),
+                        *pointer,amount,ret,
+                        CRYPTO_get_lock_name(type),
+                        file,line);
+#endif
+                *pointer=ret;
+                CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line);
+                }
+        return(ret);
+        }
+char *CRYPTO_get_lock_name(type)
+int type;
+        {
+        if (type < 0)
+                return("ERROR");
+        else if (type < CRYPTO_NUM_LOCKS)
+                return(lock_names[type]);
+        else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks))
+                return("ERROR");
+        else
+                return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+        }
+#ifdef _DLL
+#ifdef WIN32
+/* All we really need to do is remove the 'error' state when a thread
+ * detaches */
+BOOL WINAPI DLLEntryPoint(hinstDLL,fdwReason,lpvReserved)
+HINSTANCE hinstDLL;
+DWORD fdwReason;
+LPVOID lpvReserved;
+        {
+        switch(fdwReason)
+                {
+        case DLL_PROCESS_ATTACH:
+                break;
+        case DLL_THREAD_ATTACH:
+                break;
+        case DLL_THREAD_DETACH:
+                ERR_remove_state(0);
+                break;
+        case DLL_PROCESS_DETACH:
+                break;
+                }
+        return(TRUE);
+        }
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/cryptlib.h b/src/lib/libssl/src/crypto/cryptlib.h
new file mode 100644
index 0000000000..32757c9efb
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cryptlib.h
@@ -0,0 +1,100 @@
+/* crypto/cryptlib.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_CRYPTLIB_H
+#define HEADER_CRYPTLIB_H
+#include <stdlib.h>
+#include <string.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
+/* #ifdef FLAT_INC */
+#include "e_os.h"
+#include "crypto.h"
+#include "buffer.h" 
+#include "bio.h" 
+#include "err.h"
+/*
+#else
+#include "../e_os.h"
+#include "crypto.h"
+#include "buffer/buffer.h"
+#include "bio/bio.h"
+#include "err/err.h"
+#endif
+*/
+#define X509_CERT_AREA          "/etc/ssl"
+#define X509_CERT_DIR           "/etc/ssl/certs"
+#define X509_CERT_FILE          "/etc/ssl/cert.pem"
+#define X509_PRIVATE_DIR        "/etc/ssl/private"
+#define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
+#define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/crypto.h b/src/lib/libssl/src/crypto/crypto.h
new file mode 100644
index 0000000000..0a38b5b87c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/crypto.h
@@ -0,0 +1,319 @@
+/* crypto/crypto.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_CRYPTO_H
+#define HEADER_CRYPTO_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "stack.h"
+/* This is more to be used to check the correct DLL is being used
+ * in the MS world. */
+#define SSLEAY_VERSION_NUMBER   0x0902  /* Version 0.5.1c would be 0513 */
+#define SSLEAY_VERSION          0
+/* #define SSLEAY_OPTIONS       1 no longer supported */
+#define SSLEAY_CFLAGS           2
+#define SSLEAY_BUILT_ON         3
+/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
+ * names in cryptlib.c
+ */
+#define CRYPTO_LOCK_ERR                 1
+#define CRYPTO_LOCK_ERR_HASH            2
+#define CRYPTO_LOCK_X509                3
+#define CRYPTO_LOCK_X509_INFO           4
+#define CRYPTO_LOCK_X509_PKEY           5
+#define CRYPTO_LOCK_X509_CRL            6
+#define CRYPTO_LOCK_X509_REQ            7
+#define CRYPTO_LOCK_DSA                 8
+#define CRYPTO_LOCK_RSA                 9
+#define CRYPTO_LOCK_EVP_PKEY            10
+#define CRYPTO_LOCK_X509_STORE          11
+#define CRYPTO_LOCK_SSL_CTX             12
+#define CRYPTO_LOCK_SSL_CERT            13
+#define CRYPTO_LOCK_SSL_SESSION         14
+#define CRYPTO_LOCK_SSL                 15
+#define CRYPTO_LOCK_RAND                16
+#define CRYPTO_LOCK_MALLOC              17
+#define CRYPTO_LOCK_BIO                 18
+#define CRYPTO_LOCK_BIO_GETHOSTBYNAME   19
+#define CRYPTO_LOCK_RSA_BLINDING        20
+#define CRYPTO_NUM_LOCKS                21
+#define CRYPTO_LOCK             1
+#define CRYPTO_UNLOCK           2
+#define CRYPTO_READ             4
+#define CRYPTO_WRITE            8
+#ifndef CRYPTO_w_lock
+#define CRYPTO_w_lock(type)     \
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+#define CRYPTO_w_unlock(type)   \
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+#define CRYPTO_r_lock(type)     \
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+#define CRYPTO_r_unlock(type)   \
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+#define CRYPTO_add(addr,amount,type)    \
+        CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+#endif
+/* The following can be used to detect memory leaks in the SSLeay library.
+ * It used, it turns on malloc checking */
+#define CRYPTO_MEM_CHECK_OFF    0x0
+#define CRYPTO_MEM_CHECK_ON     0x1
+/*
+typedef struct crypto_mem_st
+        {
+        char *(*malloc_func)();
+        char *(*realloc_func)();
+        void (*free_func)();
+        } CRYPTO_MEM_FUNC;
+*/
+/* predec of the BIO type */
+typedef struct bio_st BIO_dummy;
+typedef struct crypto_ex_data_st
+        {
+        STACK *sk;
+        int dummy; /* gcc is screwing up this data structure :-( */
+        } CRYPTO_EX_DATA;
+/* This stuff is basically class callback functions
+ * The current classes are SSL_CTX, SSL, SSL_SESION, and a few more */
+typedef struct crypto_ex_data_func_st
+        {
+        long argl;      /* Arbitary long */
+        char *argp;     /* Arbitary char * */
+        /* Called when a new object is created */
+        int (*new_func)(/*char *obj,
+                        char *item,int index,long argl,char *argp*/);
+        /* Called when this object is free()ed */
+        void (*free_func)(/*char *obj,
+                        char *item,int index,long argl,char *argp*/);
+        /* Called when we need to dup this one */
+        int (*dup_func)(/*char *obj_to,char *obj_from,
+                        char **new,int index,long argl,char *argp*/);
+        } CRYPTO_EX_DATA_FUNCS;
+/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
+ * entry.
+ */
+#define CRYPTO_EX_INDEX_BIO             0
+#define CRYPTO_EX_INDEX_SSL             1
+#define CRYPTO_EX_INDEX_SSL_CTX         2
+#define CRYPTO_EX_INDEX_SSL_SESSION     3
+#define CRYPTO_EX_INDEX_X509_STORE      4
+#define CRYPTO_EX_INDEX_X509_STORE_CTX  5
+/* Use this for win32 DLL's */
+#define CRYPTO_malloc_init()    CRYPTO_set_mem_functions(\
+        (char *(*)())malloc,\
+        (char *(*)())realloc,\
+        (void (*)())free)
+#ifdef CRYPTO_MDEBUG
+#define Malloc(num)     CRYPTO_dbg_malloc((int)num,__FILE__,__LINE__)
+#define Realloc(addr,num) \
+        CRYPTO_dbg_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+#define Remalloc(addr,num) \
+        CRYPTO_dbg_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+#define FreeFunc        CRYPTO_dbg_free
+#define Free(addr)      CRYPTO_dbg_free((char *)(addr))
+#else
+#define Remalloc        CRYPTO_remalloc
+#if defined(WIN32) || defined(MFUNC)
+#define Malloc          CRYPTO_malloc
+#define Realloc(a,n)    CRYPTO_realloc((char *)(a),(n))
+#define FreeFunc        CRYPTO_free
+#define Free(addr)      CRYPTO_free((char *)(addr))
+#else
+#define Malloc          malloc
+#define Realloc         realloc
+#define FreeFunc        free
+#define Free(addr)      free((char *)(addr))
+#endif /* WIN32 || MFUNC */
+#endif /* MDEBUG */
+/* Case insensiteve linking causes problems.... */
+#ifdef WIN16
+#define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings
+#endif
+#ifndef NOPROTO
+char *SSLeay_version(int type);
+unsigned long SSLeay(void);
+int CRYPTO_get_ex_new_index(int idx,STACK **sk,long argl,char *argp,
+        int (*new_func)(),int (*dup_func)(),void (*free_func)());
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad,int idx,char *val);
+char *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad,int idx);
+int CRYPTO_dup_ex_data(STACK *meth,CRYPTO_EX_DATA *from,CRYPTO_EX_DATA *to);
+void CRYPTO_free_ex_data(STACK *meth,char *obj,CRYPTO_EX_DATA *ad);
+void CRYPTO_new_ex_data(STACK *meth, char *obj, CRYPTO_EX_DATA *ad);
+int CRYPTO_mem_ctrl(int mode);
+int CRYPTO_get_new_lockid(char *name);
+void CRYPTO_lock(int mode, int type,char *file,int line);
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file,
+                int line));
+void (*CRYPTO_get_locking_callback(void))(int mode,int type,char *file,
+                int line);
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,
+                int type,char *file, int line));
+int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,
+                int type,char *file,int line);
+void CRYPTO_set_id_callback(unsigned long (*func)(void));
+unsigned long (*CRYPTO_get_id_callback(void))(void);
+unsigned long CRYPTO_thread_id(void);
+char *CRYPTO_get_lock_name(int type);
+int CRYPTO_add_lock(int *pointer,int amount,int type, char *file,int line);
+void CRYPTO_set_mem_functions(char *(*m)(),char *(*r)(), void (*free_func)());
+void CRYPTO_get_mem_functions(char *(**m)(),char *(**r)(), void (**f)());
+char *CRYPTO_malloc(int num);
+char *CRYPTO_realloc(char *addr,int num);
+void CRYPTO_free(char *);
+char *CRYPTO_remalloc(char *addr,int num);
+char *CRYPTO_dbg_malloc(int num,char *file,int line);
+char *CRYPTO_dbg_realloc(char *addr,int num,char *file,int line);
+void CRYPTO_dbg_free(char *);
+char *CRYPTO_dbg_remalloc(char *addr,int num,char *file,int line);
+#ifndef NO_FP_API
+void CRYPTO_mem_leaks_fp(FILE *);
+#endif
+void CRYPTO_mem_leaks(struct bio_st *bio);
+/* unsigned long order, char *file, int line, int num_bytes, char *addr */
+void CRYPTO_mem_leaks_cb(void (*cb)());
+void ERR_load_CRYPTO_strings(void );
+#else 
+int CRYPTO_get_ex_new_index();
+int CRYPTO_set_ex_data();
+char *CRYPTO_get_ex_data();
+int CRYPTO_dup_ex_data();
+void CRYPTO_free_ex_data();
+void CRYPTO_new_ex_data();
+int CRYPTO_mem_ctrl();
+char *SSLeay_version();
+unsigned long SSLeay();
+int CRYPTO_get_new_lockid();
+void CRYPTO_lock();
+void CRYPTO_set_locking_callback();
+void (*CRYPTO_get_locking_callback())();
+void CRYPTO_set_add_lock_callback();
+int (*CRYPTO_get_add_lock_callback())();
+void CRYPTO_set_id_callback();
+unsigned long (*CRYPTO_get_id_callback())();
+unsigned long CRYPTO_thread_id();
+char *CRYPTO_get_lock_name();
+int CRYPTO_add_lock();
+void CRYPTO_set_mem_functions();
+void CRYPTO_get_mem_functions();
+char *CRYPTO_malloc();
+char *CRYPTO_realloc();
+void CRYPTO_free();
+char *CRYPTO_remalloc();
+char *CRYPTO_dbg_remalloc();
+char *CRYPTO_dbg_malloc();
+char *CRYPTO_dbg_realloc();
+void CRYPTO_dbg_free();
+#ifndef NO_FP_API
+void CRYPTO_mem_leaks_fp();
+#endif
+void CRYPTO_mem_leaks();
+void CRYPTO_mem_leaks_cb();
+void ERR_load_CRYPTO_strings();
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the CRYPTO functions. */
+/* Function codes. */
+#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX                 100
+#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID                   101
+#define CRYPTO_F_CRYPTO_SET_EX_DATA                      102
+/* Reason codes. */
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/cversion.c b/src/lib/libssl/src/crypto/cversion.c
new file mode 100644
index 0000000000..4e823be52f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/cversion.c
@@ -0,0 +1,99 @@
+/* crypto/cversion.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include "crypto.h"
+#include "date.h"
+char *SSLeay_version(t)
+int t;
+        {
+        if (t == SSLEAY_VERSION)
+                return("SSLeay 0.9.0b 29-Jun-1998");
+        if (t == SSLEAY_BUILT_ON)
+                {
+#ifdef DATE
+                static char buf[sizeof(DATE)+10];
+                sprintf(buf,"built on %s",DATE);
+                return(buf);
+#else
+                return("build date not available");
+#endif
+                }
+        if (t == SSLEAY_CFLAGS)
+                {
+#ifdef CFLAGS
+                static char buf[sizeof(CFLAGS)+10];
+                sprintf(buf,"C flags:%s",CFLAGS);
+                return(buf);
+#else
+                return("C flags not available");
+#endif
+                }
+        return("not available");
+        }
+unsigned long SSLeay()
+        {
+        return(SSLEAY_VERSION_NUMBER);
+        }
diff --git a/src/lib/libssl/src/crypto/des/COPYRIGHT b/src/lib/libssl/src/crypto/des/COPYRIGHT
new file mode 100644
index 0000000000..5469e1e469
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/COPYRIGHT
@@ -0,0 +1,50 @@
+Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+All rights reserved.
+This package is an DES implementation written by Eric Young (eay@cryptsoft.com).
+The implementation was written so as to conform with MIT's libdes.
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to.  The following conditions
+apply to all code found in this distribution.
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+If this package is used in a product, Eric Young should be given attribution
+as the author of that the SSL library.  This can be in the form of a textual
+message at program startup or in documentation (online or textual) provided
+with the package.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   This product includes software developed by Eric Young (eay@cryptsoft.com)
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+The license and distribution terms for any publically available version or
+derivative of this code cannot be changed.  i.e. this code cannot simply be
+copied and put under another distrubution license
+[including the GNU Public License.]
+The reason behind this being stated in this direct manner is past
+experience in code simply being copied and the attribution removed
+from it and then being distributed as part of other packages. This
+implementation was a non-trivial and unpaid effort.
diff --git a/src/lib/libssl/src/crypto/des/DES.pm b/src/lib/libssl/src/crypto/des/DES.pm
new file mode 100644
index 0000000000..6a175b6ca4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/DES.pm
@@ -0,0 +1,19 @@
+package DES;
+require Exporter;
+require DynaLoader;
+@ISA = qw(Exporter DynaLoader);
+# Items to export into callers namespace by default
+# (move infrequently used names to @EXPORT_OK below)
+@EXPORT = qw(
+);
+# Other items we are prepared to export if requested
+@EXPORT_OK = qw(
+crypt
+);
+# Preloaded methods go here.  Autoload methods go after __END__, and are
+# processed by the autosplit program.
+bootstrap DES;
+1;
+__END__
diff --git a/src/lib/libssl/src/crypto/des/DES.xs b/src/lib/libssl/src/crypto/des/DES.xs
new file mode 100644
index 0000000000..b8050b9edf
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/DES.xs
@@ -0,0 +1,268 @@
+#include "EXTERN.h"
+#include "perl.h"
+#include "XSUB.h"
+#include "des.h"
+#define deschar char
+static STRLEN len;
+static int
+not_here(s)
+char *s;
+{
+    croak("%s not implemented on this architecture", s);
+    return -1;
+}
+MODULE = DES    PACKAGE = DES   PREFIX = des_
+char *
+des_crypt(buf,salt)
+        char *  buf
+        char *  salt
+void
+des_set_odd_parity(key)
+        des_cblock *    key
+PPCODE:
+        {
+        SV *s;
+        s=sv_newmortal();
+        sv_setpvn(s,(char *)key,8);
+        des_set_odd_parity((des_cblock *)SvPV(s,na));
+        PUSHs(s);
+        }
+int
+des_is_weak_key(key)
+        des_cblock *    key
+des_key_schedule
+des_set_key(key)
+        des_cblock *    key
+CODE:
+        des_set_key(key,RETVAL);
+OUTPUT:
+RETVAL
+des_cblock
+des_ecb_encrypt(input,ks,encrypt)
+        des_cblock *    input
+        des_key_schedule *      ks
+        int     encrypt
+CODE:
+        des_ecb_encrypt(input,&RETVAL,*ks,encrypt);
+OUTPUT:
+RETVAL
+void
+des_cbc_encrypt(input,ks,ivec,encrypt)
+        char *  input
+        des_key_schedule *      ks
+        des_cblock *    ivec
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        char *c;
+        l=SvCUR(ST(0));
+        len=((((unsigned long)l)+7)/8)*8;
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(char *)SvPV(s,na);
+        des_cbc_encrypt((des_cblock *)input,(des_cblock *)c,
+                l,*ks,ivec,encrypt);
+        sv_setpvn(ST(2),(char *)c[len-8],8);
+        PUSHs(s);
+        }
+void
+des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt)
+        char *  input
+        des_key_schedule *      ks1
+        des_key_schedule *      ks2
+        des_cblock *    ivec1
+        des_cblock *    ivec2
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        l=SvCUR(ST(0));
+        len=((((unsigned long)l)+7)/8)*8;
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na),
+                l,*ks1,*ks2,ivec1,ivec2,encrypt);
+        sv_setpvn(ST(3),(char *)ivec1,8);
+        sv_setpvn(ST(4),(char *)ivec2,8);
+        PUSHs(s);
+        }
+void
+des_cbc_cksum(input,ks,ivec)
+        char *  input
+        des_key_schedule *      ks
+        des_cblock *    ivec
+PPCODE:
+        {
+        SV *s1,*s2;
+        STRLEN len,l;
+        des_cblock c;
+        unsigned long i1,i2;
+        s1=sv_newmortal();
+        s2=sv_newmortal();
+        l=SvCUR(ST(0));
+        des_cbc_cksum((des_cblock *)input,(des_cblock *)c,
+                l,*ks,ivec);
+        i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24);
+        i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24);
+        sv_setiv(s1,i1);
+        sv_setiv(s2,i2);
+        sv_setpvn(ST(2),(char *)c,8);
+        PUSHs(s1);
+        PUSHs(s2);
+        }
+void
+des_cfb_encrypt(input,numbits,ks,ivec,encrypt)
+        char *  input
+        int     numbits
+        des_key_schedule *      ks
+        des_cblock *    ivec
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len;
+        char *c;
+        len=SvCUR(ST(0));
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(char *)SvPV(s,na);
+        des_cfb_encrypt((unsigned char *)input,(unsigned char *)c,
+                (int)numbits,(long)len,*ks,ivec,encrypt);
+        sv_setpvn(ST(3),(char *)ivec,8);
+        PUSHs(s);
+        }
+des_cblock *
+des_ecb3_encrypt(input,ks1,ks2,encrypt)
+        des_cblock *    input
+        des_key_schedule *      ks1
+        des_key_schedule *      ks2
+        int     encrypt
+CODE:
+        {
+        des_cblock c;
+        des_ecb3_encrypt((des_cblock *)input,(des_cblock *)&c,
+                *ks1,*ks2,encrypt);
+        RETVAL= &c;
+        }
+OUTPUT:
+RETVAL
+void
+des_ofb_encrypt(input,numbits,ks,ivec)
+        unsigned char * input
+        int     numbits
+        des_key_schedule *      ks
+        des_cblock *    ivec
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        unsigned char *c;
+        len=SvCUR(ST(0));
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(unsigned char *)SvPV(s,na);
+        des_ofb_encrypt((unsigned char *)input,(unsigned char *)c,
+                numbits,len,*ks,ivec);
+        sv_setpvn(ST(3),(char *)ivec,8);
+        PUSHs(s);
+        }
+void
+des_pcbc_encrypt(input,ks,ivec,encrypt)
+        char *  input
+        des_key_schedule *      ks
+        des_cblock *    ivec
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        char *c;
+        l=SvCUR(ST(0));
+        len=((((unsigned long)l)+7)/8)*8;
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(char *)SvPV(s,na);
+        des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c,
+                l,*ks,ivec,encrypt);
+        sv_setpvn(ST(2),(char *)c[len-8],8);
+        PUSHs(s);
+        }
+des_cblock *
+des_random_key()
+CODE:
+        {
+        des_cblock c;
+        des_random_key(c);
+        RETVAL=&c;
+        }
+OUTPUT:
+RETVAL
+des_cblock *
+des_string_to_key(str)
+char *  str
+CODE:
+        {
+        des_cblock c;
+        des_string_to_key(str,&c);
+        RETVAL=&c;
+        }
+OUTPUT:
+RETVAL
+void
+des_string_to_2keys(str)
+char *  str
+PPCODE:
+        {
+        des_cblock c1,c2;
+        SV *s1,*s2;
+        des_string_to_2keys(str,&c1,&c2);
+        EXTEND(sp,2);
+        s1=sv_newmortal();
+        sv_setpvn(s1,(char *)c1,8);
+        s2=sv_newmortal();
+        sv_setpvn(s2,(char *)c2,8);
+        PUSHs(s1);
+        PUSHs(s2);
+        }
diff --git a/src/lib/libssl/src/crypto/des/INSTALL b/src/lib/libssl/src/crypto/des/INSTALL
new file mode 100644
index 0000000000..32457d775c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/INSTALL
@@ -0,0 +1,69 @@
+Check the CC and CFLAGS lines in the makefile
+If your C library does not support the times(3) function, change the
+#define TIMES to
+#undef TIMES in speed.c
+If it does, check the HZ value for the times(3) function.
+If your system does not define CLK_TCK it will be assumed to
+be 100.0.
+If possible use gcc v 2.7.?
+Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc)
+In recent times, some system compilers give better performace.
+type 'make'
+run './destest' to check things are ok.
+run './rpw' to check the tty code for reading passwords works.
+run './speed' to see how fast those optimisations make the library run :-)
+run './des_opts' to determin the best compile time options.
+The output from des_opts should be put in the makefile options and des_enc.c
+should be rebuilt.  For 64 bit computers, do not use the DES_PTR option.
+For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int'
+and then you can use the 'DES_PTR' option.
+The file options.txt has the options listed for best speed on quite a
+few systems.  Look and the options (UNROLL, PTR, RISC2 etc) and then
+turn on the relevent option in the Makefile
+There are some special Makefile targets that make life easier.
+make cc         - standard cc build
+make gcc        - standard gcc build
+make x86-elf    - x86 assembler (elf), linux-elf.
+make x86-out    - x86 assembler (a.out), FreeBSD
+make x86-solaris- x86 assembler
+make x86-bsdi   - x86 assembler (a.out with primative assembler).
+If at all possible use the assembler (for Windows NT/95, use
+asm/win32.obj to link with).  The x86 assembler is very very fast.
+A make install will by default install
+libdes.a      in /usr/local/lib/libdes.a
+des           in /usr/local/bin/des
+des_crypt.man in /usr/local/man/man3/des_crypt.3
+des.man       in /usr/local/man/man1/des.1
+des.h         in /usr/include/des.h
+des(1) should be compatible with sunOS's but I have been unable to
+test it.
+These routines should compile on MSDOS, most 32bit and 64bit version
+of Unix (BSD and SYSV) and VMS, without modification.
+The only problems should be #include files that are in the wrong places.
+These routines can be compiled under MSDOS.
+I have successfully encrypted files using des(1) under MSDOS and then
+decrypted the files on a SparcStation.
+I have been able to compile and test the routines with
+Microsoft C v 5.1 and Turbo C v 2.0.
+The code in this library is in no way optimised for the 16bit
+operation of MSDOS.
+When building for glibc, ignore all of the above and just unpack into
+glibc-1.??/des and then gmake as per normal.
+As a final note on performace.  Certain CPUs like sparcs and Alpha often give
+a %10 speed difference depending on the link order.  It is rather anoying
+when one program reports 'x' DES encrypts a second and another reports
+'x*0.9' the speed.
diff --git a/src/lib/libssl/src/crypto/des/Imakefile b/src/lib/libssl/src/crypto/des/Imakefile
new file mode 100644
index 0000000000..1b9b5629e1
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/Imakefile
@@ -0,0 +1,35 @@
+# This Imakefile has not been tested for a while but it should still
+# work when placed in the correct directory in the kerberos v 4 distribution
+SRCS=   cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \
+        qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \
+        enc_read.c enc_writ.c fcrypt.c cfb_enc.c \
+        ecb3_enc.c ofb_enc.c ofb64enc.c
+OBJS=   cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
+        qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \
+        enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
+        ecb3_enc.o ofb_enc.o ofb64enc.o
+GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \
+        vms.com KERBEROS
+DES=    des.c des.man
+TESTING=destest.c speed.c rpw.c
+LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h
+PERL=   des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+CODE=    $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL)
+SRCDIR=$(SRCTOP)/lib/des
+DBG= -O
+INCLUDE= -I$(SRCDIR)
+CC= cc
+library_obj_rule()
+install_library_target(des,$(OBJS),$(SRCS),)
+test(destest,libdes.a,)
+test(rpw,libdes.a,)
diff --git a/src/lib/libssl/src/crypto/des/KERBEROS b/src/lib/libssl/src/crypto/des/KERBEROS
new file mode 100644
index 0000000000..f401b10014
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/KERBEROS
@@ -0,0 +1,41 @@
+ [ This is an old file, I don't know if it is true anymore
+   but I will leave the file here - eay 21/11/95 ]
+To use this library with Bones (kerberos without DES):
+1) Get my modified Bones - eBones.  It can be found on
+   gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z
+   and
+   nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z
+2) Unpack this library in src/lib/des, makeing sure it is version
+   3.00 or greater (libdes.tar.93-10-07.Z).  This versions differences
+   from the version in comp.sources.misc volume 29 patchlevel2.
+   The primarily difference is that it should compile under kerberos :-).
+   It can be found at.
+   ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z
+Now do a normal kerberos build and things should work.
+One problem I found when I was build on my local sun.
+---
+For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c
+*** make_commands.c.orig        Fri Jul  3 04:18:35 1987
+--- make_commands.c     Wed May 20 08:47:42 1992
+***************
+*** 98,104 ****
+       if (!rename(o_file, z_file)) {
+          if (!vfork()) {
+               chdir("/tmp");
+!              execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n",
+                     z_file+5, 0);
+               perror("/bin/ld");
+               _exit(1);
+--- 98,104 ----
+       if (!rename(o_file, z_file)) {
+          if (!vfork()) {
+               chdir("/tmp");
+!              execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r",
+                     z_file+5, 0);
+               perror("/bin/ld");
+               _exit(1);
diff --git a/src/lib/libssl/src/crypto/des/README b/src/lib/libssl/src/crypto/des/README
new file mode 100644
index 0000000000..621a5ab467
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/README
@@ -0,0 +1,54 @@
+                libdes, Version 4.01 10-Jan-97
+                Copyright (c) 1997, Eric Young
+                          All rights reserved.
+    This program is free software; you can redistribute it and/or modify
+    it under the terms specified in COPYRIGHT.
+    
+--
+The primary ftp site for this library is
+ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz
+libdes is now also shipped with SSLeay.  Primary ftp site of
+ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
+The best way to build this library is to build it as part of SSLeay.
+This kit builds a DES encryption library and a DES encryption program.
+It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb,
+triple cfb, desx, and MIT's pcbc encryption modes and also has a fast
+implementation of crypt(3).
+It contains support routines to read keys from a terminal,
+generate a random key, generate a key from an arbitrary length string,
+read/write encrypted data from/to a file descriptor.
+The implementation was written so as to conform with the manual entry
+for the des_crypt(3) library routines from MIT's project Athena.
+destest should be run after compilation to test the des routines.
+rpw should be run after compilation to test the read password routines.
+The des program is a replacement for the sun des command.  I believe it
+conforms to the sun version.
+The Imakefile is setup for use in the kerberos distribution.
+These routines are best compiled with gcc or any other good
+optimising compiler.
+Just turn you optimiser up to the highest settings and run destest
+after the build to make sure everything works.
+I believe these routines are close to the fastest and most portable DES
+routines that use small lookup tables (4.5k) that are publicly available.
+The fcrypt routine is faster than ufc's fcrypt (when compiling with
+gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines
+(on a sun3/260 168 vs 336).  It is a function of CPU on chip cache size.
+[ 10-Jan-97 and a function of an incorrect speed testing program in
+  ufc which gave much better test figures that reality ].
+It is worth noting that on sparc and Alpha CPUs, performance of the DES
+library can vary by upto %10 due to the positioning of files after application
+linkage.
+Eric Young (eay@cryptsoft.com)
diff --git a/src/lib/libssl/src/crypto/des/VERSION b/src/lib/libssl/src/crypto/des/VERSION
new file mode 100644
index 0000000000..f62d8bdac0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/VERSION
@@ -0,0 +1,411 @@
+        Defining SIGACTION causes sigaction() to be used instead of signal().
+        SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it
+        can cause problems.  This should hopefully not affect normal
+        applications.
+Version 4.04
+        Fixed a few tests in destest.  Also added x86 assember for
+        des_ncbc_encrypt() which is the standard cbc mode function.
+        This makes a very very large performace difference.
+        Ariel Glenn ariel@columbia.edu reports that the terminal
+        'turn echo off' can return (errno == EINVAL) under solaris
+        when redirection is used.  So I now catch that as well as ENOTTY.
+Version 4.03
+        Left a static out of enc_write.c, which caused to buffer to be
+        continiously malloc()ed.  Does anyone use these functions?  I keep
+        on feeling like removing them since I only had these in there
+        for a version of kerberised login.  Anyway, this was pointed out
+        by Theo de Raadt <deraadt@cvs.openbsd.org>
+        The 'n' bit ofb code was wrong, it was not shifting the shift
+        register. It worked correctly for n == 64.  Thanks to
+        Gigi Ankeny <Gigi.Ankeny@Eng.Sun.COM> for pointing this one out.
+Version 4.02
+        I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)'
+        when checking for weak keys which is wrong :-(, pointed out by
+        Markus F.X.J. Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>.
+Version 4.01
+        Even faster inner loop in the DES assembler for x86 and a modification
+        for IP/FP which is faster on x86.  Both of these changes are
+        from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  His
+        changes make the assembler run %40 faster on a pentium.  This is just
+        a case of getting the instruction sequence 'just right'.
+        All credit to 'Svend' :-)
+        Quite a few special x86 'make' targets.
+        A libdes-l (lite) distribution.
+Version 4.00
+        After a bit of a pause, I'll up the major version number since this
+        is mostly a performace release.  I've added x86 assembler and
+        added more options for performance.  A %28 speedup for gcc 
+        on a pentium and the assembler is a %50 speedup.
+        MIPS CPU's, sparc and Alpha are the main CPU's with speedups.
+        Run des_opts to work out which options should be used.
+        DES_RISC1/DES_RISC2 use alternative inner loops which use
+        more registers but should give speedups on any CPU that does
+        dual issue (pentium).  DES_UNROLL unrolls the inner loop,
+        which costs in code size.
+Version 3.26
+        I've finally removed one of the shifts in D_ENCRYPT.  This
+        meant I've changed the des_SPtrans table (spr.h), the set_key()
+        function and some things in des_enc.c.  This has definitly
+        made things faster :-).  I've known about this one for some
+        time but I've been too lazy to follow it up :-).
+        Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^..
+        instead of L^=((..)|(..)|(..)..  This should save a register at
+        least.
+        Assember for x86.  The file to replace is des_enc.c, which is replaced
+        by one of the assembler files found in asm.  Look at des/asm/readme
+        for more info.
+        /* Modification to fcrypt so it can be compiled to support
+        HPUX 10.x's long password format, define -DLONGCRYPT to use this.
+        Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */
+        SIGWINCH case put in des_read_passwd() so the function does not
+        'exit' if this function is recieved.
+Version 3.25 17/07/96
+        Modified read_pwd.c so that stdin can be read if not a tty.
+        Thanks to Jeff Barber <jeffb@issl.atl.hp.com> for the patches.
+        des_init_random_number_generator() shortened due to VMS linker
+        limits.
+        Added RSA's DESX cbc mode.  It is a form of cbc encryption, with 2
+        8 byte quantites xored before and after encryption.
+        des_xcbc_encryption() - the name is funny to preserve the des_
+        prefix on all functions.
+Version 3.24 20/04/96
+        The DES_PTR macro option checked and used by SSLeay configuration
+Version 3.23 11/04/96
+        Added DES_LONG.  If defined to 'unsigned int' on the DEC Alpha,
+        it gives a %20 speedup :-)
+        Fixed the problem with des.pl under perl5.  The patches were
+        sent by Ed Kubaitis (ejk@uiuc.edu).
+        if fcrypt.c, changed values to handle illegal salt values the way
+        normal crypt() implementations do.  Some programs apparently use
+        them :-(. The patch was sent by Bjorn Gronvall <bg@sics.se>
+Version 3.22 29/11/95
+        Bug in des(1), an error with the uuencoding stuff when the
+        'data' is small, thanks to Geoff Keating <keagchon@mehta.anu.edu.au>
+        for the patch.
+Version 3.21 22/11/95
+        After some emailing back and forth with 
+        Colin Plumb <colin@nyx10.cs.du.edu>, I've tweaked a few things
+        and in a future version I will probably put in some of the
+        optimisation he suggested for use with the DES_USE_PTR option.
+        Extra routines from Mark Murray <mark@grondar.za> for use in
+        freeBSD.  They mostly involve random number generation for use
+        with kerberos.  They involve evil machine specific system calls
+        etc so I would normally suggest pushing this stuff into the
+        application and/or using RAND_seed()/RAND_bytes() if you are
+        using this DES library as part of SSLeay.
+        Redone the read_pw() function so that it is cleaner and
+        supports termios, thanks to Sameer Parekh <sameer@c2.org>
+        for the initial patches for this.
+        Renamed 3ecb_encrypt() to ecb3_encrypt().  This has been
+         done just to make things more consistent.
+        I have also now added triple DES versions of cfb and ofb.
+Version 3.20
+        Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com,
+        my des_random_seed() function was only copying 4 bytes of the
+        passed seed into the init structure.  It is now fixed to copy 8.
+        My own suggestion is to used something like MD5 :-)
+Version 3.19 
+        While looking at my code one day, I though, why do I keep on
+        calling des_encrypt(in,out,ks,enc) when every function that
+        calls it has in and out the same.  So I dropped the 'out'
+        parameter, people should not be using this function.
+Version 3.18 30/08/95
+        Fixed a few bit with the distribution and the filenames.
+        3.17 had been munged via a move to DOS and back again.
+        NO CODE CHANGES
+Version 3.17 14/07/95
+        Fixed ede3 cbc which I had broken in 3.16.  I have also
+        removed some unneeded variables in 7-8 of the routines.
+Version 3.16 26/06/95
+        Added des_encrypt2() which does not use IP/FP, used by triple
+        des routines.  Tweaked things a bit elsewhere. %13 speedup on
+        sparc and %6 on a R4400 for ede3 cbc mode.
+Version 3.15 06/06/95
+        Added des_ncbc_encrypt(), it is des_cbc mode except that it is
+        'normal' and copies the new iv value back over the top of the
+        passed parameter.
+        CHANGED des_ede3_cbc_encrypt() so that it too now overwrites
+        the iv.  THIS WILL BREAK EXISTING CODE, but since this function
+        only new, I feel I can change it, not so with des_cbc_encrypt :-(.
+        I need to update the documentation.
+Version 3.14 31/05/95
+        New release upon the world, as part of my SSL implementation.
+        New copyright and usage stuff.  Basically free for all to use
+        as long as you say it came from me :-)
+Version 3.13 31/05/95
+        A fix in speed.c, if HZ is not defined, I set it to 100.0
+        which is reasonable for most unixes except SunOS 4.x.
+        I now have a #ifdef sun but timing for SunOS 4.x looked very
+        good :-(.  At my last job where I used SunOS 4.x, it was
+        defined to be 60.0 (look at the old INSTALL documentation), at
+        the last release had it changed to 100.0 since I now work with
+        Solaris2 and SVR4 boxes.
+        Thanks to  Rory Chisholm <rchishol@math.ethz.ch> for pointing this
+        one out.
+Version 3.12 08/05/95
+        As pointed out by The Crypt Keeper <tck@bend.UCSD.EDU>,
+        my D_ENCRYPT macro in crypt() had an un-necessary variable.
+        It has been removed.
+Version 3.11 03/05/95
+        Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys
+        and one iv.  It is a standard and I needed it for my SSL code.
+        It makes more sense to use this for triple DES than
+        3cbc_encrypt().  I have also added (or should I say tested :-)
+        cfb64_encrypt() which is cfb64 but it will encrypt a partial
+        number of bytes - 3 bytes in 3 bytes out.  Again this is for
+        my SSL library, as a form of encryption to use with SSL
+        telnet.
+Version 3.10 22/03/95
+        Fixed a bug in 3cbc_encrypt() :-(.  When making repeated calls
+        to cbc3_encrypt, the 2 iv values that were being returned to
+        be used in the next call were reversed :-(.
+        Many thanks to Bill Wade <wade@Stoner.COM> for pointing out
+        this error.
+Version 3.09 01/02/95
+        Fixed des_random_key to far more random, it was rather feeble
+        with regards to picking the initial seed.  The problem was
+        pointed out by Olaf Kirch <okir@monad.swb.de>.
+Version 3.08 14/12/94
+        Added Makefile.PL so libdes can be built into perl5.
+        Changed des_locl.h so RAND is always defined.
+Version 3.07 05/12/94
+        Added GNUmake and stuff so the library can be build with
+        glibc.
+Version 3.06 30/08/94
+        Added rpc_enc.c which contains _des_crypt.  This is for use in
+        secure_rpc v 4.0
+        Finally fixed the cfb_enc problems.
+        Fixed a few parameter parsing bugs in des (-3 and -b), thanks
+        to Rob McMillan <R.McMillan@its.gu.edu.au>
+Version 3.05 21/04/94
+        for unsigned long l; gcc does not produce ((l>>34) == 0)
+        This causes bugs in cfb_enc.
+        Thanks to Hadmut Danisch <danisch@ira.uka.de>
+Version 3.04 20/04/94
+        Added a version number to des.c and libdes.a
+Version 3.03 12/01/94
+        Fixed a bug in non zero iv in 3cbc_enc.
+Version 3.02 29/10/93
+        I now work in a place where there are 6+ architectures and 14+
+        OS versions :-).
+        Fixed TERMIO definition so the most sys V boxes will work :-)
+Release upon comp.sources.misc
+Version 3.01 08/10/93
+        Added des_3cbc_encrypt()
+Version 3.00 07/10/93
+        Fixed up documentation.
+        quad_cksum definitely compatible with MIT's now.
+Version 2.30 24/08/93
+        Triple DES now defaults to triple cbc but can do triple ecb
+         with the -b flag.
+        Fixed some MSDOS uuen/uudecoding problems, thanks to
+        Added prototypes.
+        
+Version 2.22 29/06/93
+        Fixed a bug in des_is_weak_key() which stopped it working :-(
+        thanks to engineering@MorningStar.Com.
+Version 2.21 03/06/93
+        des(1) with no arguments gives quite a bit of help.
+        Added -c (generate ckecksum) flag to des(1).
+        Added -3 (triple DES) flag to des(1).
+        Added cfb and ofb routines to the library.
+Version 2.20 11/03/93
+        Added -u (uuencode) flag to des(1).
+        I have been playing with byte order in quad_cksum to make it
+         compatible with MIT's version.  All I can say is avid this
+         function if possible since MIT's output is endian dependent.
+Version 2.12 14/10/92
+        Added MSDOS specific macro in ecb_encrypt which gives a %70
+         speed up when the code is compiled with turbo C.
+Version 2.11 12/10/92
+        Speedup in set_key (recoding of PC-1)
+         I now do it in 47 simple operations, down from 60.
+         Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+         for motivating me to look for a faster system :-)
+         The speedup is probably less that 1% but it is still 13
+         instructions less :-).
+Version 2.10 06/10/92
+        The code now works on the 64bit ETA10 and CRAY without modifications or
+         #defines.  I believe the code should work on any machine that
+         defines long, int or short to be 8 bytes long.
+        Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu)
+         for helping me fix the code to run on 64bit machines (he had
+         access to an ETA10).
+        Thanks also to John Fletcher <john_fletcher@lccmail.ocf.llnl.gov>
+         for testing the routines on a CRAY.
+        read_password.c has been renamed to read_passwd.c
+        string_to_key.c has been renamed to string2key.c
+Version 2.00 14/09/92
+        Made mods so that the library should work on 64bit CPU's.
+        Removed all my uchar and ulong defs.  To many different
+         versions of unix define them in their header files in too many
+         different combinations :-)
+        IRIX - Sillicon Graphics mods (mostly in read_password.c).
+         Thanks to Andrew Daviel (advax@erich.triumf.ca)
+Version 1.99 26/08/92
+        Fixed a bug or 2 in enc_read.c
+        Fixed a bug in enc_write.c
+        Fixed a pseudo bug in fcrypt.c (very obscure).
+Version 1.98 31/07/92
+        Support for the ETA10.  This is a strange machine that defines
+        longs and ints as 8 bytes and shorts as 4 bytes.
+        Since I do evil things with long * that assume that they are 4
+        bytes.  Look in the Makefile for the option to compile for
+        this machine.  quad_cksum appears to have problems but I
+        will don't have the time to fix it right now, and this is not
+        a function that uses DES and so will not effect the main uses
+        of the library.
+Version 1.97 20/05/92 eay
+        Fixed the Imakefile and made some changes to des.h to fix some
+        problems when building this package with Kerberos v 4.
+Version 1.96 18/05/92 eay
+        Fixed a small bug in string_to_key() where problems could
+        occur if des_check_key was set to true and the string
+        generated a weak key.
+Patch2 posted to comp.sources.misc
+Version 1.95 13/05/92 eay
+        Added an alternative version of the D_ENCRYPT macro in
+        ecb_encrypt and fcrypt.  Depending on the compiler, one version or the
+        other will be faster.  This was inspired by 
+        Dana How <how@isl.stanford.edu>, and her pointers about doing the
+        *(ulong *)((uchar *)ptr+(value&0xfc))
+        vs
+        ptr[value&0x3f]
+        to stop the C compiler doing a <<2 to convert the long array index.
+Version 1.94 05/05/92 eay
+        Fixed an incompatibility between my string_to_key and the MIT
+         version.  When the key is longer than 8 chars, I was wrapping
+         with a different method.  To use the old version, define
+         OLD_STR_TO_KEY in the makefile.  Thanks to
+         viktor@newsu.shearson.com (Viktor Dukhovni).
+Version 1.93 28/04/92 eay
+        Fixed the VMS mods so that echo is now turned off in
+         read_password.  Thanks again to brennan@coco.cchs.su.oz.AU.
+        MSDOS support added.  The routines can be compiled with
+         Turbo C (v2.0) and MSC (v5.1).  Make sure MSDOS is defined.
+Patch1 posted to comp.sources.misc
+Version 1.92 13/04/92 eay
+        Changed D_ENCRYPT so that the rotation of R occurs outside of
+         the loop.  This required rotating all the longs in sp.h (now
+         called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+        speed.c has been changed so it will work without SIGALRM.  If
+         times(3) is not present it will try to use ftime() instead.
+Version 1.91 08/04/92 eay
+        Added -E/-D options to des(1) so it can use string_to_key.
+        Added SVR4 mods suggested by witr@rwwa.COM
+        Added VMS mods suggested by brennan@coco.cchs.su.oz.AU.  If
+        anyone knows how to turn of tty echo in VMS please tell me or
+        implement it yourself :-).
+        Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS
+        does not like IN/OUT being used.
+Libdes posted to comp.sources.misc
+Version 1.9 24/03/92 eay
+        Now contains a fast small crypt replacement.
+        Added des(1) command.
+        Added des_rw_mode so people can use cbc encryption with
+        enc_read and enc_write.
+Version 1.8 15/10/91 eay
+        Bug in cbc_cksum.
+        Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this
+        one out.
+Version 1.7 24/09/91 eay
+        Fixed set_key :-)
+        set_key is 4 times faster and takes less space.
+        There are a few minor changes that could be made.
+Version 1.6 19/09/1991 eay
+        Finally go IP and FP finished.
+        Now I need to fix set_key.
+        This version is quite a bit faster that 1.51
+Version 1.52 15/06/1991 eay
+        20% speedup in ecb_encrypt by changing the E bit selection
+        to use 2 32bit words.  This also required modification of the
+        sp table.  There is still a way to speedup the IP and IP-1
+        (hints from outer@sq.com) still working on this one :-(.
+Version 1.51 07/06/1991 eay
+        Faster des_encrypt by loop unrolling
+        Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu)
+Version 1.50 28/05/1991 eay
+        Optimised the code a bit more for the sparc.  I have improved the
+        speed of the inner des_encrypt by speeding up the initial and
+        final permutations.
+Version 1.40 23/10/1990 eay
+        Fixed des_random_key, it did not produce a random key :-(
+Version 1.30  2/10/1990 eay
+        Have made des_quad_cksum the same as MIT's, the full package
+        should be compatible with MIT's
+        Have tested on a DECstation 3100
+        Still need to fix des_set_key (make it faster).
+        Does des_cbc_encrypts at 70.5k/sec on a 3100.
+Version 1.20 18/09/1990 eay
+        Fixed byte order dependencies.
+        Fixed (I hope) all the word alignment problems.
+        Speedup in des_ecb_encrypt.
+Version 1.10 11/09/1990 eay
+        Added des_enc_read and des_enc_write.
+        Still need to fix des_quad_cksum.
+        Still need to document des_enc_read and des_enc_write.
+Version 1.00 27/08/1990 eay
diff --git a/src/lib/libssl/src/crypto/des/asm/crypt586.pl b/src/lib/libssl/src/crypto/des/asm/crypt586.pl
new file mode 100644
index 0000000000..297e38dec8
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/asm/crypt586.pl
@@ -0,0 +1,204 @@
+#!/usr/bin/perl
+#
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+# I've added the stuff needed for crypt() but I've not worried about making
+# things perfect.
+#
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+&asm_init($ARGV[0],"crypt586.pl");
+$L="edi";
+$R="esi";
+&external_label("des_SPtrans");
+&fcrypt_body("fcrypt_body");
+&asm_finish();
+sub fcrypt_body
+        {
+        local($name,$do_ip)=@_;
+        &function_begin($name,"EXTRN   _des_SPtrans:DWORD");
+        &comment("");
+        &comment("Load the 2 words");
+        $ks="ebp";
+        &xor(   $L,     $L);
+        &xor(   $R,     $R);
+        &mov($ks,&wparam(1));
+        &push(25); # add a variable
+        &set_label("start");
+        for ($i=0; $i<16; $i+=2)
+                {
+                &comment("");
+                &comment("Round $i");
+                &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+                &comment("");
+                &comment("Round ".sprintf("%d",$i+1));
+                &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+                }
+         &mov("ebx",    &swtmp(0));
+        &mov("eax",     $L);
+         &dec("ebx");
+        &mov($L,        $R);
+         &mov($R,       "eax");
+        &mov(&swtmp(0), "ebx");
+         &jnz(&label("start"));
+        &comment("");
+        &comment("FP");
+        &mov("edx",&wparam(0));
+        &FP_new($R,$L,"eax",3);
+        &mov(&DWP(0,"edx","",0),"eax");
+        &mov(&DWP(4,"edx","",0),$L);
+        &pop("ecx");    # remove variable
+        &function_end($name);
+        }
+sub D_ENCRYPT
+        {
+        local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+        &mov(   $u,             &wparam(2));                    # 2
+        &mov(   $t,             $R);
+        &shr(   $t,             16);                            # 1
+        &mov(   $tmp2,          &wparam(3));                    # 2
+        &xor(   $t,             $R);                            # 1
+        &and(   $u,             $t);                            # 2
+        &and(   $t,             $tmp2);                         # 2
+        &mov(   $tmp1,          $u);
+        &shl(   $tmp1,          16);                            # 1
+        &mov(   $tmp2,          $t);
+        &shl(   $tmp2,          16);                            # 1
+        &xor(   $u,             $tmp1);                         # 2
+        &xor(   $t,             $tmp2);                         # 2
+        &mov(   $tmp1,          &DWP(&n2a($S*4),$ks,"",0));     # 2
+        &xor(   $u,             $tmp1);
+        &mov(   $tmp2,          &DWP(&n2a(($S+1)*4),$ks,"",0)); # 2
+        &xor(   $u,             $R);
+        &xor(   $t,             $R);
+        &xor(   $t,             $tmp2);
+        &and(   $u,             "0xfcfcfcfc"    );              # 2
+        &xor(   $tmp1,          $tmp1);                         # 1
+        &and(   $t,             "0xcfcfcfcf"    );              # 2
+        &xor(   $tmp2,          $tmp2); 
+        &movb(  &LB($tmp1),     &LB($u) );
+        &movb(  &LB($tmp2),     &HB($u) );
+        &rotr(  $t,             4               );
+        &mov(   $ks,            &DWP("      $desSP",$tmp1,"",0));
+        &movb(  &LB($tmp1),     &LB($t) );
+        &xor(   $L,             $ks);
+        &mov(   $ks,            &DWP("0x200+$desSP",$tmp2,"",0));
+        &xor(   $L,             $ks);
+        &movb(  &LB($tmp2),     &HB($t) );
+        &shr(   $u,             16);
+        &mov(   $ks,            &DWP("0x100+$desSP",$tmp1,"",0));
+        &xor(   $L,             $ks); 
+        &movb(  &LB($tmp1),     &HB($u) );
+        &shr(   $t,             16);
+        &mov(   $ks,            &DWP("0x300+$desSP",$tmp2,"",0));
+        &xor(   $L,             $ks);
+        &mov(   $ks,            &wparam(1));
+        &movb(  &LB($tmp2),     &HB($t) );
+        &and(   $u,             "0xff"  );
+        &and(   $t,             "0xff"  );
+        &mov(   $tmp1,          &DWP("0x600+$desSP",$tmp1,"",0));
+        &xor(   $L,             $tmp1);
+        &mov(   $tmp1,          &DWP("0x700+$desSP",$tmp2,"",0));
+        &xor(   $L,             $tmp1);
+        &mov(   $tmp1,          &DWP("0x400+$desSP",$u,"",0));
+        &xor(   $L,             $tmp1);
+        &mov(   $tmp1,          &DWP("0x500+$desSP",$t,"",0));
+        &xor(   $L,             $tmp1);
+        }
+sub n2a
+        {
+        sprintf("%d",$_[0]);
+        }
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+        {
+        local($a,$b,$tt,$shift,$mask,$last)=@_;
+        &rotl(  $a,             $shift          ) if ($shift != 0);
+        &mov(   $tt,            $a              );
+        &xor(   $a,             $b              );
+        &and(   $a,             $mask           );
+        if ($notlast eq $b)
+                {
+                &xor(   $b,             $a              );
+                &xor(   $tt,            $a              );
+                }
+        else
+                {
+                &xor(   $tt,            $a              );
+                &xor(   $b,             $a              );
+                }
+        &comment("");
+        }
+sub IP_new
+        {
+        local($l,$r,$tt,$lr)=@_;
+        &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+        &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+        &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+        &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+        &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+        
+        if ($lr != 3)
+                {
+                if (($lr-3) < 0)
+                        { &rotr($tt,    3-$lr); }
+                else    { &rotl($tt,    $lr-3); }
+                }
+        if ($lr != 2)
+                {
+                if (($lr-2) < 0)
+                        { &rotr($r,     2-$lr); }
+                else    { &rotl($r,     $lr-2); }
+                }
+        }
+sub FP_new
+        {
+        local($l,$r,$tt,$lr)=@_;
+        if ($lr != 2)
+                {
+                if (($lr-2) < 0)
+                        { &rotl($r,     2-$lr); }
+                else    { &rotr($r,     $lr-2); }
+                }
+        if ($lr != 3)
+                {
+                if (($lr-3) < 0)
+                        { &rotl($l,     3-$lr); }
+                else    { &rotr($l,     $lr-3); }
+                }
+        &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+        &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+        &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+        &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+        &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+        &rotr($tt       , 4);
+        }
diff --git a/src/lib/libssl/src/crypto/des/asm/des-586.pl b/src/lib/libssl/src/crypto/des/asm/des-586.pl
new file mode 100644
index 0000000000..7f2e09fa7a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/asm/des-586.pl
@@ -0,0 +1,251 @@
+#!/usr/bin/perl
+#
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+#
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+require "desboth.pl";
+# base code is in microsft
+# op dest, source
+# format.
+#
+&asm_init($ARGV[0],"des-586.pl");
+$L="edi";
+$R="esi";
+&external_label("des_SPtrans");
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
+&asm_finish();
+sub des_encrypt
+        {
+        local($name,$do_ip)=@_;
+        &function_begin_B($name,"EXTRN   _des_SPtrans:DWORD");
+        &push("esi");
+        &push("edi");
+        &comment("");
+        &comment("Load the 2 words");
+        $ks="ebp";
+        if ($do_ip)
+                {
+                &mov($R,&wparam(0));
+                 &xor(  "ecx",          "ecx"           );
+                &push("ebx");
+                &push("ebp");
+                &mov("eax",&DWP(0,$R,"",0));
+                 &mov("ebx",&wparam(2));        # get encrypt flag
+                &mov($L,&DWP(4,$R,"",0));
+                &comment("");
+                &comment("IP");
+                &IP_new("eax",$L,$R,3);
+                }
+        else
+                {
+                &mov("eax",&wparam(0));
+                 &xor(  "ecx",          "ecx"           );
+                &push("ebx");
+                &push("ebp");
+                &mov($R,&DWP(0,"eax","",0));
+                 &mov("ebx",&wparam(2));        # get encrypt flag
+                &rotl($R,3);
+                &mov($L,&DWP(4,"eax","",0));
+                &rotl($L,3);
+                }
+        &mov(   $ks,            &wparam(1)      );
+        &cmp("ebx","0");
+        &je(&label("start_decrypt"));
+        for ($i=0; $i<16; $i+=2)
+                {
+                &comment("");
+                &comment("Round $i");
+                &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+                &comment("");
+                &comment("Round ".sprintf("%d",$i+1));
+                &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+                }
+        &jmp(&label("end"));
+        &set_label("start_decrypt");
+        for ($i=15; $i>0; $i-=2)
+                {
+                &comment("");
+                &comment("Round $i");
+                &D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+                &comment("");
+                &comment("Round ".sprintf("%d",$i-1));
+                &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+                }
+        &set_label("end");
+        if ($do_ip)
+                {
+                &comment("");
+                &comment("FP");
+                &mov("edx",&wparam(0));
+                &FP_new($L,$R,"eax",3);
+                &mov(&DWP(0,"edx","",0),"eax");
+                &mov(&DWP(4,"edx","",0),$R);
+                }
+        else
+                {
+                &comment("");
+                &comment("Fixup");
+                &rotr($L,3);            # r
+                 &mov("eax",&wparam(0));
+                &rotr($R,3);            # l
+                 &mov(&DWP(0,"eax","",0),$L);
+                 &mov(&DWP(4,"eax","",0),$R);
+                }
+        &pop("ebp");
+        &pop("ebx");
+        &pop("edi");
+        &pop("esi");
+        &ret();
+        &function_end_B($name);
+        }
+sub D_ENCRYPT
+        {
+        local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+         &mov(  $u,             &DWP(&n2a($S*4),$ks,"",0));
+        &xor(   $tmp1,          $tmp1);
+         &mov(  $t,             &DWP(&n2a(($S+1)*4),$ks,"",0));
+        &xor(   $u,             $R);
+         &xor(  $t,             $R);
+        &and(   $u,             "0xfcfcfcfc"    );
+         &and(  $t,             "0xcfcfcfcf"    );
+        &movb(  &LB($tmp1),     &LB($u) );
+         &movb( &LB($tmp2),     &HB($u) );
+        &rotr(  $t,             4               );
+        &mov(   $ks,            &DWP("      $desSP",$tmp1,"",0));
+         &movb( &LB($tmp1),     &LB($t) );
+        &xor(   $L,             $ks);
+         &mov(  $ks,            &DWP("0x200+$desSP",$tmp2,"",0));
+        &xor(   $L,             $ks); ######
+         &movb( &LB($tmp2),     &HB($t) );
+        &shr(   $u,             16);
+         &mov(  $ks,            &DWP("0x100+$desSP",$tmp1,"",0));
+        &xor(   $L,             $ks); ######
+         &movb( &LB($tmp1),     &HB($u) );
+        &shr(   $t,             16);
+         &mov(  $ks,            &DWP("0x300+$desSP",$tmp2,"",0));
+        &xor(   $L,             $ks);
+         &mov(  $ks,            &wparam(1)      );
+        &movb(  &LB($tmp2),     &HB($t) );
+         &and(  $u,             "0xff"  );
+        &and(   $t,             "0xff"  );
+         &mov(  $tmp1,          &DWP("0x600+$desSP",$tmp1,"",0));
+        &xor(   $L,             $tmp1);
+         &mov(  $tmp1,          &DWP("0x700+$desSP",$tmp2,"",0));
+        &xor(   $L,             $tmp1);
+         &mov(  $tmp1,          &DWP("0x400+$desSP",$u,"",0));
+        &xor(   $L,             $tmp1);
+         &mov(  $tmp1,          &DWP("0x500+$desSP",$t,"",0));
+        &xor(   $L,             $tmp1);
+        }
+sub n2a
+        {
+        sprintf("%d",$_[0]);
+        }
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+        {
+        local($a,$b,$tt,$shift,$mask,$last)=@_;
+        &rotl(  $a,             $shift          ) if ($shift != 0);
+        &mov(   $tt,            $a              );
+        &xor(   $a,             $b              );
+        &and(   $a,             $mask           );
+        if (!$last eq $b)
+                {
+                &xor(   $b,             $a              );
+                &xor(   $tt,            $a              );
+                }
+        else
+                {
+                &xor(   $tt,            $a              );
+                &xor(   $b,             $a              );
+                }
+        &comment("");
+        }
+sub IP_new
+        {
+        local($l,$r,$tt,$lr)=@_;
+        &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+        &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+        &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+        &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+        &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+        
+        if ($lr != 3)
+                {
+                if (($lr-3) < 0)
+                        { &rotr($tt,    3-$lr); }
+                else    { &rotl($tt,    $lr-3); }
+                }
+        if ($lr != 2)
+                {
+                if (($lr-2) < 0)
+                        { &rotr($r,     2-$lr); }
+                else    { &rotl($r,     $lr-2); }
+                }
+        }
+sub FP_new
+        {
+        local($l,$r,$tt,$lr)=@_;
+        if ($lr != 2)
+                {
+                if (($lr-2) < 0)
+                        { &rotl($r,     2-$lr); }
+                else    { &rotr($r,     $lr-2); }
+                }
+        if ($lr != 3)
+                {
+                if (($lr-3) < 0)
+                        { &rotl($l,     3-$lr); }
+                else    { &rotr($l,     $lr-3); }
+                }
+        &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+        &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+        &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+        &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+        &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+        &rotr($tt       , 4);
+        }
diff --git a/src/lib/libssl/src/crypto/des/asm/des686.pl b/src/lib/libssl/src/crypto/des/asm/des686.pl
new file mode 100644
index 0000000000..cf1a82fb5c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/asm/des686.pl
@@ -0,0 +1,230 @@
+#!/usr/bin/perl
+$prog="des686.pl";
+# base code is in microsft
+# op dest, source
+# format.
+#
+# WILL NOT WORK ANYMORE WITH desboth.pl
+require "desboth.pl";
+if (    ($ARGV[0] eq "elf"))
+        { require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "a.out"))
+        { $aout=1; require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "sol"))
+        { $sol=1; require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "cpp"))
+        { $cpp=1; require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "win32"))
+        { require "x86ms.pl"; }
+else
+        {
+        print STDERR <<"EOF";
+Pick one target type from
+        elf     - linux, FreeBSD etc
+        a.out   - old linux
+        sol     - x86 solaris
+        cpp     - format so x86unix.cpp can be used
+        win32   - Windows 95/Windows NT
+EOF
+        exit(1);
+        }
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
+&comment("eric <eay\@cryptsoft.com>");
+&comment("");
+&file("dx86xxxx");
+$L="edi";
+$R="esi";
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+&file_end();
+sub des_encrypt
+        {
+        local($name,$do_ip)=@_;
+        &function_begin($name,"EXTRN   _des_SPtrans:DWORD");
+        &comment("");
+        &comment("Load the 2 words");
+        &mov("eax",&wparam(0));
+        &mov($L,&DWP(0,"eax","",0));
+        &mov($R,&DWP(4,"eax","",0));
+        $ksp=&wparam(1);
+        if ($do_ip)
+                {
+                &comment("");
+                &comment("IP");
+                &IP_new($L,$R,"eax");
+                }
+        &comment("");
+        &comment("fixup rotate");
+        &rotl($R,3);
+        &rotl($L,3);
+        &exch($L,$R);
+        &comment("");
+        &comment("load counter, key_schedule and enc flag");
+        &mov("eax",&wparam(2)); # get encrypt flag
+        &mov("ebp",&wparam(1)); # get ks
+        &cmp("eax","0");
+        &je(&label("start_decrypt"));
+        # encrypting part
+        for ($i=0; $i<16; $i+=2)
+                {
+                &comment("");
+                &comment("Round $i");
+                &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+                &comment("");
+                &comment("Round ".sprintf("%d",$i+1));
+                &D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+                }
+        &jmp(&label("end"));
+        &set_label("start_decrypt");
+        for ($i=15; $i>0; $i-=2)
+                {
+                &comment("");
+                &comment("Round $i");
+                &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+                &comment("");
+                &comment("Round ".sprintf("%d",$i-1));
+                &D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+                }
+        &set_label("end");
+        &comment("");
+        &comment("Fixup");
+        &rotr($L,3);            # r
+        &rotr($R,3);            # l
+        if ($do_ip)
+                {
+                &comment("");
+                &comment("FP");
+                &FP_new($R,$L,"eax");
+                }
+        &mov("eax",&wparam(0));
+        &mov(&DWP(0,"eax","",0),$L);
+        &mov(&DWP(4,"eax","",0),$R);
+        &function_end($name);
+        }
+# The logic is to load R into 2 registers and operate on both at the same time.
+# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte'
+# while also masking the other copy and doing a lookup.  We then also accumulate the
+# L value in 2 registers then combine them at the end.
+sub D_ENCRYPT
+        {
+        local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_;
+        &mov(   $u,             &DWP(&n2a($S*4),$ks,"",0));
+        &mov(   $t,             &DWP(&n2a(($S+1)*4),$ks,"",0));
+        &xor(   $u,             $R              );
+        &xor(   $t,             $R              );
+        &rotr(  $t,             4               );
+        # the numbers at the end of the line are origional instruction order
+        &mov(   $tmp2,          $u              );                      # 1 2
+        &mov(   $tmp1,          $t              );                      # 1 1
+        &and(   $tmp2,          "0xfc"          );                      # 1 4
+        &and(   $tmp1,          "0xfc"          );                      # 1 3
+        &shr(   $t,             8               );                      # 1 5
+        &xor(   $L,             &DWP("0x100+$desSP",$tmp1,"",0));       # 1 7
+        &shr(   $u,             8               );                      # 1 6
+        &mov(   $tmp1,          &DWP("      $desSP",$tmp2,"",0));       # 1 8
+        &mov(   $tmp2,          $u              );                      # 2 2
+        &xor(   $L,             $tmp1           );                      # 1 9
+        &and(   $tmp2,          "0xfc"          );                      # 2 4
+        &mov(   $tmp1,          $t              );                      # 2 1
+        &and(   $tmp1,          "0xfc"          );                      # 2 3
+        &shr(   $t,             8               );                      # 2 5
+        &xor(   $L,             &DWP("0x300+$desSP",$tmp1,"",0));       # 2 7
+        &shr(   $u,             8               );                      # 2 6
+        &mov(   $tmp1,          &DWP("0x200+$desSP",$tmp2,"",0));       # 2 8
+        &mov(   $tmp2,          $u              );                      # 3 2
+        &xor(   $L,             $tmp1           );                      # 2 9
+        &and(   $tmp2,          "0xfc"          );                      # 3 4
+        &mov(   $tmp1,          $t              );                      # 3 1 
+        &shr(   $u,             8               );                      # 3 6
+        &and(   $tmp1,          "0xfc"          );                      # 3 3
+        &shr(   $t,             8               );                      # 3 5
+        &xor(   $L,             &DWP("0x500+$desSP",$tmp1,"",0));       # 3 7
+        &mov(   $tmp1,          &DWP("0x400+$desSP",$tmp2,"",0));       # 3 8
+        &and(   $t,             "0xfc"          );                      # 4 1
+        &xor(   $L,             $tmp1           );                      # 3 9
+        &and(   $u,             "0xfc"          );                      # 4 2
+        &xor(   $L,             &DWP("0x700+$desSP",$t,"",0));          # 4 3
+        &xor(   $L,             &DWP("0x600+$desSP",$u,"",0));          # 4 4
+        }
+sub PERM_OP
+        {
+        local($a,$b,$tt,$shift,$mask)=@_;
+        &mov(   $tt,            $a              );
+        &shr(   $tt,            $shift          );
+        &xor(   $tt,            $b              );
+        &and(   $tt,            $mask           );
+        &xor(   $b,             $tt             );
+        &shl(   $tt,            $shift          );
+        &xor(   $a,             $tt             );
+        }
+sub IP_new
+        {
+        local($l,$r,$tt)=@_;
+        &PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");
+        &PERM_OP($l,$r,$tt,16,"0x0000ffff");
+        &PERM_OP($r,$l,$tt, 2,"0x33333333");
+        &PERM_OP($l,$r,$tt, 8,"0x00ff00ff");
+        &PERM_OP($r,$l,$tt, 1,"0x55555555");
+        }
+sub FP_new
+        {
+        local($l,$r,$tt)=@_;
+        &PERM_OP($l,$r,$tt, 1,"0x55555555");
+        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");
+        &PERM_OP($l,$r,$tt, 2,"0x33333333");
+        &PERM_OP($r,$l,$tt,16,"0x0000ffff");
+        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");
+        }
+sub n2a
+        {
+        sprintf("%d",$_[0]);
+        }
diff --git a/src/lib/libssl/src/crypto/des/asm/desboth.pl b/src/lib/libssl/src/crypto/des/asm/desboth.pl
new file mode 100644
index 0000000000..8f939953a6
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/asm/desboth.pl
@@ -0,0 +1,79 @@
+#!/usr/bin/perl
+$L="edi";
+$R="esi";
+sub des_encrypt3
+        {
+        local($name,$enc)=@_;
+        &function_begin_B($name,"");
+        &push("ebx");
+        &mov("ebx",&wparam(0));
+        &push("ebp");
+        &push("esi");
+        &push("edi");
+        &comment("");
+        &comment("Load the data words");
+        &mov($L,&DWP(0,"ebx","",0));
+        &mov($R,&DWP(4,"ebx","",0));
+        &stack_push(3);
+        &comment("");
+        &comment("IP");
+        &IP_new($L,$R,"edx",0);
+        # put them back
+        
+        if ($enc)
+                {
+                &mov(&DWP(4,"ebx","",0),$R);
+                 &mov("eax",&wparam(1));
+                &mov(&DWP(0,"ebx","",0),"edx");
+                 &mov("edi",&wparam(2));
+                 &mov("esi",&wparam(3));
+                }
+        else
+                {
+                &mov(&DWP(4,"ebx","",0),$R);
+                 &mov("esi",&wparam(1));
+                &mov(&DWP(0,"ebx","",0),"edx");
+                 &mov("edi",&wparam(2));
+                 &mov("eax",&wparam(3));
+                }
+        &mov(&swtmp(2), (($enc)?"1":"0"));
+        &mov(&swtmp(1), "eax");
+        &mov(&swtmp(0), "ebx");
+        &call("des_encrypt2");
+        &mov(&swtmp(2), (($enc)?"0":"1"));
+        &mov(&swtmp(1), "edi");
+        &mov(&swtmp(0), "ebx");
+        &call("des_encrypt2");
+        &mov(&swtmp(2), (($enc)?"1":"0"));
+        &mov(&swtmp(1), "esi");
+        &mov(&swtmp(0), "ebx");
+        &call("des_encrypt2");
+        &stack_pop(3);
+        &mov($L,&DWP(0,"ebx","",0));
+        &mov($R,&DWP(4,"ebx","",0));
+        &comment("");
+        &comment("FP");
+        &FP_new($L,$R,"eax",0);
+        &mov(&DWP(0,"ebx","",0),"eax");
+        &mov(&DWP(4,"ebx","",0),$R);
+        &pop("edi");
+        &pop("esi");
+        &pop("ebp");
+        &pop("ebx");
+        &ret();
+        &function_end_B($name);
+        }
diff --git a/src/lib/libssl/src/crypto/des/asm/readme b/src/lib/libssl/src/crypto/des/asm/readme
new file mode 100644
index 0000000000..f8529d9307
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/asm/readme
@@ -0,0 +1,131 @@
+First up, let me say I don't like writing in assembler.  It is not portable,
+dependant on the particular CPU architecture release and is generally a pig
+to debug and get right.  Having said that, the x86 architecture is probably
+the most important for speed due to number of boxes and since
+it appears to be the worst architecture to to get
+good C compilers for.  So due to this, I have lowered myself to do
+assembler for the inner DES routines in libdes :-).
+The file to implement in assembler is des_enc.c.  Replace the following
+4 functions
+des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+They encrypt/decrypt the 64 bits held in 'data' using
+the 'ks' key schedules.   The only difference between the 4 functions is that
+des_encrypt2() does not perform IP() or FP() on the data (this is an
+optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
+perform triple des.  The triple DES routines are in here because it does
+make a big difference to have them located near the des_encrypt2 function
+at link time..
+Now as we all know, there are lots of different operating systems running on
+x86 boxes, and unfortunately they normally try to make sure their assembler
+formating is not the same as the other peoples.
+The 4 main formats I know of are
+Microsoft       Windows 95/Windows NT
+Elf             Includes Linux and FreeBSD(?).
+a.out           The older Linux.
+Solaris         Same as Elf but different comments :-(.
+Now I was not overly keen to write 4 different copies of the same code,
+so I wrote a few perl routines to output the correct assembler, given
+a target assembler type.  This code is ugly and is just a hack.
+The libraries are x86unix.pl and x86ms.pl.
+des586.pl, des686.pl and des-som[23].pl are the programs to actually
+generate the assembler.
+So to generate elf assembler
+perl des-som3.pl elf >dx86-elf.s
+For Windows 95/NT
+perl des-som2.pl win32 >win32.asm
+[ update 4 Jan 1996 ]
+I have added another way to do things.
+perl des-som3.pl cpp >dx86-cpp.s
+generates a file that will be included by dx86unix.cpp when it is compiled.
+To build for elf, a.out, solaris, bsdi etc,
+cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
+cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
+This was done to cut down the number of files in the distribution.
+Now the ugly part.  I acquired my copy of Intels
+"Optimization's For Intel's 32-Bit Processors" and found a few interesting
+things.  First, the aim of the exersize is to 'extract' one byte at a time
+from a word and do an array lookup.  This involves getting the byte from
+the 4 locations in the word and moving it to a new word and doing the lookup.
+The most obvious way to do this is
+xor     eax,    eax                             # clear word
+movb    al,     cl                              # get low byte
+xor     edi     DWORD PTR 0x100+des_SP[eax]     # xor in word
+movb    al,     ch                              # get next byte
+xor     edi     DWORD PTR 0x300+des_SP[eax]     # xor in word
+shr     ecx     16
+which seems ok.  For the pentium, this system appears to be the best.
+One has to do instruction interleaving to keep both functional units
+operating, but it is basically very efficient.
+Now the crunch.  When a full register is used after a partial write, eg.
+mov     al,     cl
+xor     edi,    DWORD PTR 0x100+des_SP[eax]
+386     - 1 cycle stall
+486     - 1 cycle stall
+586     - 0 cycle stall
+686     - at least 7 cycle stall (page 22 of the above mentioned document).
+So the technique that produces the best results on a pentium, according to
+the documentation, will produce hideous results on a pentium pro.
+To get around this, des686.pl will generate code that is not as fast on
+a pentium, should be very good on a pentium pro.
+mov     eax,    ecx                             # copy word 
+shr     ecx,    8                               # line up next byte
+and     eax,    0fch                            # mask byte
+xor     edi     DWORD PTR 0x100+des_SP[eax]     # xor in array lookup
+mov     eax,    ecx                             # get word
+shr     ecx     8                               # line up next byte
+and     eax,    0fch                            # mask byte
+xor     edi     DWORD PTR 0x300+des_SP[eax]     # xor in array lookup
+Due to the execution units in the pentium, this actually works quite well.
+For a pentium pro it should be very good.  This is the type of output
+Visual C++ generates.
+There is a third option.  instead of using
+mov     al,     ch
+which is bad on the pentium pro, one may be able to use
+movzx   eax,    ch
+which may not incur the partial write penalty.  On the pentium,
+this instruction takes 4 cycles so is not worth using but on the
+pentium pro it appears it may be worth while.  I need access to one to
+experiment :-).
+eric (20 Oct 1996)
+22 Nov 1996 - I have asked people to run the 2 different version on pentium
+pros and it appears that the intel documentation is wrong.  The
+mov al,bh is still faster on a pentium pro, so just use the des586.pl
+install des686.pl
+3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
+functions into des_enc.c because it does make a massive performance
+difference on some boxes to have the functions code located close to
+the des_encrypt2() function.
+9 Jan 1997 - des-som2.pl is now the correct perl script to use for
+pentiums.  It contains an inner loop from
+Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> which does raw ecb DES calls at
+273,000 per second.  He had a previous version at 250,000 and the best
+I was able to get was 203,000.  The content has not changed, this is all
+due to instruction sequencing (and actual instructions choice) which is able
+to keep both functional units of the pentium going.
+We may have lost the ugly register usage restrictions when x86 went 32 bit
+but for the pentium it has been replaced by evil instruction ordering tricks.
+13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
+raw DES at 281,000 per second on a pentium 100.
diff --git a/src/lib/libssl/src/crypto/des/cbc3_enc.c b/src/lib/libssl/src/crypto/des/cbc3_enc.c
new file mode 100644
index 0000000000..92a78b05d6
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/cbc3_enc.c
@@ -0,0 +1,99 @@
+/* crypto/des/cbc3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+/* HAS BUGS? DON'T USE - this is only present for use in des.c */
+void des_3cbc_encrypt(input, output, length, ks1, ks2, iv1, iv2, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_cblock (*iv1);
+des_cblock (*iv2);
+int enc;
+        {
+        int off=((int)length-1)/8;
+        long l8=((length+7)/8)*8;
+        des_cblock niv1,niv2;
+        if (enc == DES_ENCRYPT)
+                {
+                des_cbc_encrypt(input,output,length,ks1,iv1,enc);
+                if (length >= sizeof(des_cblock))
+                        memcpy(niv1,output[off],sizeof(des_cblock));
+                des_cbc_encrypt(output,output,l8,ks2,iv1,!enc);
+                des_cbc_encrypt(output,output,l8,ks1,iv2, enc);
+                if (length >= sizeof(des_cblock))
+                        memcpy(niv2,output[off],sizeof(des_cblock));
+                }
+        else
+                {
+                if (length >= sizeof(des_cblock))
+                        memcpy(niv2,input[off],sizeof(des_cblock));
+                des_cbc_encrypt(input,output,l8,ks1,iv2,enc);
+                des_cbc_encrypt(output,output,l8,ks2,iv1,!enc);
+                if (length >= sizeof(des_cblock))
+                        memcpy(niv1,output[off],sizeof(des_cblock));
+                des_cbc_encrypt(output,output,length,ks1,iv1, enc);
+                }
+        memcpy(*iv1,niv1,sizeof(des_cblock));
+        memcpy(*iv2,niv2,sizeof(des_cblock));
+        }
diff --git a/src/lib/libssl/src/crypto/des/cbc_cksm.c b/src/lib/libssl/src/crypto/des/cbc_cksm.c
new file mode 100644
index 0000000000..edfdec8a0f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/cbc_cksm.c
@@ -0,0 +1,103 @@
+/* crypto/des/cbc_cksm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+DES_LONG des_cbc_cksum(input, output, length, schedule, ivec)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+        {
+        register DES_LONG tout0,tout1,tin0,tin1;
+        register long l=length;
+        DES_LONG tin[2];
+        unsigned char *in,*out,*iv;
+        in=(unsigned char *)input;
+        out=(unsigned char *)output;
+        iv=(unsigned char *)ivec;
+        c2l(iv,tout0);
+        c2l(iv,tout1);
+        for (; l>0; l-=8)
+                {
+                if (l >= 8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        }
+                else
+                        c2ln(in,tin0,tin1,l);
+                        
+                tin0^=tout0; tin[0]=tin0;
+                tin1^=tout1; tin[1]=tin1;
+                des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+                /* fix 15/10/91 eay - thanks to keithr@sco.COM */
+                tout0=tin[0];
+                tout1=tin[1];
+                }
+        if (out != NULL)
+                {
+                l2c(tout0,out);
+                l2c(tout1,out);
+                }
+        tout0=tin0=tin1=tin[0]=tin[1]=0;
+        return(tout1);
+        }
diff --git a/src/lib/libssl/src/crypto/des/cbc_enc.c b/src/lib/libssl/src/crypto/des/cbc_enc.c
new file mode 100644
index 0000000000..a84a53633c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/cbc_enc.c
@@ -0,0 +1,135 @@
+/* crypto/des/cbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+void des_cbc_encrypt(input, output, length, schedule, ivec, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int enc;
+        {
+        register DES_LONG tin0,tin1;
+        register DES_LONG tout0,tout1,xor0,xor1;
+        register unsigned char *in,*out;
+        register long l=length;
+        DES_LONG tin[2];
+        unsigned char *iv;
+        in=(unsigned char *)input;
+        out=(unsigned char *)output;
+        iv=(unsigned char *)ivec;
+        if (enc)
+                {
+                c2l(iv,tout0);
+                c2l(iv,tout1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        tin0^=tout0; tin[0]=tin0;
+                        tin1^=tout1; tin[1]=tin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        c2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0; tin[0]=tin0;
+                        tin1^=tout1; tin[1]=tin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                }
+        else
+                {
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2cn(tout0,tout1,out,l+8);
+                /*      xor0=tin0;
+                        xor1=tin1; */
+                        }
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
diff --git a/src/lib/libssl/src/crypto/des/cfb64ede.c b/src/lib/libssl/src/crypto/des/cfb64ede.c
new file mode 100644
index 0000000000..80b8a9eaaa
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/cfb64ede.c
@@ -0,0 +1,151 @@
+/* crypto/des/cfb64ede.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void des_ede3_cfb64_encrypt(in, out, length, ks1,ks2,ks3, ivec, num, enc)
+unsigned char *in;
+unsigned char *out;
+long length;
+des_key_schedule ks1,ks2,ks3;
+des_cblock (*ivec);
+int *num;
+int enc;
+        {
+        register DES_LONG v0,v1;
+        register long l=length;
+        register int n= *num;
+        DES_LONG ti[2];
+        unsigned char *iv,c,cc;
+        iv=(unsigned char *)ivec;
+        if (enc)
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0);
+                                c2l(iv,v1);
+                                ti[0]=v0;
+                                ti[1]=v1;
+                                des_encrypt3((DES_LONG *)ti,ks1,ks2,ks3);
+                                v0=ti[0];
+                                v1=ti[1];
+                                iv=(unsigned char *)ivec;
+                                l2c(v0,iv);
+                                l2c(v1,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
+                }
+        else
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0);
+                                c2l(iv,v1);
+                                ti[0]=v0;
+                                ti[1]=v1;
+                                des_encrypt3((DES_LONG *)ti,ks1,ks2,ks3);
+                                v0=ti[0];
+                                v1=ti[1];
+                                iv=(unsigned char *)ivec;
+                                l2c(v0,iv);
+                                l2c(v1,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
+                }
+        v0=v1=ti[0]=ti[1]=c=cc=0;
+        *num=n;
+        }
+#ifdef undef /* MACRO */
+void des_ede2_cfb64_encrypt(in, out, length, ks1,ks2, ivec, num, enc)
+unsigned char *in;
+unsigned char *out;
+long length;
+des_key_schedule ks1,ks2;
+des_cblock (*ivec);
+int *num;
+int enc;
+        {
+        des_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/des/cfb64enc.c b/src/lib/libssl/src/crypto/des/cfb64enc.c
new file mode 100644
index 0000000000..403da479df
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/cfb64enc.c
@@ -0,0 +1,128 @@
+/* crypto/des/cfb64enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void des_cfb64_encrypt(in, out, length, schedule, ivec, num, enc)
+unsigned char *in;
+unsigned char *out;
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int *num;
+int enc;
+        {
+        register DES_LONG v0,v1;
+        register long l=length;
+        register int n= *num;
+        DES_LONG ti[2];
+        unsigned char *iv,c,cc;
+        iv=(unsigned char *)ivec;
+        if (enc)
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                des_encrypt((DES_LONG *)ti,
+                                        schedule,DES_ENCRYPT);
+                                iv=(unsigned char *)ivec;
+                                v0=ti[0]; l2c(v0,iv);
+                                v0=ti[1]; l2c(v0,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
+                }
+        else
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                des_encrypt((DES_LONG *)ti,
+                                        schedule,DES_ENCRYPT);
+                                iv=(unsigned char *)ivec;
+                                v0=ti[0]; l2c(v0,iv);
+                                v0=ti[1]; l2c(v0,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
+                }
+        v0=v1=ti[0]=ti[1]=c=cc=0;
+        *num=n;
+        }
diff --git a/src/lib/libssl/src/crypto/des/cfb_enc.c b/src/lib/libssl/src/crypto/des/cfb_enc.c
new file mode 100644
index 0000000000..342e785691
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/cfb_enc.c
@@ -0,0 +1,171 @@
+/* crypto/des/cfb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+/* The input and output are loaded in multiples of 8 bits.
+ * What this means is that if you hame numbits=12 and length=2
+ * the first 12 bits will be retrieved from the first byte and half
+ * the second.  The second 12 bits will come from the 3rd and half the 4th
+ * byte.
+ */
+void des_cfb_encrypt(in, out, numbits, length, schedule, ivec, enc)
+unsigned char *in;
+unsigned char *out;
+int numbits;
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int enc;
+        {
+        register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
+        register DES_LONG mask0,mask1;
+        register unsigned long l=length;
+        register int num=numbits;
+        DES_LONG ti[2];
+        unsigned char *iv;
+        if (num > 64) return;
+        if (num > 32)
+                {
+                mask0=0xffffffffL;
+                if (num == 64)
+                        mask1=mask0;
+                else    mask1=(1L<<(num-32))-1;
+                }
+        else
+                {
+                if (num == 32)
+                        mask0=0xffffffffL;
+                else    mask0=(1L<<num)-1;
+                mask1=0x00000000L;
+                }
+        iv=(unsigned char *)ivec;
+        c2l(iv,v0);
+        c2l(iv,v1);
+        if (enc)
+                {
+                while (l >= n)
+                        {
+                        l-=n;
+                        ti[0]=v0;
+                        ti[1]=v1;
+                        des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+                        c2ln(in,d0,d1,n);
+                        in+=n;
+                        d0=(d0^ti[0])&mask0;
+                        d1=(d1^ti[1])&mask1;
+                        l2cn(d0,d1,out,n);
+                        out+=n;
+                        /* 30-08-94 - eay - changed because l>>32 and
+                         * l<<32 are bad under gcc :-( */
+                        if (num == 32)
+                                { v0=v1; v1=d0; }
+                        else if (num == 64)
+                                { v0=d0; v1=d1; }
+                        else if (num > 32) /* && num != 64 */
+                                {
+                                v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
+                                v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
+                                }
+                        else /* num < 32 */
+                                {
+                                v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+                                v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+                                }
+                        }
+                }
+        else
+                {
+                while (l >= n)
+                        {
+                        l-=n;
+                        ti[0]=v0;
+                        ti[1]=v1;
+                        des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+                        c2ln(in,d0,d1,n);
+                        in+=n;
+                        /* 30-08-94 - eay - changed because l>>32 and
+                         * l<<32 are bad under gcc :-( */
+                        if (num == 32)
+                                { v0=v1; v1=d0; }
+                        else if (num == 64)
+                                { v0=d0; v1=d1; }
+                        else if (num > 32) /* && num != 64 */
+                                {
+                                v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
+                                v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
+                                }
+                        else /* num < 32 */
+                                {
+                                v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+                                v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+                                }
+                        d0=(d0^ti[0])&mask0;
+                        d1=(d1^ti[1])&mask1;
+                        l2cn(d0,d1,out,n);
+                        out+=n;
+                        }
+                }
+        iv=(unsigned char *)ivec;
+        l2c(v0,iv);
+        l2c(v1,iv);
+        v0=v1=d0=d1=ti[0]=ti[1]=0;
+        }
diff --git a/src/lib/libssl/src/crypto/des/des.c b/src/lib/libssl/src/crypto/des/des.c
new file mode 100644
index 0000000000..c1e5005474
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/des.c
@@ -0,0 +1,964 @@
+/* crypto/des/des.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+#define RAND
+#endif
+#include <time.h>
+#include "des_ver.h"
+#ifdef VMS
+#include <types.h>
+#include <stat.h>
+#else
+#ifndef _IRIX
+#include <sys/types.h>
+#endif
+#include <sys/stat.h>
+#endif
+#if defined(NOCONST)
+#define const
+#endif
+#include "des.h"
+#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
+#include <string.h>
+#endif
+#ifdef RAND
+#define random rand
+#define srandom(s) srand(s)
+#endif
+#ifndef NOPROTO
+void usage(void);
+void doencryption(void);
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
+void uufwriteEnd(FILE *fp);
+int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);
+int uuencode(unsigned char *in,int num,unsigned char *out);
+int uudecode(unsigned char *in,int num,unsigned char *out);
+void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
+        des_key_schedule sk1,des_key_schedule sk2,
+        des_cblock *ivec1,des_cblock *ivec2,int enc);
+#else
+void usage();
+void doencryption();
+int uufwrite();
+void uufwriteEnd();
+int uufread();
+int uuencode();
+int uudecode();
+void des_3cbc_encrypt();
+#endif
+#ifdef VMS
+#define EXIT(a) exit(a&0x10000000L)
+#else
+#define EXIT(a) exit(a)
+#endif
+#define BUFSIZE (8*1024)
+#define VERIFY  1
+#define KEYSIZ  8
+#define KEYSIZB 1024 /* should hit tty line limit first :-) */
+char key[KEYSIZB+1];
+int do_encrypt,longk=0;
+FILE *DES_IN,*DES_OUT,*CKSUM_OUT;
+char uuname[200];
+unsigned char uubuf[50];
+int uubufnum=0;
+#define INUUBUFN        (45*100)
+#define OUTUUBUF        (65*100)
+unsigned char b[OUTUUBUF];
+unsigned char bb[300];
+des_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+char cksumname[200]="";
+int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;
+int main(argc, argv)
+int argc;
+char **argv;
+        {
+        int i;
+        struct stat ins,outs;
+        char *p;
+        char *in=NULL,*out=NULL;
+        vflag=cflag=eflag=dflag=kflag=hflag=bflag=fflag=sflag=uflag=flag3=0;
+        error=0;
+        memset(key,0,sizeof(key));
+        for (i=1; i<argc; i++)
+                {
+                p=argv[i];
+                if ((p[0] == '-') && (p[1] != '\0'))
+                        {
+                        p++;
+                        while (*p)
+                                {
+                                switch (*(p++))
+                                        {
+                                case '3':
+                                        flag3=1;
+                                        longk=1;
+                                        break;
+                                case 'c':
+                                        cflag=1;
+                                        strncpy(cksumname,p,200);
+                                        p+=strlen(cksumname);
+                                        break;
+                                case 'C':
+                                        cflag=1;
+                                        longk=1;
+                                        strncpy(cksumname,p,200);
+                                        p+=strlen(cksumname);
+                                        break;
+                                case 'e':
+                                        eflag=1;
+                                        break;
+                                case 'v':
+                                        vflag=1;
+                                        break;
+                                case 'E':
+                                        eflag=1;
+                                        longk=1;
+                                        break;
+                                case 'd':
+                                        dflag=1;
+                                        break;
+                                case 'D':
+                                        dflag=1;
+                                        longk=1;
+                                        break;
+                                case 'b':
+                                        bflag=1;
+                                        break;
+                                case 'f':
+                                        fflag=1;
+                                        break;
+                                case 's':
+                                        sflag=1;
+                                        break;
+                                case 'u':
+                                        uflag=1;
+                                        strncpy(uuname,p,200);
+                                        p+=strlen(uuname);
+                                        break;
+                                case 'h':
+                                        hflag=1;
+                                        break;
+                                case 'k':
+                                        kflag=1;
+                                        if ((i+1) == argc)
+                                                {
+                                                fputs("must have a key with the -k option\n",stderr);
+                                                error=1;
+                                                }
+                                        else
+                                                {
+                                                int j;
+                                                i++;
+                                                strncpy(key,argv[i],KEYSIZB);
+                                                for (j=strlen(argv[i])-1; j>=0; j--)
+                                                        argv[i][j]='\0';
+                                                }
+                                        break;
+                                default:
+                                        fprintf(stderr,"'%c' unknown flag\n",p[-1]);
+                                        error=1;
+                                        break;
+                                        }
+                                }
+                        }
+                else
+                        {
+                        if (in == NULL)
+                                in=argv[i];
+                        else if (out == NULL)
+                                out=argv[i];
+                        else
+                                error=1;
+                        }
+                }
+        if (error) usage();
+        /* We either
+         * do checksum or
+         * do encrypt or
+         * do decrypt or
+         * do decrypt then ckecksum or
+         * do checksum then encrypt
+         */
+        if (((eflag+dflag) == 1) || cflag)
+                {
+                if (eflag) do_encrypt=DES_ENCRYPT;
+                if (dflag) do_encrypt=DES_DECRYPT;
+                }
+        else
+                {
+                if (vflag) 
+                        {
+#ifndef _Windows                        
+                        fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif                  
+                        EXIT(1);
+                        }
+                else usage();
+                }
+#ifndef _Windows                        
+        if (vflag) fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif                  
+        if (    (in != NULL) &&
+                (out != NULL) &&
+#ifndef MSDOS
+                (stat(in,&ins) != -1) &&
+                (stat(out,&outs) != -1) &&
+                (ins.st_dev == outs.st_dev) &&
+                (ins.st_ino == outs.st_ino))
+#else /* MSDOS */
+                (strcmp(in,out) == 0))
+#endif
+                        {
+                        fputs("input and output file are the same\n",stderr);
+                        EXIT(3);
+                        }
+        if (!kflag)
+                if (des_read_pw_string(key,KEYSIZB+1,"Enter key:",eflag?VERIFY:0))
+                        {
+                        fputs("password error\n",stderr);
+                        EXIT(2);
+                        }
+        if (in == NULL)
+                DES_IN=stdin;
+        else if ((DES_IN=fopen(in,"r")) == NULL)
+                {
+                perror("opening input file");
+                EXIT(4);
+                }
+        CKSUM_OUT=stdout;
+        if (out == NULL)
+                {
+                DES_OUT=stdout;
+                CKSUM_OUT=stderr;
+                }
+        else if ((DES_OUT=fopen(out,"w")) == NULL)
+                {
+                perror("opening output file");
+                EXIT(5);
+                }
+#ifdef MSDOS
+        /* This should set the file to binary mode. */
+        {
+#include <fcntl.h>
+        if (!(uflag && dflag))
+                setmode(fileno(DES_IN),O_BINARY);
+        if (!(uflag && eflag))
+                setmode(fileno(DES_OUT),O_BINARY);
+        }
+#endif
+        doencryption();
+        fclose(DES_IN);
+        fclose(DES_OUT);
+        EXIT(0);
+        }
+void usage()
+        {
+        char **u;
+        static const char *Usage[]={
+"des <options> [input-file [output-file]]",
+"options:",
+"-v         : des(1) version number",
+"-e         : encrypt using sunOS compatible user key to DES key conversion.",
+"-E         : encrypt ",
+"-d         : decrypt using sunOS compatible user key to DES key conversion.",
+"-D         : decrypt ",
+"-c[ckname] : generate a cbc_cksum using sunOS compatible user key to",
+"             DES key conversion and output to ckname (stdout default,",
+"             stderr if data being output on stdout).  The checksum is",
+"             generated before encryption and after decryption if used",
+"             in conjunction with -[eEdD].",
+"-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
+"-k key     : use key 'key'",
+"-h         : the key that is entered will be a hexidecimal number",
+"             that is used directly as the des key",
+"-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
+"             (uuname is the filename to put in the uuencode header).",
+"-b         : encrypt using DES in ecb encryption mode, the defaut is cbc mode.",
+"-3         : encrypt using tripple DES encryption.  This uses 2 keys",
+"             generated from the input key.  If the input key is less",
+"             than 8 characters long, this is equivelent to normal",
+"             encryption.  Default is tripple cbc, -b makes it tripple ecb.",
+NULL
+};
+        for (u=(char **)Usage; *u; u++)
+                {
+                fputs(*u,stderr);
+                fputc('\n',stderr);
+                }
+        EXIT(1);
+        }
+void doencryption()
+        {
+#ifdef _LIBC
+        extern int srandom();
+        extern int random();
+        extern unsigned long time();
+#endif
+        register int i;
+        des_key_schedule ks,ks2;
+        unsigned char iv[8],iv2[8];
+        char *p;
+        int num=0,j,k,l,rem,ll,len,last,ex=0;
+        des_cblock kk,k2;
+        FILE *O;
+        int Exit=0;
+#ifndef MSDOS
+        static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8];
+#else
+        static unsigned char *buf=NULL,*obuf=NULL;
+        if (buf == NULL)
+                {
+                if (    (( buf=(unsigned char *)Malloc(BUFSIZE+8)) == NULL) ||
+                        ((obuf=(unsigned char *)Malloc(BUFSIZE+8)) == NULL))
+                        {
+                        fputs("Not enough memory\n",stderr);
+                        Exit=10;
+                        goto problems;
+                        }
+                }
+#endif
+        if (hflag)
+                {
+                j=(flag3?16:8);
+                p=key;
+                for (i=0; i<j; i++)
+                        {
+                        k=0;
+                        if ((*p <= '9') && (*p >= '0'))
+                                k=(*p-'0')<<4;
+                        else if ((*p <= 'f') && (*p >= 'a'))
+                                k=(*p-'a'+10)<<4;
+                        else if ((*p <= 'F') && (*p >= 'A'))
+                                k=(*p-'A'+10)<<4;
+                        else
+                                {
+                                fputs("Bad hex key\n",stderr);
+                                Exit=9;
+                                goto problems;
+                                }
+                        p++;
+                        if ((*p <= '9') && (*p >= '0'))
+                                k|=(*p-'0');
+                        else if ((*p <= 'f') && (*p >= 'a'))
+                                k|=(*p-'a'+10);
+                        else if ((*p <= 'F') && (*p >= 'A'))
+                                k|=(*p-'A'+10);
+                        else
+                                {
+                                fputs("Bad hex key\n",stderr);
+                                Exit=9;
+                                goto problems;
+                                }
+                        p++;
+                        if (i < 8)
+                                kk[i]=k;
+                        else
+                                k2[i-8]=k;
+                        }
+                des_set_key((C_Block *)k2,ks2);
+                memset(k2,0,sizeof(k2));
+                }
+        else if (longk || flag3)
+                {
+                if (flag3)
+                        {
+                        des_string_to_2keys(key,(C_Block *)kk,(C_Block *)k2);
+                        des_set_key((C_Block *)k2,ks2);
+                        memset(k2,0,sizeof(k2));
+                        }
+                else
+                        des_string_to_key(key,(C_Block *)kk);
+                }
+        else
+                for (i=0; i<KEYSIZ; i++)
+                        {
+                        l=0;
+                        k=key[i];
+                        for (j=0; j<8; j++)
+                                {
+                                if (k&1) l++;
+                                k>>=1;
+                                }
+                        if (l & 1)
+                                kk[i]=key[i]&0x7f;
+                        else
+                                kk[i]=key[i]|0x80;
+                        }
+        des_set_key((C_Block *)kk,ks);
+        memset(key,0,sizeof(key));
+        memset(kk,0,sizeof(kk));
+        /* woops - A bug that does not showup under unix :-( */
+        memset(iv,0,sizeof(iv));
+        memset(iv2,0,sizeof(iv2));
+        l=1;
+        rem=0;
+        /* first read */
+        if (eflag || (!dflag && cflag))
+                {
+                for (;;)
+                        {
+                        num=l=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+                        l+=rem;
+                        num+=rem;
+                        if (l < 0)
+                                {
+                                perror("read error");
+                                Exit=6;
+                                goto problems;
+                                }
+                        rem=l%8;
+                        len=l-rem;
+                        if (feof(DES_IN))
+                                {
+                                srandom((unsigned int)time(NULL));
+                                for (i=7-rem; i>0; i--)
+                                        buf[l++]=random()&0xff;
+                                buf[l++]=rem;
+                                ex=1;
+                                len+=rem;
+                                }
+                        else
+                                l-=rem;
+                        if (cflag)
+                                {
+                                des_cbc_cksum((C_Block *)buf,(C_Block *)cksum,
+                                        (long)len,ks,(C_Block *)cksum);
+                                if (!eflag)
+                                        {
+                                        if (feof(DES_IN)) break;
+                                        else continue;
+                                        }
+                                }
+                        if (bflag && !flag3)
+                                for (i=0; i<l; i+=8)
+                                        des_ecb_encrypt(
+                                                (des_cblock *)&(buf[i]),
+                                                (des_cblock *)&(obuf[i]),
+                                                ks,do_encrypt);
+                        else if (flag3 && bflag)
+                                for (i=0; i<l; i+=8)
+                                        des_ecb2_encrypt(
+                                                (des_cblock *)&(buf[i]),
+                                                (des_cblock *)&(obuf[i]),
+                                                ks,ks2,do_encrypt);
+                        else if (flag3 && !bflag)
+                                {
+                                char tmpbuf[8];
+                                if (rem) memcpy(tmpbuf,&(buf[l]),
+                                        (unsigned int)rem);
+                                des_3cbc_encrypt(
+                                        (des_cblock *)buf,(des_cblock *)obuf,
+                                        (long)l,ks,ks2,(des_cblock *)iv,
+                                        (des_cblock *)iv2,do_encrypt);
+                                if (rem) memcpy(&(buf[l]),tmpbuf,
+                                        (unsigned int)rem);
+                                }
+                        else
+                                {
+                                des_cbc_encrypt(
+                                        (des_cblock *)buf,(des_cblock *)obuf,
+                                        (long)l,ks,(des_cblock *)iv,do_encrypt);
+                                if (l >= 8) memcpy(iv,&(obuf[l-8]),8);
+                                }
+                        if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);
+                        i=0;
+                        while (i < l)
+                                {
+                                if (uflag)
+                                        j=uufwrite(obuf,1,(unsigned int)l-i,
+                                                DES_OUT);
+                                else
+                                        j=fwrite(obuf,1,(unsigned int)l-i,
+                                                DES_OUT);
+                                if (j == -1)
+                                        {
+                                        perror("Write error");
+                                        Exit=7;
+                                        goto problems;
+                                        }
+                                i+=j;
+                                }
+                        if (feof(DES_IN))
+                                {
+                                if (uflag) uufwriteEnd(DES_OUT);
+                                break;
+                                }
+                        }
+                }
+        else /* decrypt */
+                {
+                ex=1;
+                for (;;)
+                        {
+                        if (ex) {
+                                if (uflag)
+                                        l=uufread(buf,1,BUFSIZE,DES_IN);
+                                else
+                                        l=fread(buf,1,BUFSIZE,DES_IN);
+                                ex=0;
+                                rem=l%8;
+                                l-=rem;
+                                }
+                        if (l < 0)
+                                {
+                                perror("read error");
+                                Exit=6;
+                                goto problems;
+                                }
+                        if (bflag && !flag3)
+                                for (i=0; i<l; i+=8)
+                                        des_ecb_encrypt(
+                                                (des_cblock *)&(buf[i]),
+                                                (des_cblock *)&(obuf[i]),
+                                                ks,do_encrypt);
+                        else if (flag3 && bflag)
+                                for (i=0; i<l; i+=8)
+                                        des_ecb2_encrypt(
+                                                (des_cblock *)&(buf[i]),
+                                                (des_cblock *)&(obuf[i]),
+                                                ks,ks2,do_encrypt);
+                        else if (flag3 && !bflag)
+                                {
+                                des_3cbc_encrypt(
+                                        (des_cblock *)buf,(des_cblock *)obuf,
+                                        (long)l,ks,ks2,(des_cblock *)iv,
+                                        (des_cblock *)iv2,do_encrypt);
+                                }
+                        else
+                                {
+                                des_cbc_encrypt(
+                                        (des_cblock *)buf,(des_cblock *)obuf,
+                                        (long)l,ks,(des_cblock *)iv,do_encrypt);
+                                if (l >= 8) memcpy(iv,&(buf[l-8]),8);
+                                }
+                        if (uflag)
+                                ll=uufread(&(buf[rem]),1,BUFSIZE,DES_IN);
+                        else
+                                ll=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+                        ll+=rem;
+                        rem=ll%8;
+                        ll-=rem;
+                        if (feof(DES_IN) && (ll == 0))
+                                {
+                                last=obuf[l-1];
+                                if ((last > 7) || (last < 0))
+                                        {
+                                        fputs("The file was not decrypted correctly.\n",
+                                                stderr);
+                                        Exit=8;
+                                        last=0;
+                                        }
+                                l=l-8+last;
+                                }
+                        i=0;
+                        if (cflag) des_cbc_cksum((C_Block *)obuf,
+                                (C_Block *)cksum,(long)l/8*8,ks,
+                                (C_Block *)cksum);
+                        while (i != l)
+                                {
+                                j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);
+                                if (j == -1)
+                                        {
+                                        perror("Write error");
+                                        Exit=7;
+                                        goto problems;
+                                        }
+                                i+=j;
+                                }
+                        l=ll;
+                        if ((l == 0) && feof(DES_IN)) break;
+                        }
+                }
+        if (cflag)
+                {
+                l=0;
+                if (cksumname[0] != '\0')
+                        {
+                        if ((O=fopen(cksumname,"w")) != NULL)
+                                {
+                                CKSUM_OUT=O;
+                                l=1;
+                                }
+                        }
+                for (i=0; i<8; i++)
+                        fprintf(CKSUM_OUT,"%02X",cksum[i]);
+                fprintf(CKSUM_OUT,"\n");
+                if (l) fclose(CKSUM_OUT);
+                }
+problems:
+        memset(buf,0,sizeof(buf));
+        memset(obuf,0,sizeof(obuf));
+        memset(ks,0,sizeof(ks));
+        memset(ks2,0,sizeof(ks2));
+        memset(iv,0,sizeof(iv));
+        memset(iv2,0,sizeof(iv2));
+        memset(kk,0,sizeof(kk));
+        memset(k2,0,sizeof(k2));
+        memset(uubuf,0,sizeof(uubuf));
+        memset(b,0,sizeof(b));
+        memset(bb,0,sizeof(bb));
+        memset(cksum,0,sizeof(cksum));
+        if (Exit) EXIT(Exit);
+        }
+int uufwrite(data, size, num, fp)
+unsigned char *data;
+int size;
+unsigned int num;
+FILE *fp;
+      
+     /* We ignore this parameter but it should be > ~50 I believe */
+   
+    
+        {
+        int i,j,left,rem,ret=num;
+        static int start=1;
+        if (start)
+                {
+                fprintf(fp,"begin 600 %s\n",
+                        (uuname[0] == '\0')?"text.d":uuname);
+                start=0;
+                }
+        if (uubufnum)
+                {
+                if (uubufnum+num < 45)
+                        {
+                        memcpy(&(uubuf[uubufnum]),data,(unsigned int)num);
+                        uubufnum+=num;
+                        return(num);
+                        }
+                else
+                        {
+                        i=45-uubufnum;
+                        memcpy(&(uubuf[uubufnum]),data,(unsigned int)i);
+                        j=uuencode((unsigned char *)uubuf,45,b);
+                        fwrite(b,1,(unsigned int)j,fp);
+                        uubufnum=0;
+                        data+=i;
+                        num-=i;
+                        }
+                }
+        for (i=0; i<(((int)num)-INUUBUFN); i+=INUUBUFN)
+                {
+                j=uuencode(&(data[i]),INUUBUFN,b);
+                fwrite(b,1,(unsigned int)j,fp);
+                }
+        rem=(num-i)%45;
+        left=(num-i-rem);
+        if (left)
+                {
+                j=uuencode(&(data[i]),left,b);
+                fwrite(b,1,(unsigned int)j,fp);
+                i+=left;
+                }
+        if (i != num)
+                {
+                memcpy(uubuf,&(data[i]),(unsigned int)rem);
+                uubufnum=rem;
+                }
+        return(ret);
+        }
+void uufwriteEnd(fp)
+FILE *fp;
+        {
+        int j;
+        static const char *end=" \nend\n";
+        if (uubufnum != 0)
+                {
+                uubuf[uubufnum]='\0';
+                uubuf[uubufnum+1]='\0';
+                uubuf[uubufnum+2]='\0';
+                j=uuencode(uubuf,uubufnum,b);
+                fwrite(b,1,(unsigned int)j,fp);
+                }
+        fwrite(end,1,strlen(end),fp);
+        }
+int uufread(out, size, num, fp)
+unsigned char *out;
+int size; /* should always be > ~ 60; I actually ignore this parameter :-) */
+unsigned int num;
+FILE *fp;
+        {
+        int i,j,tot;
+        static int done=0;
+        static int valid=0;
+        static int start=1;
+        if (start)
+                {
+                for (;;)
+                        {
+                        b[0]='\0';
+                        fgets((char *)b,300,fp);
+                        if (b[0] == '\0')
+                                {
+                                fprintf(stderr,"no 'begin' found in uuencoded input\n");
+                                return(-1);
+                                }
+                        if (strncmp((char *)b,"begin ",6) == 0) break;
+                        }
+                start=0;
+                }
+        if (done) return(0);
+        tot=0;
+        if (valid)
+                {
+                memcpy(out,bb,(unsigned int)valid);
+                tot=valid;
+                valid=0;
+                }
+        for (;;)
+                {
+                b[0]='\0';
+                fgets((char *)b,300,fp);
+                if (b[0] == '\0') break;
+                i=strlen((char *)b);
+                if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd'))
+                        {
+                        done=1;
+                        while (!feof(fp))
+                                {
+                                fgets((char *)b,300,fp);
+                                }
+                        break;
+                        }
+                i=uudecode(b,i,bb);
+                if (i < 0) break;
+                if ((i+tot+8) > num)
+                        {
+                        /* num to copy to make it a multiple of 8 */
+                        j=(num/8*8)-tot-8;
+                        memcpy(&(out[tot]),bb,(unsigned int)j);
+                        tot+=j;
+                        memcpy(bb,&(bb[j]),(unsigned int)i-j);
+                        valid=i-j;
+                        break;
+                        }
+                memcpy(&(out[tot]),bb,(unsigned int)i);
+                tot+=i;
+                }
+        return(tot);
+        }
+#define ccc2l(c,l)      (l =((DES_LONG)(*((c)++)))<<16, \
+                         l|=((DES_LONG)(*((c)++)))<< 8, \
+                         l|=((DES_LONG)(*((c)++))))
+#define l2ccc(l,c)      (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                    *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                    *((c)++)=(unsigned char)(((l)    )&0xff))
+int uuencode(in, num, out)
+unsigned char *in;
+int num;
+unsigned char *out;
+        {
+        int j,i,n,tot=0;
+        DES_LONG l;
+        register unsigned char *p;
+        p=out;
+        for (j=0; j<num; j+=45)
+                {
+                if (j+45 > num)
+                        i=(num-j);
+                else    i=45;
+                *(p++)=i+' ';
+                for (n=0; n<i; n+=3)
+                        {
+                        ccc2l(in,l);
+                        *(p++)=((l>>18)&0x3f)+' ';
+                        *(p++)=((l>>12)&0x3f)+' ';
+                        *(p++)=((l>> 6)&0x3f)+' ';
+                        *(p++)=((l    )&0x3f)+' ';
+                        tot+=4;
+                        }
+                *(p++)='\n';
+                tot+=2;
+                }
+        *p='\0';
+        l=0;
+        return(tot);
+        }
+int uudecode(in, num, out)
+unsigned char *in;
+int num;
+unsigned char *out;
+        {
+        int j,i,k;
+        unsigned int n=0,space=0;
+        DES_LONG l;
+        DES_LONG w,x,y,z;
+        unsigned int blank=(unsigned int)'\n'-' ';
+        for (j=0; j<num; )
+                {
+                n= *(in++)-' ';
+                if (n == blank)
+                        {
+                        n=0;
+                        in--;
+                        }
+                if (n > 60)
+                        {
+                        fprintf(stderr,"uuencoded line length too long\n");
+                        return(-1);
+                        }
+                j++;
+                for (i=0; i<n; j+=4,i+=3)
+                        {
+                        /* the following is for cases where spaces are
+                         * removed from lines.
+                         */
+                        if (space)
+                                {
+                                w=x=y=z=0;
+                                }
+                        else
+                                {
+                                w= *(in++)-' ';
+                                x= *(in++)-' ';
+                                y= *(in++)-' ';
+                                z= *(in++)-' ';
+                                }
+                        if ((w > 63) || (x > 63) || (y > 63) || (z > 63))
+                                {
+                                k=0;
+                                if (w == blank) k=1;
+                                if (x == blank) k=2;
+                                if (y == blank) k=3;
+                                if (z == blank) k=4;
+                                space=1;
+                                switch (k) {
+                                case 1: w=0; in--;
+                                case 2: x=0; in--;
+                                case 3: y=0; in--;
+                                case 4: z=0; in--;
+                                        break;
+                                case 0:
+                                        space=0;
+                                        fprintf(stderr,"bad uuencoded data values\n");
+                                        w=x=y=z=0;
+                                        return(-1);
+                                        break;
+                                        }
+                                }
+                        l=(w<<18)|(x<<12)|(y<< 6)|(z    );
+                        l2ccc(l,out);
+                        }
+                if (*(in++) != '\n')
+                        {
+                        fprintf(stderr,"missing nl in uuencoded line\n");
+                        w=x=y=z=0;
+                        return(-1);
+                        }
+                j++;
+                }
+        *out='\0';
+        w=x=y=z=0;
+        return(n);
+        }
diff --git a/src/lib/libssl/src/crypto/des/des3s.cpp b/src/lib/libssl/src/crypto/des/des3s.cpp
new file mode 100644
index 0000000000..9aff6494d9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/des3s.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "des.h"
+void main(int argc,char *argv[])
+        {
+        des_key_schedule key1,key2,key3;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(s1);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(e2);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        }
+                printf("des %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/des/des_enc.c b/src/lib/libssl/src/crypto/des/des_enc.c
new file mode 100644
index 0000000000..e4db09299e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/des_enc.c
@@ -0,0 +1,502 @@
+/* crypto/des/des_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+void des_encrypt(data, ks, enc)
+DES_LONG *data;
+des_key_schedule ks;
+int enc;
+        {
+        register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+        register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+#endif
+#ifndef DES_UNROLL
+        register int i;
+#endif
+        register DES_LONG *s;
+        r=data[0];
+        l=data[1];
+        IP(r,l);
+        /* Things have been modified so that the initial rotate is
+         * done outside the loop.  This required the
+         * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+         * One perl script later and things have a 5% speed up on a sparc2.
+         * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+         * for pointing this out. */
+        /* clear the top bits on machines with 8byte longs */
+        /* shift left by 2 */
+        r=ROTATE(r,29)&0xffffffffL;
+        l=ROTATE(l,29)&0xffffffffL;
+        s=(DES_LONG *)ks;
+        /* I don't know if it is worth the effort of loop unrolling the
+         * inner loop */
+        if (enc)
+                {
+#ifdef DES_UNROLL
+                D_ENCRYPT(l,r, 0); /*  1 */
+                D_ENCRYPT(r,l, 2); /*  2 */
+                D_ENCRYPT(l,r, 4); /*  3 */
+                D_ENCRYPT(r,l, 6); /*  4 */
+                D_ENCRYPT(l,r, 8); /*  5 */
+                D_ENCRYPT(r,l,10); /*  6 */
+                D_ENCRYPT(l,r,12); /*  7 */
+                D_ENCRYPT(r,l,14); /*  8 */
+                D_ENCRYPT(l,r,16); /*  9 */
+                D_ENCRYPT(r,l,18); /*  10 */
+                D_ENCRYPT(l,r,20); /*  11 */
+                D_ENCRYPT(r,l,22); /*  12 */
+                D_ENCRYPT(l,r,24); /*  13 */
+                D_ENCRYPT(r,l,26); /*  14 */
+                D_ENCRYPT(l,r,28); /*  15 */
+                D_ENCRYPT(r,l,30); /*  16 */
+#else
+                for (i=0; i<32; i+=8)
+                        {
+                        D_ENCRYPT(l,r,i+0); /*  1 */
+                        D_ENCRYPT(r,l,i+2); /*  2 */
+                        D_ENCRYPT(l,r,i+4); /*  3 */
+                        D_ENCRYPT(r,l,i+6); /*  4 */
+                        }
+#endif
+                }
+        else
+                {
+#ifdef DES_UNROLL
+                D_ENCRYPT(l,r,30); /* 16 */
+                D_ENCRYPT(r,l,28); /* 15 */
+                D_ENCRYPT(l,r,26); /* 14 */
+                D_ENCRYPT(r,l,24); /* 13 */
+                D_ENCRYPT(l,r,22); /* 12 */
+                D_ENCRYPT(r,l,20); /* 11 */
+                D_ENCRYPT(l,r,18); /* 10 */
+                D_ENCRYPT(r,l,16); /*  9 */
+                D_ENCRYPT(l,r,14); /*  8 */
+                D_ENCRYPT(r,l,12); /*  7 */
+                D_ENCRYPT(l,r,10); /*  6 */
+                D_ENCRYPT(r,l, 8); /*  5 */
+                D_ENCRYPT(l,r, 6); /*  4 */
+                D_ENCRYPT(r,l, 4); /*  3 */
+                D_ENCRYPT(l,r, 2); /*  2 */
+                D_ENCRYPT(r,l, 0); /*  1 */
+#else
+                for (i=30; i>0; i-=8)
+                        {
+                        D_ENCRYPT(l,r,i-0); /* 16 */
+                        D_ENCRYPT(r,l,i-2); /* 15 */
+                        D_ENCRYPT(l,r,i-4); /* 14 */
+                        D_ENCRYPT(r,l,i-6); /* 13 */
+                        }
+#endif
+                }
+        /* rotate and clear the top bits on machines with 8byte longs */
+        l=ROTATE(l,3)&0xffffffffL;
+        r=ROTATE(r,3)&0xffffffffL;
+        FP(r,l);
+        data[0]=l;
+        data[1]=r;
+        l=r=t=u=0;
+        }
+void des_encrypt2(data, ks, enc)
+DES_LONG *data;
+des_key_schedule ks;
+int enc;
+        {
+        register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+        register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+#endif
+#ifndef DES_UNROLL
+        register int i;
+#endif
+        register DES_LONG *s;
+        r=data[0];
+        l=data[1];
+        /* Things have been modified so that the initial rotate is
+         * done outside the loop.  This required the
+         * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+         * One perl script later and things have a 5% speed up on a sparc2.
+         * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+         * for pointing this out. */
+        /* clear the top bits on machines with 8byte longs */
+        r=ROTATE(r,29)&0xffffffffL;
+        l=ROTATE(l,29)&0xffffffffL;
+        s=(DES_LONG *)ks;
+        /* I don't know if it is worth the effort of loop unrolling the
+         * inner loop */
+        if (enc)
+                {
+#ifdef DES_UNROLL
+                D_ENCRYPT(l,r, 0); /*  1 */
+                D_ENCRYPT(r,l, 2); /*  2 */
+                D_ENCRYPT(l,r, 4); /*  3 */
+                D_ENCRYPT(r,l, 6); /*  4 */
+                D_ENCRYPT(l,r, 8); /*  5 */
+                D_ENCRYPT(r,l,10); /*  6 */
+                D_ENCRYPT(l,r,12); /*  7 */
+                D_ENCRYPT(r,l,14); /*  8 */
+                D_ENCRYPT(l,r,16); /*  9 */
+                D_ENCRYPT(r,l,18); /*  10 */
+                D_ENCRYPT(l,r,20); /*  11 */
+                D_ENCRYPT(r,l,22); /*  12 */
+                D_ENCRYPT(l,r,24); /*  13 */
+                D_ENCRYPT(r,l,26); /*  14 */
+                D_ENCRYPT(l,r,28); /*  15 */
+                D_ENCRYPT(r,l,30); /*  16 */
+#else
+                for (i=0; i<32; i+=8)
+                        {
+                        D_ENCRYPT(l,r,i+0); /*  1 */
+                        D_ENCRYPT(r,l,i+2); /*  2 */
+                        D_ENCRYPT(l,r,i+4); /*  3 */
+                        D_ENCRYPT(r,l,i+6); /*  4 */
+                        }
+#endif
+                }
+        else
+                {
+#ifdef DES_UNROLL
+                D_ENCRYPT(l,r,30); /* 16 */
+                D_ENCRYPT(r,l,28); /* 15 */
+                D_ENCRYPT(l,r,26); /* 14 */
+                D_ENCRYPT(r,l,24); /* 13 */
+                D_ENCRYPT(l,r,22); /* 12 */
+                D_ENCRYPT(r,l,20); /* 11 */
+                D_ENCRYPT(l,r,18); /* 10 */
+                D_ENCRYPT(r,l,16); /*  9 */
+                D_ENCRYPT(l,r,14); /*  8 */
+                D_ENCRYPT(r,l,12); /*  7 */
+                D_ENCRYPT(l,r,10); /*  6 */
+                D_ENCRYPT(r,l, 8); /*  5 */
+                D_ENCRYPT(l,r, 6); /*  4 */
+                D_ENCRYPT(r,l, 4); /*  3 */
+                D_ENCRYPT(l,r, 2); /*  2 */
+                D_ENCRYPT(r,l, 0); /*  1 */
+#else
+                for (i=30; i>0; i-=8)
+                        {
+                        D_ENCRYPT(l,r,i-0); /* 16 */
+                        D_ENCRYPT(r,l,i-2); /* 15 */
+                        D_ENCRYPT(l,r,i-4); /* 14 */
+                        D_ENCRYPT(r,l,i-6); /* 13 */
+                        }
+#endif
+                }
+        /* rotate and clear the top bits on machines with 8byte longs */
+        data[0]=ROTATE(l,3)&0xffffffffL;
+        data[1]=ROTATE(r,3)&0xffffffffL;
+        l=r=t=u=0;
+        }
+void des_encrypt3(data,ks1,ks2,ks3)
+DES_LONG *data;
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_key_schedule ks3;
+        {
+        register DES_LONG l,r;
+        l=data[0];
+        r=data[1];
+        IP(l,r);
+        data[0]=l;
+        data[1]=r;
+        des_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
+        des_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
+        des_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
+        l=data[0];
+        r=data[1];
+        FP(r,l);
+        data[0]=l;
+        data[1]=r;
+        }
+void des_decrypt3(data,ks1,ks2,ks3)
+DES_LONG *data;
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_key_schedule ks3;
+        {
+        register DES_LONG l,r;
+        l=data[0];
+        r=data[1];
+        IP(l,r);
+        data[0]=l;
+        data[1]=r;
+        des_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
+        des_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
+        des_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
+        l=data[0];
+        r=data[1];
+        FP(r,l);
+        data[0]=l;
+        data[1]=r;
+        }
+#ifndef DES_DEFAULT_OPTIONS
+void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int enc;
+        {
+        register DES_LONG tin0,tin1;
+        register DES_LONG tout0,tout1,xor0,xor1;
+        register unsigned char *in,*out;
+        register long l=length;
+        DES_LONG tin[2];
+        unsigned char *iv;
+        in=(unsigned char *)input;
+        out=(unsigned char *)output;
+        iv=(unsigned char *)ivec;
+        if (enc)
+                {
+                c2l(iv,tout0);
+                c2l(iv,tout1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        tin0^=tout0; tin[0]=tin0;
+                        tin1^=tout1; tin[1]=tin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        c2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0; tin[0]=tin0;
+                        tin1^=tout1; tin[1]=tin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                iv=(unsigned char *)ivec;
+                l2c(tout0,iv);
+                l2c(tout1,iv);
+                }
+        else
+                {
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2cn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                iv=(unsigned char *)ivec;
+                l2c(xor0,iv);
+                l2c(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
+void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_key_schedule ks3;
+des_cblock (*ivec);
+int enc;
+        {
+        register DES_LONG tin0,tin1;
+        register DES_LONG tout0,tout1,xor0,xor1;
+        register unsigned char *in,*out;
+        register long l=length;
+        DES_LONG tin[2];
+        unsigned char *iv;
+        in=(unsigned char *)input;
+        out=(unsigned char *)output;
+        iv=(unsigned char *)ivec;
+        if (enc)
+                {
+                c2l(iv,tout0);
+                c2l(iv,tout1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        c2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        }
+                iv=(unsigned char *)ivec;
+                l2c(tout0,iv);
+                l2c(tout1,iv);
+                }
+        else
+                {
+                register DES_LONG t0,t1;
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        t0=tin0;
+                        t1=tin1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        tout0^=xor0;
+                        tout1^=xor1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        xor0=t0;
+                        xor1=t1;
+                        }
+                if (l != -8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        
+                        t0=tin0;
+                        t1=tin1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                
+                        tout0^=xor0;
+                        tout1^=xor1;
+                        l2cn(tout0,tout1,out,l+8);
+                        xor0=t0;
+                        xor1=t1;
+                        }
+                iv=(unsigned char *)ivec;
+                l2c(xor0,iv);
+                l2c(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
+#endif /* DES_DEFAULT_OPTIONS */
diff --git a/src/lib/libssl/src/crypto/des/des_opts.c b/src/lib/libssl/src/crypto/des/des_opts.c
new file mode 100644
index 0000000000..fdf0fbf461
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/des_opts.c
@@ -0,0 +1,620 @@
+/* crypto/des/des_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern void exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "des.h"
+#include "spr.h"
+#define DES_DEFAULT_OPTIONS
+#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4)
+#define PART1
+#define PART2
+#define PART3
+#define PART4
+#endif
+#ifdef PART1
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#define des_encrypt  des_encrypt_u4_cisc_idx
+#define des_encrypt2 des_encrypt2_u4_cisc_idx
+#define des_encrypt3 des_encrypt3_u4_cisc_idx
+#define des_decrypt3 des_decrypt3_u4_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_cisc_idx
+#define des_encrypt2 des_encrypt2_u16_cisc_idx
+#define des_encrypt3 des_encrypt3_u16_cisc_idx
+#define des_decrypt3 des_decrypt3_u16_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc1_idx
+#define des_encrypt2 des_encrypt2_u4_risc1_idx
+#define des_encrypt3 des_encrypt3_u4_risc1_idx
+#define des_decrypt3 des_decrypt3_u4_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#endif
+#ifdef PART2
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc2_idx
+#define des_encrypt2 des_encrypt2_u4_risc2_idx
+#define des_encrypt3 des_encrypt3_u4_risc2_idx
+#define des_decrypt3 des_decrypt3_u4_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc1_idx
+#define des_encrypt2 des_encrypt2_u16_risc1_idx
+#define des_encrypt3 des_encrypt3_u16_risc1_idx
+#define des_decrypt3 des_decrypt3_u16_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc2_idx
+#define des_encrypt2 des_encrypt2_u16_risc2_idx
+#define des_encrypt3 des_encrypt3_u16_risc2_idx
+#define des_decrypt3 des_decrypt3_u16_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#endif
+#ifdef PART3
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_cisc_ptr
+#define des_encrypt2 des_encrypt2_u4_cisc_ptr
+#define des_encrypt3 des_encrypt3_u4_cisc_ptr
+#define des_decrypt3 des_decrypt3_u4_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_cisc_ptr
+#define des_encrypt2 des_encrypt2_u16_cisc_ptr
+#define des_encrypt3 des_encrypt3_u16_cisc_ptr
+#define des_decrypt3 des_decrypt3_u16_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc1_ptr
+#define des_encrypt2 des_encrypt2_u4_risc1_ptr
+#define des_encrypt3 des_encrypt3_u4_risc1_ptr
+#define des_decrypt3 des_decrypt3_u4_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#endif
+#ifdef PART4
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc2_ptr
+#define des_encrypt2 des_encrypt2_u4_risc2_ptr
+#define des_encrypt3 des_encrypt3_u4_risc2_ptr
+#define des_decrypt3 des_decrypt3_u4_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc1_ptr
+#define des_encrypt2 des_encrypt2_u16_risc1_ptr
+#define des_encrypt3 des_encrypt3_u16_risc1_ptr
+#define des_decrypt3 des_decrypt3_u16_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc2_ptr
+#define des_encrypt2 des_encrypt2_u16_risc2_ptr
+#define des_encrypt3 des_encrypt3_u16_risc2_ptr
+#define des_decrypt3 des_decrypt3_u16_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#endif
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+        
+#define time_it(func,name,index) \
+        print_name(name); \
+        Time_F(START); \
+        for (count=0,run=1; COND(cb); count++) \
+                { \
+                unsigned long d[2]; \
+                func(d,&(sch[0]),DES_ENCRYPT); \
+                } \
+        tm[index]=Time_F(STOP); \
+        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+        tm[index]=((double)COUNT(cb))/tm[index];
+#define print_it(name,index) \
+        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+                tm[index]*8,1.0e6/tm[index]);
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+        static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+        des_key_schedule sch,sch2,sch3;
+        double d,tm[16],max=0;
+        int rank[16];
+        char *str[16];
+        int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+        long ca,cb,cc,cd,ce;
+#endif
+        for (i=0; i<12; i++)
+                {
+                tm[i]=0.0;
+                rank[i]=0;
+                }
+#ifndef TIMES
+        fprintf(stderr,"To get the most acurate results, try to run this\n");
+        fprintf(stderr,"program when this computer is idle.\n");
+#endif
+        des_set_key((C_Block *)key,sch);
+        des_set_key((C_Block *)key2,sch2);
+        des_set_key((C_Block *)key3,sch3);
+#ifndef SIGALRM
+        fprintf(stderr,"First we calculate the approximate speed ...\n");
+        des_set_key((C_Block *)key,sch);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+        ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+#ifdef PART1
+        time_it(des_encrypt_u4_cisc_idx,  "des_encrypt_u4_cisc_idx  ", 0);
+        time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1);
+        time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2);
+        num+=3;
+#endif
+#ifdef PART2
+        time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3);
+        time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4);
+        time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5);
+        num+=3;
+#endif
+#ifdef PART3
+        time_it(des_encrypt_u4_cisc_ptr,  "des_encrypt_u4_cisc_ptr  ", 6);
+        time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7);
+        time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8);
+        num+=3;
+#endif
+#ifdef PART4
+        time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9);
+        time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10);
+        time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11);
+        num+=3;
+#endif
+#ifdef PART1
+        str[0]=" 4  c i";
+        print_it("des_encrypt_u4_cisc_idx  ",0);
+        max=tm[0];
+        max_idx=0;
+        str[1]="16  c i";
+        print_it("des_encrypt_u16_cisc_idx ",1);
+        if (max < tm[1]) { max=tm[1]; max_idx=1; }
+        str[2]=" 4 r1 i";
+        print_it("des_encrypt_u4_risc1_idx ",2);
+        if (max < tm[2]) { max=tm[2]; max_idx=2; }
+#endif
+#ifdef PART2
+        str[3]="16 r1 i";
+        print_it("des_encrypt_u16_risc1_idx",3);
+        if (max < tm[3]) { max=tm[3]; max_idx=3; }
+        str[4]=" 4 r2 i";
+        print_it("des_encrypt_u4_risc2_idx ",4);
+        if (max < tm[4]) { max=tm[4]; max_idx=4; }
+        str[5]="16 r2 i";
+        print_it("des_encrypt_u16_risc2_idx",5);
+        if (max < tm[5]) { max=tm[5]; max_idx=5; }
+#endif
+#ifdef PART3
+        str[6]=" 4  c p";
+        print_it("des_encrypt_u4_cisc_ptr  ",6);
+        if (max < tm[6]) { max=tm[6]; max_idx=6; }
+        str[7]="16  c p";
+        print_it("des_encrypt_u16_cisc_ptr ",7);
+        if (max < tm[7]) { max=tm[7]; max_idx=7; }
+        str[8]=" 4 r1 p";
+        print_it("des_encrypt_u4_risc1_ptr ",8);
+        if (max < tm[8]) { max=tm[8]; max_idx=8; }
+#endif
+#ifdef PART4
+        str[9]="16 r1 p";
+        print_it("des_encrypt_u16_risc1_ptr",9);
+        if (max < tm[9]) { max=tm[9]; max_idx=9; }
+        str[10]=" 4 r2 p";
+        print_it("des_encrypt_u4_risc2_ptr ",10);
+        if (max < tm[10]) { max=tm[10]; max_idx=10; }
+        str[11]="16 r2 p";
+        print_it("des_encrypt_u16_risc2_ptr",11);
+        if (max < tm[11]) { max=tm[11]; max_idx=11; }
+#endif
+        printf("options    des ecb/s\n");
+        printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+        d=tm[max_idx];
+        tm[max_idx]= -2.0;
+        max= -1.0;
+        for (;;)
+                {
+                for (i=0; i<12; i++)
+                        {
+                        if (max < tm[i]) { max=tm[i]; j=i; }
+                        }
+                if (max < 0.0) break;
+                printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+                tm[j]= -2.0;
+                max= -1.0;
+                }
+        switch (max_idx)
+                {
+        case 0:
+                printf("-DDES_DEFAULT_OPTIONS\n");
+                break;
+        case 1:
+                printf("-DDES_UNROLL\n");
+                break;
+        case 2:
+                printf("-DDES_RISC1\n");
+                break;
+        case 3:
+                printf("-DDES_UNROLL -DDES_RISC1\n");
+                break;
+        case 4:
+                printf("-DDES_RISC2\n");
+                break;
+        case 5:
+                printf("-DDES_UNROLL -DDES_RISC2\n");
+                break;
+        case 6:
+                printf("-DDES_PTR\n");
+                break;
+        case 7:
+                printf("-DDES_UNROLL -DDES_PTR\n");
+                break;
+        case 8:
+                printf("-DDES_RISC1 -DDES_PTR\n");
+                break;
+        case 9:
+                printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n");
+                break;
+        case 10:
+                printf("-DDES_RISC2 -DDES_PTR\n");
+                break;
+        case 11:
+                printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n");
+                break;
+                }
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/des/des_ver.h b/src/lib/libssl/src/crypto/des/des_ver.h
new file mode 100644
index 0000000000..7041a9271d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/des_ver.h
@@ -0,0 +1,60 @@
+/* crypto/des/des_ver.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+extern char *DES_version;       /* SSLeay version string */
+extern char *libdes_version;    /* old libdes version string */
diff --git a/src/lib/libssl/src/crypto/des/dess.cpp b/src/lib/libssl/src/crypto/des/dess.cpp
new file mode 100644
index 0000000000..7fb5987314
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/dess.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "des.h"
+void main(int argc,char *argv[])
+        {
+        des_key_schedule key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        des_encrypt(&data[0],key,1);
+                        GetTSC(s1);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        GetTSC(e2);
+                        des_encrypt(&data[0],key,1);
+                        }
+                printf("des %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/des/destest.c b/src/lib/libssl/src/crypto/des/destest.c
new file mode 100644
index 0000000000..620c13ba6f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/destest.c
@@ -0,0 +1,882 @@
+/* crypto/des/destest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#if defined(WIN32) || defined(WIN16) || defined(WINDOWS)
+#ifndef MSDOS
+#define MSDOS
+#endif
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+#endif
+#include <string.h>
+#include "des.h"
+/* tisk tisk - the test keys don't all have odd parity :-( */
+/* test data */
+#define NUM_TESTS 34
+static unsigned char key_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+        {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+        {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+        {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+        {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+        {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+        {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+        {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+        {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+        {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+        {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+        {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+        {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+        {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+        {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+        {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+        {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+        {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+        {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+        {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+        {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+        {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+        {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+static unsigned char plain_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+        {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+        {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+        {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+        {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+        {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+        {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+        {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+        {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+        {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+        {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+        {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+        {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+        {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+        {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+        {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+        {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+        {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+        {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+static unsigned char cipher_data[NUM_TESTS][8]={
+        {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+        {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
+        {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
+        {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
+        {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
+        {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
+        {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+        {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
+        {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
+        {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
+        {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
+        {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
+        {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
+        {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
+        {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
+        {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
+        {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
+        {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
+        {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
+        {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
+        {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
+        {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
+        {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
+        {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
+        {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
+        {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
+        {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
+        {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
+        {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
+        {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
+        {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
+        {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
+        {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
+        {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
+static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
+        {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
+        {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
+        {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
+        {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
+        {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
+        {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
+        {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
+        {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
+        {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
+        {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
+        {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
+        {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
+        {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
+        {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
+        {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
+        {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
+        {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
+        {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
+        {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
+        {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
+        {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
+        {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
+        {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
+        {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
+        {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
+        {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
+        {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
+        {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
+        {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
+        {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
+        {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
+        {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
+        {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
+static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static unsigned char cbc_iv  [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+/* Changed the following text constant to binary so it will work on ebcdic
+ * machines :-) */
+/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
+static char cbc_data[40]={
+        0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
+        0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
+        0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        };
+static unsigned char cbc_ok[32]={
+        0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+        0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
+        0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
+        0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+static unsigned char xcbc_ok[32]={
+        0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
+        0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
+        0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
+        0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
+        };
+static unsigned char cbc3_ok[32]={
+        0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
+        0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
+        0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
+        0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
+static unsigned char pcbc_ok[32]={
+        0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+        0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
+        0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
+        0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
+static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+static unsigned char plain[24]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher8[24]= {
+        0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
+        0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
+static unsigned char cfb_cipher16[24]={
+        0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
+        0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
+static unsigned char cfb_cipher32[24]={
+        0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
+        0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
+static unsigned char cfb_cipher48[24]={
+        0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
+        0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
+static unsigned char cfb_cipher64[24]={
+        0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
+        0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
+static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
+static unsigned char ofb_cipher[24]=
+        {
+        0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
+        0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
+        0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
+        };
+DES_LONG cbc_cksum_ret=0xB462FEF7L;
+unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+#ifndef NOPROTO
+static char *pt(unsigned char *p);
+static int cfb_test(int bits, unsigned char *cfb_cipher);
+static int cfb64_test(unsigned char *cfb_cipher);
+static int ede_cfb64_test(unsigned char *cfb_cipher);
+#else
+static char *pt();
+static int cfb_test();
+static int cfb64_test();
+static int ede_cfb64_test();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,j,err=0;
+        des_cblock in,out,outin,iv3;
+        des_key_schedule ks,ks2,ks3;
+        unsigned char cbc_in[40];
+        unsigned char cbc_out[40];
+        DES_LONG cs;
+        unsigned char qret[4][4],cret[8];
+        DES_LONG lqret[4];
+        int num;
+        char *str;
+        printf("Doing ecb\n");
+        for (i=0; i<NUM_TESTS; i++)
+                {
+                if ((j=des_key_sched((C_Block *)(key_data[i]),ks)) != 0)
+                        {
+                        printf("Key error %2d:%d\n",i+1,j);
+                        err=1;
+                        }
+                memcpy(in,plain_data[i],8);
+                memset(out,0,8);
+                memset(outin,0,8);
+                des_ecb_encrypt((C_Block *)in,(C_Block *)out,ks,DES_ENCRYPT);
+                des_ecb_encrypt((C_Block *)out,(C_Block *)outin,ks,DES_DECRYPT);
+                if (memcmp(out,cipher_data[i],8) != 0)
+                        {
+                        printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
+                                pt(out));
+                        err=1;
+                        }
+                if (memcmp(in,outin,8) != 0)
+                        {
+                        printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
+                        err=1;
+                        }
+                }
+#ifndef LIBDES_LIT
+        printf("Doing ede ecb\n");
+        for (i=0; i<(NUM_TESTS-1); i++)
+                {
+                if ((j=des_key_sched((C_Block *)(key_data[i]),ks)) != 0)
+                        {
+                        err=1;
+                        printf("Key error %2d:%d\n",i+1,j);
+                        }
+                if ((j=des_key_sched((C_Block *)(key_data[i+1]),ks2)) != 0)
+                        {
+                        printf("Key error %2d:%d\n",i+2,j);
+                        err=1;
+                        }
+                if ((j=des_key_sched((C_Block *)(key_data[i+2]),ks3)) != 0)
+                        {
+                        printf("Key error %2d:%d\n",i+3,j);
+                        err=1;
+                        }
+                memcpy(in,plain_data[i],8);
+                memset(out,0,8);
+                memset(outin,0,8);
+                des_ecb2_encrypt((C_Block *)in,(C_Block *)out,ks,ks2,
+                        DES_ENCRYPT);
+                des_ecb2_encrypt((C_Block *)out,(C_Block *)outin,ks,ks2,
+                        DES_DECRYPT);
+                if (memcmp(out,cipher_ecb2[i],8) != 0)
+                        {
+                        printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
+                                pt(out));
+                        err=1;
+                        }
+                if (memcmp(in,outin,8) != 0)
+                        {
+                        printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
+                        err=1;
+                        }
+                }
+#endif
+        printf("Doing cbc\n");
+        if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ncbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
+                (long)strlen((char *)cbc_data)+1,ks,
+                (C_Block *)iv3,DES_ENCRYPT);
+        if (memcmp(cbc_out,cbc_ok,32) != 0)
+                printf("cbc_encrypt encrypt error\n");
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
+                (long)strlen((char *)cbc_data)+1,ks,
+                (C_Block *)iv3,DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
+                {
+                printf("cbc_encrypt decrypt error\n");
+                err=1;
+                }
+#ifndef LIBDES_LIT
+        printf("Doing desx cbc\n");
+        if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_xcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
+                (long)strlen((char *)cbc_data)+1,ks,
+                (C_Block *)iv3,
+                (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_ENCRYPT);
+        if (memcmp(cbc_out,xcbc_ok,32) != 0)
+                {
+                printf("des_xcbc_encrypt encrypt error\n");
+                }
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_xcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
+                (long)strlen((char *)cbc_data)+1,ks,
+                (C_Block *)iv3,
+                (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+                {
+                printf("des_xcbc_encrypt decrypt error\n");
+                err=1;
+                }
+#endif
+        printf("Doing ede cbc\n");
+        if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        if ((j=des_key_sched((C_Block *)cbc2_key,ks2)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        if ((j=des_key_sched((C_Block *)cbc3_key,ks3)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        i=strlen((char *)cbc_data)+1;
+        /* i=((i+7)/8)*8; */
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ede3_cbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
+                16L,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT);
+        des_ede3_cbc_encrypt((C_Block *)&(cbc_data[16]),
+                (C_Block *)&(cbc_out[16]),
+                (long)i-16,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT);
+        if (memcmp(cbc_out,cbc3_ok,
+                (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+                {
+                printf("des_ede3_cbc_encrypt encrypt error\n");
+                err=1;
+                }
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ede3_cbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
+                (long)i,ks,ks2,ks3,(C_Block *)iv3,DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+                {
+                printf("des_ede3_cbc_encrypt decrypt error\n");
+                err=1;
+                }
+#ifndef LIBDES_LIT
+        printf("Doing pcbc\n");
+        if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        des_pcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
+                (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_ENCRYPT);
+        if (memcmp(cbc_out,pcbc_ok,32) != 0)
+                {
+                printf("pcbc_encrypt encrypt error\n");
+                err=1;
+                }
+        des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
+                (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+                {
+                printf("pcbc_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("Doing ");
+        printf("cfb8 ");
+        err+=cfb_test(8,cfb_cipher8);
+        printf("cfb16 ");
+        err+=cfb_test(16,cfb_cipher16);
+        printf("cfb32 ");
+        err+=cfb_test(32,cfb_cipher32);
+        printf("cfb48 ");
+        err+=cfb_test(48,cfb_cipher48);
+        printf("cfb64 ");
+        err+=cfb_test(64,cfb_cipher64);
+        printf("cfb64() ");
+        err+=cfb64_test(cfb_cipher64);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        for (i=0; i<sizeof(plain); i++)
+                des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
+                        8,(long)1,ks,(C_Block *)cfb_tmp,DES_ENCRYPT);
+        if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
+                {
+                printf("cfb_encrypt small encrypt error\n");
+                err=1;
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        for (i=0; i<sizeof(plain); i++)
+                des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
+                        8,(long)1,ks,(C_Block *)cfb_tmp,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                printf("cfb_encrypt small decrypt error\n");
+                err=1;
+                }
+        printf("ede_cfb64() ");
+        err+=ede_cfb64_test(cfb_cipher64);
+        printf("done\n");
+        printf("Doing ofb\n");
+        des_key_sched((C_Block *)ofb_key,ks);
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        des_ofb_encrypt(plain,ofb_buf1,64,(long)sizeof(plain)/8,ks,
+                (C_Block *)ofb_tmp);
+        if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+                {
+                printf("ofb_encrypt encrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
+ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
+ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
+                err=1;
+                }
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        des_ofb_encrypt(ofb_buf1,ofb_buf2,64,(long)sizeof(ofb_buf1)/8,ks,
+                (C_Block *)ofb_tmp);
+        if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+                {
+                printf("ofb_encrypt decrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
+ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+plain[8+0], plain[8+1], plain[8+2], plain[8+3],
+plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
+                err=1;
+                }
+        printf("Doing ofb64\n");
+        des_key_sched((C_Block *)ofb_key,ks);
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        memset(ofb_buf1,0,sizeof(ofb_buf1));
+        memset(ofb_buf2,0,sizeof(ofb_buf1));
+        num=0;
+        for (i=0; i<sizeof(plain); i++)
+                {
+                des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,
+                        (C_Block *)ofb_tmp,&num);
+                }
+        if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+                {
+                printf("ofb64_encrypt encrypt error\n");
+                err=1;
+                }
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        num=0;
+        des_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
+                (C_Block *)ofb_tmp,&num);
+        if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+                {
+                printf("ofb64_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("Doing ede_ofb64\n");
+        des_key_sched((C_Block *)ofb_key,ks);
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        memset(ofb_buf1,0,sizeof(ofb_buf1));
+        memset(ofb_buf2,0,sizeof(ofb_buf1));
+        num=0;
+        for (i=0; i<sizeof(plain); i++)
+                {
+                des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks,
+                        (C_Block *)ofb_tmp,&num);
+                }
+        if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+                {
+                printf("ede_ofb64_encrypt encrypt error\n");
+                err=1;
+                }
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        num=0;
+        des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
+                ks,ks,(C_Block *)ofb_tmp,&num);
+        if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+                {
+                printf("ede_ofb64_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("Doing cbc_cksum\n");
+        des_key_sched((C_Block *)cbc_key,ks);
+        cs=des_cbc_cksum((C_Block *)cbc_data,(C_Block *)cret,
+                (long)strlen(cbc_data),ks,(C_Block *)cbc_iv);
+        if (cs != cbc_cksum_ret)
+                {
+                printf("bad return value (%08lX), should be %08lX\n",
+                        (unsigned long)cs,(unsigned long)cbc_cksum_ret);
+                err=1;
+                }
+        if (memcmp(cret,cbc_cksum_data,8) != 0)
+                {
+                printf("bad cbc_cksum block returned\n");
+                err=1;
+                }
+        printf("Doing quad_cksum\n");
+        cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret,
+                (long)strlen(cbc_data),2,(C_Block *)cbc_iv);
+        j=sizeof(lqret[0])-4;
+        for (i=0; i<4; i++)
+                {
+                lqret[i]=0;
+                memcpy(&(lqret[i]),&(qret[i][0]),4);
+                if (j > 0) lqret[i]=lqret[i]>>(j*8); /* For Cray */
+                }
+        { /* Big-endian fix */
+        static DES_LONG l=1;
+        static unsigned char *c=(unsigned char *)&l;
+        DES_LONG ll;
+        if (!c[0])
+                {
+                ll=lqret[0]^lqret[3];
+                lqret[0]^=ll;
+                lqret[3]^=ll;
+                ll=lqret[1]^lqret[2];
+                lqret[1]^=ll;
+                lqret[2]^=ll;
+                }
+        }
+        if (cs != 0x70d7a63aL)
+                {
+                printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
+                        (unsigned long)cs);
+                err=1;
+                }
+        if (lqret[0] != 0x327eba8dL)
+                {
+                printf("quad_cksum error, out[0] %08lx is not %08lx\n",
+                        (unsigned long)lqret[0],0x327eba8dL);
+                err=1;
+                }
+        if (lqret[1] != 0x201a49ccL)
+                {
+                printf("quad_cksum error, out[1] %08lx is not %08lx\n",
+                        (unsigned long)lqret[1],0x201a49ccL);
+                err=1;
+                }
+        if (lqret[2] != 0x70d7a63aL)
+                {
+                printf("quad_cksum error, out[2] %08lx is not %08lx\n",
+                        (unsigned long)lqret[2],0x70d7a63aL);
+                err=1;
+                }
+        if (lqret[3] != 0x501c2c26L)
+                {
+                printf("quad_cksum error, out[3] %08lx is not %08lx\n",
+                        (unsigned long)lqret[3],0x501c2c26L);
+                err=1;
+                }
+#endif
+        printf("input word alignment test");
+        for (i=0; i<4; i++)
+                {
+                printf(" %d",i);
+                des_ncbc_encrypt((C_Block *)&(cbc_out[i]),(C_Block *)cbc_in,
+                        (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
+                        DES_ENCRYPT);
+                }
+        printf("\noutput word alignment test");
+        for (i=0; i<4; i++)
+                {
+                printf(" %d",i);
+                des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)&(cbc_in[i]),
+                        (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
+                        DES_ENCRYPT);
+                }
+        printf("\n");
+        printf("fast crypt test ");
+        str=crypt("testing","ef");
+        if (strcmp("efGnQx2725bI2",str) != 0)
+                {
+                printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
+                err=1;
+                }
+        str=crypt("bca76;23","yA");
+        if (strcmp("yA1Rp/1hZXIJk",str) != 0)
+                {
+                printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
+                err=1;
+                }
+        printf("\n");
+        exit(err);
+        return(0);
+        }
+static char *pt(p)
+unsigned char *p;
+        {
+        static char bufs[10][20];
+        static int bnum=0;
+        char *ret;
+        int i;
+        static char *f="0123456789ABCDEF";
+        ret= &(bufs[bnum++][0]);
+        bnum%=10;
+        for (i=0; i<8; i++)
+                {
+                ret[i*2]=f[(p[i]>>4)&0xf];
+                ret[i*2+1]=f[p[i]&0xf];
+                }
+        ret[16]='\0';
+        return(ret);
+        }
+#ifndef LIBDES_LIT
+static int cfb_test(bits, cfb_cipher)
+int bits;
+unsigned char *cfb_cipher;
+        {
+        des_key_schedule ks;
+        int i,err=0;
+        des_key_sched((C_Block *)cfb_key,ks);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        des_cfb_encrypt(plain,cfb_buf1,bits,(long)sizeof(plain),ks,
+                (C_Block *)cfb_tmp,DES_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt encrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,(long)sizeof(plain),ks,
+                (C_Block *)cfb_tmp,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        return(err);
+        }
+static int cfb64_test(cfb_cipher)
+unsigned char *cfb_cipher;
+        {
+        des_key_schedule ks;
+        int err=0,i,n;
+        des_key_sched((C_Block *)cfb_key,ks);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,
+                (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+        des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)sizeof(plain)-12,ks,
+                (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt encrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,
+                (C_Block *)cfb_tmp,&n,DES_DECRYPT);
+        des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                (long)sizeof(plain)-17,ks,
+                (C_Block *)cfb_tmp,&n,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+static int ede_cfb64_test(cfb_cipher)
+unsigned char *cfb_cipher;
+        {
+        des_key_schedule ks;
+        int err=0,i,n;
+        des_key_sched((C_Block *)cfb_key,ks);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_ede3_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,ks,ks,
+                (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+        des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)sizeof(plain)-12,ks,ks,ks,
+                (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("ede_cfb_encrypt encrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
+                (C_Block *)cfb_tmp,&n,DES_DECRYPT);
+        des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                (long)sizeof(plain)-17,ks,ks,ks,
+                (C_Block *)cfb_tmp,&n,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("ede_cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/des/ecb3_enc.c b/src/lib/libssl/src/crypto/des/ecb3_enc.c
new file mode 100644
index 0000000000..140f6b5285
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/ecb3_enc.c
@@ -0,0 +1,87 @@
+/* crypto/des/ecb3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+void des_ecb3_encrypt(input, output, ks1, ks2, ks3, enc)
+des_cblock (*input);
+des_cblock (*output);
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_key_schedule ks3;
+int enc;
+        {
+        register DES_LONG l0,l1;
+        register unsigned char *in,*out;
+        DES_LONG ll[2];
+        in=(unsigned char *)input;
+        out=(unsigned char *)output;
+        c2l(in,l0);
+        c2l(in,l1);
+        ll[0]=l0;
+        ll[1]=l1;
+        if (enc)
+                des_encrypt3(ll,ks1,ks2,ks3);
+        else
+                des_decrypt3(ll,ks1,ks2,ks3);
+        l0=ll[0];
+        l1=ll[1];
+        l2c(l0,out);
+        l2c(l1,out);
+        }
diff --git a/src/lib/libssl/src/crypto/des/ecb_enc.c b/src/lib/libssl/src/crypto/des/ecb_enc.c
new file mode 100644
index 0000000000..acf23fdd00
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/ecb_enc.c
@@ -0,0 +1,124 @@
+/* crypto/des/ecb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+#include "spr.h"
+char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay";
+char *DES_version="DES part of SSLeay 0.9.0b 29-Jun-1998";
+char *des_options()
+        {
+        static int init=1;
+        static char buf[32];
+        if (init)
+                {
+                char *ptr,*unroll,*risc,*size;
+                init=0;
+#ifdef DES_PTR
+                ptr="ptr";
+#else
+                ptr="idx";
+#endif
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+                risc="risc1";
+#endif
+#ifdef DES_RISC2
+                risc="risc2";
+#endif
+#else
+                risc="cisc";
+#endif
+#ifdef DES_UNROLL
+                unroll="16";
+#else
+                unroll="4";
+#endif
+                if (sizeof(DES_LONG) != sizeof(long))
+                        size="int";
+                else
+                        size="long";
+                sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size);
+                }
+        return(buf);
+        }
+                
+void des_ecb_encrypt(input, output, ks, enc)
+des_cblock (*input);
+des_cblock (*output);
+des_key_schedule ks;
+int enc;
+        {
+        register DES_LONG l;
+        register unsigned char *in,*out;
+        DES_LONG ll[2];
+        in=(unsigned char *)input;
+        out=(unsigned char *)output;
+        c2l(in,l); ll[0]=l;
+        c2l(in,l); ll[1]=l;
+        des_encrypt(ll,ks,enc);
+        l=ll[0]; l2c(l,out);
+        l=ll[1]; l2c(l,out);
+        l=ll[0]=ll[1]=0;
+        }
diff --git a/src/lib/libssl/src/crypto/des/enc_read.c b/src/lib/libssl/src/crypto/des/enc_read.c
new file mode 100644
index 0000000000..e08a904d75
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/enc_read.c
@@ -0,0 +1,218 @@
+/* crypto/des/enc_read.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#include "des_locl.h"
+/* This has some uglies in it but it works - even over sockets. */
+/*extern int errno;*/
+int des_rw_mode=DES_PCBC_MODE;
+int des_enc_read(fd, buf, len, sched, iv)
+int fd;
+char *buf;
+int len;
+des_key_schedule sched;
+des_cblock (*iv);
+        {
+        /* data to be unencrypted */
+        int net_num=0;
+        static unsigned char *net=NULL;
+        /* extra unencrypted data 
+         * for when a block of 100 comes in but is des_read one byte at
+         * a time. */
+        static char *unnet=NULL;
+        static int unnet_start=0;
+        static int unnet_left=0;
+        static char *tmpbuf=NULL;
+        int i;
+        long num=0,rnum;
+        unsigned char *p;
+        if (tmpbuf == NULL)
+                {
+                tmpbuf=(char *)malloc(BSIZE);
+                if (tmpbuf == NULL) return(-1);
+                }
+        if (net == NULL)
+                {
+                net=(unsigned char *)malloc(BSIZE);
+                if (net == NULL) return(-1);
+                }
+        if (unnet == NULL)
+                {
+                unnet=(char *)malloc(BSIZE);
+                if (unnet == NULL) return(-1);
+                }
+        /* left over data from last decrypt */
+        if (unnet_left != 0)
+                {
+                if (unnet_left < len)
+                        {
+                        /* we still still need more data but will return
+                         * with the number of bytes we have - should always
+                         * check the return value */
+                        memcpy(buf,&(unnet[unnet_start]),
+                                (unsigned int)unnet_left);
+                        /* eay 26/08/92 I had the next 2 lines
+                         * reversed :-( */
+                        i=unnet_left;
+                        unnet_start=unnet_left=0;
+                        }
+                else
+                        {
+                        memcpy(buf,&(unnet[unnet_start]),(unsigned int)len);
+                        unnet_start+=len;
+                        unnet_left-=len;
+                        i=len;
+                        }
+                return(i);
+                }
+        /* We need to get more data. */
+        if (len > MAXWRITE) len=MAXWRITE;
+        /* first - get the length */
+        while (net_num < HDRSIZE) 
+                {
+                i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num);
+#ifdef EINTR
+                if ((i == -1) && (errno == EINTR)) continue;
+#endif
+                if (i <= 0) return(0);
+                net_num+=i;
+                }
+        /* we now have at net_num bytes in net */
+        p=net;
+        /* num=0;  */
+        n2l(p,num);
+        /* num should be rounded up to the next group of eight
+         * we make sure that we have read a multiple of 8 bytes from the net.
+         */
+        if ((num > MAXWRITE) || (num < 0)) /* error */
+                return(-1);
+        rnum=(num < 8)?8:((num+7)/8*8);
+        net_num=0;
+        while (net_num < rnum)
+                {
+                i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num);
+#ifdef EINTR
+                if ((i == -1) && (errno == EINTR)) continue;
+#endif
+                if (i <= 0) return(0);
+                net_num+=i;
+                }
+        /* Check if there will be data left over. */
+        if (len < num)
+                {
+                if (des_rw_mode & DES_PCBC_MODE)
+                        des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
+                                num,sched,iv,DES_DECRYPT);
+                else
+                        des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
+                                num,sched,iv,DES_DECRYPT);
+                memcpy(buf,unnet,(unsigned int)len);
+                unnet_start=len;
+                unnet_left=(int)num-len;
+                /* The following line is done because we return num
+                 * as the number of bytes read. */
+                num=len;
+                }
+        else
+                {
+                /* >output is a multiple of 8 byes, if len < rnum
+                 * >we must be careful.  The user must be aware that this
+                 * >routine will write more bytes than he asked for.
+                 * >The length of the buffer must be correct.
+                 * FIXED - Should be ok now 18-9-90 - eay */
+                if (len < rnum)
+                        {
+                        if (des_rw_mode & DES_PCBC_MODE)
+                                des_pcbc_encrypt((des_cblock *)net,
+                                        (des_cblock *)tmpbuf,
+                                        num,sched,iv,DES_DECRYPT);
+                        else
+                                des_cbc_encrypt((des_cblock *)net,
+                                        (des_cblock *)tmpbuf,
+                                        num,sched,iv,DES_DECRYPT);
+                        /* eay 26/08/92 fix a bug that returned more
+                         * bytes than you asked for (returned len bytes :-( */
+                        memcpy(buf,tmpbuf,(unsigned int)num);
+                        }
+                else
+                        {
+                        if (des_rw_mode & DES_PCBC_MODE)
+                                des_pcbc_encrypt((des_cblock *)net,
+                                        (des_cblock *)buf,num,sched,iv,
+                                        DES_DECRYPT);
+                        else
+                                des_cbc_encrypt((des_cblock *)net,
+                                        (des_cblock *)buf,num,sched,iv,
+                                        DES_DECRYPT);
+                        }
+                }
+        return((int)num);
+        }
diff --git a/src/lib/libssl/src/crypto/des/enc_writ.c b/src/lib/libssl/src/crypto/des/enc_writ.c
new file mode 100644
index 0000000000..29a7330fb0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/enc_writ.c
@@ -0,0 +1,160 @@
+/* crypto/des/enc_writ.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <errno.h>
+#include <time.h>
+#include "des_locl.h"
+int des_enc_write(fd, buf, len, sched, iv)
+int fd;
+char *buf;
+int len;
+des_key_schedule sched;
+des_cblock (*iv);
+        {
+#ifdef _LIBC
+        extern int srandom();
+        extern unsigned long time();
+        extern int random();
+        extern int write();
+#endif
+        long rnum;
+        int i,j,k,outnum;
+        static char *outbuf=NULL;
+        char shortbuf[8];
+        char *p;
+        static int start=1;
+        if (outbuf == NULL)
+                {
+                outbuf=(char *)malloc(BSIZE+HDRSIZE);
+                if (outbuf == NULL) return(-1);
+                }
+        /* If we are sending less than 8 bytes, the same char will look
+         * the same if we don't pad it out with random bytes */
+        if (start)
+                {
+                start=0;
+                srandom((unsigned int)time(NULL));
+                }
+        /* lets recurse if we want to send the data in small chunks */
+        if (len > MAXWRITE)
+                {
+                j=0;
+                for (i=0; i<len; i+=k)
+                        {
+                        k=des_enc_write(fd,&(buf[i]),
+                                ((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);
+                        if (k < 0)
+                                return(k);
+                        else
+                                j+=k;
+                        }
+                return(j);
+                }
+        /* write length first */
+        p=outbuf;
+        l2n(len,p);
+        /* pad short strings */
+        if (len < 8)
+                {
+                p=shortbuf;
+                memcpy(shortbuf,buf,(unsigned int)len);
+                for (i=len; i<8; i++)
+                        shortbuf[i]=random();
+                rnum=8;
+                }
+        else
+                {
+                p=buf;
+                rnum=((len+7)/8*8); /* round up to nearest eight */
+                }
+        if (des_rw_mode & DES_PCBC_MODE)
+                des_pcbc_encrypt((des_cblock *)p,
+                        (des_cblock *)&(outbuf[HDRSIZE]),
+                        (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); 
+        else
+                des_cbc_encrypt((des_cblock *)p,
+                        (des_cblock *)&(outbuf[HDRSIZE]),
+                        (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); 
+        /* output */
+        outnum=(int)rnum+HDRSIZE;
+        for (j=0; j<outnum; j+=i)
+                {
+                /* eay 26/08/92 I was not doing writing from where we
+                 * got upto. */
+                i=write(fd,&(outbuf[j]),(unsigned int)(outnum-j));
+                if (i == -1)
+                        {
+                        if (errno == EINTR)
+                                i=0;
+                        else    /* This is really a bad error - very bad
+                                 * It will stuff-up both ends. */
+                                return(-1);
+                        }
+                }
+        return(len);
+        }
diff --git a/src/lib/libssl/src/crypto/des/fcrypt.c b/src/lib/libssl/src/crypto/des/fcrypt.c
new file mode 100644
index 0000000000..129beb27da
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/fcrypt.c
@@ -0,0 +1,153 @@
+/* NOCW */
+#include <stdio.h>
+/* This version of crypt has been developed from my MIT compatable
+ * DES library.
+ * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
+ * Eric Young (eay@cryptsoft.com)
+ */
+/* Modification by Jens Kupferschmidt (Cu)
+ * I have included directive PARA for shared memory computers.
+ * I have included a directive LONGCRYPT to using this routine to cipher
+ * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
+ * definition is the maximum of lenght of password and can changed. I have
+ * defined 24.
+ */
+#include "des_locl.h"
+/* Added more values to handle illegal salt values the way normal
+ * crypt() implementations do.  The patch was sent by 
+ * Bjorn Gronvall <bg@sics.se>
+ */
+static unsigned const char con_salt[128]={
+0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9,
+0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1,
+0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9,
+0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1,
+0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9,
+0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01,
+0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
+0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,
+0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,
+0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
+0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,
+0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,
+0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,
+0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,
+0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,
+0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44,
+};
+static unsigned const char cov_2char[64]={
+0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
+0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
+0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
+0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
+0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
+0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
+0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
+0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
+};
+#ifndef NOPROTO
+void fcrypt_body(DES_LONG *out,des_key_schedule ks,
+        DES_LONG Eswap0, DES_LONG Eswap1);
+#if defined(PERL5) || defined(FreeBSD)
+char *des_crypt(const char *buf,const char *salt);
+#else
+char *crypt(const char *buf,const char *salt);
+#endif
+#else
+void fcrypt_body();
+#ifdef PERL5
+char *des_crypt();
+#else
+char *crypt();
+#endif
+#endif
+#if defined(PERL5) || defined(FreeBSD)
+char *des_crypt(buf,salt)
+#else
+char *crypt(buf,salt)
+#endif
+const char *buf;
+const char *salt;
+        {
+        static char buff[14];
+        return(des_fcrypt(buf,salt,buff));
+        }
+char *des_fcrypt(buf,salt,ret)
+const char *buf;
+const char *salt;
+char *ret;
+        {
+        unsigned int i,j,x,y;
+        DES_LONG Eswap0,Eswap1;
+        DES_LONG out[2],ll;
+        des_cblock key;
+        des_key_schedule ks;
+        unsigned char bb[9];
+        unsigned char *b=bb;
+        unsigned char c,u;
+        /* eay 25/08/92
+         * If you call crypt("pwd","*") as often happens when you
+         * have * as the pwd field in /etc/passwd, the function
+         * returns *\0XXXXXXXXX
+         * The \0 makes the string look like * so the pwd "*" would
+         * crypt to "*".  This was found when replacing the crypt in
+         * our shared libraries.  People found that the disbled
+         * accounts effectivly had no passwd :-(. */
+        x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
+        Eswap0=con_salt[x]<<2;
+        x=ret[1]=((salt[1] == '\0')?'A':salt[1]);
+        Eswap1=con_salt[x]<<6;
+/* EAY
+r=strlen(buf);
+r=(r+7)/8;
+*/
+        for (i=0; i<8; i++)
+                {
+                c= *(buf++);
+                if (!c) break;
+                key[i]=(c<<1);
+                }
+        for (; i<8; i++)
+                key[i]=0;
+        des_set_key((des_cblock *)(key),ks);
+        fcrypt_body(&(out[0]),ks,Eswap0,Eswap1);
+        ll=out[0]; l2c(ll,b);
+        ll=out[1]; l2c(ll,b);
+        y=0;
+        u=0x80;
+        bb[8]=0;
+        for (i=2; i<13; i++)
+                {
+                c=0;
+                for (j=0; j<6; j++)
+                        {
+                        c<<=1;
+                        if (bb[y] & u) c|=1;
+                        u>>=1;
+                        if (!u)
+                                {
+                                y++;
+                                u=0x80;
+                                }
+                        }
+                ret[i]=cov_2char[c];
+                }
+        ret[13]='\0';
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/des/fcrypt_b.c b/src/lib/libssl/src/crypto/des/fcrypt_b.c
new file mode 100644
index 0000000000..1544634bc1
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/fcrypt_b.c
@@ -0,0 +1,148 @@
+/* crypto/des/fcrypt_b.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+/* This version of crypt has been developed from my MIT compatable
+ * DES library.
+ * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
+ * Eric Young (eay@cryptsoft.com)
+ */
+#define DES_FCRYPT
+#include "des_locl.h"
+#undef DES_FCRYPT
+#undef PERM_OP
+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+        (b)^=(t),\
+        (a)^=((t)<<(n)))
+#undef HPERM_OP
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+        (a)=(a)^(t)^(t>>(16-(n))))\
+void fcrypt_body(out, ks, Eswap0, Eswap1)
+DES_LONG *out;
+des_key_schedule ks;
+DES_LONG Eswap0;
+DES_LONG Eswap1;
+        {
+        register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+        register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+#endif
+        register DES_LONG *s;
+        register int j;
+        register DES_LONG E0,E1;
+        l=0;
+        r=0;
+        s=(DES_LONG *)ks;
+        E0=Eswap0;
+        E1=Eswap1;
+        for (j=0; j<25; j++)
+                {
+#ifdef DES_UNROLL
+                register int i;
+                for (i=0; i<32; i+=8)
+                        {
+                        D_ENCRYPT(l,r,i+0); /*  1 */
+                        D_ENCRYPT(r,l,i+2); /*  2 */
+                        D_ENCRYPT(l,r,i+4); /*  1 */
+                        D_ENCRYPT(r,l,i+6); /*  2 */
+                        }
+#else
+                D_ENCRYPT(l,r, 0); /*  1 */
+                D_ENCRYPT(r,l, 2); /*  2 */
+                D_ENCRYPT(l,r, 4); /*  3 */
+                D_ENCRYPT(r,l, 6); /*  4 */
+                D_ENCRYPT(l,r, 8); /*  5 */
+                D_ENCRYPT(r,l,10); /*  6 */
+                D_ENCRYPT(l,r,12); /*  7 */
+                D_ENCRYPT(r,l,14); /*  8 */
+                D_ENCRYPT(l,r,16); /*  9 */
+                D_ENCRYPT(r,l,18); /*  10 */
+                D_ENCRYPT(l,r,20); /*  11 */
+                D_ENCRYPT(r,l,22); /*  12 */
+                D_ENCRYPT(l,r,24); /*  13 */
+                D_ENCRYPT(r,l,26); /*  14 */
+                D_ENCRYPT(l,r,28); /*  15 */
+                D_ENCRYPT(r,l,30); /*  16 */
+#endif
+                t=l;
+                l=r;
+                r=t;
+                }
+        l=ROTATE(l,3)&0xffffffffL;
+        r=ROTATE(r,3)&0xffffffffL;
+        PERM_OP(l,r,t, 1,0x55555555L);
+        PERM_OP(r,l,t, 8,0x00ff00ffL);
+        PERM_OP(l,r,t, 2,0x33333333L);
+        PERM_OP(r,l,t,16,0x0000ffffL);
+        PERM_OP(l,r,t, 4,0x0f0f0f0fL);
+        out[0]=r;
+        out[1]=l;
+        }
diff --git a/src/lib/libssl/src/crypto/des/makefile.bc b/src/lib/libssl/src/crypto/des/makefile.bc
new file mode 100644
index 0000000000..1fe6d4915a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/makefile.bc
@@ -0,0 +1,50 @@
+#
+# Origional BC Makefile from Teun <Teun.Nijssen@kub.nl>
+#
+#
+CC      = bcc
+TLIB    = tlib /0 /C
+# note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s
+OPTIMIZE= -3 -O2
+#WINDOWS= -W
+CFLAGS  = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS
+LFLAGS  = -ml $(WINDOWS)
+.c.obj:
+        $(CC) $(CFLAGS) $*.c
+.obj.exe:
+        $(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib  
+all: $(LIB) destest.exe rpw.exe des.exe speed.exe
+# "make clean": use a directory containing only libdes .exe and .obj files...
+clean:
+        del *.exe
+        del *.obj
+        del libdes.lib
+        del libdes.rsp
+OBJS=   cbc_cksm.obj cbc_enc.obj  ecb_enc.obj  pcbc_enc.obj \
+        qud_cksm.obj rand_key.obj set_key.obj  str2key.obj \
+        enc_read.obj enc_writ.obj fcrypt.obj   cfb_enc.obj \
+        ecb3_enc.obj ofb_enc.obj  cbc3_enc.obj read_pwd.obj\
+        cfb64enc.obj ofb64enc.obj ede_enc.obj  cfb64ede.obj\
+        ofb64ede.obj supp.obj
+LIB=    libdes.lib
+$(LIB): $(OBJS)
+        del $(LIB)
+        makersp "+%s &\n" &&|
+        $(OBJS)
+|       >libdes.rsp
+        $(TLIB) libdes.lib @libdes.rsp,nul
+        del libdes.rsp
+destest.exe: destest.obj libdes.lib
+rpw.exe:     rpw.obj libdes.lib
+speed.exe:   speed.obj libdes.lib
+des.exe:     des.obj libdes.lib
diff --git a/src/lib/libssl/src/crypto/des/ncbc_enc.c b/src/lib/libssl/src/crypto/des/ncbc_enc.c
new file mode 100644
index 0000000000..1d1a368c22
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/ncbc_enc.c
@@ -0,0 +1,130 @@
+/* crypto/des/ncbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int enc;
+        {
+        register DES_LONG tin0,tin1;
+        register DES_LONG tout0,tout1,xor0,xor1;
+        register unsigned char *in,*out;
+        register long l=length;
+        DES_LONG tin[2];
+        unsigned char *iv;
+        in=(unsigned char *)input;
+        out=(unsigned char *)output;
+        iv=(unsigned char *)ivec;
+        if (enc)
+                {
+                c2l(iv,tout0);
+                c2l(iv,tout1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        tin0^=tout0; tin[0]=tin0;
+                        tin1^=tout1; tin[1]=tin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        c2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0; tin[0]=tin0;
+                        tin1^=tout1; tin[1]=tin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                iv=(unsigned char *)ivec;
+                l2c(tout0,iv);
+                l2c(tout1,iv);
+                }
+        else
+                {
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                iv=(unsigned char *)ivec;
+                l2c(xor0,iv);
+                l2c(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
diff --git a/src/lib/libssl/src/crypto/des/ofb64ede.c b/src/lib/libssl/src/crypto/des/ofb64ede.c
new file mode 100644
index 0000000000..4b1b0199f1
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/ofb64ede.c
@@ -0,0 +1,131 @@
+/* crypto/des/ofb64ede.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void des_ede3_ofb64_encrypt(in, out, length, k1,k2,k3, ivec, num)
+register unsigned char *in;
+register unsigned char *out;
+long length;
+des_key_schedule k1,k2,k3;
+des_cblock (*ivec);
+int *num;
+        {
+        register DES_LONG v0,v1;
+        register int n= *num;
+        register long l=length;
+        des_cblock d;
+        register char *dp;
+        DES_LONG ti[2];
+        unsigned char *iv;
+        int save=0;
+        iv=(unsigned char *)ivec;
+        c2l(iv,v0);
+        c2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        dp=(char *)d;
+        l2c(v0,dp);
+        l2c(v1,dp);
+        while (l--)
+                {
+                if (n == 0)
+                        {
+                        /* ti[0]=v0; */
+                        /* ti[1]=v1; */
+                        des_encrypt3((DES_LONG *)ti,k1,k2,k3);
+                        v0=ti[0];
+                        v1=ti[1];
+                        dp=(char *)d;
+                        l2c(v0,dp);
+                        l2c(v1,dp);
+                        save++;
+                        }
+                *(out++)= *(in++)^d[n];
+                n=(n+1)&0x07;
+                }
+        if (save)
+                {
+/*              v0=ti[0];
+                v1=ti[1];*/
+                iv=(unsigned char *)ivec;
+                l2c(v0,iv);
+                l2c(v1,iv);
+                }
+        v0=v1=ti[0]=ti[1]=0;
+        *num=n;
+        }
+#ifdef undef /* MACRO */
+void des_ede2_ofb64_encrypt(in, out, length, k1,k2, ivec, num)
+register unsigned char *in;
+register unsigned char *out;
+long length;
+des_key_schedule k1,k2;
+des_cblock (*ivec);
+int *num;
+        {
+        des_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/des/ofb64enc.c b/src/lib/libssl/src/crypto/des/ofb64enc.c
new file mode 100644
index 0000000000..ea7e612697
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/ofb64enc.c
@@ -0,0 +1,114 @@
+/* crypto/des/ofb64enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void des_ofb64_encrypt(in, out, length, schedule, ivec, num)
+register unsigned char *in;
+register unsigned char *out;
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int *num;
+        {
+        register DES_LONG v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        des_cblock d;
+        register char *dp;
+        DES_LONG ti[2];
+        unsigned char *iv;
+        int save=0;
+        iv=(unsigned char *)ivec;
+        c2l(iv,v0);
+        c2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        dp=(char *)d;
+        l2c(v0,dp);
+        l2c(v1,dp);
+        while (l--)
+                {
+                if (n == 0)
+                        {
+                        des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+                        dp=(char *)d;
+                        t=ti[0]; l2c(t,dp);
+                        t=ti[1]; l2c(t,dp);
+                        save++;
+                        }
+                *(out++)= *(in++)^d[n];
+                n=(n+1)&0x07;
+                }
+        if (save)
+                {
+                v0=ti[0];
+                v1=ti[1];
+                iv=(unsigned char *)ivec;
+                l2c(v0,iv);
+                l2c(v1,iv);
+                }
+        t=v0=v1=ti[0]=ti[1]=0;
+        *num=n;
+        }
diff --git a/src/lib/libssl/src/crypto/des/ofb_enc.c b/src/lib/libssl/src/crypto/des/ofb_enc.c
new file mode 100644
index 0000000000..4db0cdbd60
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/ofb_enc.c
@@ -0,0 +1,139 @@
+/* crypto/des/ofb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+/* The input and output are loaded in multiples of 8 bits.
+ * What this means is that if you hame numbits=12 and length=2
+ * the first 12 bits will be retrieved from the first byte and half
+ * the second.  The second 12 bits will come from the 3rd and half the 4th
+ * byte.
+ */
+void des_ofb_encrypt(in, out, numbits, length, schedule, ivec)
+unsigned char *in;
+unsigned char *out;
+int numbits;
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+        {
+        register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;
+        register DES_LONG mask0,mask1;
+        register long l=length;
+        register int num=numbits;
+        DES_LONG ti[2];
+        unsigned char *iv;
+        if (num > 64) return;
+        if (num > 32)
+                {
+                mask0=0xffffffffL;
+                if (num >= 64)
+                        mask1=mask0;
+                else
+                        mask1=(1L<<(num-32))-1;
+                }
+        else
+                {
+                if (num == 32)
+                        mask0=0xffffffffL;
+                else
+                        mask0=(1L<<num)-1;
+                mask1=0x00000000L;
+                }
+        iv=(unsigned char *)ivec;
+        c2l(iv,v0);
+        c2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        while (l-- > 0)
+                {
+                ti[0]=v0;
+                ti[1]=v1;
+                des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+                vv0=ti[0];
+                vv1=ti[1];
+                c2ln(in,d0,d1,n);
+                in+=n;
+                d0=(d0^vv0)&mask0;
+                d1=(d1^vv1)&mask1;
+                l2cn(d0,d1,out,n);
+                out+=n;
+                if (num == 32)
+                        { v0=v1; v1=vv0; }
+                else if (num == 64)
+                                { v0=vv0; v1=vv1; }
+                else if (num > 32) /* && num != 64 */
+                        {
+                        v0=((v1>>(num-32))|(vv0<<(64-num)))&0xffffffffL;
+                        v1=((vv0>>(num-32))|(vv1<<(64-num)))&0xffffffffL;
+                        }
+                else /* num < 32 */
+                        {
+                        v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+                        v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL;
+                        }
+                }
+        iv=(unsigned char *)ivec;
+        l2c(v0,iv);
+        l2c(v1,iv);
+        v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0;
+        }
diff --git a/src/lib/libssl/src/crypto/des/options.txt b/src/lib/libssl/src/crypto/des/options.txt
new file mode 100644
index 0000000000..6e2b50f765
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/options.txt
@@ -0,0 +1,39 @@
+Note that the UNROLL option makes the 'inner' des loop unroll all 16 rounds
+instead of the default 4.
+RISC1 and RISC2 are 2 alternatives for the inner loop and
+PTR means to use pointers arithmatic instead of arrays.
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assembler          577,000 4620k/s
+IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR     496,000 3968k/s
+solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1]    459,400 3672k/s
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1       433,000 3468k/s
+solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL              380,000 3041k/s
+linux - pentium 100mhz - gcc 2.7.0 - assembler                  281,000 2250k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - assembler                    281,000 2250k/s
+AIX 4.1? - PPC604 100mhz - cc - UNROLL                          275,000 2200k/s
+IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR          235,300 1882k/s
+IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR                 233,700 1869k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - UNROLL RISC1 PTR             191,000 1528k/s
+DEC Alpha 165mhz??  - cc - RISC2 PTR [2]                        181,000 1448k/s
+linux - pentium 100mhz - gcc 2.7.0 - UNROLL RISC1 PTR           158,500 1268k/s
+HPUX 10 - 9000/887 - cc - UNROLL [3]                            148,000 1190k/s
+solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL             123,600  989k/s
+IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR                 101,000  808k/s
+DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL                       81,000  648k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - assembler                    65,000  522k/s
+HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR      76,000  608k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2                 43,500  344k/s
+AIX - old slow one :-) - cc -                                    39,000  312k/s
+Notes.
+[1] For the ultra sparc, SunC 4.0 
+    cc -xtarget=ultra -xarch=v8plus -Xa -xO5, running 'des_opts'
+    gives a speed of 344,000 des/s while 'speed' gives 459,000 des/s.
+    I'll record the higher since it is coming from the library but it
+    is all rather weird.
+[2] Similar to the ultra sparc ([1]), 181,000 for 'des_opts' vs 175,000.
+[3] I was unable to get access to this machine when it was not heavily loaded.
+    As such, my timing program was never able to get more that %30 of the CPU.
+    This would cause the program to give much lower speed numbers because
+    it would be 'fighting' to stay in the cache with the other CPU burning
+    processes.
diff --git a/src/lib/libssl/src/crypto/des/pcbc_enc.c b/src/lib/libssl/src/crypto/des/pcbc_enc.c
new file mode 100644
index 0000000000..4513207d90
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/pcbc_enc.c
@@ -0,0 +1,126 @@
+/* crypto/des/pcbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+void des_pcbc_encrypt(input, output, length, schedule, ivec, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int enc;
+        {
+        register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;
+        DES_LONG tin[2];
+        unsigned char *in,*out,*iv;
+        in=(unsigned char *)input;
+        out=(unsigned char *)output;
+        iv=(unsigned char *)ivec;
+        if (enc)
+                {
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                for (; length>0; length-=8)
+                        {
+                        if (length >= 8)
+                                {
+                                c2l(in,sin0);
+                                c2l(in,sin1);
+                                }
+                        else
+                                c2ln(in,sin0,sin1,length);
+                        tin[0]=sin0^xor0;
+                        tin[1]=sin1^xor1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        xor0=sin0^tout0;
+                        xor1=sin1^tout1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        }
+                }
+        else
+                {
+                c2l(iv,xor0); c2l(iv,xor1);
+                for (; length>0; length-=8)
+                        {
+                        c2l(in,sin0);
+                        c2l(in,sin1);
+                        tin[0]=sin0;
+                        tin[1]=sin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        if (length >= 8)
+                                {
+                                l2c(tout0,out);
+                                l2c(tout1,out);
+                                }
+                        else
+                                l2cn(tout0,tout1,out,length);
+                        xor0=tout0^sin0;
+                        xor1=tout1^sin1;
+                        }
+                }
+        tin[0]=tin[1]=0;
+        sin0=sin1=xor0=xor1=tout0=tout1=0;
+        }
diff --git a/src/lib/libssl/src/crypto/des/qud_cksm.c b/src/lib/libssl/src/crypto/des/qud_cksm.c
new file mode 100644
index 0000000000..8526abf334
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/qud_cksm.c
@@ -0,0 +1,144 @@
+/* crypto/des/qud_cksm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* From "Message Authentication"  R.R. Jueneman, S.M. Matyas, C.H. Meyer
+ * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40
+ * This module in only based on the code in this paper and is
+ * almost definitely not the same as the MIT implementation.
+ */
+#include "des_locl.h"
+/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */
+#define Q_B0(a) (((DES_LONG)(a)))
+#define Q_B1(a) (((DES_LONG)(a))<<8)
+#define Q_B2(a) (((DES_LONG)(a))<<16)
+#define Q_B3(a) (((DES_LONG)(a))<<24)
+/* used to scramble things a bit */
+/* Got the value MIT uses via brute force :-) 2/10/90 eay */
+#define NOISE   ((DES_LONG)83653421L)
+DES_LONG des_quad_cksum(input, output, length, out_count, seed)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+int out_count;
+des_cblock (*seed);
+        {
+        DES_LONG z0,z1,t0,t1;
+        int i;
+        long l;
+        unsigned char *cp;
+        unsigned char *lp;
+        if (out_count < 1) out_count=1;
+        lp=(unsigned char *)output;
+        z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]);
+        z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]);
+        for (i=0; ((i<4)&&(i<out_count)); i++)
+                {
+                cp=(unsigned char *)input;
+                l=length;
+                while (l > 0)
+                        {
+                        if (l > 1)
+                                {
+                                t0= (DES_LONG)(*(cp++));
+                                t0|=(DES_LONG)Q_B1(*(cp++));
+                                l--;
+                                }
+                        else
+                                t0= (DES_LONG)(*(cp++));
+                        l--;
+                        /* add */
+                        t0+=z0;
+                        t0&=0xffffffffL;
+                        t1=z1;
+                        /* square, well sort of square */
+                        z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL))
+                                &0xffffffffL)%0x7fffffffL; 
+                        z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL;
+                        }
+                if (lp != NULL)
+                        {
+                        /* I believe I finally have things worked out.
+                         * The MIT library assumes that the checksum
+                         * is one huge number and it is returned in a
+                         * host dependant byte order.
+                         */
+                        static DES_LONG ltmp=1;
+                        static unsigned char *c=(unsigned char *)&ltmp;
+                        if (c[0])
+                                {
+                                l2c(z0,lp);
+                                l2c(z1,lp);
+                                }
+                        else
+                                {
+                                lp=output[out_count-i-1];
+                                l2n(z1,lp);
+                                l2n(z0,lp);
+                                }
+                        }
+                }
+        return(z0);
+        }
diff --git a/src/lib/libssl/src/crypto/des/rand_key.c b/src/lib/libssl/src/crypto/des/rand_key.c
new file mode 100644
index 0000000000..8c30bd029a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/rand_key.c
@@ -0,0 +1,118 @@
+/* crypto/des/rand_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+#include <time.h>
+static int seed=0;
+static des_cblock init;
+void des_random_seed(key)
+des_cblock key;
+        {
+        memcpy(init,key,sizeof(des_cblock));
+        seed=1;
+        }
+void des_random_key(ret)
+unsigned char *ret;
+        {
+        des_key_schedule ks;
+        static DES_LONG c=0;
+        static unsigned short pid=0;
+        static des_cblock data={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+        des_cblock key;
+        unsigned char *p;
+        DES_LONG t;
+        int i;
+#ifdef MSDOS
+        pid=1;
+#else
+        if (!pid) pid=getpid();
+#endif
+        p=key;
+        if (seed)
+                {
+                for (i=0; i<8; i++)
+                        {
+                        data[i] ^= init[i];
+                        init[i]=0;
+                        }
+                seed=0;
+                }
+        t=(DES_LONG)time(NULL);
+        l2c(t,p);
+        t=(DES_LONG)((pid)|((c++)<<16));
+        l2c(t,p);
+        des_set_odd_parity((des_cblock *)data);
+        des_set_key((des_cblock *)data,ks);
+        des_cbc_cksum((des_cblock *)key,(des_cblock *)key,
+                (long)sizeof(key),ks,(des_cblock *)data);
+        des_set_odd_parity((des_cblock *)key);
+        des_set_key((des_cblock *)key,ks);
+        des_cbc_cksum((des_cblock *)key,(des_cblock *)data,
+                (long)sizeof(key),ks,(des_cblock *)key);
+        memcpy(ret,data,sizeof(key));
+        memset(key,0,sizeof(key));
+        memset(ks,0,sizeof(ks));
+        t=0;
+        }
diff --git a/src/lib/libssl/src/crypto/des/read2pwd.c b/src/lib/libssl/src/crypto/des/read2pwd.c
new file mode 100644
index 0000000000..a0d53793e4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/read2pwd.c
@@ -0,0 +1,90 @@
+/* crypto/des/read2pwd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+int des_read_password(key, prompt, verify)
+des_cblock (*key);
+char *prompt;
+int verify;
+        {
+        int ok;
+        char buf[BUFSIZ],buff[BUFSIZ];
+        if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+                des_string_to_key(buf,key);
+        memset(buf,0,BUFSIZ);
+        memset(buff,0,BUFSIZ);
+        return(ok);
+        }
+int des_read_2passwords(key1, key2, prompt, verify)
+des_cblock (*key1);
+des_cblock (*key2);
+char *prompt;
+int verify;
+        {
+        int ok;
+        char buf[BUFSIZ],buff[BUFSIZ];
+        if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+                des_string_to_2keys(buf,key1,key2);
+        memset(buf,0,BUFSIZ);
+        memset(buff,0,BUFSIZ);
+        return(ok);
+        }
diff --git a/src/lib/libssl/src/crypto/des/read_pwd.c b/src/lib/libssl/src/crypto/des/read_pwd.c
new file mode 100644
index 0000000000..99920f2f86
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/read_pwd.c
@@ -0,0 +1,459 @@
+/* crypto/des/read_pwd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* #define SIGACTION */ /* Define this if you have sigaction() */
+#ifdef WIN16TTY
+#undef WIN16
+#undef _WINDOWS
+#include <graph.h>
+#endif
+/* 06-Apr-92 Luke Brennan    Support for VMS */
+#include "des_locl.h"
+#include <signal.h>
+#include <string.h>
+#include <setjmp.h>
+#include <errno.h>
+/* There are 5 types of terminal interface supported,
+ * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
+ */
+#if defined(__sgi) && !defined(TERMIOS)
+#define TERMIOS
+#undef  TERMIO
+#undef  SGTTY
+#endif
+#if defined(linux) && !defined(TERMIO)
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+#ifdef _LIBC
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(VMS) && !defined(MSDOS)
+#undef  TERMIOS
+#undef  TERMIO
+#define SGTTY
+#endif
+#ifdef TERMIOS
+#include <termios.h>
+#define TTY_STRUCT              struct termios
+#define TTY_FLAGS               c_lflag
+#define TTY_get(tty,data)       tcgetattr(tty,data)
+#define TTY_set(tty,data)       tcsetattr(tty,TCSANOW,data)
+#endif
+#ifdef TERMIO
+#include <termio.h>
+#define TTY_STRUCT              struct termio
+#define TTY_FLAGS               c_lflag
+#define TTY_get(tty,data)       ioctl(tty,TCGETA,data)
+#define TTY_set(tty,data)       ioctl(tty,TCSETA,data)
+#endif
+#ifdef SGTTY
+#include <sgtty.h>
+#define TTY_STRUCT              struct sgttyb
+#define TTY_FLAGS               sg_flags
+#define TTY_get(tty,data)       ioctl(tty,TIOCGETP,data)
+#define TTY_set(tty,data)       ioctl(tty,TIOCSETP,data)
+#endif
+#if !defined(_LIBC) && !defined(MSDOS) && !defined(VMS)
+#include <sys/ioctl.h>
+#endif
+#ifdef MSDOS
+#include <conio.h>
+#define fgets(a,b,c) noecho_fgets(a,b,c)
+#endif
+#ifdef VMS
+#include <ssdef.h>
+#include <iodef.h>
+#include <ttdef.h>
+#include <descrip.h>
+struct IOSB {
+        short iosb$w_value;
+        short iosb$w_count;
+        long  iosb$l_info;
+        };
+#endif
+#ifndef NX509_SIG
+#define NX509_SIG 32
+#endif
+#ifndef NOPROTO
+static void read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#if defined(MSDOS) && !defined(WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+#else
+static void read_till_nl();
+static void recsig();
+static void pushsig();
+static void popsig();
+#if defined(MSDOS) && !defined(WIN16)
+static int noecho_fgets();
+#endif
+#endif
+#ifdef SIGACTION
+ static struct sigaction savsig[NX509_SIG];
+#else
+# ifndef NOPROTO
+  static void (*savsig[NX509_SIG])(int );
+# else
+  static void (*savsig[NX509_SIG])();
+# endif
+#endif
+static jmp_buf save;
+int des_read_pw_string(buf, length, prompt, verify)
+char *buf;
+int length;
+char *prompt;
+int verify;
+        {
+        char buff[BUFSIZ];
+        int ret;
+        ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+        memset(buff,0,BUFSIZ);
+        return(ret);
+        }
+#ifndef WIN16
+static void read_till_nl(in)
+FILE *in;
+        {
+#define SIZE 4
+        char buf[SIZE+1];
+        do      {
+                fgets(buf,SIZE,in);
+                } while (strchr(buf,'\n') == NULL);
+        }
+/* return 0 if ok, 1 (or -1) otherwise */
+int des_read_pw(buf, buff, size, prompt, verify)
+char *buf;
+char *buff;
+int size;
+char *prompt;
+int verify;
+        {
+#ifdef VMS
+        struct IOSB iosb;
+        $DESCRIPTOR(terminal,"TT");
+        long tty_orig[3], tty_new[3];
+        long status;
+        unsigned short channel = 0;
+#else
+#ifndef MSDOS
+        TTY_STRUCT tty_orig,tty_new;
+#endif
+#endif
+        int number=5;
+        int ok=0;
+        int ps=0;
+        int is_a_tty=1;
+        FILE *tty=NULL;
+        char *p;
+#ifndef MSDOS
+        if ((tty=fopen("/dev/tty","r")) == NULL)
+                tty=stdin;
+#else /* MSDOS */
+        if ((tty=fopen("con","r")) == NULL)
+                tty=stdin;
+#endif /* MSDOS */
+#if defined(TTY_get) && !defined(VMS)
+        if (TTY_get(fileno(tty),&tty_orig) == -1)
+                {
+#ifdef ENOTTY
+                if (errno == ENOTTY)
+                        is_a_tty=0;
+                else
+#endif
+#ifdef EINVAL
+                /* Ariel Glenn ariel@columbia.edu reports that solaris
+                 * can return EINVAL instead.  This should be ok */
+                if (errno == EINVAL)
+                        is_a_tty=0;
+                else
+#endif
+                        return(-1);
+                }
+        memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
+#endif
+#ifdef VMS
+        status = SYS$ASSIGN(&terminal,&channel,0,0);
+        if (status != SS$_NORMAL)
+                return(-1);
+        status=SYS$QIOW(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+                return(-1);
+#endif
+        if (setjmp(save))
+                {
+                ok=0;
+                goto error;
+                }
+        pushsig();
+        ps=1;
+#ifdef TTY_FLAGS
+        tty_new.TTY_FLAGS &= ~ECHO;
+#endif
+#if defined(TTY_set) && !defined(VMS)
+        if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
+                return(-1);
+#endif
+#ifdef VMS
+        tty_new[0] = tty_orig[0];
+        tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+        tty_new[2] = tty_orig[2];
+        status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+                return(-1);
+#endif
+        ps=2;
+        while ((!ok) && (number--))
+                {
+                fputs(prompt,stderr);
+                fflush(stderr);
+                buf[0]='\0';
+                fgets(buf,size,tty);
+                if (feof(tty)) goto error;
+                if (ferror(tty)) goto error;
+                if ((p=(char *)strchr(buf,'\n')) != NULL)
+                        *p='\0';
+                else    read_till_nl(tty);
+                if (verify)
+                        {
+                        fprintf(stderr,"\nVerifying password - %s",prompt);
+                        fflush(stderr);
+                        buff[0]='\0';
+                        fgets(buff,size,tty);
+                        if (feof(tty)) goto error;
+                        if ((p=(char *)strchr(buff,'\n')) != NULL)
+                                *p='\0';
+                        else    read_till_nl(tty);
+                                
+                        if (strcmp(buf,buff) != 0)
+                                {
+                                fprintf(stderr,"\nVerify failure");
+                                fflush(stderr);
+                                break;
+                                /* continue; */
+                                }
+                        }
+                ok=1;
+                }
+error:
+        fprintf(stderr,"\n");
+#ifdef DEBUG
+        perror("fgets(tty)");
+#endif
+        /* What can we do if there is an error? */
+#if defined(TTY_set) && !defined(VMS) 
+        if (ps >= 2) TTY_set(fileno(tty),&tty_orig);
+#endif
+#ifdef VMS
+        if (ps >= 2)
+                status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0
+                        ,tty_orig,12,0,0,0,0);
+#endif
+        
+        if (ps >= 1) popsig();
+        if (stdin != tty) fclose(tty);
+#ifdef VMS
+        status = SYS$DASSGN(channel);
+#endif
+        return(!ok);
+        }
+#else /* WIN16 */
+int des_read_pw(buf, buff, size, prompt, verify)
+char *buf;
+char *buff;
+int size;
+char *prompt;
+int verify;
+        { 
+        memset(buf,0,size);
+        memset(buff,0,size);
+        return(0);
+        }
+#endif
+static void pushsig()
+        {
+        int i;
+        for (i=1; i<NX509_SIG; i++)
+                {
+#ifdef SIGUSR1
+                if (i == SIGUSR1)
+                        continue;
+#endif
+#ifdef SIGUSR2
+                if (i == SIGUSR2)
+                        continue;
+#endif
+#ifdef SIGACTION
+                sigaction(i,NULL,&savsig[i]);
+#else
+                savsig[i]=signal(i,recsig);
+#endif
+                }
+#ifdef SIGWINCH
+        signal(SIGWINCH,SIG_DFL);
+#endif
+        }
+static void popsig()
+        {
+        int i;
+        for (i=1; i<NX509_SIG; i++)
+                {
+#ifdef SIGUSR1
+                if (i == SIGUSR1)
+                        continue;
+#endif
+#ifdef SIGUSR2
+                if (i == SIGUSR2)
+                        continue;
+#endif
+#ifdef SIGACTION
+                sigaction(i,&savsig[i],NULL);
+#else
+                signal(i,savsig[i]);
+#endif
+                }
+        }
+static void recsig(i)
+int i;
+        {
+        longjmp(save,1);
+#ifdef LINT
+        i=i;
+#endif
+        }
+#if defined(MSDOS) && !defined(WIN16)
+static int noecho_fgets(buf,size,tty)
+char *buf;
+int size;
+FILE *tty;
+        {
+        int i;
+        char *p;
+        p=buf;
+        for (;;)
+                {
+                if (size == 0)
+                        {
+                        *p='\0';
+                        break;
+                        }
+                size--;
+#ifdef WIN16TTY
+                i=_inchar();
+#else
+                i=getch();
+#endif
+                if (i == '\r') i='\n';
+                *(p++)=i;
+                if (i == '\n')
+                        {
+                        *p='\0';
+                        break;
+                        }
+                }
+        return(strlen(buf));
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/des/rpc_des.h b/src/lib/libssl/src/crypto/des/rpc_des.h
new file mode 100644
index 0000000000..4cbb4d2dcd
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/rpc_des.h
@@ -0,0 +1,131 @@
+/* crypto/des/rpc_des.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/*  @(#)des.h   2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI  */
+/*
+ * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
+ * unrestricted use provided that this legend is included on all tape
+ * media and as a part of the software program in whole or part.  Users
+ * may copy or modify Sun RPC without charge, but are not authorized
+ * to license or distribute it to anyone else except as part of a product or
+ * program developed by the user.
+ * 
+ * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
+ * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
+ * 
+ * Sun RPC is provided with no support and without any obligation on the
+ * part of Sun Microsystems, Inc. to assist in its use, correction,
+ * modification or enhancement.
+ * 
+ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
+ * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
+ * OR ANY PART THEREOF.
+ * 
+ * In no event will Sun Microsystems, Inc. be liable for any lost revenue
+ * or profits or other special, indirect and consequential damages, even if
+ * Sun has been advised of the possibility of such damages.
+ * 
+ * Sun Microsystems, Inc.
+ * 2550 Garcia Avenue
+ * Mountain View, California  94043
+ */
+/*
+ * Generic DES driver interface
+ * Keep this file hardware independent!
+ * Copyright (c) 1986 by Sun Microsystems, Inc.
+ */
+#define DES_MAXLEN      65536   /* maximum # of bytes to encrypt  */
+#define DES_QUICKLEN    16      /* maximum # of bytes to encrypt quickly */
+#ifdef HEADER_DES_H
+#undef ENCRYPT
+#undef DECRYPT
+#endif
+enum desdir { ENCRYPT, DECRYPT };
+enum desmode { CBC, ECB };
+/*
+ * parameters to ioctl call
+ */
+struct desparams {
+        unsigned char des_key[8];       /* key (with low bit parity) */
+        enum desdir des_dir;    /* direction */
+        enum desmode des_mode;  /* mode */
+        unsigned char des_ivec[8];      /* input vector */
+        unsigned des_len;       /* number of bytes to crypt */
+        union {
+                unsigned char UDES_data[DES_QUICKLEN];
+                unsigned char *UDES_buf;
+        } UDES;
+#       define des_data UDES.UDES_data  /* direct data here if quick */
+#       define des_buf  UDES.UDES_buf   /* otherwise, pointer to data */
+};
+/*
+ * Encrypt an arbitrary sized buffer
+ */
+#define DESIOCBLOCK     _IOWR(d, 6, struct desparams)
+/* 
+ * Encrypt of small amount of data, quickly
+ */
+#define DESIOCQUICK     _IOWR(d, 7, struct desparams) 
diff --git a/src/lib/libssl/src/crypto/des/rpc_enc.c b/src/lib/libssl/src/crypto/des/rpc_enc.c
new file mode 100644
index 0000000000..7c1da1f538
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/rpc_enc.c
@@ -0,0 +1,107 @@
+/* crypto/des/rpc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "rpc_des.h"
+#include "des_locl.h"
+#include "des_ver.h"
+#ifndef NOPROTO
+int _des_crypt(char *buf,int len,struct desparams *desp);
+#else
+int _des_crypt();
+#endif
+int _des_crypt(buf, len, desp)
+char *buf;
+int len;
+struct desparams *desp;
+        {
+        des_key_schedule ks;
+        int enc;
+        des_set_key((des_cblock *)desp->des_key,ks);
+        enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
+        if (desp->des_mode == CBC)
+                des_ecb_encrypt((des_cblock *)desp->UDES.UDES_buf,
+                                (des_cblock *)desp->UDES.UDES_buf,ks,enc);
+        else
+                {
+                des_ncbc_encrypt((des_cblock *)desp->UDES.UDES_buf,
+                                (des_cblock *)desp->UDES.UDES_buf,
+                                (long)len,ks,
+                                (des_cblock *)desp->des_ivec,enc);
+#ifdef undef
+                /* len will always be %8 if called from common_crypt
+                 * in secure_rpc.
+                 * Libdes's cbc encrypt does not copy back the iv,
+                 * so we have to do it here. */
+                /* It does now :-) eay 20/09/95 */
+                a=(char *)&(desp->UDES.UDES_buf[len-8]);
+                b=(char *)&(desp->des_ivec[0]);
+                *(a++)= *(b++); *(a++)= *(b++);
+                *(a++)= *(b++); *(a++)= *(b++);
+                *(a++)= *(b++); *(a++)= *(b++);
+                *(a++)= *(b++); *(a++)= *(b++);
+#endif
+                }
+        return(1);      
+        }
diff --git a/src/lib/libssl/src/crypto/des/rpw.c b/src/lib/libssl/src/crypto/des/rpw.c
new file mode 100644
index 0000000000..6447ed9cf0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/rpw.c
@@ -0,0 +1,101 @@
+/* crypto/des/rpw.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "des.h"
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        des_cblock k,k1;
+        int i;
+        printf("read passwd\n");
+        if ((i=des_read_password((C_Block *)k,"Enter password:",0)) == 0)
+                {
+                printf("password = ");
+                for (i=0; i<8; i++)
+                        printf("%02x ",k[i]);
+                }
+        else
+                printf("error %d\n",i);
+        printf("\n");
+        printf("read 2passwds and verify\n");
+        if ((i=des_read_2passwords((C_Block *)k,(C_Block *)k1,
+                "Enter verified password:",1)) == 0)
+                {
+                printf("password1 = ");
+                for (i=0; i<8; i++)
+                        printf("%02x ",k[i]);
+                printf("\n");
+                printf("password2 = ");
+                for (i=0; i<8; i++)
+                        printf("%02x ",k1[i]);
+                printf("\n");
+                exit(1);
+                }
+        else
+                {
+                printf("error %d\n",i);
+                exit(0);
+                }
+#ifdef LINT
+        return(0);
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/des/set_key.c b/src/lib/libssl/src/crypto/des/set_key.c
new file mode 100644
index 0000000000..c3bcd7ee2b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/set_key.c
@@ -0,0 +1,246 @@
+/* crypto/des/set_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ */
+#include "des_locl.h"
+#include "podd.h"
+#include "sk.h"
+#ifndef NOPROTO
+static int check_parity(des_cblock (*key));
+#else
+static int check_parity();
+#endif
+int des_check_key=0;
+void des_set_odd_parity(key)
+des_cblock (*key);
+        {
+        int i;
+        for (i=0; i<DES_KEY_SZ; i++)
+                (*key)[i]=odd_parity[(*key)[i]];
+        }
+static int check_parity(key)
+des_cblock (*key);
+        {
+        int i;
+        for (i=0; i<DES_KEY_SZ; i++)
+                {
+                if ((*key)[i] != odd_parity[(*key)[i]])
+                        return(0);
+                }
+        return(1);
+        }
+/* Weak and semi week keys as take from
+ * %A D.W. Davies
+ * %A W.L. Price
+ * %T Security for Computer Networks
+ * %I John Wiley & Sons
+ * %D 1984
+ * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
+ * (and actual cblock values).
+ */
+#define NUM_WEAK_KEY    16
+static des_cblock weak_keys[NUM_WEAK_KEY]={
+        /* weak keys */
+        {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+        {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
+        {0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F},
+        {0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0},
+        /* semi-weak keys */
+        {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
+        {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
+        {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
+        {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
+        {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
+        {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
+        {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
+        {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
+        {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
+        {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
+        {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+        {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
+int des_is_weak_key(key)
+des_cblock (*key);
+        {
+        int i;
+        for (i=0; i<NUM_WEAK_KEY; i++)
+                /* Added == 0 to comparision, I obviously don't run
+                 * this section very often :-(, thanks to
+                 * engineering@MorningStar.Com for the fix
+                 * eay 93/06/29
+                 * Another problem, I was comparing only the first 4
+                 * bytes, 97/03/18 */
+                if (memcmp(weak_keys[i],key,sizeof(des_cblock)) == 0) return(1);
+        return(0);
+        }
+/* NOW DEFINED IN des_local.h
+ * See ecb_encrypt.c for a pseudo description of these macros. 
+ * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ *      (b)^=(t),\
+ *      (a)=((a)^((t)<<(n))))
+ */
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+        (a)=(a)^(t)^(t>>(16-(n))))
+/* return 0 if key parity is odd (correct),
+ * return -1 if key parity error,
+ * return -2 if illegal weak key.
+ */
+int des_set_key(key, schedule)
+des_cblock (*key);
+des_key_schedule schedule;
+        {
+        static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
+        register DES_LONG c,d,t,s,t2;
+        register unsigned char *in;
+        register DES_LONG *k;
+        register int i;
+        if (des_check_key)
+                {
+                if (!check_parity(key))
+                        return(-1);
+                if (des_is_weak_key(key))
+                        return(-2);
+                }
+        k=(DES_LONG *)schedule;
+        in=(unsigned char *)key;
+        c2l(in,c);
+        c2l(in,d);
+        /* do PC1 in 60 simple operations */ 
+/*      PERM_OP(d,c,t,4,0x0f0f0f0fL);
+        HPERM_OP(c,t,-2, 0xcccc0000L);
+        HPERM_OP(c,t,-1, 0xaaaa0000L);
+        HPERM_OP(c,t, 8, 0x00ff0000L);
+        HPERM_OP(c,t,-1, 0xaaaa0000L);
+        HPERM_OP(d,t,-8, 0xff000000L);
+        HPERM_OP(d,t, 8, 0x00ff0000L);
+        HPERM_OP(d,t, 2, 0x33330000L);
+        d=((d&0x00aa00aaL)<<7L)|((d&0x55005500L)>>7L)|(d&0xaa55aa55L);
+        d=(d>>8)|((c&0xf0000000L)>>4);
+        c&=0x0fffffffL; */
+        /* I now do it in 47 simple operations :-)
+         * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+         * for the inspiration. :-) */
+        PERM_OP (d,c,t,4,0x0f0f0f0fL);
+        HPERM_OP(c,t,-2,0xcccc0000L);
+        HPERM_OP(d,t,-2,0xcccc0000L);
+        PERM_OP (d,c,t,1,0x55555555L);
+        PERM_OP (c,d,t,8,0x00ff00ffL);
+        PERM_OP (d,c,t,1,0x55555555L);
+        d=      (((d&0x000000ffL)<<16L)| (d&0x0000ff00L)     |
+                 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
+        c&=0x0fffffffL;
+        for (i=0; i<ITERATIONS; i++)
+                {
+                if (shifts2[i])
+                        { c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
+                else
+                        { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
+                c&=0x0fffffffL;
+                d&=0x0fffffffL;
+                /* could be a few less shifts but I am to lazy at this
+                 * point in time to investigate */
+                s=      des_skb[0][ (c    )&0x3f                ]|
+                        des_skb[1][((c>> 6)&0x03)|((c>> 7L)&0x3c)]|
+                        des_skb[2][((c>>13)&0x0f)|((c>>14L)&0x30)]|
+                        des_skb[3][((c>>20)&0x01)|((c>>21L)&0x06) |
+                                                  ((c>>22L)&0x38)];
+                t=      des_skb[4][ (d    )&0x3f                ]|
+                        des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
+                        des_skb[6][ (d>>15L)&0x3f                ]|
+                        des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
+                /* table contained 0213 4657 */
+                t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
+                *(k++)=ROTATE(t2,30)&0xffffffffL;
+                t2=((s>>16L)|(t&0xffff0000L));
+                *(k++)=ROTATE(t2,26)&0xffffffffL;
+                }
+        return(0);
+        }
+int des_key_sched(key, schedule)
+des_cblock (*key);
+des_key_schedule schedule;
+        {
+        return(des_set_key(key,schedule));
+        }
diff --git a/src/lib/libssl/src/crypto/des/speed.c b/src/lib/libssl/src/crypto/des/speed.c
new file mode 100644
index 0000000000..5bbe8b01d6
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/speed.c
@@ -0,0 +1,329 @@
+/* crypto/des/speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern int exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "des.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+        static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+        des_key_schedule sch,sch2,sch3;
+        double a,b,c,d,e;
+#ifndef SIGALRM
+        long ca,cb,cc,cd,ce;
+#endif
+#ifndef TIMES
+        printf("To get the most acurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+        des_set_key((C_Block *)key2,sch2);
+        des_set_key((C_Block *)key3,sch3);
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        des_set_key((C_Block *)key,sch);
+        count=10;
+        do      {
+                long i;
+                DES_LONG data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+        ce=count/20+1;
+        printf("Doing set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count++)
+                des_set_key((C_Block *)key,sch);
+        d=Time_F(STOP);
+        printf("%ld set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing des_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing des_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count++)
+                {
+                DES_LONG data[2];
+                des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+                }
+        d=Time_F(STOP);
+        printf("%ld des_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+#ifdef SIGALRM
+        printf("Doing des_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing des_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                des_ncbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,&(sch[0]),
+                        (C_Block *)&(key[0]),DES_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+#ifdef SIGALRM
+        printf("Doing des_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing des_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cd); count++)
+                des_ede3_cbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,
+                        &(sch[0]),
+                        &(sch2[0]),
+                        &(sch3[0]),
+                        (C_Block *)&(key[0]),
+                        DES_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        d=((double)COUNT(cd)*BUFSIZE)/d;
+#ifdef SIGALRM
+        printf("Doing crypt for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing crypt %ld times\n",ce);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ce); count++)
+                crypt("testing1","ef");
+        e=Time_F(STOP);
+        printf("%ld crypts in %.2f second\n",count,e);
+        e=((double)COUNT(ce))/e;
+        printf("set_key            per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("DES raw ecb bytes  per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("DES cbc bytes      per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        printf("DES ede cbc bytes  per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);
+        printf("crypt              per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/des/spr.h b/src/lib/libssl/src/crypto/des/spr.h
new file mode 100644
index 0000000000..81813f9f7a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/spr.h
@@ -0,0 +1,204 @@
+/* crypto/des/spr.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+const DES_LONG des_SPtrans[8][64]={
+{
+/* nibble 0 */
+0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
+0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
+0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
+0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
+0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
+0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
+0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
+0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
+0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
+0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
+0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
+0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
+0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
+0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
+0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
+0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
+},{
+/* nibble 1 */
+0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
+0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
+0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
+0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
+0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
+0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
+0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
+0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
+0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
+0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
+0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
+0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
+0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
+0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
+0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
+0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
+},{
+/* nibble 2 */
+0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
+0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
+0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
+0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
+0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
+0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
+0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
+0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
+0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
+0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
+0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
+0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
+0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
+0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
+0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
+0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
+},{
+/* nibble 3 */
+0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
+0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
+0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
+0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
+0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
+0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
+0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
+0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
+0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
+0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
+0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
+0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
+0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
+0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
+0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
+0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
+},{
+/* nibble 4 */
+0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
+0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
+0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
+0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
+0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
+0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
+0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
+0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
+0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
+0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
+0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
+0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
+0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
+0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
+0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
+0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
+},{
+/* nibble 5 */
+0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
+0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
+0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
+0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
+0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
+0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
+0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
+0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
+0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
+0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
+0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
+0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
+0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
+0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
+0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
+0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
+},{
+/* nibble 6 */
+0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
+0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
+0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
+0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
+0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
+0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
+0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
+0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
+0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
+0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
+0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
+0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
+0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
+0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
+0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
+0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
+},{
+/* nibble 7 */
+0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
+0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
+0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
+0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
+0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
+0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
+0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
+0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
+0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
+0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
+0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
+0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
+0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
+0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
+0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
+0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
+}};
diff --git a/src/lib/libssl/src/crypto/des/str2key.c b/src/lib/libssl/src/crypto/des/str2key.c
new file mode 100644
index 0000000000..3365c1bcf3
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/str2key.c
@@ -0,0 +1,171 @@
+/* crypto/des/str2key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+extern int des_check_key;
+void des_string_to_key(str, key)
+char *str;
+des_cblock (*key);
+        {
+        des_key_schedule ks;
+        int i,length;
+        register unsigned char j;
+        memset(key,0,8);
+        length=strlen(str);
+#ifdef OLD_STR_TO_KEY
+        for (i=0; i<length; i++)
+                (*key)[i%8]^=(str[i]<<1);
+#else /* MIT COMPATIBLE */
+        for (i=0; i<length; i++)
+                {
+                j=str[i];
+                if ((i%16) < 8)
+                        (*key)[i%8]^=(j<<1);
+                else
+                        {
+                        /* Reverse the bit order 05/05/92 eay */
+                        j=((j<<4)&0xf0)|((j>>4)&0x0f);
+                        j=((j<<2)&0xcc)|((j>>2)&0x33);
+                        j=((j<<1)&0xaa)|((j>>1)&0x55);
+                        (*key)[7-(i%8)]^=j;
+                        }
+                }
+#endif
+        des_set_odd_parity((des_cblock *)key);
+        i=des_check_key;
+        des_check_key=0;
+        des_set_key((des_cblock *)key,ks);
+        des_check_key=i;
+        des_cbc_cksum((des_cblock *)str,(des_cblock *)key,(long)length,ks,
+                (des_cblock *)key);
+        memset(ks,0,sizeof(ks));
+        des_set_odd_parity((des_cblock *)key);
+        }
+void des_string_to_2keys(str, key1, key2)
+char *str;
+des_cblock (*key1);
+des_cblock (*key2);
+        {
+        des_key_schedule ks;
+        int i,length;
+        register unsigned char j;
+        memset(key1,0,8);
+        memset(key2,0,8);
+        length=strlen(str);
+#ifdef OLD_STR_TO_KEY
+        if (length <= 8)
+                {
+                for (i=0; i<length; i++)
+                        {
+                        (*key2)[i]=(*key1)[i]=(str[i]<<1);
+                        }
+                }
+        else
+                {
+                for (i=0; i<length; i++)
+                        {
+                        if ((i/8)&1)
+                                (*key2)[i%8]^=(str[i]<<1);
+                        else
+                                (*key1)[i%8]^=(str[i]<<1);
+                        }
+                }
+#else /* MIT COMPATIBLE */
+        for (i=0; i<length; i++)
+                {
+                j=str[i];
+                if ((i%32) < 16)
+                        {
+                        if ((i%16) < 8)
+                                (*key1)[i%8]^=(j<<1);
+                        else
+                                (*key2)[i%8]^=(j<<1);
+                        }
+                else
+                        {
+                        j=((j<<4)&0xf0)|((j>>4)&0x0f);
+                        j=((j<<2)&0xcc)|((j>>2)&0x33);
+                        j=((j<<1)&0xaa)|((j>>1)&0x55);
+                        if ((i%16) < 8)
+                                (*key1)[7-(i%8)]^=j;
+                        else
+                                (*key2)[7-(i%8)]^=j;
+                        }
+                }
+        if (length <= 8) memcpy(key2,key1,8);
+#endif
+        des_set_odd_parity((des_cblock *)key1);
+        des_set_odd_parity((des_cblock *)key2);
+        i=des_check_key;
+        des_check_key=0;
+        des_set_key((des_cblock *)key1,ks);
+        des_cbc_cksum((des_cblock *)str,(des_cblock *)key1,(long)length,ks,
+                (des_cblock *)key1);
+        des_set_key((des_cblock *)key2,ks);
+        des_cbc_cksum((des_cblock *)str,(des_cblock *)key2,(long)length,ks,
+                (des_cblock *)key2);
+        des_check_key=i;
+        memset(ks,0,sizeof(ks));
+        des_set_odd_parity(key1);
+        des_set_odd_parity(key2);
+        }
diff --git a/src/lib/libssl/src/crypto/des/t/test b/src/lib/libssl/src/crypto/des/t/test
new file mode 100644
index 0000000000..97acd0552e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/t/test
@@ -0,0 +1,27 @@
+#!./perl
+BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); }
+use DES;
+$key='00000000';
+$ks=DES::set_key($key);
+@a=split(//,$ks);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+$key=DES::random_key();
+print "($_)\n";
+@a=split(//,$key);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+$str="this is and again into the breach";
+($k1,$k2)=DES::string_to_2keys($str);
+@a=split(//,$k1);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+@a=split(//,$k2);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
diff --git a/src/lib/libssl/src/crypto/des/times/486-50.sol b/src/lib/libssl/src/crypto/des/times/486-50.sol
new file mode 100644
index 0000000000..0de62d6db3
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/times/486-50.sol
@@ -0,0 +1,16 @@
+Solaris 2.4, 486 50mhz, gcc 2.6.3
+options    des ecb/s
+16 r2 i     43552.51 100.0%
+16 r1 i     43487.45  99.9%
+16  c p     43003.23  98.7%
+16 r2 p     42339.00  97.2%
+16  c i     41900.91  96.2%
+16 r1 p     41360.64  95.0%
+ 4  c i     38728.48  88.9%
+ 4  c p     38225.63  87.8%
+ 4 r1 i     38085.79  87.4%
+ 4 r2 i     37825.64  86.9%
+ 4 r2 p     34611.00  79.5%
+ 4 r1 p     31802.00  73.0%
+-DDES_UNROLL -DDES_RISC2
diff --git a/src/lib/libssl/src/crypto/des/times/586-100.lnx b/src/lib/libssl/src/crypto/des/times/586-100.lnx
new file mode 100644
index 0000000000..4323914a11
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/times/586-100.lnx
@@ -0,0 +1,20 @@
+Pentium 100
+Linux 2 kernel
+gcc 2.7.0 -O3 -fomit-frame-pointer
+No X server running, just a console, it makes the top speed jump from 151,000
+to 158,000 :-).
+options    des ecb/s
+assember   281000.00 177.1%
+16 r1 p    158667.40 100.0%
+16 r1 i    148471.70  93.6%
+16 r2 p    143961.80  90.7%
+16 r2 i    141689.20  89.3%
+ 4 r1 i    140100.00  88.3%
+ 4 r2 i    134049.40  84.5%
+16  c i    124145.20  78.2%
+16  c p    121584.20  76.6%
+ 4  c i    118116.00  74.4%
+ 4 r2 p    117977.90  74.4%
+ 4  c p    114971.40  72.5%
+ 4 r1 p    114578.40  72.2%
+-DDES_UNROLL -DDES_RISC1 -DDES_PTR
diff --git a/src/lib/libssl/src/crypto/des/times/686-200.fre b/src/lib/libssl/src/crypto/des/times/686-200.fre
new file mode 100644
index 0000000000..7d83f6adee
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/times/686-200.fre
@@ -0,0 +1,18 @@
+Pentium 100
+Free BSD 2.1.5 kernel
+gcc 2.7.2.2 -O3 -fomit-frame-pointer
+options    des ecb/s
+assember   578000.00 133.1%
+16 r2 i    434454.80 100.0%
+16 r1 i    433621.43  99.8%
+16 r2 p    431375.69  99.3%
+ 4 r1 i    423722.30  97.5%
+ 4 r2 i    422399.40  97.2%
+16 r1 p    421739.40  97.1%
+16  c i    399027.94  91.8%
+16  c p    372251.70  85.7%
+ 4  c i    365118.35  84.0%
+ 4  c p    352880.51  81.2%
+ 4 r2 p    255104.90  58.7%
+ 4 r1 p    251289.18  57.8%
+-DDES_UNROLL -DDES_RISC2
diff --git a/src/lib/libssl/src/crypto/des/times/aix.cc b/src/lib/libssl/src/crypto/des/times/aix.cc
new file mode 100644
index 0000000000..d96b74e2ce
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/times/aix.cc
@@ -0,0 +1,26 @@
+From: Paco Garcia <pgarcia@cam.es>
+This machine is a Bull Estrella  Minitower Model MT604-100
+Processor        : PPC604 
+P.Speed          : 100Mhz 
+Data/Instr Cache :    16 K
+L2 Cache         :   256 K
+PCI BUS Speed    :    33 Mhz
+TransfRate PCI   :   132 MB/s
+Memory           :    96 MB
+options    des ecb/s       
+ 4  c p    275118.61 100.0%
+ 4  c i    273545.07  99.4%
+ 4 r2 p    270441.02  98.3%
+ 4 r1 p    253052.15  92.0%
+ 4 r2 i    240842.97  87.5%
+ 4 r1 i    240556.66  87.4%
+16  c i    224603.99  81.6%
+16  c p    224483.98  81.6%
+16 r2 p    215691.19  78.4%
+16 r1 p    208332.83  75.7%
+16 r1 i    199206.50  72.4%
+16 r2 i    198963.70  72.3%
+-DDES_PTR
diff --git a/src/lib/libssl/src/crypto/des/times/alpha.cc b/src/lib/libssl/src/crypto/des/times/alpha.cc
new file mode 100644
index 0000000000..95c17efae7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/times/alpha.cc
@@ -0,0 +1,18 @@
+cc -O2
+DES_LONG is 'unsigned int'
+options    des ecb/s
+ 4 r2 p    181146.14 100.0%
+16 r2 p    172102.94  95.0%
+ 4 r2 i    165424.11  91.3%
+16  c p    160468.64  88.6%
+ 4  c p    156653.59  86.5%
+ 4  c i    155245.18  85.7%
+ 4 r1 p    154729.68  85.4%
+16 r2 i    154137.69  85.1%
+16 r1 p    152357.96  84.1%
+16  c i    148743.91  82.1%
+ 4 r1 i    146695.59  81.0%
+16 r1 i    144961.00  80.0%
+-DDES_RISC2 -DDES_PTR
diff --git a/src/lib/libssl/src/crypto/des/times/hpux.cc b/src/lib/libssl/src/crypto/des/times/hpux.cc
new file mode 100644
index 0000000000..3de856ddac
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/times/hpux.cc
@@ -0,0 +1,17 @@
+HPUX 10 - 9000/887 - cc -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive
+options    des ecb/s
+16  c i    149448.90 100.0%
+ 4  c i    145861.79  97.6%
+16 r2 i    141710.96  94.8%
+16 r1 i    139455.33  93.3%
+ 4 r2 i    138800.00  92.9%
+ 4 r1 i    136692.65  91.5%
+16 r2 p    110228.17  73.8%
+16 r1 p    109397.07  73.2%
+16  c p    109209.89  73.1%
+ 4  c p    108014.71  72.3%
+ 4 r2 p    107873.88  72.2%
+ 4 r1 p    107685.83  72.1%
+-DDES_UNROLL
diff --git a/src/lib/libssl/src/crypto/des/times/sparc.gcc b/src/lib/libssl/src/crypto/des/times/sparc.gcc
new file mode 100644
index 0000000000..8eaa042104
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/times/sparc.gcc
@@ -0,0 +1,17 @@
+solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2
+options    des ecb/s
+16  c i    124382.70 100.0%
+ 4  c i    118884.68  95.6%
+16  c p    112261.20  90.3%
+16 r2 i    111777.10  89.9%
+16 r2 p    108896.30  87.5%
+16 r1 p    108791.59  87.5%
+ 4  c p    107290.10  86.3%
+ 4 r1 p    104583.80  84.1%
+16 r1 i    104206.20  83.8%
+ 4 r2 p    103709.80  83.4%
+ 4 r2 i     98306.43  79.0%
+ 4 r1 i     91525.80  73.6%
+-DDES_UNROLL
+      
diff --git a/src/lib/libssl/src/crypto/des/times/usparc.cc b/src/lib/libssl/src/crypto/des/times/usparc.cc
new file mode 100644
index 0000000000..f6ec8e8831
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/times/usparc.cc
@@ -0,0 +1,31 @@
+solaris 2.5.1 usparc 167mhz?? - SC4.0 cc -fast -Xa -xO5
+For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts'
+gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s.
+I belive the difference is tied up in optimisation that the compiler
+is able to perform when the code is 'inlined'.  For 'speed', the DES
+routines are being linked from a library.  I'll record the higher
+speed since if performance is everything, you can always inline
+'des_enc.c'.
+[ 16-Jan-06 - I've been playing with the
+  '-xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa'
+  and while it makes the des_opts numbers much slower, it makes the
+  actual 'speed' numbers look better which is a realistic version of
+  using the libraries. ]
+options    des ecb/s
+16 r1 p    475516.90 100.0%
+16 r2 p    439388.10  92.4%
+16  c i    427001.40  89.8%
+16  c p    419516.50  88.2%
+ 4 r2 p    409491.70  86.1%
+ 4 r1 p    404266.90  85.0%
+ 4  c p    398121.00  83.7%
+ 4  c i    370588.40  77.9%
+ 4 r1 i    362742.20  76.3%
+16 r2 i    331275.50  69.7%
+16 r1 i    324730.60  68.3%
+ 4 r2 i     63535.10  13.4%     <-- very very weird, must be cache problems.
+-DDES_UNROLL -DDES_RISC1 -DDES_PTR
diff --git a/src/lib/libssl/src/crypto/des/typemap b/src/lib/libssl/src/crypto/des/typemap
new file mode 100644
index 0000000000..a524f53634
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/typemap
@@ -0,0 +1,34 @@
+#
+# DES SECTION
+#
+deschar *       T_DESCHARP
+des_cblock *    T_CBLOCK
+des_cblock      T_CBLOCK
+des_key_schedule        T_SCHEDULE
+des_key_schedule *      T_SCHEDULE
+INPUT
+T_CBLOCK
+        $var=(des_cblock *)SvPV($arg,len);
+        if (len < DES_KEY_SZ)
+                {
+                croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ);
+                }
+T_SCHEDULE
+        $var=(des_key_schedule *)SvPV($arg,len);
+        if (len < DES_SCHEDULE_SZ)
+                {
+                croak(\"$var needs to be at least %u bytes long\",
+                        DES_SCHEDULE_SZ);
+                }
+OUTPUT
+T_CBLOCK
+        sv_setpvn($arg,(char *)$var,DES_KEY_SZ);
+T_SCHEDULE
+        sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ);
+T_DESCHARP
+        sv_setpvn($arg,(char *)$var,len);
diff --git a/src/lib/libssl/src/crypto/des/xcbc_enc.c b/src/lib/libssl/src/crypto/des/xcbc_enc.c
new file mode 100644
index 0000000000..031589bf50
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/xcbc_enc.c
@@ -0,0 +1,206 @@
+/* crypto/des/xcbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+/* RSA's DESX */
+static unsigned char desx_white_in2out[256]={
+0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
+0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
+0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36,
+0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C,
+0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60,
+0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA,
+0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E,
+0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF,
+0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6,
+0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3,
+0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C,
+0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2,
+0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5,
+0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5,
+0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F,
+0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB,
+        };
+void des_xwhite_in2out(des_key,in_white,out_white)
+des_cblock (*des_key);
+des_cblock (*in_white);
+des_cblock (*out_white);
+        {
+        unsigned char *key,*in,*out;
+        int out0,out1;
+        int i;
+        key=(unsigned char *)des_key;
+        in=(unsigned char *)in_white;
+        out=(unsigned char *)out_white;
+        out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0;
+        out0=out1=0;
+        for (i=0; i<8; i++)
+                {
+                out[i]=key[i]^desx_white_in2out[out0^out1];
+                out0=out1;
+                out1=(int)out[i&0x07];
+                }
+        out0=out[0];
+        out1=out[i];
+        for (i=0; i<8; i++)
+                {
+                out[i]=in[i]^desx_white_in2out[out0^out1];
+                out0=out1;
+                out1=(int)out[i&0x07];
+                }
+        }
+void des_xcbc_encrypt(input, output, length, schedule, ivec, inw,outw,enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+des_cblock (*inw);
+des_cblock (*outw);
+int enc;
+        {
+        register DES_LONG tin0,tin1;
+        register DES_LONG tout0,tout1,xor0,xor1;
+        register DES_LONG inW0,inW1,outW0,outW1;
+        register unsigned char *in,*out;
+        register long l=length;
+        DES_LONG tin[2];
+        unsigned char *iv;
+        in=(unsigned char *)inw;
+        c2l(in,inW0);
+        c2l(in,inW1);
+        in=(unsigned char *)outw;
+        c2l(in,outW0);
+        c2l(in,outW1);
+        in=(unsigned char *)input;
+        out=(unsigned char *)output;
+        iv=(unsigned char *)ivec;
+        if (enc)
+                {
+                c2l(iv,tout0);
+                c2l(iv,tout1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        tin0^=tout0^inW0; tin[0]=tin0;
+                        tin1^=tout1^inW1; tin[1]=tin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+                        tout0=tin[0]^outW0; l2c(tout0,out);
+                        tout1=tin[1]^outW1; l2c(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        c2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0^inW0; tin[0]=tin0;
+                        tin1^=tout1^inW1; tin[1]=tin1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+                        tout0=tin[0]^outW0; l2c(tout0,out);
+                        tout1=tin[1]^outW1; l2c(tout1,out);
+                        }
+                iv=(unsigned char *)ivec;
+                l2c(tout0,iv);
+                l2c(tout1,iv);
+                }
+        else
+                {
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                for (l-=8; l>0; l-=8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0^outW0;
+                        c2l(in,tin1); tin[1]=tin1^outW1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+                        tout0=tin[0]^xor0^inW0;
+                        tout1=tin[1]^xor1^inW1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0^outW0;
+                        c2l(in,tin1); tin[1]=tin1^outW1;
+                        des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+                        tout0=tin[0]^xor0^inW0;
+                        tout1=tin[1]^xor1^inW1;
+                        l2cn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                iv=(unsigned char *)ivec;
+                l2c(xor0,iv);
+                l2c(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        inW0=inW1=outW0=outW1=0;
+        tin[0]=tin[1]=0;
+        }
diff --git a/src/lib/libssl/src/crypto/dh/dh.h b/src/lib/libssl/src/crypto/dh/dh.h
new file mode 100644
index 0000000000..4cc1df2650
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/dh.h
@@ -0,0 +1,162 @@
+/* crypto/dh/dh.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_DH_H
+#define HEADER_DH_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#ifndef HEADER_BN_H
+#define BIGNUM          char
+#endif
+typedef struct dh_st
+        {
+        /* This first argument is used to pick up errors when
+         * a DH is passed instead of a EVP_PKEY */
+        int pad;
+        int version;
+        BIGNUM *p;
+        BIGNUM *g;
+        int length; /* optional */
+        BIGNUM *pub_key;        /* y */
+        BIGNUM *priv_key;       /* x */
+        } DH;
+#define DH_GENERATOR_2          2
+/* #define DH_GENERATOR_3       3 */
+#define DH_GENERATOR_5          5
+/* DH_check error codes */
+#define DH_CHECK_P_NOT_PRIME            0x01
+#define DH_CHECK_P_NOT_STRONG_PRIME     0x02
+#define DH_UNABLE_TO_CHECK_GENERATOR    0x04
+#define DH_NOT_SUITABLE_GENERATOR       0x08
+#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \
+                (char *(*)())d2i_DHparams,(char *)(x))
+#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+                (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
+#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
+                (unsigned char *)(x))
+#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \
+                (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x))
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \
+                (unsigned char *)(x))
+#ifndef NOPROTO
+DH *    DH_new(void);
+void    DH_free(DH *dh);
+int     DH_size(DH *dh);
+DH *    DH_generate_parameters(int prime_len,int generator,
+                void (*callback)(int,int,char *),char *cb_arg);
+int     DH_check(DH *dh,int *codes);
+int     DH_generate_key(DH *dh);
+int     DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh);
+DH *    d2i_DHparams(DH **a,unsigned char **pp, long length);
+int     i2d_DHparams(DH *a,unsigned char **pp);
+#ifndef NO_FP_API
+int     DHparams_print_fp(FILE *fp, DH *x);
+#endif
+#ifdef HEADER_BIO_H
+int     DHparams_print(BIO *bp, DH *x);
+#else
+int     DHparams_print(char *bp, DH *x);
+#endif
+void    ERR_load_DH_strings(void );
+#else
+DH *    DH_new();
+void    DH_free();
+int     DH_size();
+DH *    DH_generate_parameters();
+int     DH_check();
+int     DH_generate_key();
+int     DH_compute_key();
+DH *    d2i_DHparams();
+int     i2d_DHparams();
+#ifndef NO_FP_API
+int     DHparams_print_fp();
+#endif
+int     DHparams_print();
+void    ERR_load_DH_strings();
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the DH functions. */
+/* Function codes. */
+#define DH_F_DHPARAMS_PRINT                              100
+#define DH_F_DHPARAMS_PRINT_FP                           101
+#define DH_F_DH_COMPUTE_KEY                              102
+#define DH_F_DH_GENERATE_KEY                             103
+#define DH_F_DH_GENERATE_PARAMETERS                      104
+#define DH_F_DH_NEW                                      105
+/* Reason codes. */
+#define DH_R_NO_PRIVATE_VALUE                            100
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/dh/dh1024.pem b/src/lib/libssl/src/crypto/dh/dh1024.pem
new file mode 100644
index 0000000000..81d43f6a3e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
+-----END DH PARAMETERS-----
diff --git a/src/lib/libssl/src/crypto/dh/dh192.pem b/src/lib/libssl/src/crypto/dh/dh192.pem
new file mode 100644
index 0000000000..521c07271d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/dh192.pem
@@ -0,0 +1,3 @@
+-----BEGIN DH PARAMETERS-----
+MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM=
+-----END DH PARAMETERS-----
diff --git a/src/lib/libssl/src/crypto/dh/dh2048.pem b/src/lib/libssl/src/crypto/dh/dh2048.pem
new file mode 100644
index 0000000000..295460f508
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/dh2048.pem
@@ -0,0 +1,16 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o
+AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh
+z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo
+pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW
+aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA
+Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==
+-----END DH PARAMETERS-----
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEArtA3w73zP6Lu3EOQtwogiXt3AXXpuS6yD4BhzNS1pZFyPHk0/an5
+8ydEkPhQZHKDW+BZJxxPLANaTudWo2YT8TgtvUdN6KSgMiEi6McwqDw+SADuvW+F
+SKUYFxG6VFIxyEP6xBdf+vhJxEDbRG2EYsHDRRtJ76gp9cSKTHusf2R+4AAVGqnt
+gRAbNqtcOar/7FSj+Pl8G3v0Bty0LcCSpbqgYlnv6z+rErQmmC6PPvSz97TDMCok
+yKpCE9hFA1zkqK3TH4FmFvGeIaXJUIBZf4mArWuBTjWFW3nmhESRUn1VK3K3x42N
+a5k6c2+EhrMFiLjxuH6JZoqL0/E93FF9SwIBAg==
+-----END DH PARAMETERS-----
diff --git a/src/lib/libssl/src/crypto/dh/dh4096.pem b/src/lib/libssl/src/crypto/dh/dh4096.pem
new file mode 100644
index 0000000000..390943a21d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/dh4096.pem
@@ -0,0 +1,14 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7
+vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H
+TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF
+bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1
+rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE
+EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9
+bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3
+W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH
+ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb
+NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR
+jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=
+-----END DH PARAMETERS-----
diff --git a/src/lib/libssl/src/crypto/dh/dh512.pem b/src/lib/libssl/src/crypto/dh/dh512.pem
new file mode 100644
index 0000000000..0a4d863ebe
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/dh512.pem
@@ -0,0 +1,4 @@
+-----BEGIN DH PARAMETERS-----
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
+-----END DH PARAMETERS-----
diff --git a/src/lib/libssl/src/crypto/dh/dh_check.c b/src/lib/libssl/src/crypto/dh/dh_check.c
new file mode 100644
index 0000000000..65602e494f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/dh_check.c
@@ -0,0 +1,120 @@
+/* crypto/dh/dh_check.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "dh.h"
+/* Check that p is a strong prime and
+ * if g is 2, 3 or 5, check that is is a suitable generator
+ * where
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5
+ * for 5, p mod 10 == 3 or 7
+ * should hold.
+ */
+int DH_check(dh,ret)
+DH *dh;
+int *ret;
+        {
+        int ok=0;
+        BN_CTX *ctx=NULL;
+        BN_ULONG l;
+        BIGNUM *q=NULL;
+        *ret=0;
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        q=BN_new();
+        if (q == NULL) goto err;
+        if (BN_is_word(dh->g,DH_GENERATOR_2))
+                {
+                l=BN_mod_word(dh->p,24);
+                if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
+                }
+/*      else if (BN_is_word(dh->g,DH_GENERATOR_3))
+                {
+                l=BN_mod_word(dh->p,12);
+                if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
+                }*/
+        else if (BN_is_word(dh->g,DH_GENERATOR_5))
+                {
+                l=BN_mod_word(dh->p,10);
+                if ((l != 3) && (l != 7))
+                        *ret|=DH_NOT_SUITABLE_GENERATOR;
+                }
+        else
+                *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
+        if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
+                *ret|=DH_CHECK_P_NOT_PRIME;
+        else
+                {
+                if (!BN_rshift1(q,dh->p)) goto err;
+                if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
+                        *ret|=DH_CHECK_P_NOT_STRONG_PRIME;
+                }
+        ok=1;
+err:
+        if (ctx != NULL) BN_CTX_free(ctx);
+        if (q != NULL) BN_free(q);
+        return(ok);
+        }
diff --git a/src/lib/libssl/src/crypto/dh/dh_err.c b/src/lib/libssl/src/crypto/dh/dh_err.c
new file mode 100644
index 0000000000..9d5c06ac24
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/dh_err.c
@@ -0,0 +1,96 @@
+/* lib/dh/dh_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "dh.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA DH_str_functs[]=
+        {
+{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0),     "DHparams_print"},
+{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0),  "DHparams_print_fp"},
+{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0),     "DH_compute_key"},
+{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0),    "DH_generate_key"},
+{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0),     "DH_generate_parameters"},
+{ERR_PACK(0,DH_F_DH_NEW,0),     "DH_new"},
+{0,NULL},
+        };
+static ERR_STRING_DATA DH_str_reasons[]=
+        {
+{DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
+{0,NULL},
+        };
+#endif
+void ERR_load_DH_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_DH,DH_str_functs);
+                ERR_load_strings(ERR_LIB_DH,DH_str_reasons);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/dh/dh_gen.c b/src/lib/libssl/src/crypto/dh/dh_gen.c
new file mode 100644
index 0000000000..04c7046a7b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/dh_gen.c
@@ -0,0 +1,150 @@
+/* crypto/dh/dh_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "dh.h"
+/* We generate DH parameters as follows
+ * find a prime q which is prime_len/2 bits long.
+ * p=(2*q)+1 or (p-1)/2 = q
+ * For this case, g is a generator if
+ * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
+ * Since the factors of p-1 are q and 2, we just need to check
+ * g^2 mod p != 1 and g^q mod p != 1.
+ *
+ * Having said all that,
+ * there is another special case method for the generators 2, 3 and 5.
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5  <<<<< does not work for strong primes.
+ * for 5, p mod 10 == 3 or 7
+ *
+ * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
+ * special generators and for answering some of my questions.
+ *
+ * I've implemented the second simple method :-).
+ * Since DH should be using a strong prime (both p and q are prime),
+ * this generator function can take a very very long time to run.
+ */
+DH *DH_generate_parameters(prime_len,generator,callback,cb_arg)
+int prime_len;
+int generator;
+void (*callback)(P_I_I_P);
+char *cb_arg;
+        {
+        BIGNUM *p=NULL,*t1,*t2;
+        DH *ret=NULL;
+        int g,ok= -1;
+        BN_CTX *ctx=NULL;
+        ret=DH_new();
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        t1=ctx->bn[0];
+        t2=ctx->bn[1];
+        ctx->tos=2;
+        
+        if (generator == DH_GENERATOR_2)
+                {
+                BN_set_word(t1,24);
+                BN_set_word(t2,11);
+                g=2;
+                }
+#ifdef undef  /* does not work for strong primes */
+        else if (generator == DH_GENERATOR_3)
+                {
+                BN_set_word(t1,12);
+                BN_set_word(t2,5);
+                g=3;
+                }
+#endif
+        else if (generator == DH_GENERATOR_5)
+                {
+                BN_set_word(t1,10);
+                BN_set_word(t2,3);
+                /* BN_set_word(t3,7); just have to miss
+                 * out on these ones :-( */
+                g=5;
+                }
+        else
+                g=generator;
+        
+        p=BN_generate_prime(prime_len,1,t1,t2,callback,cb_arg);
+        if (p == NULL) goto err;
+        if (callback != NULL) callback(3,0,cb_arg);
+        ret->p=p;
+        ret->g=BN_new();
+        if (!BN_set_word(ret->g,g)) goto err;
+        ok=1;
+err:
+        if (ok == -1)
+                {
+                DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB);
+                ok=0;
+                }
+        if (ctx != NULL) BN_CTX_free(ctx);
+        if (!ok && (ret != NULL))
+                {
+                DH_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c
new file mode 100644
index 0000000000..7576772bcd
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/dh_key.c
@@ -0,0 +1,142 @@
+/* crypto/dh/dh_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "rand.h"
+#include "dh.h"
+int DH_generate_key(dh)
+DH *dh;
+        {
+        int ok=0;
+        unsigned int i;
+        BN_CTX *ctx=NULL;
+        BIGNUM *pub_key=NULL,*priv_key=NULL;
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        if (dh->priv_key == NULL)
+                {
+                i=dh->length;
+                if (i == 0)
+                        {
+                        /* Make the number p-1 bits long */
+                        i=BN_num_bits(dh->p)-1;
+                        }
+                priv_key=BN_new();
+                if (priv_key == NULL) goto err;
+                if (!BN_rand(priv_key,i,0,0)) goto err;
+                }
+        else
+                priv_key=dh->priv_key;
+        if (dh->pub_key == NULL)
+                {
+                pub_key=BN_new();
+                if (pub_key == NULL) goto err;
+                }
+        else
+                pub_key=dh->pub_key;
+        if (!BN_mod_exp(pub_key,dh->g,priv_key,dh->p,ctx)) goto err;
+                
+        dh->pub_key=pub_key;
+        dh->priv_key=priv_key;
+        ok=1;
+err:
+        if (ok != 1)
+                DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
+        if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
+        if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
+        if (ctx != NULL) BN_CTX_free(ctx);
+        return(ok);
+        }
+int DH_compute_key(key,pub_key,dh)
+unsigned char *key;
+BIGNUM *pub_key;
+DH *dh;
+        {
+        BN_CTX *ctx;
+        BIGNUM *tmp;
+        int ret= -1;
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        tmp=ctx->bn[ctx->tos++];
+        
+        if (dh->priv_key == NULL)
+                {
+                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
+                goto err;
+                }
+        if (!BN_mod_exp(tmp,pub_key,dh->priv_key,dh->p,ctx))
+                {
+                DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
+                goto err;
+                }
+        ret=BN_bn2bin(tmp,key);
+err:
+        if (ctx != NULL) BN_CTX_free(ctx);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/dh/dh_lib.c b/src/lib/libssl/src/crypto/dh/dh_lib.c
new file mode 100644
index 0000000000..a300b38396
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/dh_lib.c
@@ -0,0 +1,100 @@
+/* crypto/dh/dh_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "dh.h"
+char *DH_version="Diffie-Hellman part of SSLeay 0.9.0b 29-Jun-1998";
+DH *DH_new()
+        {
+        DH *ret;
+        ret=(DH *)Malloc(sizeof(DH));
+        if (ret == NULL)
+                {
+                DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->pad=0;
+        ret->version=0;
+        ret->p=NULL;
+        ret->g=NULL;
+        ret->length=0;
+        ret->pub_key=NULL;
+        ret->priv_key=NULL;
+        return(ret);
+        }
+void DH_free(r)
+DH *r;
+        {
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->g != NULL) BN_clear_free(r->g);
+        if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+        if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+        Free(r);
+        }
+int DH_size(dh)
+DH *dh;
+        {
+        return(BN_num_bytes(dh->p));
+        }
diff --git a/src/lib/libssl/src/crypto/dh/dhtest.c b/src/lib/libssl/src/crypto/dh/dhtest.c
new file mode 100644
index 0000000000..488f10fd41
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/dhtest.c
@@ -0,0 +1,188 @@
+/* crypto/dh/dhtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef WINDOWS
+#include "../bio/bss_file.c" 
+#endif
+#include "crypto.h"
+#include "bio.h"
+#include "bn.h"
+#include "dh.h"
+#ifdef WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+#ifndef NOPROTO
+static void MS_CALLBACK cb(int p, int n, char *arg);
+#else
+static void MS_CALLBACK cb();
+#endif
+#ifdef NO_STDIO
+#define APPS_WIN16
+#include "bss_file.c"
+#endif
+BIO *out=NULL;
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        DH *a,*b;
+        char buf[12];
+        unsigned char *abuf=NULL,*bbuf=NULL;
+        int i,alen,blen,aout,bout,ret=1;
+#ifdef WIN32
+        CRYPTO_malloc_init();
+#endif
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) exit(1);
+        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        a=DH_generate_parameters(64,DH_GENERATOR_5,cb,(char *)out);
+        if (a == NULL) goto err;
+        BIO_puts(out,"\np    =");
+        BN_print(out,a->p);
+        BIO_puts(out,"\ng    =");
+        BN_print(out,a->g);
+        BIO_puts(out,"\n");
+        b=DH_new();
+        if (b == NULL) goto err;
+        b->p=BN_dup(a->p);
+        b->g=BN_dup(a->g);
+        if ((b->p == NULL) || (b->g == NULL)) goto err;
+        if (!DH_generate_key(a)) goto err;
+        BIO_puts(out,"pri 1=");
+        BN_print(out,a->priv_key);
+        BIO_puts(out,"\npub 1=");
+        BN_print(out,a->pub_key);
+        BIO_puts(out,"\n");
+        if (!DH_generate_key(b)) goto err;
+        BIO_puts(out,"pri 2=");
+        BN_print(out,b->priv_key);
+        BIO_puts(out,"\npub 2=");
+        BN_print(out,b->pub_key);
+        BIO_puts(out,"\n");
+        alen=DH_size(a);
+        abuf=(unsigned char *)Malloc(alen);
+        aout=DH_compute_key(abuf,b->pub_key,a);
+        BIO_puts(out,"key1 =");
+        for (i=0; i<aout; i++)
+                {
+                sprintf(buf,"%02X",abuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+        blen=DH_size(b);
+        bbuf=(unsigned char *)Malloc(blen);
+        bout=DH_compute_key(bbuf,a->pub_key,b);
+        BIO_puts(out,"key2 =");
+        for (i=0; i<bout; i++)
+                {
+                sprintf(buf,"%02X",bbuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+        if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+                {
+                fprintf(stderr,"Error in DH routines\n");
+                ret=1;
+                }
+        else
+                ret=0;
+err:
+        if (abuf != NULL) Free(abuf);
+        if (bbuf != NULL) Free(bbuf);
+        exit(ret);
+        return(ret);
+        }
+static void MS_CALLBACK cb(p, n,arg)
+int p;
+int n;
+char *arg;
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write((BIO *)arg,&c,1);
+#ifdef LINT
+        p=n;
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/dh/example b/src/lib/libssl/src/crypto/dh/example
new file mode 100644
index 0000000000..16a33d2910
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/example
@@ -0,0 +1,50 @@
+From owner-cypherpunks@toad.com Mon Sep 25 10:50:51 1995
+Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562
+  (5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000
+Received: by minbne.mincom.oz.au id AA19958
+  (5.65c/IDA-1.4.4 for eay@orb.mincom.oz.au); Wed, 27 Sep 1995 19:34:59 +1000
+Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP);
+          Wed, 27 Sep 1995 19:13:05 +1000
+Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156;
+          Wed, 27 Sep 1995 04:48:46 -0400
+Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT
+Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT
+Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14]) 
+          by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442 
+          for <cypherpunks@toad.com>; Mon, 25 Sep 1995 17:52:47 -0700
+Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1) 
+          id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700
+Date: Mon, 25 Sep 1995 17:50:51 -0700
+From: Phil Karn <karn@qualcomm.com>
+Message-Id: <199509260050.RAA14732@servo.qualcomm.com>
+To: cypherpunks@toad.com, ipsec-dev@eit.com
+Subject: Primality verification needed
+Sender: owner-cypherpunks@toad.com
+Precedence: bulk
+Status: RO
+X-Status: 
+Hi. I've generated a 2047-bit "strong" prime number that I would like to
+use with Diffie-Hellman key exchange. I assert that not only is this number
+'p' prime, but so is (p-1)/2.
+I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version
+1.3.2 to test this number. This function uses the Miller-Rabin primality test.
+However, to increase my confidence that this number really is a strong prime,
+I'd like to ask others to confirm it with other tests. Here's the number in hex:
+72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e
+fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a
+a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65
+fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2
+3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0
+ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3
+56a05180c3bec7ddd5ef6fe76b1f717b
+The generator, g, for this prime is 2.
+Thanks!
+Phil Karn
diff --git a/src/lib/libssl/src/crypto/dh/generate b/src/lib/libssl/src/crypto/dh/generate
new file mode 100644
index 0000000000..5d407231df
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/generate
@@ -0,0 +1,65 @@
+From: stewarts@ix.netcom.com (Bill Stewart)
+Newsgroups: sci.crypt
+Subject: Re: Diffie-Hellman key exchange
+Date: Wed, 11 Oct 1995 23:08:28 GMT
+Organization: Freelance Information Architect
+Lines: 32
+Message-ID: <45hir2$7l8@ixnews7.ix.netcom.com>
+References: <458rhn$76m$1@mhadf.production.compuserve.com>
+NNTP-Posting-Host: ix-pl4-16.ix.netcom.com
+X-NETCOM-Date: Wed Oct 11  4:09:22 PM PDT 1995
+X-Newsreader: Forte Free Agent 1.0.82
+Kent Briggs <72124.3234@CompuServe.COM> wrote:
+>I have a copy of the 1976 IEEE article describing the
+>Diffie-Hellman public key exchange algorithm: y=a^x mod q.  I'm
+>looking for sources that give examples of secure a,q pairs and
+>possible some source code that I could examine.
+q should be prime, and ideally should be a "strong prime",
+which means it's of the form 2n+1 where n is also prime.
+q also needs to be long enough to prevent the attacks LaMacchia and
+Odlyzko described (some variant on a factoring attack which generates
+a large pile of simultaneous equations and then solves them);
+long enough is about the same size as factoring, so 512 bits may not
+be secure enough for most applications.  (The 192 bits used by
+"secure NFS" was certainly not long enough.)
+a should be a generator for q, which means it needs to be
+relatively prime to q-1.   Usually a small prime like 2, 3 or 5 will
+work.  
+....
+Date: Tue, 26 Sep 1995 13:52:36 MST
+From: "Richard Schroeppel" <rcs@cs.arizona.edu>
+To: karn
+Cc: ho@cs.arizona.edu
+Subject: random large primes
+Since your prime is really random, proving it is hard.
+My personal limit on rigorously proved primes is ~350 digits.
+If you really want a proof, we should talk to Francois Morain,
+or the Australian group.
+If you want 2 to be a generator (mod P), then you need it
+to be a non-square.  If (P-1)/2 is also prime, then
+non-square == primitive-root for bases << P.
+In the case at hand, this means 2 is a generator iff P = 11 (mod 24).
+If you want this, you should restrict your sieve accordingly.
+3 is a generator iff P = 5 (mod 12).
+5 is a generator iff P = 3 or 7 (mod 10).
+2 is perfectly usable as a base even if it's a non-generator, since
+it still covers half the space of possible residues.  And an
+eavesdropper can always determine the low-bit of your exponent for
+a generator anyway.
+Rich  rcs@cs.arizona.edu
diff --git a/src/lib/libssl/src/crypto/dh/p1024.c b/src/lib/libssl/src/crypto/dh/p1024.c
new file mode 100644
index 0000000000..0c50c24cfb
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/p1024.c
@@ -0,0 +1,92 @@
+/* crypto/dh/p1024.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bn.h"
+#include "asn1.h"
+#include "dh.h"
+#include "pem.h"
+unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,
+        0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,
+        0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8,
+        0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF,
+        0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9,
+        0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78,
+        0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E,
+        0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6,
+        0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B,
+        0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89,
+        0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19,
+        0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03,
+        0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B,
+        0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21,
+        0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE,
+        0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB,
+        };
+main()
+        {
+        DH *dh;
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,2);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libssl/src/crypto/dh/p192.c b/src/lib/libssl/src/crypto/dh/p192.c
new file mode 100644
index 0000000000..881908169a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/p192.c
@@ -0,0 +1,80 @@
+/* crypto/dh/p192.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bn.h"
+#include "asn1.h"
+#include "dh.h"
+#include "pem.h"
+unsigned char data[]={
+0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,
+0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76,
+0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B,
+        };
+main()
+        {
+        DH *dh;
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,3);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libssl/src/crypto/dh/p512.c b/src/lib/libssl/src/crypto/dh/p512.c
new file mode 100644
index 0000000000..cc84e8e50e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dh/p512.c
@@ -0,0 +1,85 @@
+/* crypto/dh/p512.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bn.h"
+#include "asn1.h"
+#include "dh.h"
+#include "pem.h"
+unsigned char data[]={
+0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,
+0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92,
+0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,
+0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29,
+0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,
+0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33,
+        };
+main()
+        {
+        DH *dh;
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,2);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libssl/src/crypto/dsa/README b/src/lib/libssl/src/crypto/dsa/README
new file mode 100644
index 0000000000..6a7e9c170a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/README
@@ -0,0 +1,4 @@
+The stuff in here is based on patches supplied to me by
+Steven Schoch <schoch@sheba.arc.nasa.gov> to do DSS.
+I have since modified a them a little but a debt of gratitude
+is due for doing the initial work.
diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h b/src/lib/libssl/src/crypto/dsa/dsa.h
new file mode 100644
index 0000000000..1ca87c1cbe
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/dsa.h
@@ -0,0 +1,194 @@
+/* crypto/dsa/dsa.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/*
+ * The DSS routines are based on patches supplied by
+ * Steven Schoch <schoch@sheba.arc.nasa.gov>.  He basically did the
+ * work and I have just tweaked them a little to fit into my
+ * stylistic vision for SSLeay :-) */
+#ifndef HEADER_DSA_H
+#define HEADER_DSA_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "bn.h"
+typedef struct dsa_st
+        {
+        /* This first variable is used to pick up errors where
+         * a DSA is passed instead of of a EVP_PKEY */
+        int pad;
+        int version;
+        int write_params;
+        BIGNUM *p;
+        BIGNUM *q;      /* == 20 */
+        BIGNUM *g;
+        BIGNUM *pub_key;  /* y public key */
+        BIGNUM *priv_key; /* x private key */
+        BIGNUM *kinv;   /* Signing pre-calc */
+        BIGNUM *r;      /* Signing pre-calc */
+        int references;
+        } DSA;
+#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
+                (char *(*)())d2i_DSAparams,(char *)(x))
+#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
+#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
+                (unsigned char *)(x))
+#define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \
+                (char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x))
+#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \
+                (unsigned char *)(x))
+#ifndef NOPROTO
+DSA *   DSA_new(void);
+int     DSA_size(DSA *);
+        /* next 4 return -1 on error */
+int     DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
+int     DSA_sign(int type,unsigned char *dgst,int dlen,
+                unsigned char *sig, unsigned int *siglen, DSA *dsa);
+int     DSA_verify(int type,unsigned char *dgst,int dgst_len,
+                unsigned char *sigbuf, int siglen, DSA *dsa);
+void    DSA_free (DSA *r);
+void    ERR_load_DSA_strings(void );
+DSA *   d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
+DSA *   d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
+DSA *   d2i_DSAparams(DSA **a, unsigned char **pp, long length);
+DSA *   DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
+                int *counter_ret, unsigned long *h_ret,void
+                (*callback)(),char *cb_arg);
+int     DSA_generate_key(DSA *a);
+int     i2d_DSAPublicKey(DSA *a, unsigned char **pp);
+int     i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
+int     i2d_DSAparams(DSA *a,unsigned char **pp);
+#ifdef HEADER_BIO_H
+int     DSAparams_print(BIO *bp, DSA *x);
+int     DSA_print(BIO *bp, DSA *x, int off);
+#endif
+#ifndef NO_FP_API
+int     DSAparams_print_fp(FILE *fp, DSA *x);
+int     DSA_print_fp(FILE *bp, DSA *x, int off);
+#endif
+int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg);
+#else
+DSA *   DSA_new();
+int     DSA_size();
+int     DSA_sign_setup();
+int     DSA_sign();
+int     DSA_verify();
+void    DSA_free ();
+void    ERR_load_DSA_strings();
+DSA *   d2i_DSAPublicKey();
+DSA *   d2i_DSAPrivateKey();
+DSA *   d2i_DSAparams();
+DSA *   DSA_generate_parameters();
+int     DSA_generate_key();
+int     i2d_DSAPublicKey();
+int     i2d_DSAPrivateKey();
+int     i2d_DSAparams();
+int     DSA_is_prime();
+int     DSAparams_print();
+int     DSA_print();
+#ifndef NO_FP_API
+int     DSAparams_print_fp();
+int     DSA_print_fp();
+#endif
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the DSA functions. */
+/* Function codes. */
+#define DSA_F_DSAPARAMS_PRINT                            100
+#define DSA_F_DSAPARAMS_PRINT_FP                         101
+#define DSA_F_DSA_IS_PRIME                               102
+#define DSA_F_DSA_NEW                                    103
+#define DSA_F_DSA_PRINT                                  104
+#define DSA_F_DSA_PRINT_FP                               105
+#define DSA_F_DSA_SIGN                                   106
+#define DSA_F_DSA_SIGN_SETUP                             107
+#define DSA_F_DSA_VERIFY                                 108
+/* Reason codes. */
+#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                100
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_err.c b/src/lib/libssl/src/crypto/dsa/dsa_err.c
new file mode 100644
index 0000000000..318e9f31aa
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/dsa_err.c
@@ -0,0 +1,99 @@
+/* lib/dsa/dsa_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "dsa.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA DSA_str_functs[]=
+        {
+{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0),   "DSAparams_print"},
+{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0),        "DSAparams_print_fp"},
+{ERR_PACK(0,DSA_F_DSA_IS_PRIME,0),      "DSA_is_prime"},
+{ERR_PACK(0,DSA_F_DSA_NEW,0),   "DSA_new"},
+{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"},
+{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0),      "DSA_print_fp"},
+{ERR_PACK(0,DSA_F_DSA_SIGN,0),  "DSA_sign"},
+{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0),    "DSA_sign_setup"},
+{ERR_PACK(0,DSA_F_DSA_VERIFY,0),        "DSA_verify"},
+{0,NULL},
+        };
+static ERR_STRING_DATA DSA_str_reasons[]=
+        {
+{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
+{0,NULL},
+        };
+#endif
+void ERR_load_DSA_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
+                ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_gen.c b/src/lib/libssl/src/crypto/dsa/dsa_gen.c
new file mode 100644
index 0000000000..d7d30bf90a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/dsa_gen.c
@@ -0,0 +1,328 @@
+/* crypto/dsa/dsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#undef GENUINE_DSA
+#ifdef GENUINE_DSA
+#define HASH    SHA
+#else
+#define HASH    SHA1
+#endif 
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "sha.h"
+#include "bn.h"
+#include "dsa.h"
+#include "rand.h"
+DSA *DSA_generate_parameters(bits,seed_in,seed_len,counter_ret,h_ret,callback,
+        cb_arg)
+int bits;
+unsigned char *seed_in;
+int seed_len;
+int *counter_ret;
+unsigned long *h_ret;
+void (*callback)();
+char *cb_arg;
+        {
+        int ok=0;
+        unsigned char seed[SHA_DIGEST_LENGTH];
+        unsigned char md[SHA_DIGEST_LENGTH];
+        unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
+        BIGNUM *r0,*W,*X,*c,*test;
+        BIGNUM *g=NULL,*q=NULL,*p=NULL;
+        int k,n=0,i,b,m=0;
+        int counter=0;
+        BN_CTX *ctx=NULL,*ctx2=NULL;
+        unsigned int h=2;
+        DSA *ret=NULL;
+        if (bits < 512) bits=512;
+        bits=(bits+63)/64*64;
+        if ((seed_in != NULL) && (seed_len == 20))
+                memcpy(seed,seed_in,seed_len);
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        ctx2=BN_CTX_new();
+        if (ctx2 == NULL) goto err;
+        ret=DSA_new();
+        if (ret == NULL) goto err;
+        r0=ctx2->bn[0];
+        g=ctx2->bn[1];
+        W=ctx2->bn[2];
+        q=ctx2->bn[3];
+        X=ctx2->bn[4];
+        c=ctx2->bn[5];
+        p=ctx2->bn[6];
+        test=ctx2->bn[7];
+        BN_lshift(test,BN_value_one(),bits-1);
+        for (;;)
+                {
+                for (;;)
+                        {
+                        /* step 1 */
+                        if (callback != NULL) callback(0,m++,cb_arg);
+                        if (!seed_len)
+                                RAND_bytes(seed,SHA_DIGEST_LENGTH);
+                        else
+                                seed_len=0;
+                        memcpy(buf,seed,SHA_DIGEST_LENGTH);
+                        memcpy(buf2,seed,SHA_DIGEST_LENGTH);
+                        for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                                {
+                                buf[i]++;
+                                if (buf[i] != 0) break;
+                                }
+                        /* step 2 */
+                        HASH(seed,SHA_DIGEST_LENGTH,md);
+                        HASH(buf,SHA_DIGEST_LENGTH,buf2);
+                        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                                md[i]^=buf2[i];
+                        /* step 3 */
+                        md[0]|=0x80;
+                        md[SHA_DIGEST_LENGTH-1]|=0x01;
+                        if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) abort();
+                        /* step 4 */
+                        if (DSA_is_prime(q,callback,cb_arg) > 0) break;
+                        /* do a callback call */
+                        /* step 5 */
+                        }
+                if (callback != NULL) callback(2,0,cb_arg);
+                if (callback != NULL) callback(3,0,cb_arg);
+                /* step 6 */
+                counter=0;
+                n=(bits-1)/160;
+                b=(bits-1)-n*160;
+                for (;;)
+                        {
+                        /* step 7 */
+                        BN_zero(W);
+                        for (k=0; k<=n; k++)
+                                {
+                                for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                                        {
+                                        buf[i]++;
+                                        if (buf[i] != 0) break;
+                                        }
+                                HASH(buf,SHA_DIGEST_LENGTH,md);
+                                /* step 8 */
+                                if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort();
+                                BN_lshift(r0,r0,160*k);
+                                BN_add(W,W,r0);
+                                }
+                        /* more of step 8 */
+                        BN_mask_bits(W,bits-1);
+                        BN_copy(X,W); /* this should be ok */
+                        BN_add(X,X,test); /* this should be ok */
+                        /* step 9 */
+                        BN_lshift1(r0,q);
+                        BN_mod(c,X,r0,ctx);
+                        BN_sub(r0,c,BN_value_one());
+                        BN_sub(p,X,r0);
+                        /* step 10 */
+                        if (BN_cmp(p,test) >= 0)
+                                {
+                                /* step 11 */
+                                if (DSA_is_prime(p,callback,cb_arg) > 0)
+                                        goto end;
+                                }
+                        /* step 13 */
+                        counter++;
+                        /* step 14 */
+                        if (counter >= 4096) break;
+                        if (callback != NULL) callback(0,counter,cb_arg);
+                        }
+                }
+end:
+        if (callback != NULL) callback(2,1,cb_arg);
+        /* We now need to gernerate g */
+        /* Set r0=(p-1)/q */
+        BN_sub(test,p,BN_value_one());
+        BN_div(r0,NULL,test,q,ctx);
+        BN_set_word(test,h);
+        for (;;)
+                {
+                /* g=test^r0%p */
+                BN_mod_exp(g,test,r0,p,ctx);
+                if (!BN_is_one(g)) break;
+                BN_add(test,test,BN_value_one());
+                h++;
+                }
+        if (callback != NULL) callback(3,1,cb_arg);
+        ok=1;
+err:
+        if (!ok)
+                {
+                if (ret != NULL) DSA_free(ret);
+                }
+        else
+                {
+                ret->p=BN_dup(p);
+                ret->q=BN_dup(q);
+                ret->g=BN_dup(g);
+                if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
+                if (counter_ret != NULL) *counter_ret=counter;
+                if (h_ret != NULL) *h_ret=h;
+                }
+        BN_CTX_free(ctx);
+        BN_CTX_free(ctx2);
+        return(ok?ret:NULL);
+        }
+int DSA_is_prime(w, callback,cb_arg)
+BIGNUM *w;
+void (*callback)();
+char *cb_arg;
+        {
+        int ok= -1,j,i,n;
+        BN_CTX *ctx=NULL,*ctx2=NULL;
+        BIGNUM *w_1,*b,*m,*z;
+        int a;
+        if (!BN_is_bit_set(w,0)) return(0);
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        ctx2=BN_CTX_new();
+        if (ctx2 == NULL) goto err;
+        m=  ctx2->bn[2];
+        b=  ctx2->bn[3];
+        z=  ctx2->bn[4];
+        w_1=ctx2->bn[5];
+        /* step 1 */
+        n=50;
+        /* step 2 */
+        if (!BN_sub(w_1,w,BN_value_one())) goto err;
+        for (a=1; !BN_is_bit_set(w_1,a); a++)
+                ;
+        if (!BN_rshift(m,w_1,a)) goto err;
+        for (i=1; i < n; i++)
+                {
+                /* step 3 */
+                BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0);
+                BN_set_word(b,0x10001L);
+                /* step 4 */
+                j=0;
+                if (!BN_mod_exp(z,b,m,w,ctx)) goto err;
+                /* step 5 */
+                for (;;)
+                        {
+                        if (((j == 0) && BN_is_one(z)) || (BN_cmp(z,w_1) == 0))
+                                break;
+                        /* step 6 */
+                        if ((j > 0) && BN_is_one(z))
+                                {
+                                ok=0;
+                                goto err;
+                                }
+                        j++;
+                        if (j >= a)
+                                {
+                                ok=0;
+                                goto err;
+                                }
+                        if (!BN_mod_mul(z,z,z,w,ctx)) goto err;
+                        if (callback != NULL) callback(1,j,cb_arg);
+                        }
+                }
+        ok=1;
+err:
+        if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB);
+        BN_CTX_free(ctx);
+        BN_CTX_free(ctx2);
+        
+        return(ok);
+        }
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c b/src/lib/libssl/src/crypto/dsa/dsa_key.c
new file mode 100644
index 0000000000..d51ed9395f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/dsa_key.c
@@ -0,0 +1,112 @@
+/* crypto/dsa/dsa_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "sha.h"
+#include "bn.h"
+#include "dsa.h"
+#include "rand.h"
+int DSA_generate_key(dsa)
+DSA *dsa;
+        {
+        int ok=0;
+        unsigned int i;
+        BN_CTX *ctx=NULL;
+        BIGNUM *pub_key=NULL,*priv_key=NULL;
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+        if (dsa->priv_key == NULL)
+                {
+                if ((priv_key=BN_new()) == NULL) goto err;
+                }
+        else
+                priv_key=dsa->priv_key;
+        i=BN_num_bits(dsa->q);
+        for (;;)
+                {
+                BN_rand(priv_key,i,1,0);
+                if (BN_cmp(priv_key,dsa->q) >= 0)
+                        BN_sub(priv_key,priv_key,dsa->q);
+                if (!BN_is_zero(priv_key)) break;
+                }
+        if (dsa->pub_key == NULL)
+                {
+                if ((pub_key=BN_new()) == NULL) goto err;
+                }
+        else
+                pub_key=dsa->pub_key;
+        if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err;
+        dsa->priv_key=priv_key;
+        dsa->pub_key=pub_key;
+        ok=1;
+err:
+        if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
+        if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
+        if (ctx != NULL) BN_CTX_free(ctx);
+        return(ok);
+        }
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_lib.c b/src/lib/libssl/src/crypto/dsa/dsa_lib.c
new file mode 100644
index 0000000000..b647257f9f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/dsa_lib.c
@@ -0,0 +1,145 @@
+/* crypto/dsa/dsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "asn1.h"
+char *DSA_version="\0DSA part of SSLeay 0.9.0b 29-Jun-1998";
+DSA *DSA_new()
+        {
+        DSA *ret;
+        ret=(DSA *)Malloc(sizeof(DSA));
+        if (ret == NULL)
+                {
+                DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->pad=0;
+        ret->version=0;
+        ret->write_params=1;
+        ret->p=NULL;
+        ret->q=NULL;
+        ret->g=NULL;
+        ret->pub_key=NULL;
+        ret->priv_key=NULL;
+        ret->kinv=NULL;
+        ret->r=NULL;
+        ret->references=1;
+        return(ret);
+        }
+void DSA_free(r)
+DSA *r;
+        {
+        int i;
+        if (r == NULL) return;
+        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+        REF_PRINT("DSA",r);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"DSA_free, bad reference count\n");
+                abort();
+                }
+#endif
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->g != NULL) BN_clear_free(r->g);
+        if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+        if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+        if (r->kinv != NULL) BN_clear_free(r->kinv);
+        if (r->r != NULL) BN_clear_free(r->r);
+        Free(r);
+        }
+int DSA_size(r)
+DSA *r;
+        {
+        int ret,i;
+        ASN1_INTEGER bs;
+        unsigned char buf[4];
+        i=BN_num_bits(r->q);
+        bs.length=(i+7)/8;
+        bs.data=buf;
+        bs.type=V_ASN1_INTEGER;
+        /* If the top bit is set the asn1 encoding is 1 larger. */
+        buf[0]=0xff;    
+        i=i2d_ASN1_INTEGER(&bs,NULL);
+        i+=i; /* r and s */
+        ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_sign.c b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
new file mode 100644
index 0000000000..6ca1c318f2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
@@ -0,0 +1,215 @@
+/* crypto/dsa/dsa_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "rand.h"
+#include "asn1.h"
+/* data has already been hashed (probably with SHA or SHA-1). */
+/*      DSAerr(DSA_F_DSA_SIGN,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); */
+int DSA_sign(type,dgst,dlen,sig,siglen,dsa)
+int type;
+unsigned char *dgst;
+int dlen;
+unsigned char *sig;     /* out */
+unsigned int *siglen;   /* out */
+DSA *dsa;
+        {
+        BIGNUM *kinv=NULL,*r=NULL;
+        BIGNUM *m=NULL;
+        BIGNUM *xr=NULL,*s=NULL;
+        BN_CTX *ctx=NULL;
+        unsigned char *p;
+        int i,len=0,ret=0,reason=ERR_R_BN_LIB;
+        ASN1_INTEGER rbs,sbs;
+        MS_STATIC unsigned char rbuf[50]; /* assuming r is 20 bytes +extra */
+        MS_STATIC unsigned char sbuf[50]; /* assuming s is 20 bytes +extra */
+        i=BN_num_bytes(dsa->q); /* should be 20 */
+        if ((dlen > i) || (dlen > 50))
+                {
+                reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+                goto err;
+                }
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        if ((dsa->kinv == NULL) || (dsa->r == NULL))
+                {
+                if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
+                }
+        else
+                {
+                kinv=dsa->kinv;
+                dsa->kinv=NULL;
+                r=dsa->r;
+                dsa->r=NULL;
+                }
+        m=BN_new();
+        xr=BN_new();
+        s=BN_new();
+        if (m == NULL || xr == NULL || s == NULL) goto err;
+        if (BN_bin2bn(dgst,dlen,m) == NULL) goto err;
+        /* Compute  s = inv(k) (m + xr) mod q */
+        if (!BN_mul(xr, dsa->priv_key, r)) goto err;    /* s = xr */
+        if (!BN_add(s, xr, m)) goto err;                /* s = m + xr */
+        if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
+        /*
+         * Now create a ASN.1 sequence of the integers R and S.
+         */
+        rbs.data=rbuf;
+        sbs.data=sbuf;
+        rbs.type = V_ASN1_INTEGER;
+        sbs.type = V_ASN1_INTEGER;
+        rbs.length=BN_bn2bin(r,rbs.data);
+        sbs.length=BN_bn2bin(s,sbs.data);
+        len =i2d_ASN1_INTEGER(&rbs,NULL);
+        len+=i2d_ASN1_INTEGER(&sbs,NULL);
+        p=sig;
+        ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+        i2d_ASN1_INTEGER(&rbs,&p);
+        i2d_ASN1_INTEGER(&sbs,&p);
+        *siglen=(p-sig);
+        ret=1;
+err:
+        if (!ret) DSAerr(DSA_F_DSA_SIGN,reason);
+                
+#if 1 /* do the right thing :-) */
+        if (kinv != NULL) BN_clear_free(kinv);
+        if (r != NULL) BN_clear_free(r);
+#endif
+        if (ctx != NULL) BN_CTX_free(ctx);
+        if (m != NULL) BN_clear_free(m);
+        if (xr != NULL) BN_clear_free(xr);
+        if (s != NULL) BN_clear_free(s);
+        return(ret);
+        }
+int DSA_sign_setup(dsa,ctx_in,kinvp,rp)
+DSA *dsa;
+BN_CTX *ctx_in;
+BIGNUM **kinvp;
+BIGNUM **rp;
+        {
+        BN_CTX *ctx;
+        BIGNUM *k=NULL,*kinv=NULL,*r=NULL;
+        int ret=0;
+        if (ctx_in == NULL)
+                {
+                if ((ctx=BN_CTX_new()) == NULL) goto err;
+                }
+        else
+                ctx=ctx_in;
+        r=BN_new();
+        k=BN_new();
+        if ((r == NULL) || (k == NULL))
+                goto err;
+        kinv=NULL;
+        if (r == NULL) goto err;
+        /* Get random k */
+        for (;;)
+                {
+                if (!BN_rand(k, BN_num_bits(dsa->q), 1, 0)) goto err;
+                if (BN_cmp(k,dsa->q) >= 0)
+                        BN_sub(k,k,dsa->q);
+                if (!BN_is_zero(k)) break;
+                }
+        /* Compute r = (g^k mod p) mod q */
+        if (!BN_mod_exp(r,dsa->g,k,dsa->p,ctx)) goto err;
+        if (!BN_mod(r,r,dsa->q,ctx)) goto err;
+        /* Compute  part of 's = inv(k) (m + xr) mod q' */
+        if ((kinv=BN_mod_inverse(k,dsa->q,ctx)) == NULL) goto err;
+        if (*kinvp != NULL) BN_clear_free(*kinvp);
+        *kinvp=kinv;
+        kinv=NULL;
+        if (*rp != NULL) BN_clear_free(*rp);
+        *rp=r;
+        ret=1;
+err:
+        if (!ret)
+                {
+                DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
+                if (kinv != NULL) BN_clear_free(kinv);
+                if (r != NULL) BN_clear_free(r);
+                }
+        if (ctx_in == NULL) BN_CTX_free(ctx);
+        if (k != NULL) BN_clear_free(k);
+        if (kinv != NULL) BN_clear_free(kinv);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
new file mode 100644
index 0000000000..0f860984ed
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
@@ -0,0 +1,152 @@
+/* crypto/dsa/dsa_vrf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "rand.h"
+#include "asn1.h"
+#include "asn1_mac.h"
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ *       1: correct signature
+ *       0: incorrect signature
+ *      -1: error
+ */
+int DSA_verify(type,dgst,dgst_len,sigbuf,siglen, dsa)
+int type;
+unsigned char *dgst;
+int dgst_len;
+unsigned char *sigbuf;
+int siglen;
+DSA *dsa;
+        {
+        /* The next 3 are used by the M_ASN1 macros */
+        long length=siglen;
+        ASN1_CTX c;
+        unsigned char **pp= &sigbuf;
+        BN_CTX *ctx;
+        BIGNUM *r=NULL;
+        BIGNUM *t1=NULL,*t2=NULL;
+        BIGNUM *u1=NULL,*u2=NULL;
+        ASN1_INTEGER *bs=NULL;
+        int ret = -1;
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        t1=BN_new();
+        t2=BN_new();
+        if (t1 == NULL || t2 == NULL) goto err;
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+        if ((r=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn;
+        M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+        if ((u1=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn;
+        if (!asn1_Finish(&c)) goto err;
+        /* Calculate W = inv(S) mod Q
+         * save W in u2 */
+        if ((u2=BN_mod_inverse(u1,dsa->q,ctx)) == NULL) goto err_bn;
+        /* save M in u1 */
+        if (BN_bin2bn(dgst,dgst_len,u1) == NULL) goto err_bn;
+        /* u1 = M * w mod q */
+        if (!BN_mod_mul(u1,u1,u2,dsa->q,ctx)) goto err_bn;
+        /* u2 = r * w mod q */
+        if (!BN_mod_mul(u2,r,u2,dsa->q,ctx)) goto err_bn;
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        if (!BN_mod_exp(t1,dsa->g,u1,dsa->p,ctx)) goto err_bn;
+        /* let t2 = y ^ u2 mod p */
+        if (!BN_mod_exp(t2,dsa->pub_key,u2,dsa->p,ctx)) goto err_bn;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(u1,t1,t2,dsa->p,ctx)) goto err_bn;
+        /* let u1 = u1 mod q */
+        if (!BN_mod(u1,u1,dsa->q,ctx)) goto err_bn;
+        /* V is now in u1.  If the signature is correct, it will be
+         * equal to R. */
+        ret=(BN_ucmp(u1, r) == 0);
+        if (0)
+                {
+err: /* ASN1 error */
+                DSAerr(DSA_F_DSA_VERIFY,c.error);
+                }
+        if (0)
+                {
+err_bn: /* BN error */
+                DSAerr(DSA_F_DSA_VERIFY,ERR_R_BN_LIB);
+                }
+        if (ctx != NULL) BN_CTX_free(ctx);
+        if (r != NULL) BN_free(r);
+        if (t1 != NULL) BN_free(t1);
+        if (t2 != NULL) BN_free(t2);
+        if (u1 != NULL) BN_free(u1);
+        if (u2 != NULL) BN_free(u2);
+        if (bs != NULL) ASN1_BIT_STRING_free(bs);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/dsa/dsagen.c b/src/lib/libssl/src/crypto/dsa/dsagen.c
new file mode 100644
index 0000000000..20335de250
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/dsagen.c
@@ -0,0 +1,112 @@
+/* crypto/dsa/dsagen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "dsa.h"
+#define TEST
+#define GENUINE_DSA
+#ifdef GENUINE_DSA
+#define LAST_VALUE 0xbd
+#else
+#define LAST_VALUE 0xd3
+#endif
+#ifdef TEST
+unsigned char seed[20]={
+        0xd5,0x01,0x4e,0x4b,
+        0x60,0xef,0x2b,0xa8,
+        0xb6,0x21,0x1b,0x40,
+        0x62,0xba,0x32,0x24,
+        0xe0,0x42,0x7d,LAST_VALUE};
+#endif
+int cb(p,n)
+int p,n;
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        printf("%c",c);
+        fflush(stdout);
+        }
+main()
+        {
+        int i;
+        BIGNUM *n;
+        BN_CTX *ctx;
+        unsigned char seed_buf[20];
+        DSA *dsa;
+        int counter,h;
+        BIO *bio_err=NULL;
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        memcpy(seed_buf,seed,20);
+        dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb);
+        if (dsa == NULL)
+                DSA_print(bio_err,dsa,0);
+        }
diff --git a/src/lib/libssl/src/crypto/dsa/dsatest.c b/src/lib/libssl/src/crypto/dsa/dsatest.c
new file mode 100644
index 0000000000..39bb712c4a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/dsatest.c
@@ -0,0 +1,214 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "crypto.h"
+#include "rand.h"
+#include "bio.h"
+#include "err.h"
+#include "dsa.h"
+#ifdef WINDOWS
+#include "../bio/bss_file.c"
+#endif
+#ifdef WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+#ifndef NOPROTO
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
+#else
+static void MS_CALLBACK dsa_cb();
+#endif
+static unsigned char seed[20]={
+        0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
+        0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
+        };
+static unsigned char out_p[]={
+        0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
+        0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
+        0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
+        0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
+        0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
+        0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
+        0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
+        0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
+        };
+static unsigned char out_q[]={
+        0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
+        0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
+        0xda,0xce,0x91,0x5f,
+        };
+static unsigned char out_g[]={
+        0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
+        0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
+        0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
+        0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
+        0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
+        0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
+        0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
+        0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
+        };
+static BIO *bio_err=NULL;
+int main(argc, argv)
+int argc;
+char **argv;
+        {
+        DSA *dsa=NULL;
+        int counter,ret=0,i,j;
+        unsigned char buf[256];
+        unsigned long h;
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        BIO_printf(bio_err,"test generation of DSA parameters\n");
+        BIO_printf(bio_err,"expect '.*' followed by 5 lines of '.'s and '+'s\n");
+        dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,
+                (char *)bio_err);
+        BIO_printf(bio_err,"seed\n");
+        for (i=0; i<20; i+=4)
+                {
+                BIO_printf(bio_err,"%02X%02X%02X%02X ",
+                        seed[i],seed[i+1],seed[i+2],seed[i+3]);
+                }
+        BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
+                
+        if (dsa == NULL) goto end;
+        DSA_print(bio_err,dsa,0);
+        if (counter != 105) 
+                {
+                BIO_printf(bio_err,"counter should be 105\n");
+                goto end;
+                }
+        if (h != 2)
+                {
+                BIO_printf(bio_err,"h should be 2\n");
+                goto end;
+                }
+        i=BN_bn2bin(dsa->q,buf);
+        j=sizeof(out_q);
+        if ((i != j) || (memcmp(buf,out_q,i) != 0))
+                {
+                BIO_printf(bio_err,"q value is wrong\n");
+                goto end;
+                }
+        i=BN_bn2bin(dsa->p,buf);
+        j=sizeof(out_p);
+        if ((i != j) || (memcmp(buf,out_p,i) != 0))
+                {
+                BIO_printf(bio_err,"p value is wrong\n");
+                goto end;
+                }
+        i=BN_bn2bin(dsa->g,buf);
+        j=sizeof(out_g);
+        if ((i != j) || (memcmp(buf,out_g,i) != 0))
+                {
+                BIO_printf(bio_err,"g value is wrong\n");
+                goto end;
+                }
+        ret=1;
+end:
+        if (!ret)
+                ERR_print_errors(bio_err);
+        if (bio_err != NULL) BIO_free(bio_err);
+        if (dsa != NULL) DSA_free(dsa);
+        exit(!ret);
+        return(0);
+        }
+static void MS_CALLBACK dsa_cb(p, n, arg)
+int p;
+int n;
+char *arg;
+        {
+        char c='*';
+        static int ok=0,num=0;
+        if (p == 0) { c='.'; num++; };
+        if (p == 1) c='+';
+        if (p == 2) { c='*'; ok++; }
+        if (p == 3) c='\n';
+        BIO_write((BIO *)arg,&c,1);
+        BIO_flush((BIO *)arg);
+        if (!ok && (p == 0) && (num > 1))
+                {
+                BIO_printf((BIO *)arg,"error in dsatest\n");
+                exit(1);
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/dsa/fips186a.txt b/src/lib/libssl/src/crypto/dsa/fips186a.txt
new file mode 100644
index 0000000000..3a2e0a0d51
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/fips186a.txt
@@ -0,0 +1,122 @@
+The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
+examples.  This is an updated version that uses SHA-1 (FIPS 180-1)
+supplied to me by Wei Dai
+--
+                     APPENDIX 5. EXAMPLE OF THE DSA
+This appendix is for informational purposes only and is not required to meet
+the standard.
+Let L = 512 (size of p).  The values in this example are expressed in
+hexadecimal notation.  The p and q given here were generated by the prime
+generation standard described in appendix 2 using the 160-bit SEED:
+          d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
+With this SEED, the algorithm found p and q when the counter was at 105.
+x was generated by the algorithm described in appendix 3, section 3.1, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
+XSEED =   
+        bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
+t =
+        67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
+x = G(t,XSEED) mod q
+k was generated by the algorithm described in appendix 3, section 3.2, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
+KSEED =
+        687a66d9 0648f993 867e121f 4ddf9ddb 01205584
+t =
+        EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
+k = G(t,KSEED) mod q
+Finally:
+h = 2
+p =
+        8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
+        cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
+        49693dfb f83724c2 ec0736ee 31c80291
+q =
+        c773218c 737ec8ee 993b4f2d ed30f48e dace915f
+g =
+        626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
+        3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
+        c42e9f6f 464b088c c572af53 e6d78802
+x =
+        2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
+k =
+        358dad57 1462710f 50e254cf 1a376b2b deaadfbf
+kinv = 
+        0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
+M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
+SHA(M) =  
+        a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
+y =
+        19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85 
+        9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
+        858fba33 f44c0669 9630a76b 030ee333
+r =
+        8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
+s =
+        41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
+w =
+        9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
+u1 =
+        bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
+u2 =
+        821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
+gu1 mod p =
+        51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
+        9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
+        6f96662a 1987a21b e4ec1071 010b6069
+yu2 mod p =
+        8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
+        5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67 
+        c19441f4 22bf3c34 08aeba1f 0a4dbec7
+v =
+        8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c
new file mode 100644
index 0000000000..5aef6a1259
--- /dev/null
+++ b/src/lib/libssl/src/crypto/err/err.c
@@ -0,0 +1,642 @@
+/* crypto/err/err.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "lhash.h"
+#include "crypto.h"
+#include "cryptlib.h"
+#include "buffer.h"
+#include "err.h"
+#include "crypto.h"
+static LHASH *error_hash=NULL;
+static LHASH *thread_hash=NULL;
+#ifndef NOPROTO
+static unsigned long err_hash(ERR_STRING_DATA *a);
+static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b);
+static unsigned long pid_hash(ERR_STATE *pid);
+static int pid_cmp(ERR_STATE *a,ERR_STATE *pid);
+static unsigned long get_error_values(int inc,char **file,int *line,
+        char **data,int *flags);
+static void ERR_STATE_free(ERR_STATE *s);
+#else
+static unsigned long err_hash();
+static int err_cmp();
+static unsigned long pid_hash();
+static int pid_cmp();
+static void ERR_STATE_free();
+ERR_STATE *s;
+#endif
+#ifndef NO_ERR
+static ERR_STRING_DATA ERR_str_libraries[]=
+        {
+{ERR_PACK(ERR_LIB_NONE,0,0)             ,"unknown library"},
+{ERR_PACK(ERR_LIB_SYS,0,0)              ,"system library"},
+{ERR_PACK(ERR_LIB_BN,0,0)               ,"bignum routines"},
+{ERR_PACK(ERR_LIB_RSA,0,0)              ,"rsa routines"},
+{ERR_PACK(ERR_LIB_DH,0,0)               ,"Diffie-Hellman routines"},
+{ERR_PACK(ERR_LIB_EVP,0,0)              ,"digital envelope routines"},
+{ERR_PACK(ERR_LIB_BUF,0,0)              ,"memory buffer routines"},
+{ERR_PACK(ERR_LIB_BIO,0,0)              ,"BIO routines"},
+{ERR_PACK(ERR_LIB_OBJ,0,0)              ,"object identifier routines"},
+{ERR_PACK(ERR_LIB_PEM,0,0)              ,"PEM routines"},
+{ERR_PACK(ERR_LIB_ASN1,0,0)             ,"asn1 encoding routines"},
+{ERR_PACK(ERR_LIB_X509,0,0)             ,"x509 certificate routines"},
+{ERR_PACK(ERR_LIB_CONF,0,0)             ,"configuation file routines"},
+{ERR_PACK(ERR_LIB_METH,0,0)             ,"X509 lookup 'method' routines"},
+{ERR_PACK(ERR_LIB_SSL,0,0)              ,"SSL routines"},
+{ERR_PACK(ERR_LIB_RSAREF,0,0)           ,"RSAref routines"},
+{ERR_PACK(ERR_LIB_PROXY,0,0)            ,"Proxy routines"},
+{ERR_PACK(ERR_LIB_BIO,0,0)              ,"BIO routines"},
+{ERR_PACK(ERR_LIB_PKCS7,0,0)            ,"PKCS7 routines"},
+{0,NULL},
+        };
+static ERR_STRING_DATA ERR_str_functs[]=
+        {
+        {ERR_PACK(0,SYS_F_FOPEN,0),             "fopen"},
+        {ERR_PACK(0,SYS_F_CONNECT,0),           "connect"},
+        {ERR_PACK(0,SYS_F_GETSERVBYNAME,0),     "getservbyname"},
+        {ERR_PACK(0,SYS_F_SOCKET,0),            "socket"}, 
+        {ERR_PACK(0,SYS_F_IOCTLSOCKET,0),       "ioctlsocket"},
+        {ERR_PACK(0,SYS_F_BIND,0),              "bind"},
+        {ERR_PACK(0,SYS_F_LISTEN,0),            "listen"},
+        {ERR_PACK(0,SYS_F_ACCEPT,0),            "accept"},
+#ifdef WINDOWS
+        {ERR_PACK(0,SYS_F_WSASTARTUP,0),        "WSAstartup"},
+#endif
+        {0,NULL},
+        };
+static ERR_STRING_DATA ERR_str_reasons[]=
+        {
+{ERR_R_FATAL                             ,"fatal"},
+{ERR_R_SYS_LIB                          ,"system lib"},
+{ERR_R_BN_LIB                           ,"BN lib"},
+{ERR_R_RSA_LIB                          ,"RSA lib"},
+{ERR_R_DH_LIB                           ,"DH lib"},
+{ERR_R_EVP_LIB                          ,"EVP lib"},
+{ERR_R_BUF_LIB                          ,"BUF lib"},
+{ERR_R_BIO_LIB                          ,"BIO lib"},
+{ERR_R_OBJ_LIB                          ,"OBJ lib"},
+{ERR_R_PEM_LIB                          ,"PEM lib"},
+{ERR_R_X509_LIB                         ,"X509 lib"},
+{ERR_R_METH_LIB                         ,"METH lib"},
+{ERR_R_ASN1_LIB                         ,"ASN1 lib"},
+{ERR_R_CONF_LIB                         ,"CONF lib"},
+{ERR_R_SSL_LIB                          ,"SSL lib"},
+{ERR_R_PROXY_LIB                        ,"PROXY lib"},
+{ERR_R_BIO_LIB                          ,"BIO lib"},
+{ERR_R_PKCS7_LIB                        ,"PKCS7 lib"},
+{ERR_R_MALLOC_FAILURE                   ,"Malloc failure"},
+{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED      ,"called a fuction you should not call"},
+{0,NULL},
+        };
+#endif
+#define err_clear_data(p,i) \
+        if (((p)->err_data[i] != NULL) && \
+                (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
+                {  \
+                Free((p)->err_data[i]); \
+                (p)->err_data[i]=NULL; \
+                } \
+        (p)->err_data_flags[i]=0;
+static void ERR_STATE_free(s)
+ERR_STATE *s;
+        {
+        int i;
+        for (i=0; i<ERR_NUM_ERRORS; i++)
+                {
+                err_clear_data(s,i);
+                }
+        Free(s);
+        }
+void ERR_load_ERR_strings()
+        {
+        static int init=1;
+        if (init)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+                if (init == 0)
+                        {
+                        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+                        return;
+                        }
+                init=0;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+#ifndef NO_ERR
+                ERR_load_strings(0,ERR_str_libraries);
+                ERR_load_strings(0,ERR_str_reasons);
+                ERR_load_strings(ERR_LIB_SYS,ERR_str_functs);
+#endif
+                }
+        }
+void ERR_load_strings(lib,str)
+int lib;
+ERR_STRING_DATA *str;
+        {
+        if (error_hash == NULL)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
+                error_hash=lh_new(err_hash,err_cmp);
+                if (error_hash == NULL)
+                        {
+                        CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
+                        return;
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
+                ERR_load_ERR_strings();
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
+        while (str->error)
+                {
+                str->error|=ERR_PACK(lib,0,0);
+                lh_insert(error_hash,(char *)str);
+                str++;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
+        }
+void ERR_free_strings()
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (error_hash != NULL)
+                {
+                lh_free(error_hash);
+                error_hash=NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+/********************************************************/
+void ERR_put_error(lib,func,reason,file,line)
+int lib,func,reason;
+char *file;
+int line;
+        {
+        ERR_STATE *es;
+        es=ERR_get_state();
+        es->top=(es->top+1)%ERR_NUM_ERRORS;
+        if (es->top == es->bottom)
+                es->bottom=(es->bottom+1)%ERR_NUM_ERRORS;
+        es->err_buffer[es->top]=ERR_PACK(lib,func,reason);
+        es->err_file[es->top]=file;
+        es->err_line[es->top]=line;
+        err_clear_data(es,es->top);
+        }
+void ERR_clear_error()
+        {
+        ERR_STATE *es;
+        es=ERR_get_state();
+#if 0
+        /* hmm... is this needed */
+        for (i=0; i<ERR_NUM_ERRORS; i++)
+                {
+                es->err_buffer[i]=0;
+                es->err_file[i]=NULL;
+                es->err_line[i]= -1;
+                err_clear_data(es,i);
+                }
+#endif
+        es->top=es->bottom=0;
+        }
+unsigned long ERR_get_error()
+        { return(get_error_values(1,NULL,NULL,NULL,NULL)); }
+unsigned long ERR_get_error_line(file,line)
+char **file;
+int *line;
+        { return(get_error_values(1,file,line,NULL,NULL)); }
+unsigned long ERR_get_error_line_data(file,line,data,flags)
+char **file;
+int *line;
+char **data;
+int *flags;
+        { return(get_error_values(1,file,line,data,flags)); }
+unsigned long ERR_peek_error()
+        { return(get_error_values(0,NULL,NULL,NULL,NULL)); }
+unsigned long ERR_peek_error_line(file,line)
+char **file;
+int *line;
+        { return(get_error_values(0,file,line,NULL,NULL)); }
+unsigned long ERR_peek_error_line_data(file,line,data,flags)
+char **file;
+int *line;
+char **data;
+int *flags;
+        { return(get_error_values(0,file,line,data,flags)); }
+static unsigned long get_error_values(inc,file,line,data,flags)
+int inc;
+char **file;
+int *line;
+char **data;
+int *flags;
+        {       
+        int i=0;
+        ERR_STATE *es;
+        unsigned long ret;
+        es=ERR_get_state();
+        if (es->bottom == es->top) return(0);
+        i=(es->bottom+1)%ERR_NUM_ERRORS;
+        ret=es->err_buffer[i];
+        if (inc)
+                {
+                es->bottom=i;
+                es->err_buffer[i]=0;
+                }
+        if ((file != NULL) && (line != NULL))
+                {
+                if (es->err_file[i] == NULL)
+                        {
+                        *file="NA";
+                        if (line != NULL) *line=0;
+                        }
+                else
+                        {
+                        *file=es->err_file[i];
+                        if (line != NULL) *line=es->err_line[i];
+                        }
+                }
+        if (data != NULL)
+                {
+                if (es->err_data[i] == NULL)
+                        {
+                        *data="";
+                        if (flags != NULL) *flags=0;
+                        }
+                else
+                        {
+                        *data=es->err_data[i];
+                        if (flags != NULL) *flags=es->err_data_flags[i];
+                        }
+                }
+        return(ret);
+        }
+/* BAD for multi-threaded, uses a local buffer if ret == NULL */
+char *ERR_error_string(e,ret)
+unsigned long e;
+char *ret;
+        {
+        static char buf[256];
+        char *ls,*fs,*rs;
+        unsigned long l,f,r;
+        int i;
+        l=ERR_GET_LIB(e);
+        f=ERR_GET_FUNC(e);
+        r=ERR_GET_REASON(e);
+        ls=ERR_lib_error_string(e);
+        fs=ERR_func_error_string(e);
+        rs=ERR_reason_error_string(e);
+        if (ret == NULL) ret=buf;
+        sprintf(&(ret[0]),"error:%08lX:",e);
+        i=strlen(ret);
+        if (ls == NULL)
+                sprintf(&(ret[i]),":lib(%lu) ",l);
+        else    sprintf(&(ret[i]),"%s",ls);
+        i=strlen(ret);
+        if (fs == NULL)
+                sprintf(&(ret[i]),":func(%lu) ",f);
+        else    sprintf(&(ret[i]),":%s",fs);
+        i=strlen(ret);
+        if (rs == NULL)
+                sprintf(&(ret[i]),":reason(%lu)",r);
+        else    sprintf(&(ret[i]),":%s",rs);
+        return(ret);
+        }
+LHASH *ERR_get_string_table()
+        {
+        return(error_hash);
+        }
+LHASH *ERR_get_err_state_table()
+        {
+        return(thread_hash);
+        }
+char *ERR_lib_error_string(e)
+unsigned long e;
+        {
+        ERR_STRING_DATA d,*p=NULL;
+        unsigned long l;
+        l=ERR_GET_LIB(e);
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+        if (error_hash != NULL)
+                {
+                d.error=ERR_PACK(l,0,0);
+                p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d);
+                }
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+        return((p == NULL)?NULL:p->string);
+        }
+char *ERR_func_error_string(e)
+unsigned long e;
+        {
+        ERR_STRING_DATA d,*p=NULL;
+        unsigned long l,f;
+        l=ERR_GET_LIB(e);
+        f=ERR_GET_FUNC(e);
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+        if (error_hash != NULL)
+                {
+                d.error=ERR_PACK(l,f,0);
+                p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d);
+                }
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+        return((p == NULL)?NULL:p->string);
+        }
+char *ERR_reason_error_string(e)
+unsigned long e;
+        {
+        ERR_STRING_DATA d,*p=NULL;
+        unsigned long l,r;
+        l=ERR_GET_LIB(e);
+        r=ERR_GET_REASON(e);
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+        if (error_hash != NULL)
+                {
+                d.error=ERR_PACK(l,0,r);
+                p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d);
+                if (p == NULL)
+                        {
+                        d.error=ERR_PACK(0,0,r);
+                        p=(ERR_STRING_DATA *)lh_retrieve(error_hash,
+                                (char *)&d);
+                        }
+                }
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+        return((p == NULL)?NULL:p->string);
+        }
+static unsigned long err_hash(a)
+ERR_STRING_DATA *a;
+        {
+        unsigned long ret,l;
+        l=a->error;
+        ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
+        return(ret^ret%19*13);
+        }
+static int err_cmp(a,b)
+ERR_STRING_DATA *a,*b;
+        {
+        return((int)(a->error-b->error));
+        }
+static unsigned long pid_hash(a)
+ERR_STATE *a;
+        {
+        return(a->pid*13);
+        }
+static int pid_cmp(a,b)
+ERR_STATE *a,*b;
+        {
+        return((int)((long)a->pid - (long)b->pid));
+        }
+void ERR_remove_state(pid)
+unsigned long pid;
+        {
+        ERR_STATE *p,tmp;
+        if (thread_hash == NULL)
+                return;
+        if (pid == 0)
+                pid=(unsigned long)CRYPTO_thread_id();
+        tmp.pid=pid;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p=(ERR_STATE *)lh_delete(thread_hash,(char *)&tmp);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        if (p != NULL) ERR_STATE_free(p);
+        }
+ERR_STATE *ERR_get_state()
+        {
+        static ERR_STATE fallback;
+        ERR_STATE *ret=NULL,tmp,*tmpp;
+        int i;
+        unsigned long pid;
+        pid=(unsigned long)CRYPTO_thread_id();
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        if (thread_hash == NULL)
+                {
+                CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+                CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+                if (thread_hash == NULL)
+                        {
+                        thread_hash=lh_new(pid_hash,pid_cmp);
+                        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+                        if (thread_hash == NULL) return(&fallback);
+                        }
+                else
+                        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+                }
+        else
+                {
+                tmp.pid=pid;
+                ret=(ERR_STATE *)lh_retrieve(thread_hash,(char *)&tmp);
+                CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+                }
+        /* ret == the error state, if NULL, make a new one */
+        if (ret == NULL)
+                {
+                ret=(ERR_STATE *)Malloc(sizeof(ERR_STATE));
+                if (ret == NULL) return(&fallback);
+                ret->pid=pid;
+                ret->top=0;
+                ret->bottom=0;
+                for (i=0; i<ERR_NUM_ERRORS; i++)
+                        {
+                        ret->err_data[i]=NULL;
+                        ret->err_data_flags[i]=0;
+                        }
+                CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+                tmpp=(ERR_STATE *)lh_insert(thread_hash,(char *)ret);
+                CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+                if (tmpp != NULL) /* old entry - should not happen */
+                        {
+                        ERR_STATE_free(tmpp);
+                        }
+                }
+        return(ret);
+        }
+int ERR_get_next_error_library()
+        {
+        static int value=ERR_LIB_USER;
+        return(value++);
+        }
+void ERR_set_error_data(data,flags)
+char *data;
+int flags;
+        {
+        ERR_STATE *es;
+        int i;
+        es=ERR_get_state();
+        i=es->top;
+        if (i == 0)
+                i=ERR_NUM_ERRORS-1;
+        es->err_data[i]=data;
+        es->err_data_flags[es->top]=flags;
+        }
+void ERR_add_error_data( VAR_PLIST(int , num))
+VAR_ALIST
+        {
+        VAR_BDEFN(args, int, num);
+        int i,n,s;
+        char *str,*p,*a;
+        s=64;
+        str=Malloc(s+1);
+        if (str == NULL) return;
+        str[0]='\0';
+        VAR_INIT(args,int,num);
+        n=0;
+        for (i=0; i<num; i++)
+                {
+                VAR_ARG(args,char *,a);
+                if (a != NULL) {
+                        n+=strlen(a);
+                        if (n > s)
+                                {
+                                s=n+20;
+                                p=Realloc(str,s+1);
+                                if (p == NULL)
+                                        {
+                                        Free(str);
+                                        return;
+                                        }
+                                else
+                                        str=p;
+                                }
+                        strcat(str,a);
+                        }
+                }
+        ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
+        VAR_END( args );
+        }
diff --git a/src/lib/libssl/src/crypto/err/err.h b/src/lib/libssl/src/crypto/err/err.h
new file mode 100644
index 0000000000..75f931be11
--- /dev/null
+++ b/src/lib/libssl/src/crypto/err/err.h
@@ -0,0 +1,287 @@
+/* crypto/err/err.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_ERR_H
+#define HEADER_ERR_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+/* The following is a bit of a trick to help the object files only contain
+ * the 'name of the file' string once.  Since 'err.h' is protected by the
+ * HEADER_ERR_H stuff, this should be included only once per file. */
+#define ERR_file_name   __FILE__
+#ifndef NO_ERR
+#define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,d,e)
+#else
+#define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,NULL,0)
+#endif
+#include <errno.h>
+#define ERR_TXT_MALLOCED        0x01
+#define ERR_TXT_STRING          0x02
+#define ERR_NUM_ERRORS  16
+typedef struct err_state_st
+        {
+        unsigned long pid;
+        unsigned long err_buffer[ERR_NUM_ERRORS];
+        char *err_data[ERR_NUM_ERRORS];
+        int err_data_flags[ERR_NUM_ERRORS];
+        char *err_file[ERR_NUM_ERRORS];
+        int err_line[ERR_NUM_ERRORS];
+        int top,bottom;
+        } ERR_STATE;
+/* library */
+#define ERR_LIB_NONE            1
+#define ERR_LIB_SYS             2
+#define ERR_LIB_BN              3
+#define ERR_LIB_RSA             4
+#define ERR_LIB_DH              5
+#define ERR_LIB_EVP             6
+#define ERR_LIB_BUF             7
+#define ERR_LIB_OBJ             8
+#define ERR_LIB_PEM             9
+#define ERR_LIB_DSA             10
+#define ERR_LIB_X509            11
+#define ERR_LIB_METH            12
+#define ERR_LIB_ASN1            13
+#define ERR_LIB_CONF            14
+#define ERR_LIB_CRYPTO          15
+#define ERR_LIB_SSL             20
+#define ERR_LIB_SSL23           21
+#define ERR_LIB_SSL2            22
+#define ERR_LIB_SSL3            23
+#define ERR_LIB_RSAREF          30
+#define ERR_LIB_PROXY           31
+#define ERR_LIB_BIO             32
+#define ERR_LIB_PKCS7           33
+#define ERR_LIB_USER            128
+#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),ERR_file_name,__LINE__)
+#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),ERR_file_name,__LINE__)
+#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),ERR_file_name,__LINE__)
+#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),ERR_file_name,__LINE__)
+#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),ERR_file_name,__LINE__)
+#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),ERR_file_name,__LINE__)
+#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),ERR_file_name,__LINE__)
+#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),ERR_file_name,__LINE__)
+#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),ERR_file_name,__LINE__)
+#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),ERR_file_name,__LINE__)
+#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),ERR_file_name,__LINE__)
+#define METHerr(f,r) ERR_PUT_error(ERR_LIB_METH,(f),(r),ERR_file_name,__LINE__)
+#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),ERR_file_name,__LINE__)
+#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),ERR_file_name,__LINE__)
+#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),ERR_file_name,__LINE__)
+#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),ERR_file_name,__LINE__)
+#define SSL23err(f,r) ERR_PUT_error(ERR_LIB_SSL23,(f),(r),ERR_file_name,__LINE__)
+#define SSL2err(f,r) ERR_PUT_error(ERR_LIB_SSL2,(f),(r),ERR_file_name,__LINE__)
+#define SSL3err(f,r) ERR_PUT_error(ERR_LIB_SSL3,(f),(r),ERR_file_name,__LINE__)
+#define RSAREFerr(f,r) ERR_PUT_error(ERR_LIB_RSAREF,(f),(r),ERR_file_name,__LINE__)
+#define PROXYerr(f,r) ERR_PUT_error(ERR_LIB_PROXY,(f),(r),ERR_file_name,__LINE__)
+#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__)
+/* Borland C seems too stupid to be able to shift and do longs in
+ * the pre-processor :-( */
+#define ERR_PACK(l,f,r)         (((((unsigned long)l)&0xffL)*0x1000000)| \
+                                ((((unsigned long)f)&0xfffL)*0x1000)| \
+                                ((((unsigned long)r)&0xfffL)))
+#define ERR_GET_LIB(l)          (int)((((unsigned long)l)>>24L)&0xffL)
+#define ERR_GET_FUNC(l)         (int)((((unsigned long)l)>>12L)&0xfffL)
+#define ERR_GET_REASON(l)       (int)((l)&0xfffL)
+#define ERR_FATAL_ERROR(l)      (int)((l)&ERR_R_FATAL)
+/* OS fuctions */
+#define SYS_F_FOPEN             1
+#define SYS_F_CONNECT           2
+#define SYS_F_GETSERVBYNAME     3
+#define SYS_F_SOCKET            4
+#define SYS_F_IOCTLSOCKET       5
+#define SYS_F_BIND              6
+#define SYS_F_LISTEN            7
+#define SYS_F_ACCEPT            8
+#define SYS_F_WSASTARTUP        9 /* Winsock stuff */
+#define ERR_R_FATAL             32      
+/* reasons */
+#define ERR_R_SYS_LIB   ERR_LIB_SYS
+#define ERR_R_BN_LIB    ERR_LIB_BN
+#define ERR_R_RSA_LIB   ERR_LIB_RSA
+#define ERR_R_DSA_LIB   ERR_LIB_DSA
+#define ERR_R_DH_LIB    ERR_LIB_DH
+#define ERR_R_EVP_LIB   ERR_LIB_EVP
+#define ERR_R_BUF_LIB   ERR_LIB_BUF
+#define ERR_R_BIO_LIB   ERR_LIB_BIO
+#define ERR_R_OBJ_LIB   ERR_LIB_OBJ
+#define ERR_R_PEM_LIB   ERR_LIB_PEM
+#define ERR_R_X509_LIB  ERR_LIB_X509
+#define ERR_R_METH_LIB  ERR_LIB_METH
+#define ERR_R_ASN1_LIB  ERR_LIB_ASN1
+#define ERR_R_CONF_LIB  ERR_LIB_CONF
+#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO
+#define ERR_R_SSL_LIB   ERR_LIB_SSL
+#define ERR_R_SSL23_LIB ERR_LIB_SSL23
+#define ERR_R_SSL2_LIB  ERR_LIB_SSL2
+#define ERR_R_SSL3_LIB  ERR_LIB_SSL3
+#define ERR_R_PROXY_LIB ERR_LIB_PROXY
+#define ERR_R_BIO_LIB   ERR_LIB_BIO
+#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7
+/* fatal error */
+#define ERR_R_MALLOC_FAILURE                    (1|ERR_R_FATAL)
+#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED       (2|ERR_R_FATAL)
+#define ERR_R_PASSED_NULL_PARAMETER             (3|ERR_R_FATAL)
+typedef struct ERR_string_data_st
+        {
+        unsigned long error;
+        char *string;
+        } ERR_STRING_DATA;
+#ifndef NOPROTO
+void ERR_put_error(int lib, int func,int reason,char *file,int line);
+void ERR_set_error_data(char *data,int flags);
+unsigned long ERR_get_error(void );
+unsigned long ERR_get_error_line(char **file,int *line);
+unsigned long ERR_get_error_line_data(char **file,int *line,
+                char **data, int *flags);
+unsigned long ERR_peek_error(void );
+unsigned long ERR_peek_error_line(char **file,int *line);
+unsigned long ERR_peek_error_line_data(char **file,int *line,
+                char **data,int *flags);
+void ERR_clear_error(void );
+char *ERR_error_string(unsigned long e,char *buf);
+char *ERR_lib_error_string(unsigned long e);
+char *ERR_func_error_string(unsigned long e);
+char *ERR_reason_error_string(unsigned long e);
+#ifndef NO_FP_API
+void ERR_print_errors_fp(FILE *fp);
+#endif
+#ifdef HEADER_BIO_H
+void ERR_print_errors(BIO *bp);
+void ERR_add_error_data( VAR_PLIST( int, num ) );
+#endif
+void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
+void ERR_load_ERR_strings(void );
+void ERR_load_crypto_strings(void );
+void ERR_free_strings(void );
+void ERR_remove_state(unsigned long pid); /* if zero we look it up */
+ERR_STATE *ERR_get_state(void);
+#ifdef HEADER_LHASH_H
+LHASH *ERR_get_string_table(void );
+LHASH *ERR_get_err_state_table(void );
+#else
+char *ERR_get_string_table(void );
+char *ERR_get_err_state_table(void );
+#endif
+int ERR_get_next_error_library(void );
+#else
+void ERR_put_error();
+void ERR_set_error_data();
+unsigned long ERR_get_error();
+unsigned long ERR_get_error_line();
+unsigned long ERR_peek_error();
+unsigned long ERR_peek_error_line();
+void ERR_clear_error();
+char *ERR_error_string();
+char *ERR_lib_error_string();
+char *ERR_func_error_string();
+char *ERR_reason_error_string();
+#ifndef NO_FP_API
+void ERR_print_errors_fp();
+#endif
+void ERR_print_errors();
+void ERR_add_error_data();
+void ERR_load_strings();
+void ERR_load_ERR_strings();
+void ERR_load_crypto_strings();
+void ERR_free_strings();
+void ERR_remove_state();
+ERR_STATE *ERR_get_state();
+#ifdef HEADER_LHASH_H
+LHASH *ERR_get_string_table();
+LHASH *ERR_get_err_state_table();
+#else
+char *ERR_get_string_table();
+char *ERR_get_err_state_table();
+#endif
+int ERR_get_next_error_library();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/err/err_all.c b/src/lib/libssl/src/crypto/err/err_all.c
new file mode 100644
index 0000000000..f874268e1a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/err/err_all.c
@@ -0,0 +1,116 @@
+/* crypto/err/err_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "asn1.h"
+#include "bn.h"
+#include "buffer.h"
+#include "bio.h"
+#ifndef NO_RSA
+#include "rsa.h"
+#endif
+#ifdef RSAref
+#include "rsaref.h"
+#endif
+#ifndef NO_DH
+#include "dh.h"
+#endif
+#ifndef NO_DSA
+#include "dsa.h"
+#endif
+#include "evp.h"
+#include "objects.h"
+#include "pem.h"
+#include "x509.h"
+#include "conf.h"
+#include "err.h"
+void ERR_load_crypto_strings()
+        {
+        static int done=0;
+        if (done) return;
+        done=1;
+#ifndef NO_ERR
+        ERR_load_ASN1_strings();
+        ERR_load_BN_strings();
+        ERR_load_BUF_strings();
+        ERR_load_BIO_strings();
+        ERR_load_CONF_strings();
+#ifndef NO_RSA
+#ifdef RSAref
+        ERR_load_RSAREF_strings();
+#else
+        ERR_load_RSA_strings();
+#endif
+#endif
+#ifndef NO_DH
+        ERR_load_DH_strings();
+#endif
+#ifndef NO_DSA
+        ERR_load_DSA_strings();
+#endif
+        ERR_load_ERR_strings();
+        ERR_load_EVP_strings();
+        ERR_load_OBJ_strings();
+        ERR_load_PEM_strings();
+        ERR_load_X509_strings();
+        ERR_load_CRYPTO_strings();
+        ERR_load_PKCS7_strings();
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/err/err_prn.c b/src/lib/libssl/src/crypto/err/err_prn.c
new file mode 100644
index 0000000000..ecd0e7c4fa
--- /dev/null
+++ b/src/lib/libssl/src/crypto/err/err_prn.c
@@ -0,0 +1,107 @@
+/* crypto/err/err_prn.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "lhash.h"
+#include "crypto.h"
+#include "cryptlib.h"
+#include "buffer.h"
+#include "err.h"
+#include "crypto.h"
+#ifndef NO_FP_API
+void ERR_print_errors_fp(fp)
+FILE *fp;
+        {
+        unsigned long l;
+        char buf[200];
+        char *file,*data;
+        int line,flags;
+        unsigned long es;
+        es=CRYPTO_thread_id();
+        while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
+                {
+                fprintf(fp,"%lu:%s:%s:%d:%s\n",es,ERR_error_string(l,buf),
+                        file,line,(flags&ERR_TXT_STRING)?data:"");
+                }
+        }
+#endif
+void ERR_print_errors(bp)
+BIO *bp;
+        {
+        unsigned long l;
+        char buf[256];
+        char buf2[256];
+        char *file,*data;
+        int line,flags;
+        unsigned long es;
+        es=CRYPTO_thread_id();
+        while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
+                {
+                sprintf(buf2,"%lu:%s:%s:%d:",es,ERR_error_string(l,buf),
+                        file,line);
+                BIO_write(bp,buf2,strlen(buf2));
+                if (flags & ERR_TXT_STRING)
+                        BIO_write(bp,data,strlen(data));
+                BIO_write(bp,"\n",1);
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/evp/bio_b64.c b/src/lib/libssl/src/crypto/evp/bio_b64.c
new file mode 100644
index 0000000000..73172b9a07
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/bio_b64.c
@@ -0,0 +1,547 @@
+/* crypto/evp/bio_b64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "evp.h"
+#ifndef NOPROTO
+static int b64_write(BIO *h,char *buf,int num);
+static int b64_read(BIO *h,char *buf,int size);
+/*static int b64_puts(BIO *h,char *str); */
+/*static int b64_gets(BIO *h,char *str,int size); */
+static long b64_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int b64_new(BIO *h);
+static int b64_free(BIO *data);
+#else
+static int b64_write();
+static int b64_read();
+/*static int b64_puts(); */
+/*static int b64_gets(); */
+static long b64_ctrl();
+static int b64_new();
+static int b64_free();
+#endif
+#define B64_BLOCK_SIZE  1024
+#define B64_BLOCK_SIZE2 768
+#define B64_NONE        0
+#define B64_ENCODE      1
+#define B64_DECODE      2
+typedef struct b64_struct
+        {
+        /*BIO *bio; moved to the BIO structure */
+        int buf_len;
+        int buf_off;
+        int tmp_len;            /* used to find the start when decoding */
+        int tmp_nl;             /* If true, scan until '\n' */
+        int encode;
+        int start;              /* have we started decoding yet? */
+        int cont;               /* <= 0 when finished */
+        EVP_ENCODE_CTX base64;
+        char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10];
+        char tmp[B64_BLOCK_SIZE];
+        } BIO_B64_CTX;
+static BIO_METHOD methods_b64=
+        {
+        BIO_TYPE_BASE64,"base64 encoding",
+        b64_write,
+        b64_read,
+        NULL, /* b64_puts, */
+        NULL, /* b64_gets, */
+        b64_ctrl,
+        b64_new,
+        b64_free,
+        };
+BIO_METHOD *BIO_f_base64()
+        {
+        return(&methods_b64);
+        }
+static int b64_new(bi)
+BIO *bi;
+        {
+        BIO_B64_CTX *ctx;
+        ctx=(BIO_B64_CTX *)Malloc(sizeof(BIO_B64_CTX));
+        if (ctx == NULL) return(0);
+        ctx->buf_len=0;
+        ctx->tmp_len=0;
+        ctx->tmp_nl=0;
+        ctx->buf_off=0;
+        ctx->cont=1;
+        ctx->start=1;
+        ctx->encode=0;
+        bi->init=1;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+static int b64_free(a)
+BIO *a;
+        {
+        if (a == NULL) return(0);
+        Free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int b64_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        int ret=0,i,ii,j,k,x,n,num,ret_code=0;
+        BIO_B64_CTX *ctx;
+        unsigned char *p,*q;
+        if (out == NULL) return(0);
+        ctx=(BIO_B64_CTX *)b->ptr;
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+        if (ctx->encode != B64_DECODE)
+                {
+                ctx->encode=B64_DECODE;
+                ctx->buf_len=0;
+                ctx->buf_off=0;
+                ctx->tmp_len=0;
+                EVP_DecodeInit(&(ctx->base64));
+                }
+        /* First check if there are bytes decoded/encoded */
+        if (ctx->buf_len > 0)
+                {
+                i=ctx->buf_len-ctx->buf_off;
+                if (i > outl) i=outl;
+                memcpy(out,&(ctx->buf[ctx->buf_off]),i);
+                ret=i;
+                out+=i;
+                outl-=i;
+                ctx->buf_off+=i;
+                if (ctx->buf_len == ctx->buf_off)
+                        {
+                        ctx->buf_len=0;
+                        ctx->buf_off=0;
+                        }
+                }
+        /* At this point, we have room of outl bytes and an empty
+         * buffer, so we should read in some more. */
+        ret_code=0;
+        while (outl > 0)
+                {
+                if (ctx->cont <= 0) break;
+                i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),
+                        B64_BLOCK_SIZE-ctx->tmp_len);
+                if (i <= 0)
+                        {
+                        ret_code=i;
+                        /* Should be continue next time we are called? */
+                        if (!BIO_should_retry(b->next_bio))
+                                ctx->cont=i;
+                        /* else we should continue when called again */
+                        break;
+                        }
+                i+=ctx->tmp_len;
+                /* We need to scan, a line at a time until we
+                 * have a valid line if we are starting. */
+                if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL))
+                        {
+                        /* ctx->start=1; */
+                        ctx->tmp_len=0;
+                        }
+                else if (ctx->start)
+                        {
+                        q=p=(unsigned char *)ctx->tmp;
+                        for (j=0; j<i; j++)
+                                {
+                                if (*(q++) != '\n') continue;
+                                /* due to a previous very long line,
+                                 * we need to keep on scanning for a '\n'
+                                 * before we even start looking for
+                                 * base64 encoded stuff. */
+                                if (ctx->tmp_nl)
+                                        {
+                                        p=q;
+                                        ctx->tmp_nl=0;
+                                        continue;
+                                        }
+                                k=EVP_DecodeUpdate(&(ctx->base64),
+                                        (unsigned char *)ctx->buf,
+                                        &num,p,q-p);
+                                if ((k <= 0) && (num == 0) && (ctx->start))
+                                        EVP_DecodeInit(&ctx->base64);
+                                else 
+                                        {
+                                        if (p != (unsigned char *)
+                                                &(ctx->tmp[0]))
+                                                {
+                                                i-=(p- (unsigned char *)
+                                                        &(ctx->tmp[0]));
+                                                for (x=0; x < i; x++)
+                                                        ctx->tmp[x]=p[x];
+                                                EVP_DecodeInit(&ctx->base64);
+                                                }
+                                        ctx->start=0;
+                                        break;
+                                        }
+                                p=q;
+                                }
+                        /* we fell off the end without starting */
+                        if (j == i)
+                                {
+                                /* Is this is one long chunk?, if so, keep on
+                                 * reading until a new line. */
+                                if (p == (unsigned char *)&(ctx->tmp[0]))
+                                        {
+                                        ctx->tmp_nl=1;
+                                        ctx->tmp_len=0;
+                                        }
+                                else if (p != q) /* finished on a '\n' */
+                                        {
+                                        n=q-p;
+                                        for (ii=0; ii<n; ii++)
+                                                ctx->tmp[ii]=p[ii];
+                                        ctx->tmp_len=n;
+                                        }
+                                /* else finished on a '\n' */
+                                continue;
+                                }
+                        else
+                                ctx->tmp_len=0;
+                        }
+                if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
+                        {
+                        int z,jj;
+                        jj=(i>>2)<<2;
+                        z=EVP_DecodeBlock((unsigned char *)ctx->buf,
+                                (unsigned char *)ctx->tmp,jj);
+                        if (jj > 2)
+                                {
+                                if (ctx->tmp[jj-1] == '=')
+                                        {
+                                        z--;
+                                        if (ctx->tmp[jj-2] == '=')
+                                                z--;
+                                        }
+                                }
+                        /* z is now number of output bytes and jj is the
+                         * number consumed */
+                        if (jj != i)
+                                {
+                                memcpy((unsigned char *)ctx->tmp,
+                                        (unsigned char *)&(ctx->tmp[jj]),i-jj);
+                                ctx->tmp_len=i-jj;
+                                }
+                        ctx->buf_len=0;
+                        if (z > 0)
+                                {
+                                ctx->buf_len=z;
+                                i=1;
+                                }
+                        else
+                                i=z;
+                        }
+                else
+                        {
+                        i=EVP_DecodeUpdate(&(ctx->base64),
+                                (unsigned char *)ctx->buf,&ctx->buf_len,
+                                (unsigned char *)ctx->tmp,i);
+                        }
+                ctx->cont=i;
+                ctx->buf_off=0;
+                if (i < 0)
+                        {
+                        ret_code=0;
+                        ctx->buf_len=0;
+                        break;
+                        }
+                if (ctx->buf_len <= outl)
+                        i=ctx->buf_len;
+                else
+                        i=outl;
+                memcpy(out,ctx->buf,i);
+                ret+=i;
+                ctx->buf_off=i;
+                if (ctx->buf_off == ctx->buf_len)
+                        {
+                        ctx->buf_len=0;
+                        ctx->buf_off=0;
+                        }
+                outl-=i;
+                out+=i;
+                }
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return((ret == 0)?ret_code:ret);
+        }
+static int b64_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+        {
+        int ret=inl,n,i;
+        BIO_B64_CTX *ctx;
+        ctx=(BIO_B64_CTX *)b->ptr;
+        BIO_clear_retry_flags(b);
+        if (ctx->encode != B64_ENCODE)
+                {
+                ctx->encode=B64_ENCODE;
+                ctx->buf_len=0;
+                ctx->buf_off=0;
+                ctx->tmp_len=0;
+                EVP_EncodeInit(&(ctx->base64));
+                }
+        n=ctx->buf_len-ctx->buf_off;
+        while (n > 0)
+                {
+                i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                if (i <= 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        return(i);
+                        }
+                ctx->buf_off+=i;
+                n-=i;
+                }
+        /* at this point all pending data has been written */
+        if ((in == NULL) || (inl <= 0)) return(0);
+        ctx->buf_off=0;
+        while (inl > 0)
+                {
+                n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
+                if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
+                        {
+                        if (ctx->tmp_len > 0)
+                                {
+                                n=3-ctx->tmp_len;
+                                memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
+                                ctx->tmp_len+=n;
+                                n=ctx->tmp_len;
+                                if (n < 3)
+                                        break;
+                                ctx->buf_len=EVP_EncodeBlock(
+                                        (unsigned char *)ctx->buf,
+                                        (unsigned char *)ctx->tmp,n);
+                                }
+                        else
+                                {
+                                if (n < 3)
+                                        {
+                                        memcpy(&(ctx->tmp[0]),in,n);
+                                        ctx->tmp_len=n;
+                                        break;
+                                        }
+                                n-=n%3;
+                                ctx->buf_len=EVP_EncodeBlock(
+                                        (unsigned char *)ctx->buf,
+                                        (unsigned char *)in,n);
+                                }
+                        }
+                else
+                        {
+                        EVP_EncodeUpdate(&(ctx->base64),
+                                (unsigned char *)ctx->buf,&ctx->buf_len,
+                                (unsigned char *)in,n);
+                        }
+                inl-=n;
+                in+=n;
+                ctx->buf_off=0;
+                n=ctx->buf_len;
+                while (n > 0)
+                        {
+                        i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+                                return((ret == 0)?i:ret);
+                                }
+                        n-=i;
+                        ctx->buf_off+=i;
+                        }
+                ctx->buf_len=0;
+                ctx->buf_off=0;
+                }
+        return(ret);
+        }
+static long b64_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        BIO_B64_CTX *ctx;
+        long ret=1;
+        int i;
+        ctx=(BIO_B64_CTX *)b->ptr;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ctx->cont=1;
+                ctx->start=1;
+                ctx->encode=B64_NONE;
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_EOF:      /* More to read */
+                if (ctx->cont <= 0)
+                        ret=1;
+                else
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_WPENDING: /* More to write in buffer */
+                ret=ctx->buf_len-ctx->buf_off;
+                if ((ret == 0) && (ctx->base64.num != 0))
+                        ret=1;
+                else if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_PENDING: /* More to read in buffer */
+                ret=ctx->buf_len-ctx->buf_off;
+                if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_FLUSH:
+                /* do a final write */
+again:
+                while (ctx->buf_len != ctx->buf_off)
+                        {
+                        i=b64_write(b,NULL,0);
+                        if (i < 0)
+                                {
+                                ret=i;
+                                break;
+                                }
+                        }
+                if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
+                        {
+                        if (ctx->tmp_len != 0)
+                                {
+                                ctx->buf_len=EVP_EncodeBlock(
+                                        (unsigned char *)ctx->buf,
+                                        (unsigned char *)ctx->tmp,
+                                        ctx->tmp_len);
+                                ctx->buf_off=0;
+                                ctx->tmp_len=0;
+                                goto again;
+                                }
+                        }
+                else if (ctx->base64.num != 0)
+                        {
+                        ctx->buf_off=0;
+                        EVP_EncodeFinal(&(ctx->base64),
+                                (unsigned char *)ctx->buf,
+                                &(ctx->buf_len));
+                        /* push out the bytes */
+                        goto again;
+                        }
+                /* Finally flush the underlying BIO */
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_CTRL_DUP:
+                break;
+        case BIO_CTRL_INFO:
+        case BIO_CTRL_GET:
+        case BIO_CTRL_SET:
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/bio_enc.c b/src/lib/libssl/src/crypto/evp/bio_enc.c
new file mode 100644
index 0000000000..6c30ddfc54
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/bio_enc.c
@@ -0,0 +1,423 @@
+/* crypto/evp/bio_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "evp.h"
+#ifndef NOPROTO
+static int enc_write(BIO *h,char *buf,int num);
+static int enc_read(BIO *h,char *buf,int size);
+/*static int enc_puts(BIO *h,char *str); */
+/*static int enc_gets(BIO *h,char *str,int size); */
+static long enc_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int enc_new(BIO *h);
+static int enc_free(BIO *data);
+#else
+static int enc_write();
+static int enc_read();
+/*static int enc_puts(); */
+/*static int enc_gets(); */
+static long enc_ctrl();
+static int enc_new();
+static int enc_free();
+#endif
+#define ENC_BLOCK_SIZE  (1024*4)
+typedef struct enc_struct
+        {
+        int buf_len;
+        int buf_off;
+        int cont;               /* <= 0 when finished */
+        int finished;
+        int ok;                 /* bad decrypt */
+        EVP_CIPHER_CTX cipher;
+        char buf[ENC_BLOCK_SIZE+10];
+        } BIO_ENC_CTX;
+static BIO_METHOD methods_enc=
+        {
+        BIO_TYPE_CIPHER,"cipher",
+        enc_write,
+        enc_read,
+        NULL, /* enc_puts, */
+        NULL, /* enc_gets, */
+        enc_ctrl,
+        enc_new,
+        enc_free,
+        };
+BIO_METHOD *BIO_f_cipher()
+        {
+        return(&methods_enc);
+        }
+static int enc_new(bi)
+BIO *bi;
+        {
+        BIO_ENC_CTX *ctx;
+        ctx=(BIO_ENC_CTX *)Malloc(sizeof(BIO_ENC_CTX));
+        EVP_CIPHER_CTX_init(&ctx->cipher);
+        if (ctx == NULL) return(0);
+        ctx->buf_len=0;
+        ctx->buf_off=0;
+        ctx->cont=1;
+        ctx->finished=0;
+        ctx->ok=1;
+        bi->init=0;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+static int enc_free(a)
+BIO *a;
+        {
+        BIO_ENC_CTX *b;
+        if (a == NULL) return(0);
+        b=(BIO_ENC_CTX *)a->ptr;
+        EVP_CIPHER_CTX_cleanup(&(b->cipher));
+        memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+        Free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int enc_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        int ret=0,i;
+        BIO_ENC_CTX *ctx;
+        if (out == NULL) return(0);
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+        /* First check if there are bytes decoded/encoded */
+        if (ctx->buf_len > 0)
+                {
+                i=ctx->buf_len-ctx->buf_off;
+                if (i > outl) i=outl;
+                memcpy(out,&(ctx->buf[ctx->buf_off]),i);
+                ret=i;
+                out+=i;
+                outl-=i;
+                ctx->buf_off+=i;
+                if (ctx->buf_len == ctx->buf_off)
+                        {
+                        ctx->buf_len=0;
+                        ctx->buf_off=0;
+                        }
+                }
+        /* At this point, we have room of outl bytes and an empty
+         * buffer, so we should read in some more. */
+        while (outl > 0)
+                {
+                if (ctx->cont <= 0) break;
+                /* read in at offset 8, read the EVP_Cipher
+                 * documentation about why */
+                i=BIO_read(b->next_bio,&(ctx->buf[8]),ENC_BLOCK_SIZE);
+                if (i <= 0)
+                        {
+                        /* Should be continue next time we are called? */
+                        if (!BIO_should_retry(b->next_bio))
+                                {
+                                ctx->cont=i;
+                                i=EVP_CipherFinal(&(ctx->cipher),
+                                        (unsigned char *)ctx->buf,
+                                        &(ctx->buf_len));
+                                ctx->ok=i;
+                                ctx->buf_off=0;
+                                }
+                        else
+                                ret=(ret == 0)?i:ret;
+                        break;
+                        }
+                else
+                        {
+                        EVP_CipherUpdate(&(ctx->cipher),
+                                (unsigned char *)ctx->buf,&ctx->buf_len,
+                                (unsigned char *)&(ctx->buf[8]),i);
+                        ctx->cont=1;
+                        }
+                if (ctx->buf_len <= outl)
+                        i=ctx->buf_len;
+                else
+                        i=outl;
+                if (i <= 0) break;
+                memcpy(out,ctx->buf,i);
+                ret+=i;
+                ctx->buf_off=i;
+                outl-=i;
+                out+=i;
+                }
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return((ret == 0)?ctx->cont:ret);
+        }
+static int enc_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+        {
+        int ret=0,n,i;
+        BIO_ENC_CTX *ctx;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        ret=inl;
+        BIO_clear_retry_flags(b);
+        n=ctx->buf_len-ctx->buf_off;
+        while (n > 0)
+                {
+                i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                if (i <= 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        return(i);
+                        }
+                ctx->buf_off+=i;
+                n-=i;
+                }
+        /* at this point all pending data has been written */
+        if ((in == NULL) || (inl <= 0)) return(0);
+        ctx->buf_off=0;
+        while (inl > 0)
+                {
+                n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
+                EVP_CipherUpdate(&(ctx->cipher),
+                        (unsigned char *)ctx->buf,&ctx->buf_len,
+                        (unsigned char *)in,n);
+                inl-=n;
+                in+=n;
+                ctx->buf_off=0;
+                n=ctx->buf_len;
+                while (n > 0)
+                        {
+                        i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+                                return(i);
+                                }
+                        n-=i;
+                        ctx->buf_off+=i;
+                        }
+                ctx->buf_len=0;
+                ctx->buf_off=0;
+                }
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+static long enc_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        BIO *dbio;
+        BIO_ENC_CTX *ctx,*dctx;
+        long ret=1;
+        int i;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ctx->ok=1;
+                ctx->finished=0;
+                EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+                        ctx->cipher.encrypt);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_EOF:      /* More to read */
+                if (ctx->cont <= 0)
+                        ret=1;
+                else
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_WPENDING:
+                ret=ctx->buf_len-ctx->buf_off;
+                if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_PENDING: /* More to read in buffer */
+                ret=ctx->buf_len-ctx->buf_off;
+                if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_FLUSH:
+                /* do a final write */
+again:
+                while (ctx->buf_len != ctx->buf_off)
+                        {
+                        i=enc_write(b,NULL,0);
+                        if (i < 0)
+                                {
+                                ret=i;
+                                break;
+                                }
+                        }
+                if (!ctx->finished)
+                        {
+                        ctx->finished=1;
+                        ctx->buf_off=0;
+                        ret=EVP_CipherFinal(&(ctx->cipher),
+                                (unsigned char *)ctx->buf,
+                                &(ctx->buf_len));
+                        ctx->ok=(int)ret;
+                        if (ret <= 0) break;
+                        /* push out the bytes */
+                        goto again;
+                        }
+                
+                /* Finally flush the underlying BIO */
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_C_GET_CIPHER_STATUS:
+                ret=(long)ctx->ok;
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+                dctx=(BIO_ENC_CTX *)dbio->ptr;
+                memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
+                dbio->init=1;
+                break;
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
+/*
+void BIO_set_cipher_ctx(b,c)
+BIO *b;
+EVP_CIPHER_ctx *c;
+        {
+        if (b == NULL) return;
+        if ((b->callback != NULL) &&
+                (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+                return;
+        b->init=1;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
+        
+        if (b->callback != NULL)
+                b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+        }
+*/
+void BIO_set_cipher(b,c,k,i,e)
+BIO *b;
+EVP_CIPHER *c;
+unsigned char *k;
+unsigned char *i;
+int e;
+        {
+        BIO_ENC_CTX *ctx;
+        if (b == NULL) return;
+        if ((b->callback != NULL) &&
+                (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+                return;
+        b->init=1;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+        
+        if (b->callback != NULL)
+                b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/bio_md.c b/src/lib/libssl/src/crypto/evp/bio_md.c
new file mode 100644
index 0000000000..fa5fdc055b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/bio_md.c
@@ -0,0 +1,270 @@
+/* crypto/evp/bio_md.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "evp.h"
+/* BIO_put and BIO_get both add to the digest,
+ * BIO_gets returns the digest */
+#ifndef NOPROTO
+static int md_write(BIO *h,char *buf,int num);
+static int md_read(BIO *h,char *buf,int size);
+/*static int md_puts(BIO *h,char *str); */
+static int md_gets(BIO *h,char *str,int size);
+static long md_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int md_new(BIO *h);
+static int md_free(BIO *data);
+#else
+static int md_write();
+static int md_read();
+/*static int md_puts(); */
+static int md_gets();
+static long md_ctrl();
+static int md_new();
+static int md_free();
+#endif
+static BIO_METHOD methods_md=
+        {
+        BIO_TYPE_MD,"message digest",
+        md_write,
+        md_read,
+        NULL, /* md_puts, */
+        md_gets,
+        md_ctrl,
+        md_new,
+        md_free,
+        };
+BIO_METHOD *BIO_f_md()
+        {
+        return(&methods_md);
+        }
+static int md_new(bi)
+BIO *bi;
+        {
+        EVP_MD_CTX *ctx;
+        ctx=(EVP_MD_CTX *)Malloc(sizeof(EVP_MD_CTX));
+        if (ctx == NULL) return(0);
+        bi->init=0;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+static int md_free(a)
+BIO *a;
+        {
+        if (a == NULL) return(0);
+        Free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int md_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        int ret=0;
+        EVP_MD_CTX *ctx;
+        if (out == NULL) return(0);
+        ctx=(EVP_MD_CTX *)b->ptr;
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+        ret=BIO_read(b->next_bio,out,outl);
+        if (b->init)
+                {
+                if (ret > 0)
+                        {
+                        EVP_DigestUpdate(ctx,(unsigned char *)out,
+                                (unsigned int)ret);
+                        }
+                }
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+static int md_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+        {
+        int ret=0;
+        EVP_MD_CTX *ctx;
+        if ((in == NULL) || (inl <= 0)) return(0);
+        ctx=(EVP_MD_CTX *)b->ptr;
+        if ((ctx != NULL) && (b->next_bio != NULL))
+                ret=BIO_write(b->next_bio,in,inl);
+        if (b->init)
+                {
+                if (ret > 0)
+                        {
+                        EVP_DigestUpdate(ctx,(unsigned char *)in,
+                                (unsigned int)ret);
+                        }
+                }
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+static long md_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        EVP_MD_CTX *ctx,*dctx,**pctx;
+        EVP_MD **ppmd;
+        EVP_MD *md;
+        long ret=1;
+        BIO *dbio;
+        ctx=(EVP_MD_CTX *)b->ptr;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                if (b->init)
+                        EVP_DigestInit(ctx,ctx->digest);
+                else
+                        ret=0;
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_C_GET_MD:
+                if (b->init)
+                        {
+                        ppmd=(EVP_MD **)ptr;
+                        *ppmd=ctx->digest;
+                        }
+                else
+                        ret=0;
+                break;
+        case BIO_C_GET_MD_CTX:
+                if (b->init)
+                        {
+                        pctx=(EVP_MD_CTX **)ptr;
+                        *pctx=ctx;
+                        }
+                else
+                        ret=0;
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_C_SET_MD:
+                md=(EVP_MD *)ptr;
+                EVP_DigestInit(ctx,md);
+                b->init=1;
+                break;
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+                dctx=(EVP_MD_CTX *)dbio->ptr;
+                memcpy(dctx,ctx,sizeof(ctx));
+                b->init=1;
+                break;
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
+static int md_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+        {
+        EVP_MD_CTX *ctx;
+        unsigned int ret;
+        ctx=(EVP_MD_CTX *)bp->ptr;
+        if (size < ctx->digest->md_size)
+                return(0);
+        EVP_DigestFinal(ctx,(unsigned char *)buf,&ret);
+        return((int)ret);
+        }
+/*
+static int md_puts(bp,str)
+BIO *bp;
+char *str;
+        {
+        return(-1);
+        }
+*/
diff --git a/src/lib/libssl/src/crypto/evp/c_all.c b/src/lib/libssl/src/crypto/evp/c_all.c
new file mode 100644
index 0000000000..e77d1c896b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/c_all.c
@@ -0,0 +1,190 @@
+/* crypto/evp/c_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+void SSLeay_add_all_algorithms()
+        {
+        SSLeay_add_all_ciphers();
+        SSLeay_add_all_digests();
+        }
+void SSLeay_add_all_ciphers()
+        {
+#ifndef NO_DES
+        EVP_add_cipher(EVP_des_cfb());
+        EVP_add_cipher(EVP_des_ede_cfb());
+        EVP_add_cipher(EVP_des_ede3_cfb());
+        EVP_add_cipher(EVP_des_ofb());
+        EVP_add_cipher(EVP_des_ede_ofb());
+        EVP_add_cipher(EVP_des_ede3_ofb());
+        EVP_add_cipher(EVP_desx_cbc());
+        EVP_add_alias(SN_desx_cbc,"DESX");
+        EVP_add_alias(SN_desx_cbc,"desx");
+        EVP_add_cipher(EVP_des_cbc());
+        EVP_add_alias(SN_des_cbc,"DES");
+        EVP_add_alias(SN_des_cbc,"des");
+        EVP_add_cipher(EVP_des_ede_cbc());
+        EVP_add_cipher(EVP_des_ede3_cbc());
+        EVP_add_alias(SN_des_ede3_cbc,"DES3");
+        EVP_add_alias(SN_des_ede3_cbc,"des3");
+        EVP_add_cipher(EVP_des_ecb());
+        EVP_add_cipher(EVP_des_ede());
+        EVP_add_cipher(EVP_des_ede3());
+#endif
+#ifndef NO_RC4
+        EVP_add_cipher(EVP_rc4());
+        EVP_add_cipher(EVP_rc4_40());
+#endif
+#ifndef NO_IDEA
+        EVP_add_cipher(EVP_idea_ecb());
+        EVP_add_cipher(EVP_idea_cfb());
+        EVP_add_cipher(EVP_idea_ofb());
+        EVP_add_cipher(EVP_idea_cbc());
+        EVP_add_alias(SN_idea_cbc,"IDEA");
+        EVP_add_alias(SN_idea_cbc,"idea");
+#endif
+#ifndef NO_RC2
+        EVP_add_cipher(EVP_rc2_ecb());
+        EVP_add_cipher(EVP_rc2_cfb());
+        EVP_add_cipher(EVP_rc2_ofb());
+        EVP_add_cipher(EVP_rc2_cbc());
+        EVP_add_cipher(EVP_rc2_40_cbc());
+        EVP_add_alias(SN_rc2_cbc,"RC2");
+        EVP_add_alias(SN_rc2_cbc,"rc2");
+#endif
+#ifndef NO_BLOWFISH
+        EVP_add_cipher(EVP_bf_ecb());
+        EVP_add_cipher(EVP_bf_cfb());
+        EVP_add_cipher(EVP_bf_ofb());
+        EVP_add_cipher(EVP_bf_cbc());
+        EVP_add_alias(SN_bf_cbc,"BF");
+        EVP_add_alias(SN_bf_cbc,"bf");
+        EVP_add_alias(SN_bf_cbc,"blowfish");
+#endif
+#ifndef NO_CAST
+        EVP_add_cipher(EVP_cast5_ecb());
+        EVP_add_cipher(EVP_cast5_cfb());
+        EVP_add_cipher(EVP_cast5_ofb());
+        EVP_add_cipher(EVP_cast5_cbc());
+        EVP_add_alias(SN_cast5_cbc,"CAST");
+        EVP_add_alias(SN_cast5_cbc,"cast");
+        EVP_add_alias(SN_cast5_cbc,"CAST-cbc");
+        EVP_add_alias(SN_cast5_cbc,"cast-cbc");
+#endif
+#ifndef NO_RC5
+        EVP_add_cipher(EVP_rc5_32_12_16_ecb());
+        EVP_add_cipher(EVP_rc5_32_12_16_cfb());
+        EVP_add_cipher(EVP_rc5_32_12_16_ofb());
+        EVP_add_cipher(EVP_rc5_32_12_16_cbc());
+        EVP_add_alias(SN_rc5_cbc,"rc5");
+        EVP_add_alias(SN_rc5_cbc,"RC5");
+        EVP_add_alias(SN_rc5_cbc,"rc5-cbc");
+        EVP_add_alias(SN_rc5_cbc,"RC5-cbc");
+#endif
+        }
+void SSLeay_add_all_digests()
+        {
+#ifndef NO_MD2
+        EVP_add_digest(EVP_md2());
+#endif
+#ifndef NO_MD5
+        EVP_add_digest(EVP_md5());
+        EVP_add_alias(SN_md5,"ssl2-md5");
+        EVP_add_alias(SN_md5,"ssl3-md5");
+#endif
+#ifndef NO_SHA
+        EVP_add_digest(EVP_sha());
+#ifndef NO_DSA
+        EVP_add_digest(EVP_dss());
+#endif
+#endif
+#ifndef NO_SHA1
+        EVP_add_digest(EVP_sha1());
+        EVP_add_alias(SN_sha1,"ssl3-sha1");
+#ifndef NO_DSA
+        EVP_add_digest(EVP_dss1());
+        EVP_add_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+        EVP_add_alias(SN_dsaWithSHA1,"DSS1");
+        EVP_add_alias(SN_dsaWithSHA1,"dss1");
+#endif
+#endif
+#if !defined(NO_MDC2) && !defined(NO_DES)
+        EVP_add_digest(EVP_mdc2());
+#endif
+#ifndef NO_RIPEMD160
+        EVP_add_digest(EVP_ripemd160());
+        EVP_add_alias(SN_ripemd160,"ripemd");
+        EVP_add_alias(SN_ripemd160,"rmd160");
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/evp/digest.c b/src/lib/libssl/src/crypto/evp/digest.c
new file mode 100644
index 0000000000..d65f0036f7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/digest.c
@@ -0,0 +1,89 @@
+/* crypto/evp/digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "objects.h"
+#include "evp.h"
+void EVP_DigestInit(ctx,type)
+EVP_MD_CTX *ctx;
+EVP_MD *type;
+        {
+        ctx->digest=type;
+        type->init(&(ctx->md));
+        }
+void EVP_DigestUpdate(ctx,data,count)
+EVP_MD_CTX *ctx;
+unsigned char *data;
+unsigned int count;
+        {
+        ctx->digest->update(&(ctx->md.base[0]),data,(unsigned long)count);
+        }
+void EVP_DigestFinal(ctx,md,size)
+EVP_MD_CTX *ctx;
+unsigned char *md;
+unsigned int *size;
+        {
+        ctx->digest->final(md,&(ctx->md.base[0]));
+        if (size != NULL)
+                *size=ctx->digest->md_size;
+        memset(&(ctx->md),0,sizeof(ctx->md));
+        }
diff --git a/src/lib/libssl/src/crypto/evp/e_dsa.c b/src/lib/libssl/src/crypto/evp/e_dsa.c
new file mode 100644
index 0000000000..6715c3e95e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/e_dsa.c
@@ -0,0 +1,71 @@
+/* crypto/evp/e_dsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static EVP_PKEY_METHOD dss_method=
+        {
+        DSA_sign,
+        DSA_verify,
+        {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,NULL},
+        };
diff --git a/src/lib/libssl/src/crypto/evp/e_null.c b/src/lib/libssl/src/crypto/evp/e_null.c
new file mode 100644
index 0000000000..e4e7ca7606
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/e_null.c
@@ -0,0 +1,109 @@
+/* crypto/evp/e_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#ifndef NOPROTO
+static void null_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+        unsigned char *iv,int enc);
+static void null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        unsigned char *in, unsigned int inl);
+#else
+static void null_init_key();
+static void null_cipher();
+#endif
+static EVP_CIPHER n_cipher=
+        {
+        NID_undef,
+        1,0,0,
+        null_init_key,
+        null_cipher,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        };
+EVP_CIPHER *EVP_enc_null()
+        {
+        return(&n_cipher);
+        }
+static void null_init_key(ctx,key,iv,enc)
+EVP_CIPHER_CTX *ctx;
+unsigned char *key;
+unsigned char *iv;
+int enc;
+        {
+        memset(&(ctx->c),0,sizeof(ctx->c));
+        }
+static void null_cipher(ctx,out,in,inl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+unsigned char *in;
+unsigned int inl;
+        {
+        if (in != out)
+                memcpy((char *)out,(char *)in,(int)inl);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/e_rc4.c b/src/lib/libssl/src/crypto/evp/e_rc4.c
new file mode 100644
index 0000000000..7e9790a94c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/e_rc4.c
@@ -0,0 +1,127 @@
+/* crypto/evp/e_rc4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef NO_RC4
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#ifndef NOPROTO
+static void rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+        unsigned char *iv,int enc);
+static void rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        unsigned char *in, unsigned int inl);
+#else
+static void rc4_init_key();
+static void rc4_cipher();
+#endif
+static EVP_CIPHER r4_cipher=
+        {
+        NID_rc4,
+        1,EVP_RC4_KEY_SIZE,0,
+        rc4_init_key,
+        rc4_cipher,
+        NULL,
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc4)),
+        NULL,
+        NULL,
+        };
+static EVP_CIPHER r4_40_cipher=
+        {
+        NID_rc4_40,
+        1,5 /* 40 bit */,0,
+        rc4_init_key,
+        rc4_cipher,
+        };
+EVP_CIPHER *EVP_rc4()
+        {
+        return(&r4_cipher);
+        }
+EVP_CIPHER *EVP_rc4_40()
+        {
+        return(&r4_40_cipher);
+        }
+static void rc4_init_key(ctx,key,iv,enc)
+EVP_CIPHER_CTX *ctx;
+unsigned char *key;
+unsigned char *iv;
+int enc;
+        {
+        if (key != NULL)
+                memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx));
+        RC4_set_key(&(ctx->c.rc4.ks),EVP_CIPHER_CTX_key_length(ctx),
+                ctx->c.rc4.key);
+        }
+static void rc4_cipher(ctx,out,in,inl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+unsigned char *in;
+unsigned int inl;
+        {
+        RC4(&(ctx->c.rc4.ks),inl,in,out);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_xcbc_d.c b/src/lib/libssl/src/crypto/evp/e_xcbc_d.c
new file mode 100644
index 0000000000..0d7fda0c47
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/e_xcbc_d.c
@@ -0,0 +1,122 @@
+/* crypto/evp/e_xcbc_d.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#ifndef NOPROTO
+static void desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+        unsigned char *iv,int enc);
+static void desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        unsigned char *in, unsigned int inl);
+#else
+static void desx_cbc_init_key();
+static void desx_cbc_cipher();
+#endif
+static EVP_CIPHER d_xcbc_cipher=
+        {
+        NID_desx_cbc,
+        8,24,8,
+        desx_cbc_init_key,
+        desx_cbc_cipher,
+        NULL,
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.desx_cbc)),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        };
+EVP_CIPHER *EVP_desx_cbc()
+        {
+        return(&d_xcbc_cipher);
+        }
+        
+static void desx_cbc_init_key(ctx,key,iv,enc)
+EVP_CIPHER_CTX *ctx;
+unsigned char *key;
+unsigned char *iv;
+int enc;
+        {
+        if (iv != NULL)
+                memcpy(&(ctx->oiv[0]),iv,8);
+        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+        if (key != NULL)
+                {
+                des_set_key((des_cblock *)key,ctx->c.desx_cbc.ks);
+                memcpy(&(ctx->c.desx_cbc.inw[0]),&(key[8]),8);
+                memcpy(&(ctx->c.desx_cbc.outw[0]),&(key[16]),8);
+                }
+        }
+static void desx_cbc_cipher(ctx,out,in,inl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+unsigned char *in;
+unsigned int inl;
+        {
+        des_xcbc_encrypt(
+                (des_cblock *)in,(des_cblock *)out,
+                (long)inl, ctx->c.desx_cbc.ks,
+                (des_cblock *)&(ctx->iv[0]),
+                (des_cblock *)&(ctx->c.desx_cbc.inw[0]),
+                (des_cblock *)&(ctx->c.desx_cbc.outw[0]),
+                ctx->encrypt);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/encode.c b/src/lib/libssl/src/crypto/evp/encode.c
new file mode 100644
index 0000000000..14d47c1eed
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/encode.c
@@ -0,0 +1,438 @@
+/* crypto/evp/encode.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
+#define conv_ascii2bin(a)       (data_ascii2bin[(a)&0x7f])
+/* 64 char lines
+ * pad input with 0
+ * left over chars are set to =
+ * 1 byte  => xx==
+ * 2 bytes => xxx=
+ * 3 bytes => xxxx
+ */
+#define BIN_PER_LINE    (64/4*3)
+#define CHUNKS_PER_LINE (64/4)
+#define CHAR_PER_LINE   (64+1)
+static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+abcdefghijklmnopqrstuvwxyz0123456789+/";
+/* 0xF0 is a EOLN
+ * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
+ * 0xF2 is EOF
+ * 0xE0 is ignore at start of line.
+ * 0xFF is error
+ */
+#define B64_EOLN                0xF0
+#define B64_CR                  0xF1
+#define B64_EOF                 0xF2
+#define B64_WS                  0xE0
+#define B64_ERROR               0xFF
+#define B64_NOT_BASE64(a)       (((a)|0x13) == 0xF3)
+static unsigned char data_ascii2bin[128]={
+        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+        0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF,
+        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+        0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+        0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F,
+        0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,
+        0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF,
+        0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06,
+        0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,
+        0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,
+        0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF,
+        0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,
+        0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,
+        0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,
+        0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF,
+        };
+void EVP_EncodeInit(ctx)
+EVP_ENCODE_CTX *ctx;
+        {
+        ctx->length=48;
+        ctx->num=0;
+        ctx->line_num=0;
+        }
+void EVP_EncodeUpdate(ctx,out,outl,in,inl)
+EVP_ENCODE_CTX *ctx;
+unsigned char *out;
+int *outl;
+unsigned char *in;
+int inl;
+        {
+        int i,j;
+        unsigned int total=0;
+        *outl=0;
+        if (inl == 0) return;
+        if ((ctx->num+inl) < ctx->length)
+                {
+                memcpy(&(ctx->enc_data[ctx->num]),in,inl);
+                ctx->num+=inl;
+                return;
+                }
+        if (ctx->num != 0)
+                {
+                i=ctx->length-ctx->num;
+                memcpy(&(ctx->enc_data[ctx->num]),in,i);
+                in+=i;
+                inl-=i;
+                j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length);
+                ctx->num=0;
+                out+=j;
+                *(out++)='\n';
+                *out='\0';
+                total=j+1;
+                }
+        while (inl >= ctx->length)
+                {
+                j=EVP_EncodeBlock(out,in,ctx->length);
+                in+=ctx->length;
+                inl-=ctx->length;
+                out+=j;
+                *(out++)='\n';
+                *out='\0';
+                total+=j+1;
+                }
+        if (inl != 0)
+                memcpy(&(ctx->enc_data[0]),in,inl);
+        ctx->num=inl;
+        *outl=total;
+        }
+void EVP_EncodeFinal(ctx,out,outl)
+EVP_ENCODE_CTX *ctx;
+unsigned char *out;
+int *outl;
+        {
+        unsigned int ret=0;
+        if (ctx->num != 0)
+                {
+                ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num);
+                out[ret++]='\n';
+                out[ret]='\0';
+                ctx->num=0;
+                }
+        *outl=ret;
+        }
+int EVP_EncodeBlock(t,f,dlen)
+unsigned char *t,*f;
+int dlen;
+        {
+        int i,ret=0;
+        unsigned long l;
+        for (i=dlen; i > 0; i-=3)
+                {
+                if (i >= 3)
+                        {
+                        l=      (((unsigned long)f[0])<<16L)|
+                                (((unsigned long)f[1])<< 8L)|f[2];
+                        *(t++)=conv_bin2ascii(l>>18L);
+                        *(t++)=conv_bin2ascii(l>>12L);
+                        *(t++)=conv_bin2ascii(l>> 6L);
+                        *(t++)=conv_bin2ascii(l     );
+                        }
+                else
+                        {
+                        l=((unsigned long)f[0])<<16L;
+                        if (i == 2) l|=((unsigned long)f[1]<<8L);
+                        *(t++)=conv_bin2ascii(l>>18L);
+                        *(t++)=conv_bin2ascii(l>>12L);
+                        *(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L);
+                        *(t++)='=';
+                        }
+                ret+=4;
+                f+=3;
+                }
+        *t='\0';
+        return(ret);
+        }
+void EVP_DecodeInit(ctx)
+EVP_ENCODE_CTX *ctx;
+        {
+        ctx->length=30;
+        ctx->num=0;
+        ctx->line_num=0;
+        ctx->expect_nl=0;
+        }
+/* -1 for error
+ *  0 for last line
+ *  1 for full line
+ */
+int EVP_DecodeUpdate(ctx,out,outl,in,inl)
+EVP_ENCODE_CTX *ctx;
+unsigned char *out;
+int *outl;
+unsigned char *in;
+int inl;
+        {
+        int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
+        unsigned char *d;
+        n=ctx->num;
+        d=ctx->enc_data;
+        ln=ctx->line_num;
+        exp_nl=ctx->expect_nl;
+        /* last line of input. */
+        if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF)))
+                { rv=0; goto end; }
+                
+        /* We parse the input data */
+        for (i=0; i<inl; i++)
+                {
+                /* If the current line is > 80 characters, scream alot */
+                if (ln >= 80) { rv= -1; goto end; }
+                /* Get char and put it into the buffer */
+                tmp= *(in++);
+                v=conv_ascii2bin(tmp);
+                /* only save the good data :-) */
+                if (!B64_NOT_BASE64(v))
+                        {
+                        d[n++]=tmp;
+                        ln++;
+                        }
+                else if (v == B64_ERROR)
+                        {
+                        rv= -1;
+                        goto end;
+                        }
+                /* have we seen a '=' which is 'definitly' the last
+                 * input line.  seof will point to the character that
+                 * holds it. and eof will hold how many characters to
+                 * chop off. */
+                if (tmp == '=')
+                        {
+                        if (seof == -1) seof=n;
+                        eof++;
+                        }
+                /* eoln */
+                if (v == B64_EOLN)
+                        {
+                        ln=0;
+                        if (exp_nl)
+                                {
+                                exp_nl=0;
+                                continue;
+                                }
+                        }
+                exp_nl=0;
+                /* If we are at the end of input and it looks like a
+                 * line, process it. */
+                if (((i+1) == inl) && (((n&3) == 0) || eof))
+                        v=B64_EOF;
+                if ((v == B64_EOF) || (n >= 64))
+                        {
+                        /* This is needed to work correctly on 64 byte input
+                         * lines.  We process the line and then need to
+                         * accept the '\n' */
+                        if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
+                        tmp2=v;
+                        if (n > 0)
+                                {
+                                v=EVP_DecodeBlock(out,d,n);
+                                if (v < 0) { rv=0; goto end; }
+                                n=0;
+                                ret+=(v-eof);
+                                }
+                        else
+                                {
+                                eof=1;
+                                v=0;
+                                }
+                        /* This is the case where we have had a short
+                         * but valid input line */
+                        if ((v < ctx->length) && eof)
+                                {
+                                rv=0;
+                                goto end;
+                                }
+                        else
+                                ctx->length=v;
+                        if (seof >= 0) { rv=0; goto end; }
+                        out+=v;
+                        }
+                }
+        rv=1;
+end:
+        *outl=ret;
+        ctx->num=n;
+        ctx->line_num=ln;
+        ctx->expect_nl=exp_nl;
+        return(rv);
+        }
+int EVP_DecodeBlock(t,f,n)
+unsigned char *t,*f;
+int n;
+        {
+        int i,ret=0,a,b,c,d;
+        unsigned long l;
+        /* trim white space from the start of the line. */
+        while ((conv_ascii2bin(*f) == B64_WS) && (n > 0))
+                {
+                f++;
+                n--;
+                }
+        /* strip off stuff at the end of the line
+         * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */
+        while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1]))))
+                n--;
+        if (n%4 != 0) return(-1);
+        for (i=0; i<n; i+=4)
+                {
+                a=conv_ascii2bin(*(f++));
+                b=conv_ascii2bin(*(f++));
+                c=conv_ascii2bin(*(f++));
+                d=conv_ascii2bin(*(f++));
+                if (    (a & 0x80) || (b & 0x80) ||
+                        (c & 0x80) || (d & 0x80))
+                        return(-1);
+                l=(     (((unsigned long)a)<<18L)|
+                        (((unsigned long)b)<<12L)|
+                        (((unsigned long)c)<< 6L)|
+                        (((unsigned long)d)     ));
+                *(t++)=(unsigned char)(l>>16L)&0xff;
+                *(t++)=(unsigned char)(l>> 8L)&0xff;
+                *(t++)=(unsigned char)(l     )&0xff;
+                ret+=3;
+                }
+        return(ret);
+        }
+int EVP_DecodeFinal(ctx,out,outl)
+EVP_ENCODE_CTX *ctx;
+unsigned char *out;
+int *outl;
+        {
+        int i;
+        *outl=0;
+        if (ctx->num != 0)
+                {
+                i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num);
+                if (i < 0) return(-1);
+                ctx->num=0;
+                *outl=i;
+                return(1);
+                }
+        else
+                return(1);
+        }
+#ifdef undef
+int EVP_DecodeValid(buf,len)
+unsigned char *buf;
+int len;
+        {
+        int i,num=0,bad=0;
+        if (len == 0) return(-1);
+        while (conv_ascii2bin(*buf) == B64_WS)
+                {
+                buf++;
+                len--;
+                if (len == 0) return(-1);
+                }
+        for (i=len; i >= 4; i-=4)
+                {
+                if (    (conv_ascii2bin(buf[0]) >= 0x40) ||
+                        (conv_ascii2bin(buf[1]) >= 0x40) ||
+                        (conv_ascii2bin(buf[2]) >= 0x40) ||
+                        (conv_ascii2bin(buf[3]) >= 0x40))
+                        return(-1);
+                buf+=4;
+                num+=1+(buf[2] != '=')+(buf[3] != '=');
+                }
+        if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
+                return(num);
+        if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
+                (conv_ascii2bin(buf[0]) == B64_EOLN))
+                return(num);
+        return(1);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
new file mode 100644
index 0000000000..b39fad93a4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -0,0 +1,793 @@
+/* crypto/evp/evp.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_ENVELOPE_H
+#define HEADER_ENVELOPE_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#ifndef NO_MD2
+#include "md2.h"
+#endif
+#ifndef NO_MD5
+#include "md5.h"
+#endif
+#if !defined(NO_SHA) || !defined(NO_SHA1)
+#include "sha.h"
+#endif
+#ifndef NO_RIPEMD
+#include "ripemd.h"
+#endif
+#ifndef NO_DES
+#include "des.h"
+#endif
+#ifndef NO_RC4
+#include "rc4.h"
+#endif
+#ifndef NO_RC2
+#include "rc2.h"
+#endif
+#ifndef NO_RC5
+#include "rc5.h"
+#endif
+#ifndef NO_BLOWFISH
+#include "blowfish.h"
+#endif
+#ifndef NO_CAST
+#include "cast.h"
+#endif
+#ifndef NO_IDEA
+#include "idea.h"
+#endif
+#ifndef NO_MDC2
+#include "mdc2.h"
+#endif
+#define EVP_RC2_KEY_SIZE                16
+#define EVP_RC4_KEY_SIZE                16
+#define EVP_BLOWFISH_KEY_SIZE           16
+#define EVP_CAST5_KEY_SIZE              16
+#define EVP_RC5_32_12_16_KEY_SIZE       16
+#define EVP_MAX_MD_SIZE                 (16+20) /* The SSLv3 md5+sha1 type */
+#define EVP_MAX_KEY_LENGTH              24
+#define EVP_MAX_IV_LENGTH               8
+#ifndef NO_RSA
+#include "rsa.h"
+#else
+#define RSA     long
+#endif
+#ifndef NO_DSA
+#include "dsa.h"
+#else
+#define DSA     long
+#endif
+#ifndef NO_DH
+#include "dh.h"
+#else
+#define DH      long
+#endif
+#include "objects.h"
+#define EVP_PK_RSA      0x0001
+#define EVP_PK_DSA      0x0002
+#define EVP_PK_DH       0x0004
+#define EVP_PKT_SIGN    0x0010
+#define EVP_PKT_ENC     0x0020
+#define EVP_PKT_EXCH    0x0040
+#define EVP_PKS_RSA     0x0100
+#define EVP_PKS_DSA     0x0200
+#define EVP_PKT_EXP     0x1000 /* <= 512 bit key */
+#define EVP_PKEY_NONE   NID_undef
+#define EVP_PKEY_RSA    NID_rsaEncryption
+#define EVP_PKEY_RSA2   NID_rsa
+#define EVP_PKEY_DSA    NID_dsa
+#define EVP_PKEY_DSA1   NID_dsa_2
+#define EVP_PKEY_DSA2   NID_dsaWithSHA
+#define EVP_PKEY_DSA3   NID_dsaWithSHA1
+#define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
+#define EVP_PKEY_DH     NID_dhKeyAgreement
+/* Type needs to be a bit field
+ * Sub-type needs to be for variations on the method, as in, can it do
+ * arbitary encryption.... */
+typedef struct evp_pkey_st
+        {
+        int type;
+        int save_type;
+        int references;
+        union   {
+                char *ptr;
+                struct rsa_st *rsa;     /* RSA */
+                struct dsa_st *dsa;     /* DSA */
+                struct dh_st *dh;       /* DH */
+                } pkey;
+        int save_parameters;
+#ifdef HEADER_STACK_H
+        STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */
+#else
+        char /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */
+#endif
+        } EVP_PKEY;
+#define EVP_PKEY_MO_SIGN        0x0001
+#define EVP_PKEY_MO_VERIFY      0x0002
+#define EVP_PKEY_MO_ENCRYPT     0x0004
+#define EVP_PKEY_MO_DECRYPT     0x0008
+#if 0
+/* This structure is required to tie the message digest and signing together.
+ * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or
+ * oid, md and pkey.
+ * This is required because for various smart-card perform the digest and
+ * signing/verification on-board.  To handle this case, the specific
+ * EVP_MD and EVP_PKEY_METHODs need to be closely associated.
+ * When a PKEY is created, it will have a EVP_PKEY_METHOD ossociated with it.
+ * This can either be software or a token to provide the required low level
+ * routines.
+ */
+typedef struct evp_pkey_md_st
+        {
+        int oid;
+        EVP_MD *md;
+        EVP_PKEY_METHOD *pkey;
+        } EVP_PKEY_MD;
+#define EVP_rsa_md2()
+                EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\
+                        EVP_rsa_pkcs1(),EVP_md2())
+#define EVP_rsa_md5()
+                EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\
+                        EVP_rsa_pkcs1(),EVP_md5())
+#define EVP_rsa_sha0()
+                EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\
+                        EVP_rsa_pkcs1(),EVP_sha())
+#define EVP_rsa_sha1()
+                EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\
+                        EVP_rsa_pkcs1(),EVP_sha1())
+#define EVP_rsa_ripemd160()
+                EVP_PKEY_MD_add(NID_ripemd160WithRSA,\
+                        EVP_rsa_pkcs1(),EVP_ripemd160())
+#define EVP_rsa_mdc2()
+                EVP_PKEY_MD_add(NID_mdc2WithRSA,\
+                        EVP_rsa_octet_string(),EVP_mdc2())
+#define EVP_dsa_sha()
+                EVP_PKEY_MD_add(NID_dsaWithSHA,\
+                        EVP_dsa(),EVP_mdc2())
+#define EVP_dsa_sha1()
+                EVP_PKEY_MD_add(NID_dsaWithSHA1,\
+                        EVP_dsa(),EVP_sha1())
+typedef struct evp_pkey_method_st
+        {
+        char *name;
+        int flags;
+        int type;               /* RSA, DSA, an SSLeay specific constant */
+        int oid;                /* For the pub-key type */
+        int encrypt_oid;        /* pub/priv key encryption */
+        int (*sign)();
+        int (*verify)();
+        struct  {
+                int
+                int (*set)();   /* get and/or set the underlying type */
+                int (*get)();
+                int (*encrypt)();
+                int (*decrypt)();
+                int (*i2d)();
+                int (*d2i)();
+                int (*dup)();
+                } pub,priv;
+        int (*set_asn1_parameters)();
+        int (*get_asn1_parameters)();
+        } EVP_PKEY_METHOD;
+#endif
+#ifndef EVP_MD
+typedef struct env_md_st
+        {
+        int type;
+        int pkey_type;
+        int md_size;
+        void (*init)();
+        void (*update)();
+        void (*final)();
+        int (*sign)();
+        int (*verify)();
+        int required_pkey_type[5]; /*EVP_PKEY_xxx */
+        int block_size;
+        int ctx_size; /* how big does the ctx need to be */
+        } EVP_MD;
+#define EVP_PKEY_NULL_method    NULL,NULL,{0,0,0,0}
+#ifndef NO_DSA
+#define EVP_PKEY_DSA_method     DSA_sign,DSA_verify, \
+                                {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
+                                        EVP_PKEY_DSA4,0}
+#else
+#define EVP_PKEY_DSA_method     EVP_PKEY_NULL_method
+#endif
+#ifndef NO_RSA
+#define EVP_PKEY_RSA_method     RSA_sign,RSA_verify, \
+                                {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
+#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
+                                RSA_sign_ASN1_OCTET_STRING, \
+                                RSA_verify_ASN1_OCTET_STRING, \
+                                {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
+#else
+#define EVP_PKEY_RSA_method     EVP_PKEY_NULL_method
+#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method
+#endif
+#endif /* !EVP_MD */
+typedef struct env_md_ctx_st
+        {
+        EVP_MD *digest;
+        union   {
+                unsigned char base[4];
+#ifndef NO_MD2
+                MD2_CTX md2;
+#endif
+#ifndef NO_MD5
+                MD5_CTX md5;
+#endif
+#ifndef NO_MD5
+                RIPEMD160_CTX ripemd160;
+#endif
+#if !defined(NO_SHA) || !defined(NO_SHA1)
+                SHA_CTX sha;
+#endif
+#ifndef NO_MDC2
+                MDC2_CTX mdc2;
+#endif
+                } md;
+        } EVP_MD_CTX;
+typedef struct evp_cipher_st
+        {
+        int nid;
+        int block_size;
+        int key_len;
+        int iv_len;
+        void (*init)();         /* init for encryption */
+        void (*do_cipher)();    /* encrypt data */
+        void (*cleanup)();      /* used by cipher method */ 
+        int ctx_size;           /* how big the ctx needs to be */
+        /* int set_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */
+        int (*set_asn1_parameters)(); /* Populate a ASN1_TYPE with parameters */
+        /* int get_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */
+        int (*get_asn1_parameters)(); /* Get parameters from a ASN1_TYPE */
+        } EVP_CIPHER;
+typedef struct evp_cipher_info_st
+        {
+        EVP_CIPHER *cipher;
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        } EVP_CIPHER_INFO;
+typedef struct evp_cipher_ctx_st
+        {
+        EVP_CIPHER *cipher;
+        int encrypt;            /* encrypt or decrypt */
+        int buf_len;            /* number we have left */
+        unsigned char  oiv[EVP_MAX_IV_LENGTH];  /* original iv */
+        unsigned char  iv[EVP_MAX_IV_LENGTH];   /* working iv */
+        unsigned char buf[EVP_MAX_IV_LENGTH];   /* saved partial block */
+        int num;                                /* used by cfb/ofb mode */
+        char *app_data;         /* aplication stuff */
+        union   {
+#ifndef NO_RC4
+                struct
+                        {
+                        unsigned char key[EVP_RC4_KEY_SIZE];
+                        RC4_KEY ks;     /* working key */
+                        } rc4;
+#endif
+#ifndef NO_DES
+                des_key_schedule des_ks;/* key schedule */
+                struct
+                        {
+                        des_key_schedule ks;/* key schedule */
+                        C_Block inw;
+                        C_Block outw;
+                        } desx_cbc;
+                struct
+                        {
+                        des_key_schedule ks1;/* key schedule */
+                        des_key_schedule ks2;/* key schedule (for ede) */
+                        des_key_schedule ks3;/* key schedule (for ede3) */
+                        } des_ede;
+#endif
+#ifndef NO_IDEA
+                IDEA_KEY_SCHEDULE idea_ks;/* key schedule */
+#endif
+#ifndef NO_RC2
+                RC2_KEY rc2_ks;/* key schedule */
+#endif
+#ifndef NO_RC5
+                RC5_32_KEY rc5_ks;/* key schedule */
+#endif
+#ifndef NO_BLOWFISH
+                BF_KEY bf_ks;/* key schedule */
+#endif
+#ifndef NO_CAST
+                CAST_KEY cast_ks;/* key schedule */
+#endif
+                } c;
+        } EVP_CIPHER_CTX;
+typedef struct evp_Encode_Ctx_st
+        {
+        int num;        /* number saved in a partial encode/decode */
+        int length;     /* The length is either the output line length
+                         * (in input bytes) or the shortest input line
+                         * length that is ok.  Once decoding begins,
+                         * the length is adjusted up each time a longer
+                         * line is decoded */
+        unsigned char enc_data[80];     /* data to encode */
+        int line_num;   /* number read on current line */
+        int expect_nl;
+        } EVP_ENCODE_CTX;
+#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
+                                        (char *)(rsa))
+#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
+                                        (char *)(dsa))
+#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
+                                        (char *)(dh))
+/* Add some extra combinations */
+#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+#define EVP_MD_type(e)                  ((e)->type)
+#define EVP_MD_pkey_type(e)             ((e)->pkey_type)
+#define EVP_MD_size(e)                  ((e)->md_size)
+#define EVP_MD_block_size(e)            ((e)->block_size)
+#define EVP_MD_CTX_size(e)              EVP_MD_size((e)->digest)
+#define EVP_MD_CTX_block_size(e)        EVP_MD_block_size((e)->digest)
+#define EVP_MD_CTX_type(e)              ((e)->digest)
+#define EVP_CIPHER_nid(e)               ((e)->nid)
+#define EVP_CIPHER_block_size(e)        ((e)->block_size)
+#define EVP_CIPHER_key_length(e)        ((e)->key_len)
+#define EVP_CIPHER_iv_length(e)         ((e)->iv_len)
+#define EVP_CIPHER_CTX_cipher(e)        ((e)->cipher)
+#define EVP_CIPHER_CTX_nid(e)           ((e)->cipher->nid)
+#define EVP_CIPHER_CTX_block_size(e)    ((e)->cipher->block_size)
+#define EVP_CIPHER_CTX_key_length(e)    ((e)->cipher->key_len)
+#define EVP_CIPHER_CTX_iv_length(e)     ((e)->cipher->iv_len)
+#define EVP_CIPHER_CTX_get_app_data(e)  ((e)->app_data)
+#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
+#define EVP_ENCODE_LENGTH(l)    (((l+2)/3*4)+(l/48+1)*2+80)
+#define EVP_DECODE_LENGTH(l)    ((l+3)/4*3+80)
+#define EVP_SignInit(a,b)               EVP_DigestInit(a,b)
+#define EVP_SignUpdate(a,b,c)           EVP_DigestUpdate(a,b,c)
+#define EVP_VerifyInit(a,b)             EVP_DigestInit(a,b)
+#define EVP_VerifyUpdate(a,b,c)         EVP_DigestUpdate(a,b,c)
+#define EVP_OpenUpdate(a,b,c,d,e)       EVP_DecryptUpdate(a,b,c,d,e)
+#define EVP_SealUpdate(a,b,c,d,e)       EVP_EncryptUpdate(a,b,c,d,e)    
+#define BIO_set_md(b,md)                BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
+#define BIO_get_md(b,mdp)               BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
+#define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
+#define BIO_get_cipher_status(b)        BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
+#define EVP_Cipher(c,o,i,l)     (c)->cipher->do_cipher((c),(o),(i),(l))
+#ifndef NOPROTO
+void    EVP_DigestInit(EVP_MD_CTX *ctx, EVP_MD *type);
+void    EVP_DigestUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
+void    EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+int     EVP_read_pw_string(char *buf,int length,char *prompt,int verify);
+void    EVP_set_pw_prompt(char *prompt);
+char *  EVP_get_pw_prompt(void);
+int     EVP_BytesToKey(EVP_CIPHER *type,EVP_MD *md,unsigned char *salt,
+                unsigned char *data, int datal, int count,
+                unsigned char *key,unsigned char *iv);
+EVP_CIPHER *EVP_get_cipherbyname(char *name);
+void    EVP_EncryptInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,
+                unsigned char *key, unsigned char *iv);
+void    EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                int *outl, unsigned char *in, int inl);
+void    EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+void    EVP_DecryptInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,
+                unsigned char *key, unsigned char *iv);
+void    EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                int *outl, unsigned char *in, int inl);
+int     EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+void    EVP_CipherInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type, unsigned char *key,
+                unsigned char *iv,int enc);
+void    EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                int *outl, unsigned char *in, int inl);
+int     EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int     EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
+                EVP_PKEY *pkey);
+int     EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf,
+                unsigned int siglen,EVP_PKEY *pkey);
+int     EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+                int ekl,unsigned char *iv,EVP_PKEY *priv);
+int     EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+int     EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+                int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+void    EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
+void    EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+void    EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
+                int *outl,unsigned char *in,int inl);
+void    EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
+int     EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n);
+void    EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+int     EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
+                unsigned char *in, int inl);
+int     EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+                char *out, int *outl);
+int     EVP_DecodeBlock(unsigned char *t, unsigned
+                char *f, int n);
+void    ERR_load_EVP_strings(void );
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+#ifdef HEADER_BIO_H
+BIO_METHOD *BIO_f_md(void);
+BIO_METHOD *BIO_f_base64(void);
+BIO_METHOD *BIO_f_cipher(void);
+void BIO_set_cipher(BIO *b,EVP_CIPHER *c,unsigned char *k,
+        unsigned char *i, int enc);
+#endif
+EVP_MD *EVP_md_null(void);
+EVP_MD *EVP_md2(void);
+EVP_MD *EVP_md5(void);
+EVP_MD *EVP_sha(void);
+EVP_MD *EVP_sha1(void);
+EVP_MD *EVP_dss(void);
+EVP_MD *EVP_dss1(void);
+EVP_MD *EVP_mdc2(void);
+EVP_MD *EVP_ripemd160(void);
+EVP_CIPHER *EVP_enc_null(void);         /* does nothing :-) */
+EVP_CIPHER *EVP_des_ecb(void);
+EVP_CIPHER *EVP_des_ede(void);
+EVP_CIPHER *EVP_des_ede3(void);
+EVP_CIPHER *EVP_des_cfb(void);
+EVP_CIPHER *EVP_des_ede_cfb(void);
+EVP_CIPHER *EVP_des_ede3_cfb(void);
+EVP_CIPHER *EVP_des_ofb(void);
+EVP_CIPHER *EVP_des_ede_ofb(void);
+EVP_CIPHER *EVP_des_ede3_ofb(void);
+EVP_CIPHER *EVP_des_cbc(void);
+EVP_CIPHER *EVP_des_ede_cbc(void);
+EVP_CIPHER *EVP_des_ede3_cbc(void);
+EVP_CIPHER *EVP_desx_cbc(void);
+EVP_CIPHER *EVP_rc4(void);
+EVP_CIPHER *EVP_rc4_40(void);
+EVP_CIPHER *EVP_idea_ecb(void);
+EVP_CIPHER *EVP_idea_cfb(void);
+EVP_CIPHER *EVP_idea_ofb(void);
+EVP_CIPHER *EVP_idea_cbc(void);
+EVP_CIPHER *EVP_rc2_ecb(void);
+EVP_CIPHER *EVP_rc2_cbc(void);
+EVP_CIPHER *EVP_rc2_40_cbc(void);
+EVP_CIPHER *EVP_rc2_cfb(void);
+EVP_CIPHER *EVP_rc2_ofb(void);
+EVP_CIPHER *EVP_bf_ecb(void);
+EVP_CIPHER *EVP_bf_cbc(void);
+EVP_CIPHER *EVP_bf_cfb(void);
+EVP_CIPHER *EVP_bf_ofb(void);
+EVP_CIPHER *EVP_cast5_ecb(void);
+EVP_CIPHER *EVP_cast5_cbc(void);
+EVP_CIPHER *EVP_cast5_cfb(void);
+EVP_CIPHER *EVP_cast5_ofb(void);
+EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
+EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
+EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
+EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
+void SSLeay_add_all_algorithms(void);
+void SSLeay_add_all_ciphers(void);
+void SSLeay_add_all_digests(void);
+int EVP_add_cipher(EVP_CIPHER *cipher);
+int EVP_add_digest(EVP_MD *digest);
+int EVP_add_alias(char *name,char *alias);
+int EVP_delete_alias(char *name);
+EVP_CIPHER *EVP_get_cipherbyname(char *name);
+EVP_MD *EVP_get_digestbyname(char *name);
+void EVP_cleanup(void);
+int             EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key,
+                        int enc_key_len,EVP_PKEY *private_key);
+int             EVP_PKEY_encrypt(unsigned char *enc_key,
+                        unsigned char *key,int key_len,EVP_PKEY *pub_key);
+int             EVP_PKEY_type(int type);
+int             EVP_PKEY_bits(EVP_PKEY *pkey);
+int             EVP_PKEY_size(EVP_PKEY *pkey);
+int             EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
+EVP_PKEY *      EVP_PKEY_new(void);
+void            EVP_PKEY_free(EVP_PKEY *pkey);
+EVP_PKEY *      d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp,
+                        long length);
+int             i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
+EVP_PKEY *      d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp,
+                        long length);
+int             i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from);
+int EVP_PKEY_missing_parameters(EVP_PKEY *pkey);
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
+int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b);
+/* calls methods */
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+/* These are used by EVP_CIPHER methods */
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
+#else
+void    EVP_DigestInit();
+void    EVP_DigestUpdate();
+void    EVP_DigestFinal();
+int     EVP_read_pw_string();
+void    EVP_set_pw_prompt();
+char *  EVP_get_pw_prompt();
+int     EVP_BytesToKey();
+EVP_CIPHER *EVP_get_cipherbyname();
+void    EVP_EncryptInit();
+void    EVP_EncryptUpdate();
+void    EVP_EncryptFinal();
+void    EVP_DecryptInit();
+void    EVP_DecryptUpdate();
+int     EVP_DecryptFinal();
+void    EVP_CipherInit();
+void    EVP_CipherUpdate();
+int     EVP_CipherFinal();
+int     EVP_SignFinal();
+int     EVP_VerifyFinal();
+int     EVP_OpenInit();
+int     EVP_OpenFinal();
+int     EVP_SealInit();
+void    EVP_SealFinal();
+void    EVP_EncodeInit();
+void    EVP_EncodeUpdate();
+void    EVP_EncodeFinal();
+int     EVP_EncodeBlock();
+void    EVP_DecodeInit();
+int     EVP_DecodeUpdate();
+int     EVP_DecodeFinal();
+int     EVP_DecodeBlock();
+void    ERR_load_EVP_strings();
+void EVP_CIPHER_CTX_init();
+void EVP_CIPHER_CTX_cleanup();
+#ifdef HEADER_BIO_H
+BIO_METHOD *BIO_f_md();
+BIO_METHOD *BIO_f_base64();
+BIO_METHOD *BIO_f_cipher();
+void BIO_set_cipher();
+#endif
+EVP_MD *EVP_md_null();
+EVP_MD *EVP_md2();
+EVP_MD *EVP_md5();
+EVP_MD *EVP_sha();
+EVP_MD *EVP_sha1();
+EVP_MD *EVP_dss();
+EVP_MD *EVP_dss1();
+EVP_MD *EVP_mdc2();
+EVP_CIPHER *EVP_enc_null();
+EVP_CIPHER *EVP_des_ecb();
+EVP_CIPHER *EVP_des_ede();
+EVP_CIPHER *EVP_des_ede3();
+EVP_CIPHER *EVP_des_cfb();
+EVP_CIPHER *EVP_des_ede_cfb();
+EVP_CIPHER *EVP_des_ede3_cfb();
+EVP_CIPHER *EVP_des_ofb();
+EVP_CIPHER *EVP_des_ede_ofb();
+EVP_CIPHER *EVP_des_ede3_ofb();
+EVP_CIPHER *EVP_des_cbc();
+EVP_CIPHER *EVP_des_ede_cbc();
+EVP_CIPHER *EVP_des_ede3_cbc();
+EVP_CIPHER *EVP_desx_cbc();
+EVP_CIPHER *EVP_rc4();
+EVP_CIPHER *EVP_rc4_40();
+EVP_CIPHER *EVP_idea_ecb();
+EVP_CIPHER *EVP_idea_cfb();
+EVP_CIPHER *EVP_idea_ofb();
+EVP_CIPHER *EVP_idea_cbc();
+EVP_CIPHER *EVP_rc2_ecb();
+EVP_CIPHER *EVP_rc2_cbc();
+EVP_CIPHER *EVP_rc2_40_cbc();
+EVP_CIPHER *EVP_rc2_cfb();
+EVP_CIPHER *EVP_rc2_ofb();
+EVP_CIPHER *EVP_bf_ecb();
+EVP_CIPHER *EVP_bf_cbc();
+EVP_CIPHER *EVP_bf_cfb();
+EVP_CIPHER *EVP_bf_ofb();
+EVP_CIPHER *EVP_cast5_ecb();
+EVP_CIPHER *EVP_cast5_cbc();
+EVP_CIPHER *EVP_cast5_cfb();
+EVP_CIPHER *EVP_cast5_ofb();
+EVP_CIPHER *EVP_rc5_32_12_16_cbc();
+EVP_CIPHER *EVP_rc5_32_12_16_ecb();
+EVP_CIPHER *EVP_rc5_32_12_16_cfb();
+EVP_CIPHER *EVP_rc5_32_12_16_ofb();
+void SSLeay_add_all_algorithms();
+void SSLeay_add_all_ciphers();
+void SSLeay_add_all_digests();
+int EVP_add_cipher();
+int EVP_add_digest();
+int EVP_add_alias();
+int EVP_delete_alias();
+EVP_CIPHER *EVP_get_cipherbyname();
+EVP_MD *EVP_get_digestbyname();
+void EVP_cleanup();
+int             EVP_PKEY_decrypt();
+int             EVP_PKEY_encrypt();
+int             EVP_PKEY_type();
+int             EVP_PKEY_bits();
+int             EVP_PKEY_size();
+int             EVP_PKEY_assign();
+EVP_PKEY *      EVP_PKEY_new();
+void            EVP_PKEY_free();
+EVP_PKEY *      d2i_PublicKey();
+int             i2d_PublicKey();
+EVP_PKEY *      d2i_PrivateKey();
+int             i2d_PrivateKey();
+int EVP_PKEY_copy_parameters();
+int EVP_PKEY_missing_parameters();
+int EVP_PKEY_save_parameters();
+int EVP_PKEY_cmp_parameters();
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_set_asn1_iv();
+int EVP_CIPHER_get_asn1_iv();
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the EVP functions. */
+/* Function codes. */
+#define EVP_F_D2I_PKEY                                   100
+#define EVP_F_EVP_DECRYPTFINAL                           101
+#define EVP_F_EVP_OPENINIT                               102
+#define EVP_F_EVP_PKEY_COPY_PARAMETERS                   103
+#define EVP_F_EVP_PKEY_DECRYPT                           104
+#define EVP_F_EVP_PKEY_ENCRYPT                           105
+#define EVP_F_EVP_PKEY_NEW                               106
+#define EVP_F_EVP_SIGNFINAL                              107
+#define EVP_F_EVP_VERIFYFINAL                            108
+/* Reason codes. */
+#define EVP_R_BAD_DECRYPT                                100
+#define EVP_R_DIFFERENT_KEY_TYPES                        101
+#define EVP_R_IV_TOO_LARGE                               102
+#define EVP_R_MISSING_PARMATERS                          103
+#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED                104
+#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED              105
+#define EVP_R_PUBLIC_KEY_NOT_RSA                         106
+#define EVP_R_UNSUPPORTED_CIPHER                         107
+#define EVP_R_WRONG_FINAL_BLOCK_LENGTH                   108
+#define EVP_R_WRONG_PUBLIC_KEY_TYPE                      109
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/evp_enc.c b/src/lib/libssl/src/crypto/evp/evp_enc.c
new file mode 100644
index 0000000000..93cc3a9464
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/evp_enc.c
@@ -0,0 +1,303 @@
+/* crypto/evp/evp_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+char *EVP_version="EVP part of SSLeay 0.9.0b 29-Jun-1998";
+void EVP_CIPHER_CTX_init(ctx)
+EVP_CIPHER_CTX *ctx;
+        {
+        memset(ctx,0,sizeof(EVP_CIPHER_CTX));
+        /* ctx->cipher=NULL; */
+        }
+void EVP_CipherInit(ctx,data,key,iv,enc)
+EVP_CIPHER_CTX *ctx;
+EVP_CIPHER *data;
+unsigned char *key;
+unsigned char *iv;
+int enc;
+        {
+        if (enc)
+                EVP_EncryptInit(ctx,data,key,iv);
+        else    
+                EVP_DecryptInit(ctx,data,key,iv);
+        }
+void EVP_CipherUpdate(ctx,out,outl,in,inl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+int *outl;
+unsigned char *in;
+int inl;
+        {
+        if (ctx->encrypt)
+                EVP_EncryptUpdate(ctx,out,outl,in,inl);
+        else    EVP_DecryptUpdate(ctx,out,outl,in,inl);
+        }
+int EVP_CipherFinal(ctx,out,outl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+int *outl;
+        {
+        if (ctx->encrypt)
+                {
+                EVP_EncryptFinal(ctx,out,outl);
+                return(1);
+                }
+        else    return(EVP_DecryptFinal(ctx,out,outl));
+        }
+void EVP_EncryptInit(ctx,cipher,key,iv)
+EVP_CIPHER_CTX *ctx;
+EVP_CIPHER *cipher;
+unsigned char *key;
+unsigned char *iv;
+        {
+        if (cipher != NULL)
+                ctx->cipher=cipher;
+        ctx->cipher->init(ctx,key,iv,1);
+        ctx->encrypt=1;
+        ctx->buf_len=0;
+        }
+void EVP_DecryptInit(ctx,cipher,key,iv)
+EVP_CIPHER_CTX *ctx;
+EVP_CIPHER *cipher;
+unsigned char *key;
+unsigned char *iv;
+        {
+        if (cipher != NULL)
+                ctx->cipher=cipher;
+        ctx->cipher->init(ctx,key,iv,0);
+        ctx->encrypt=0;
+        ctx->buf_len=0;
+        }
+void EVP_EncryptUpdate(ctx,out,outl,in,inl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+int *outl;
+unsigned char *in;
+int inl;
+        {
+        int i,j,bl;
+        i=ctx->buf_len;
+        bl=ctx->cipher->block_size;
+        *outl=0;
+        if ((inl == 0) && (i != bl)) return;
+        if (i != 0)
+                {
+                if (i+inl < bl)
+                        {
+                        memcpy(&(ctx->buf[i]),in,inl);
+                        ctx->buf_len+=inl;
+                        return;
+                        }
+                else
+                        {
+                        j=bl-i;
+                        if (j != 0) memcpy(&(ctx->buf[i]),in,j);
+                        ctx->cipher->do_cipher(ctx,out,ctx->buf,bl);
+                        inl-=j;
+                        in+=j;
+                        out+=bl;
+                        *outl+=bl;
+                        }
+                }
+        i=inl%bl; /* how much is left */
+        inl-=i;
+        if (inl > 0)
+                {
+                ctx->cipher->do_cipher(ctx,out,in,inl);
+                *outl+=inl;
+                }
+        if (i != 0)
+                memcpy(ctx->buf,&(in[inl]),i);
+        ctx->buf_len=i;
+        }
+void EVP_EncryptFinal(ctx,out,outl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+int *outl;
+        {
+        int i,n,b,bl;
+        b=ctx->cipher->block_size;
+        if (b == 1)
+                {
+                *outl=0;
+                return;
+                }
+        bl=ctx->buf_len;
+        n=b-bl;
+        for (i=bl; i<b; i++)
+                ctx->buf[i]=n;
+        ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
+        *outl=b;
+        }
+void EVP_DecryptUpdate(ctx,out,outl,in,inl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+int *outl;
+unsigned char *in;
+int inl;
+        {
+        int b,bl,n;
+        int keep_last=0;
+        *outl=0;
+        if (inl == 0) return;
+        b=ctx->cipher->block_size;
+        if (b > 1)
+                {
+                /* Is the input a multiple of the block size? */
+                bl=ctx->buf_len;
+                n=inl+bl;
+                if (n%b == 0)
+                        {
+                        if (inl < b) /* must be 'just one' buff */
+                                {
+                                memcpy(&(ctx->buf[bl]),in,inl);
+                                ctx->buf_len=b;
+                                *outl=0;
+                                return;
+                                }
+                        keep_last=1;
+                        inl-=b; /* don't do the last block */
+                        }
+                }
+        EVP_EncryptUpdate(ctx,out,outl,in,inl);
+        /* if we have 'decrypted' a multiple of block size, make sure
+         * we have a copy of this last block */
+        if (keep_last)
+                {
+                memcpy(&(ctx->buf[0]),&(in[inl]),b);
+#ifdef DEBUG
+                if (ctx->buf_len != 0)
+                        {
+                        abort();
+                        }
+#endif
+                ctx->buf_len=b;
+                }
+        }
+int EVP_DecryptFinal(ctx,out,outl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+int *outl;
+        {
+        int i,b;
+        int n;
+        *outl=0;
+        b=ctx->cipher->block_size;
+        if (b > 1)
+                {
+                if (ctx->buf_len != b)
+                        {
+                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+                        return(0);
+                        }
+                EVP_EncryptUpdate(ctx,ctx->buf,&n,ctx->buf,0);
+                if (n != b)
+                        return(0);
+                n=ctx->buf[b-1];
+                if (n > b)
+                        {
+                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
+                        return(0);
+                        }
+                for (i=0; i<n; i++)
+                        {
+                        if (ctx->buf[--b] != n)
+                                {
+                                EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
+                                return(0);
+                                }
+                        }
+                n=ctx->cipher->block_size-n;
+                for (i=0; i<n; i++)
+                        out[i]=ctx->buf[i];
+                *outl=n;
+                }
+        else
+                *outl=0;
+        return(1);
+        }
+void EVP_CIPHER_CTX_cleanup(c)
+EVP_CIPHER_CTX *c;
+        {
+        if ((c->cipher != NULL) && (c->cipher->cleanup != NULL))
+                c->cipher->cleanup(c);
+        memset(c,0,sizeof(EVP_CIPHER_CTX));
+        }
diff --git a/src/lib/libssl/src/crypto/evp/evp_err.c b/src/lib/libssl/src/crypto/evp/evp_err.c
new file mode 100644
index 0000000000..2b0a0ab93f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/evp_err.c
@@ -0,0 +1,108 @@
+/* lib/evp/evp_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "evp.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA EVP_str_functs[]=
+        {
+{ERR_PACK(0,EVP_F_D2I_PKEY,0),  "D2I_PKEY"},
+{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0),  "EVP_DecryptFinal"},
+{ERR_PACK(0,EVP_F_EVP_OPENINIT,0),      "EVP_OpenInit"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0),  "EVP_PKEY_copy_parameters"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0),  "EVP_PKEY_decrypt"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0),  "EVP_PKEY_encrypt"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0),      "EVP_PKEY_new"},
+{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0),     "EVP_SignFinal"},
+{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0),   "EVP_VerifyFinal"},
+{0,NULL},
+        };
+static ERR_STRING_DATA EVP_str_reasons[]=
+        {
+{EVP_R_BAD_DECRYPT                       ,"bad decrypt"},
+{EVP_R_DIFFERENT_KEY_TYPES               ,"different key types"},
+{EVP_R_IV_TOO_LARGE                      ,"iv too large"},
+{EVP_R_MISSING_PARMATERS                 ,"missing parmaters"},
+{EVP_R_NO_SIGN_FUNCTION_CONFIGURED       ,"no sign function configured"},
+{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED     ,"no verify function configured"},
+{EVP_R_PUBLIC_KEY_NOT_RSA                ,"public key not rsa"},
+{EVP_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
+{EVP_R_WRONG_FINAL_BLOCK_LENGTH          ,"wrong final block length"},
+{EVP_R_WRONG_PUBLIC_KEY_TYPE             ,"wrong public key type"},
+{0,NULL},
+        };
+#endif
+void ERR_load_EVP_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_EVP,EVP_str_functs);
+                ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/evp/evp_key.c b/src/lib/libssl/src/crypto/evp/evp_key.c
new file mode 100644
index 0000000000..dafa686f64
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/evp_key.c
@@ -0,0 +1,167 @@
+/* crypto/evp/evp_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "x509.h"
+#include "objects.h"
+#include "evp.h"
+/* should be init to zeros. */
+static char prompt_string[80];
+void EVP_set_pw_prompt(prompt)
+char *prompt;
+        {
+        if (prompt == NULL)
+                prompt_string[0]='\0';
+        else
+                strncpy(prompt_string,prompt,79);
+        }
+char *EVP_get_pw_prompt()
+        {
+        if (prompt_string[0] == '\0')
+                return(NULL);
+        else
+                return(prompt_string);
+        }
+#ifdef NO_DES
+int des_read_pw_string(char *buf,int len,char *prompt,int verify);
+#endif
+int EVP_read_pw_string(buf,len,prompt,verify)
+char *buf;
+int len;
+char *prompt;
+int verify;
+        {
+        if ((prompt == NULL) && (prompt_string[0] != '\0'))
+                prompt=prompt_string;
+        return(des_read_pw_string(buf,len,prompt,verify));
+        }
+int EVP_BytesToKey(type,md,salt,data,datal,count,key,iv)
+EVP_CIPHER *type;
+EVP_MD *md;
+unsigned char *salt;
+unsigned char *data;
+int datal;
+int count;
+unsigned char *key;
+unsigned char *iv;
+        {
+        EVP_MD_CTX c;
+        unsigned char md_buf[EVP_MAX_MD_SIZE];
+        int niv,nkey,addmd=0;
+        unsigned int mds=0,i;
+        nkey=type->key_len;
+        niv=type->iv_len;
+        if (data == NULL) return(nkey);
+        for (;;)
+                {
+                EVP_DigestInit(&c,md);
+                if (addmd++)
+                        EVP_DigestUpdate(&c,&(md_buf[0]),mds);
+                EVP_DigestUpdate(&c,data,datal);
+                if (salt != NULL)
+                        EVP_DigestUpdate(&c,salt,8);
+                EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+                for (i=1; i<(unsigned int)count; i++)
+                        {
+                        EVP_DigestInit(&c,md);
+                        EVP_DigestUpdate(&c,&(md_buf[0]),mds);
+                        EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+                        }
+                i=0;
+                if (nkey)
+                        {
+                        for (;;)
+                                {
+                                if (nkey == 0) break;
+                                if (i == mds) break;
+                                if (key != NULL)
+                                        *(key++)=md_buf[i];
+                                nkey--;
+                                i++;
+                                }
+                        }
+                if (niv && (i != mds))
+                        {
+                        for (;;)
+                                {
+                                if (niv == 0) break;
+                                if (i == mds) break;
+                                if (iv != NULL)
+                                        *(iv++)=md_buf[i];
+                                niv--;
+                                i++;
+                                }
+                        }
+                if ((nkey == 0) && (niv == 0)) break;
+                }
+        memset(&c,0,sizeof(c));
+        memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+        return(type->key_len);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/evp_lib.c b/src/lib/libssl/src/crypto/evp/evp_lib.c
new file mode 100644
index 0000000000..69784eb555
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/evp_lib.c
@@ -0,0 +1,117 @@
+/* crypto/evp/evp_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+int EVP_CIPHER_param_to_asn1(c,type)
+EVP_CIPHER_CTX *c;
+ASN1_TYPE *type;
+        {
+        int ret;
+        if (c->cipher->set_asn1_parameters != NULL)
+                ret=c->cipher->set_asn1_parameters(c,type);
+        else
+                ret=1;
+        return(ret);
+        }
+int EVP_CIPHER_asn1_to_param(c,type)
+EVP_CIPHER_CTX *c;
+ASN1_TYPE *type;
+        {
+        int ret;
+        if (c->cipher->get_asn1_parameters != NULL)
+                ret=c->cipher->get_asn1_parameters(c,type);
+        else
+                ret=1;
+        return(ret);
+        }
+int EVP_CIPHER_get_asn1_iv(c,type)
+EVP_CIPHER_CTX *c;
+ASN1_TYPE *type;
+        {
+        int i=0,l;
+        if (type != NULL) 
+                {
+                l=EVP_CIPHER_CTX_iv_length(c);
+                i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
+                memcpy(c->iv,c->oiv,l);
+                }
+        return(i);
+        }
+int EVP_CIPHER_set_asn1_iv(c,type)
+EVP_CIPHER_CTX *c;
+ASN1_TYPE *type;
+        {
+        int i=0,j;
+        if (type != NULL)
+                {
+                j=EVP_CIPHER_CTX_iv_length(c);
+                i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
+                }
+        return(i);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/m_dss.c b/src/lib/libssl/src/crypto/evp/m_dss.c
new file mode 100644
index 0000000000..3549b1699c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/m_dss.c
@@ -0,0 +1,82 @@
+/* crypto/evp/m_dss.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static EVP_MD dsa_md=
+        {
+        NID_dsaWithSHA,
+        NID_dsaWithSHA,
+        SHA_DIGEST_LENGTH,
+        SHA1_Init,
+        SHA1_Update,
+        SHA1_Final,
+        EVP_PKEY_DSA_method,
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+EVP_MD *EVP_dss()
+        {
+        return(&dsa_md);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/m_dss1.c b/src/lib/libssl/src/crypto/evp/m_dss1.c
new file mode 100644
index 0000000000..ff256b7b20
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/m_dss1.c
@@ -0,0 +1,81 @@
+/* crypto/evp/m_dss1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static EVP_MD dss1_md=
+        {
+        NID_dsa,
+        NID_dsaWithSHA1,
+        SHA_DIGEST_LENGTH,
+        SHA1_Init,
+        SHA1_Update,
+        SHA1_Final,
+        EVP_PKEY_DSA_method,
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+EVP_MD *EVP_dss1()
+        {
+        return(&dss1_md);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/m_md2.c b/src/lib/libssl/src/crypto/evp/m_md2.c
new file mode 100644
index 0000000000..2209416142
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/m_md2.c
@@ -0,0 +1,82 @@
+/* crypto/evp/m_md2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static EVP_MD md2_md=
+        {
+        NID_md2,
+        NID_md2WithRSAEncryption,
+        MD2_DIGEST_LENGTH,
+        MD2_Init,
+        MD2_Update,
+        MD2_Final,
+        EVP_PKEY_RSA_method,
+        MD2_BLOCK,
+        sizeof(EVP_MD *)+sizeof(MD2_CTX),
+        };
+EVP_MD *EVP_md2()
+        {
+        return(&md2_md);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/m_md5.c b/src/lib/libssl/src/crypto/evp/m_md5.c
new file mode 100644
index 0000000000..d65db9aa1d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/m_md5.c
@@ -0,0 +1,81 @@
+/* crypto/evp/m_md5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static EVP_MD md5_md=
+        {
+        NID_md5,
+        NID_md5WithRSAEncryption,
+        MD5_DIGEST_LENGTH,
+        MD5_Init,
+        MD5_Update,
+        MD5_Final,
+        EVP_PKEY_RSA_method,
+        MD5_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(MD5_CTX),
+        };
+EVP_MD *EVP_md5()
+        {
+        return(&md5_md);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/m_mdc2.c b/src/lib/libssl/src/crypto/evp/m_mdc2.c
new file mode 100644
index 0000000000..64a853eb7f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/m_mdc2.c
@@ -0,0 +1,81 @@
+/* crypto/evp/m_mdc2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static EVP_MD mdc2_md=
+        {
+        NID_mdc2,
+        NID_mdc2WithRSA,
+        MDC2_DIGEST_LENGTH,
+        MDC2_Init,
+        MDC2_Update,
+        MDC2_Final,
+        EVP_PKEY_RSA_ASN1_OCTET_STRING_method,
+        MDC2_BLOCK,
+        sizeof(EVP_MD *)+sizeof(MDC2_CTX),
+        };
+EVP_MD *EVP_mdc2()
+        {
+        return(&mdc2_md);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/m_null.c b/src/lib/libssl/src/crypto/evp/m_null.c
new file mode 100644
index 0000000000..6d80560df2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/m_null.c
@@ -0,0 +1,88 @@
+/* crypto/evp/m_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static void function()
+        {
+        }
+static EVP_MD null_md=
+        {
+        NID_undef,
+        NID_undef,
+        0,
+        function,
+        function,
+        function,
+        
+        EVP_PKEY_NULL_method,
+        0,
+        sizeof(EVP_MD *),
+        };
+EVP_MD *EVP_md_null()
+        {
+        return(&null_md);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/m_ripemd.c b/src/lib/libssl/src/crypto/evp/m_ripemd.c
new file mode 100644
index 0000000000..04c5d8897b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/m_ripemd.c
@@ -0,0 +1,81 @@
+/* crypto/evp/m_ripemd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static EVP_MD ripemd160_md=
+        {
+        NID_ripemd160,
+        NID_ripemd160WithRSA,
+        RIPEMD160_DIGEST_LENGTH,
+        RIPEMD160_Init,
+        RIPEMD160_Update,
+        RIPEMD160_Final,
+        EVP_PKEY_RSA_method,
+        RIPEMD160_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX),
+        };
+EVP_MD *EVP_ripemd160()
+        {
+        return(&ripemd160_md);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/m_sha.c b/src/lib/libssl/src/crypto/evp/m_sha.c
new file mode 100644
index 0000000000..af4e434a22
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/m_sha.c
@@ -0,0 +1,82 @@
+/* crypto/evp/m_sha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static EVP_MD sha_md=
+        {
+        NID_sha,
+        NID_shaWithRSAEncryption,
+        SHA_DIGEST_LENGTH,
+        SHA_Init,
+        SHA_Update,
+        SHA_Final,
+        EVP_PKEY_RSA_method,
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+EVP_MD *EVP_sha()
+        {
+        return(&sha_md);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/m_sha1.c b/src/lib/libssl/src/crypto/evp/m_sha1.c
new file mode 100644
index 0000000000..87135a9cf2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/m_sha1.c
@@ -0,0 +1,81 @@
+/* crypto/evp/m_sha1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+static EVP_MD sha1_md=
+        {
+        NID_sha1,
+        NID_sha1WithRSAEncryption,
+        SHA_DIGEST_LENGTH,
+        SHA1_Init,
+        SHA1_Update,
+        SHA1_Final,
+        EVP_PKEY_RSA_method,
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+EVP_MD *EVP_sha1()
+        {
+        return(&sha1_md);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/names.c b/src/lib/libssl/src/crypto/evp/names.c
new file mode 100644
index 0000000000..e0774da20d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/names.c
@@ -0,0 +1,285 @@
+/* crypto/evp/names.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+typedef struct aliases_st {
+        char *alias;
+        /* This must be the last field becaue I will allocate things
+         * so they go off the end of it */
+        char name[4];
+        } ALIASES;
+static STACK /* ALIASES */ *aliases=NULL;
+static STACK /* EVP_CIPHERS */ *ciphers=NULL;
+static STACK /* EVP_MD */ *digests=NULL;
+static int cipher_nid_cmp(a,b)
+EVP_CIPHER **a,**b;
+        { return((*a)->nid - (*b)->nid); }
+static int digest_type_cmp(a,b)
+EVP_MD **a,**b;
+        { return((*a)->pkey_type - (*b)->pkey_type); }
+int EVP_add_cipher(c)
+EVP_CIPHER *c;
+        {
+        int i;
+        if (ciphers == NULL)
+                {
+                ciphers=sk_new(cipher_nid_cmp);
+                if (ciphers == NULL) return(0);
+                }
+        if ((i=sk_find(ciphers,(char *)c)) >= 0)
+                {
+                if (sk_value(ciphers,i) == (char *)c)
+                        return(1);
+                sk_delete(ciphers,i);
+                }
+        return(sk_push(ciphers,(char *)c));
+        }
+int EVP_add_digest(md)
+EVP_MD *md;
+        {
+        int i;
+        char *n;
+        if (digests == NULL)
+                {
+                digests=sk_new(digest_type_cmp);
+                if (digests == NULL) return(0);
+                }
+        if ((i=sk_find(digests,(char *)md)) >= 0)
+                {
+                if (sk_value(digests,i) == (char *)md)
+                        return(1);
+                sk_delete(digests,i);
+                }
+        if (md->type != md->pkey_type)
+                {
+                n=OBJ_nid2sn(md->pkey_type);
+                EVP_add_alias(n,OBJ_nid2sn(md->type));
+                EVP_add_alias(n,OBJ_nid2ln(md->type));
+                }
+        sk_push(digests,(char *)md);
+        return(1);
+        }
+static int alias_cmp(a,b)
+ALIASES **a,**b;
+        {
+        return(strcmp((*a)->alias,(*b)->alias));
+        }
+int EVP_add_alias(name,aname)
+char *name;
+char *aname;
+        {
+        int l1,l2,i;
+        ALIASES *a;
+        char *p;
+        if ((name == NULL) || (aname == NULL)) return(0);
+        l1=strlen(name)+1;
+        l2=strlen(aname)+1;
+        i=sizeof(ALIASES)+l1+l2;
+        if ((a=(ALIASES *)Malloc(i)) == NULL)
+                return(0);
+        strcpy(a->name,name);
+        p= &(a->name[l1]);
+        strcpy(p,aname);
+        a->alias=p;
+        if (aliases == NULL)
+                {
+                aliases=sk_new(alias_cmp);
+                if (aliases == NULL) goto err;
+                }
+        if ((i=sk_find(aliases,(char *)a)) >= 0)
+                {
+                Free(sk_delete(aliases,i));
+                }
+        if (!sk_push(aliases,(char *)a)) goto err;
+        return(1);
+err:
+        return(0);
+        }
+int EVP_delete_alias(name)
+char *name;
+        {
+        ALIASES a;
+        int i;
+        if (aliases != NULL)
+                {
+                a.alias=name;
+                if ((i=sk_find(aliases,(char *)&a)) >= 0)
+                        {
+                        Free(sk_delete(aliases,i));
+                        return(1);
+                        }
+                }
+        return(0);
+        }
+EVP_CIPHER *EVP_get_cipherbyname(name)
+char *name;
+        {
+        int nid,num=6,i;
+        EVP_CIPHER c,*cp;
+        ALIASES a,*ap;
+        if (ciphers == NULL) return(NULL);
+        for (;;)
+                {
+                if (num-- <= 0) return(NULL);
+                if (aliases != NULL)
+                        {
+                        a.alias=name;
+                        i=sk_find(aliases,(char *)&a);
+                        if (i >= 0)
+                                {
+                                ap=(ALIASES *)sk_value(aliases,i);
+                                name=ap->name;
+                                continue;
+                                }
+                        }
+                nid=OBJ_txt2nid(name);
+                if (nid == NID_undef) return(NULL);
+                c.nid=nid;
+                i=sk_find(ciphers,(char *)&c);
+                if (i >= 0)
+                        {
+                        cp=(EVP_CIPHER *)sk_value(ciphers,i);
+                        return(cp);
+                        }
+                else
+                        return(NULL);
+                }
+        }
+EVP_MD *EVP_get_digestbyname(name)
+char *name;
+        {
+        int nid,num=6,i;
+        EVP_MD c,*cp;
+        ALIASES a,*ap;
+        if (digests == NULL) return(NULL);
+        for (;;)
+                {
+                if (num-- <= 0) return(NULL);
+                if (aliases != NULL)
+                        {
+                        a.alias=name;
+                        i=sk_find(aliases,(char *)&a);
+                        if (i >= 0)
+                                {
+                                ap=(ALIASES *)sk_value(aliases,i);
+                                name=ap->name;
+                                continue;
+                                }
+                        }
+                nid=OBJ_txt2nid(name);
+                if (nid == NID_undef) return(NULL);
+                c.pkey_type=nid;
+                i=sk_find(digests,(char *)&c);
+                if (i >= 0)
+                        {
+                        cp=(EVP_MD *)sk_value(digests,i);
+                        return(cp);
+                        }
+                else
+                        return(NULL);
+                }
+        }
+void EVP_cleanup()
+        {
+        int i;
+        if (aliases != NULL)
+                {
+                for (i=0; i<sk_num(aliases); i++)
+                        Free(sk_value(aliases,i));
+                sk_free(aliases);
+                aliases=NULL;
+                }
+        if (ciphers != NULL)
+                {
+                sk_free(ciphers);
+                ciphers=NULL;
+                }
+        if (digests != NULL)
+                {
+                sk_free(digests);
+                digests=NULL;
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/evp/p_dec.c b/src/lib/libssl/src/crypto/evp/p_dec.c
new file mode 100644
index 0000000000..e845ce70c7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/p_dec.c
@@ -0,0 +1,84 @@
+/* crypto/evp/p_dec.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "rand.h"
+#include "rsa.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+int EVP_PKEY_decrypt(key,ek,ekl,priv)
+unsigned char *key;
+unsigned char *ek;
+int ekl;
+EVP_PKEY *priv;
+        {
+        int ret= -1;
+        
+        if (priv->type != EVP_PKEY_RSA)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+                goto err;
+                }
+        ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
+err:
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/p_enc.c b/src/lib/libssl/src/crypto/evp/p_enc.c
new file mode 100644
index 0000000000..a26bfad02a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/p_enc.c
@@ -0,0 +1,83 @@
+/* crypto/evp/p_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "rand.h"
+#include "rsa.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+int EVP_PKEY_encrypt(ek,key,key_len,pubk)
+unsigned char *ek;
+unsigned char *key;
+int key_len;
+EVP_PKEY *pubk;
+        {
+        int ret=0;
+        
+        if (pubk->type != EVP_PKEY_RSA)
+                {
+                EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+                goto err;
+                }
+        ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
+err:
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/p_lib.c b/src/lib/libssl/src/crypto/evp/p_lib.c
new file mode 100644
index 0000000000..395351b373
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/p_lib.c
@@ -0,0 +1,294 @@
+/* crypto/evp/p_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "objects.h"
+#include "evp.h"
+#include "asn1_mac.h"
+#include "x509.h"
+/* EVPerr(EVP_F_D2I_PKEY,EVP_R_UNSUPPORTED_CIPHER); */
+/* EVPerr(EVP_F_D2I_PKEY,EVP_R_IV_TOO_LARGE); */
+#ifndef NOPROTO
+static void EVP_PKEY_free_it(EVP_PKEY *x);
+#else
+static void EVP_PKEY_free_it();
+#endif
+int EVP_PKEY_bits(pkey)
+EVP_PKEY *pkey;
+        {
+#ifndef NO_RSA
+        if (pkey->type == EVP_PKEY_RSA)
+                return(BN_num_bits(pkey->pkey.rsa->n));
+        else
+#endif
+#ifndef NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                return(BN_num_bits(pkey->pkey.dsa->p));
+#endif
+        return(0);
+        }
+int EVP_PKEY_size(pkey)
+EVP_PKEY *pkey;
+        {
+#ifndef NO_RSA
+        if (pkey->type == EVP_PKEY_RSA)
+                return(RSA_size(pkey->pkey.rsa));
+        else
+#endif
+#ifndef NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                return(DSA_size(pkey->pkey.dsa));
+#endif
+        return(0);
+        }
+int EVP_PKEY_save_parameters(pkey,mode)
+EVP_PKEY *pkey;
+int mode;
+        {
+#ifndef NO_DSA
+        if (pkey->type == EVP_PKEY_DSA)
+                {
+                int ret=pkey->save_parameters=mode;
+                if (mode >= 0)
+                        pkey->save_parameters=mode;
+                return(ret);
+                }
+#endif
+        return(0);
+        }
+int EVP_PKEY_copy_parameters(to,from)
+EVP_PKEY *to,*from;
+        {
+        if (to->type != from->type)
+                {
+                EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES);
+                goto err;
+                }
+        if (EVP_PKEY_missing_parameters(from))
+                {
+                EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARMATERS);
+                goto err;
+                }
+#ifndef NO_DSA
+        if (to->type == EVP_PKEY_DSA)
+                {
+                BIGNUM *a;
+                if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err;
+                if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p);
+                to->pkey.dsa->p=a;
+                if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err;
+                if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q);
+                to->pkey.dsa->q=a;
+                if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err;
+                if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g);
+                to->pkey.dsa->g=a;
+                }
+#endif
+        return(1);
+err:
+        return(0);
+        }
+int EVP_PKEY_missing_parameters(pkey)
+EVP_PKEY *pkey;
+        {
+#ifndef NO_DSA
+        if (pkey->type == EVP_PKEY_DSA)
+                {
+                DSA *dsa;
+                dsa=pkey->pkey.dsa;
+                if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+                        return(1);
+                }
+#endif
+        return(0);
+        }
+int EVP_PKEY_cmp_parameters(a,b)
+EVP_PKEY *a,*b;
+        {
+#ifndef NO_DSA
+        if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
+                {
+                if (    BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
+                        BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
+                        BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
+                        return(0);
+                else
+                        return(1);
+                }
+#endif
+        return(-1);
+        }
+EVP_PKEY *EVP_PKEY_new()
+        {
+        EVP_PKEY *ret;
+        ret=(EVP_PKEY *)Malloc(sizeof(EVP_PKEY));
+        if (ret == NULL)
+                {
+                EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->type=EVP_PKEY_NONE;
+        ret->references=1;
+        ret->pkey.ptr=NULL;
+        ret->attributes=NULL;
+        ret->save_parameters=1;
+        return(ret);
+        }
+int EVP_PKEY_assign(pkey,type,key)
+EVP_PKEY *pkey;
+int type;
+char *key;
+        {
+        if (pkey == NULL) return(0);
+        if (pkey->pkey.ptr != NULL)
+                EVP_PKEY_free_it(pkey);
+        pkey->type=EVP_PKEY_type(type);
+        pkey->save_type=type;
+        pkey->pkey.ptr=key;
+        return(1);
+        }
+int EVP_PKEY_type(type)
+int type;
+        {
+        switch (type)
+                {
+        case EVP_PKEY_RSA:
+        case EVP_PKEY_RSA2:
+                return(EVP_PKEY_RSA);
+        case EVP_PKEY_DSA:
+        case EVP_PKEY_DSA1:
+        case EVP_PKEY_DSA2:
+        case EVP_PKEY_DSA3:
+        case EVP_PKEY_DSA4:
+                return(EVP_PKEY_DSA);
+        case EVP_PKEY_DH:
+                return(EVP_PKEY_DH);
+        default:
+                return(NID_undef);
+                }
+        }
+void EVP_PKEY_free(x)
+EVP_PKEY *x;
+        {
+        int i;
+        if (x == NULL) return;
+        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",x);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"EVP_PKEY_free, bad reference count\n");
+                abort();
+                }
+#endif
+        EVP_PKEY_free_it(x);
+        Free((char *)x);
+        }
+static void EVP_PKEY_free_it(x)
+EVP_PKEY *x;
+        {
+        switch (x->type)
+                {
+#ifndef NO_RSA
+        case EVP_PKEY_RSA:
+        case EVP_PKEY_RSA2:
+                RSA_free(x->pkey.rsa);
+                break;
+#endif
+#ifndef NO_DSA
+        case EVP_PKEY_DSA:
+        case EVP_PKEY_DSA2:
+        case EVP_PKEY_DSA3:
+        case EVP_PKEY_DSA4:
+                DSA_free(x->pkey.dsa);
+                break;
+#endif
+#ifndef NO_DH
+        case EVP_PKEY_DH:
+                DH_free(x->pkey.dh);
+                break;
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/evp/p_open.c b/src/lib/libssl/src/crypto/evp/p_open.c
new file mode 100644
index 0000000000..28a8e02252
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/p_open.c
@@ -0,0 +1,119 @@
+/* crypto/evp/p_open.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+int EVP_OpenInit(ctx,type,ek,ekl,iv,priv)
+EVP_CIPHER_CTX *ctx;
+EVP_CIPHER *type;
+unsigned char *ek;
+int ekl;
+unsigned char *iv;
+EVP_PKEY *priv;
+        {
+        unsigned char *key=NULL;
+        int i,size=0,ret=0;
+        
+        if (priv->type != EVP_PKEY_RSA)
+                {
+                EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA);
+                ret= -1;
+                goto err;
+                }
+        size=RSA_size(priv->pkey.rsa);
+        key=(unsigned char *)Malloc(size+2);
+        if (key == NULL)
+                {
+                /* ERROR */
+                EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE);
+                ret= -1;
+                goto err;
+                }
+        i=EVP_PKEY_decrypt(key,ek,ekl,priv);
+        if (i != type->key_len)
+                {
+                /* ERROR */
+                goto err;
+                }
+        EVP_CIPHER_CTX_init(ctx);
+        EVP_DecryptInit(ctx,type,key,iv);
+        ret=1;
+err:
+        if (key != NULL) memset(key,0,size);
+        Free(key);
+        return(ret);
+        }
+int EVP_OpenFinal(ctx,out,outl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+int *outl;
+        {
+        int i;
+        i=EVP_DecryptFinal(ctx,out,outl);
+        EVP_DecryptInit(ctx,NULL,NULL,NULL);
+        return(i);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/p_seal.c b/src/lib/libssl/src/crypto/evp/p_seal.c
new file mode 100644
index 0000000000..09a408de35
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/p_seal.c
@@ -0,0 +1,115 @@
+/* crypto/evp/p_seal.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "rand.h"
+#include "rsa.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+int EVP_SealInit(ctx,type,ek,ekl,iv,pubk,npubk)
+EVP_CIPHER_CTX *ctx;
+EVP_CIPHER *type;
+unsigned char **ek;
+int *ekl;
+unsigned char *iv;
+EVP_PKEY **pubk;
+int npubk;
+        {
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        int i;
+        
+        if (npubk <= 0) return(0);
+        RAND_bytes(key,EVP_MAX_KEY_LENGTH);
+        if (type->iv_len > 0)
+                RAND_bytes(iv,type->iv_len);
+        EVP_CIPHER_CTX_init(ctx);
+        EVP_EncryptInit(ctx,type,key,iv);
+        for (i=0; i<npubk; i++)
+                {
+                ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_key_length(type),
+                        pubk[i]);
+                if (ekl[i] <= 0) return(-1);
+                }
+        return(npubk);
+        }
+/* MACRO
+void EVP_SealUpdate(ctx,out,outl,in,inl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+int *outl;
+unsigned char *in;
+int inl;
+        {
+        EVP_EncryptUpdate(ctx,out,outl,in,inl);
+        }
+*/
+void EVP_SealFinal(ctx,out,outl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+int *outl;
+        {
+        EVP_EncryptFinal(ctx,out,outl);
+        EVP_EncryptInit(ctx,NULL,NULL,NULL);
+        }
diff --git a/src/lib/libssl/src/crypto/evp/p_sign.c b/src/lib/libssl/src/crypto/evp/p_sign.c
new file mode 100644
index 0000000000..073270ce31
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/p_sign.c
@@ -0,0 +1,119 @@
+/* crypto/evp/p_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#ifdef undef
+void EVP_SignInit(ctx,type)
+EVP_MD_CTX *ctx;
+EVP_MD *type;
+        {
+        EVP_DigestInit(ctx,type);
+        }
+void EVP_SignUpdate(ctx,data,count)
+EVP_MD_CTX *ctx;
+unsigned char *data;
+unsigned int count;
+        {
+        EVP_DigestUpdate(ctx,data,count);
+        }
+#endif
+int EVP_SignFinal(ctx,sigret,siglen,pkey)
+EVP_MD_CTX *ctx;
+unsigned char *sigret;
+unsigned int *siglen;
+EVP_PKEY *pkey;
+        {
+        unsigned char m[EVP_MAX_MD_SIZE];
+        unsigned int m_len;
+        int i,ok=0,v;
+        MS_STATIC EVP_MD_CTX tmp_ctx;
+        *siglen=0;
+        memcpy(&tmp_ctx,ctx,sizeof(EVP_MD_CTX));
+        EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
+        for (i=0; i<4; i++)
+                {
+                v=ctx->digest->required_pkey_type[i];
+                if (v == 0) break;
+                if (pkey->type == v)
+                        {
+                        ok=1;
+                        break;
+                        }
+                }
+        if (!ok)
+                {
+                EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
+                return(0);
+                }
+        if (ctx->digest->sign == NULL)
+                {
+                EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
+                return(0);
+                }
+        return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
+                pkey->pkey.ptr));
+        }
diff --git a/src/lib/libssl/src/crypto/evp/p_verify.c b/src/lib/libssl/src/crypto/evp/p_verify.c
new file mode 100644
index 0000000000..8d727d8f02
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/p_verify.c
@@ -0,0 +1,102 @@
+/* crypto/evp/p_verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+int EVP_VerifyFinal(ctx,sigbuf,siglen,pkey)
+EVP_MD_CTX *ctx;
+unsigned char *sigbuf;
+unsigned int siglen;
+EVP_PKEY *pkey;
+        {
+        unsigned char m[EVP_MAX_MD_SIZE];
+        unsigned int m_len;
+        int i,ok=0,v;
+        MS_STATIC EVP_MD_CTX tmp_ctx;
+        for (i=0; i<4; i++)
+                {
+                v=ctx->digest->required_pkey_type[i];
+                if (v == 0) break;
+                if (pkey->type == v)
+                        {
+                        ok=1;
+                        break;
+                        }
+                }
+        if (!ok)
+                {
+                EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
+                return(-1);
+                }
+        memcpy(&tmp_ctx,ctx,sizeof(EVP_MD_CTX));
+        EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
+        if (ctx->digest->verify == NULL)
+                {
+                EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
+                return(0);
+                }
+        return(ctx->digest->verify(ctx->digest->type,m,m_len,
+                sigbuf,siglen,pkey->pkey.ptr));
+        }
diff --git a/src/lib/libssl/src/crypto/ex_data.c b/src/lib/libssl/src/crypto/ex_data.c
new file mode 100644
index 0000000000..c858b518ff
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ex_data.c
@@ -0,0 +1,236 @@
+/* crypto/ex_data.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "buffer.h"
+#include "bio.h"
+#include "lhash.h"
+#include "cryptlib.h"
+int CRYPTO_get_ex_new_index(idx,skp,argl,argp,new_func,dup_func,free_func)
+int idx;
+STACK **skp;
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+        CRYPTO_EX_DATA_FUNCS *a;
+        if (*skp == NULL)
+                *skp=sk_new_null();
+        if (*skp == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
+                return(-1);
+                }
+        a=(CRYPTO_EX_DATA_FUNCS *)Malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
+        if (a == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
+                return(-1);
+                }
+        a->argl=argl;
+        a->argp=argp;
+        a->new_func=new_func;
+        a->dup_func=dup_func;
+        a->free_func=free_func;
+        while (sk_num(*skp) <= idx)
+                {
+                if (!sk_push(*skp,NULL))
+                        {
+                        CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
+                        Free(a);
+                        return(-1);
+                        }
+                }
+        sk_value(*skp,idx)=(char *)a;
+        return(idx);
+        }
+int CRYPTO_set_ex_data(ad,idx,val)
+CRYPTO_EX_DATA *ad;
+int idx;
+char *val;
+        {
+        int i;
+        if (ad->sk == NULL)
+                {
+                if ((ad->sk=sk_new_null()) == NULL)
+                        {
+                        CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                }
+        i=sk_num(ad->sk);
+        while (i <= idx)
+                {
+                if (!sk_push(ad->sk,NULL))
+                        {
+                        CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                i++;
+                }
+        sk_value(ad->sk,idx)=val;
+        return(1);
+        }
+char *CRYPTO_get_ex_data(ad,idx)
+CRYPTO_EX_DATA *ad;
+int idx;
+        {
+        if (ad->sk == NULL)
+                return(0);
+        else if (idx >= sk_num(ad->sk))
+                return(0);
+        else
+                return(sk_value(ad->sk,idx));
+        }
+/* The callback is called with the 'object', which is the origional data object
+ * being duplicated, a pointer to the
+ * 'new' object to be inserted, the index, and the argi/argp
+ */
+int CRYPTO_dup_ex_data(meth,to,from)
+STACK *meth;
+CRYPTO_EX_DATA *to,*from;
+        {
+        int i,j,m,r;
+        CRYPTO_EX_DATA_FUNCS *mm;
+        char *from_d;
+        if (meth == NULL) return(1);
+        if (from->sk == NULL) return(1);
+        m=sk_num(meth);
+        j=sk_num(from->sk);
+        for (i=0; i<j; i++)
+                {
+                from_d=CRYPTO_get_ex_data(from,i);
+                if (i < m)
+                        {
+                        mm=(CRYPTO_EX_DATA_FUNCS *)sk_value(meth,i);
+                        if (mm->dup_func != NULL)
+                                r=mm->dup_func(to,from,(char **)&from_d,i,
+                                        mm->argl,mm->argp);
+                        }
+                CRYPTO_set_ex_data(to,i,from_d);
+                }
+        return(1);
+        }
+/* Call each free callback */
+void CRYPTO_free_ex_data(meth,obj,ad)
+STACK *meth;
+char *obj;
+CRYPTO_EX_DATA *ad;
+        {
+        CRYPTO_EX_DATA_FUNCS *m;
+        char *ptr;
+        int i,max;
+        if (meth != NULL)
+                {
+                max=sk_num(meth);
+                for (i=0; i<max; i++)
+                        {
+                        m=(CRYPTO_EX_DATA_FUNCS *)sk_value(meth,i);
+                        if ((m != NULL) && (m->free_func != NULL))
+                                {
+                                ptr=CRYPTO_get_ex_data(ad,i);
+                                m->free_func(obj,ptr,ad,i,m->argl,m->argp);
+                                }
+                        }
+                }
+        if (ad->sk != NULL)
+                {
+                sk_free(ad->sk);
+                ad->sk=NULL;
+                }
+        }
+void CRYPTO_new_ex_data(meth,obj,ad)
+STACK *meth;
+char *obj;
+CRYPTO_EX_DATA *ad;
+        {
+        CRYPTO_EX_DATA_FUNCS *m;
+        char *ptr;
+        int i,max;
+        ad->sk=NULL;
+        if (meth != NULL)
+                {
+                max=sk_num(meth);
+                for (i=0; i<max; i++)
+                        {
+                        m=(CRYPTO_EX_DATA_FUNCS *)sk_value(meth,i);
+                        if ((m != NULL) && (m->new_func != NULL))
+                                {
+                                ptr=CRYPTO_get_ex_data(ad,i);
+                                m->new_func(obj,ptr,ad,i,m->argl,m->argp);
+                                }
+                        }
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.c b/src/lib/libssl/src/crypto/hmac/hmac.c
new file mode 100644
index 0000000000..fb09129963
--- /dev/null
+++ b/src/lib/libssl/src/crypto/hmac/hmac.c
@@ -0,0 +1,165 @@
+/* crypto/hmac/hmac.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "hmac.h"
+void HMAC_Init(ctx,key,len,md)
+HMAC_CTX *ctx;
+unsigned char *key;
+int len;
+EVP_MD *md;
+        {
+        int i,j,reset=0;
+        unsigned char pad[HMAC_MAX_MD_CBLOCK];
+        if (md != NULL)
+                {
+                reset=1;
+                ctx->md=md;
+                }
+        else
+                md=ctx->md;
+        if (key != NULL)
+                {
+                reset=1;
+                j=EVP_MD_block_size(md);
+                if (j < len)
+                        {
+                        EVP_DigestInit(&ctx->md_ctx,md);
+                        EVP_DigestUpdate(&ctx->md_ctx,key,len);
+                        EVP_DigestFinal(&(ctx->md_ctx),ctx->key,
+                                &ctx->key_length);
+                        }
+                else
+                        {
+                        memcpy(ctx->key,key,len);
+                        memset(&(ctx->key[len]),0,sizeof(ctx->key)-len);
+                        ctx->key_length=len;
+                        }
+                }
+        if (reset)      
+                {
+                for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
+                        pad[i]=0x36^ctx->key[i];
+                EVP_DigestInit(&ctx->i_ctx,md);
+                EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
+                for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
+                        pad[i]=0x5c^ctx->key[i];
+                EVP_DigestInit(&ctx->o_ctx,md);
+                EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
+                }
+        memcpy(&ctx->md_ctx,&ctx->i_ctx,sizeof(ctx->i_ctx));
+        }
+void HMAC_Update(ctx,data,len)
+HMAC_CTX *ctx;
+unsigned char *data;
+int len;
+        {
+        EVP_DigestUpdate(&(ctx->md_ctx),data,len);
+        }
+void HMAC_Final(ctx,md,len)
+HMAC_CTX *ctx;
+unsigned char *md;
+unsigned int *len;
+        {
+        int j;
+        unsigned int i;
+        unsigned char buf[EVP_MAX_MD_SIZE];
+        j=EVP_MD_block_size(ctx->md);
+        EVP_DigestFinal(&(ctx->md_ctx),buf,&i);
+        memcpy(&(ctx->md_ctx),&(ctx->o_ctx),sizeof(ctx->o_ctx));
+        EVP_DigestUpdate(&(ctx->md_ctx),buf,i);
+        EVP_DigestFinal(&(ctx->md_ctx),md,len);
+        }
+void HMAC_cleanup(ctx)
+HMAC_CTX *ctx;
+        {
+        memset(ctx,0,sizeof(HMAC_CTX));
+        }
+unsigned char *HMAC(evp_md,key,key_len,d,n,md,md_len)
+EVP_MD *evp_md;
+unsigned char *key;
+int key_len;
+unsigned char *d;
+int n;
+unsigned char *md;
+unsigned int *md_len;
+        {
+        HMAC_CTX c;
+        static unsigned char m[EVP_MAX_MD_SIZE];
+        if (md == NULL) md=m;
+        HMAC_Init(&c,key,key_len,evp_md);
+        HMAC_Update(&c,d,n);
+        HMAC_Final(&c,md,md_len);
+        HMAC_cleanup(&c);
+        return(md);
+        }
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.h b/src/lib/libssl/src/crypto/hmac/hmac.h
new file mode 100644
index 0000000000..e6b43f52c4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/hmac/hmac.h
@@ -0,0 +1,106 @@
+/* crypto/hmac/hmac.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_HMAC_H
+#define HEADER_HMAC_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "evp.h"
+#define HMAC_MAX_MD_CBLOCK      64
+typedef struct hmac_ctx_st
+        {
+        EVP_MD *md;
+        EVP_MD_CTX md_ctx;
+        EVP_MD_CTX i_ctx;
+        EVP_MD_CTX o_ctx;
+        unsigned int key_length;
+        unsigned char key[HMAC_MAX_MD_CBLOCK];
+        } HMAC_CTX;
+#define HMAC_size(e)    (EVP_MD_size((e)->md))
+#ifndef NOPROTO
+void HMAC_Init(HMAC_CTX *ctx, unsigned char *key, int len,
+        EVP_MD *md);
+void HMAC_Update(HMAC_CTX *ctx,unsigned char *key, int len);
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+void HMAC_cleanup(HMAC_CTX *ctx);
+unsigned char *HMAC(EVP_MD *evp_md, unsigned char *key, int key_len,
+        unsigned char *d, int n, unsigned char *md, unsigned int *md_len);
+#else
+void HMAC_Init();
+void HMAC_Update();
+void HMAC_Final();
+void HMAC_cleanup();
+unsigned char *HMAC();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/hmac/hmactest.c b/src/lib/libssl/src/crypto/hmac/hmactest.c
new file mode 100644
index 0000000000..5938e375dc
--- /dev/null
+++ b/src/lib/libssl/src/crypto/hmac/hmactest.c
@@ -0,0 +1,147 @@
+/* crypto/hmac/hmactest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "hmac.h"
+struct test_st
+        {
+        unsigned char key[16];
+        int key_len;
+        unsigned char data[64];
+        int data_len;
+        unsigned char *digest;
+        } test[4]={
+        {       "",
+                0,
+                "More text test vectors to stuff up EBCDIC machines :-)",
+                54,
+                (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
+        },{     {0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
+                 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,},
+                16,
+                "Hi There",
+                8,
+                (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
+        },{     "Jefe",
+                4,
+                "what do ya want for nothing?",
+                28,
+                (unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
+        },{
+                {0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
+                 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,},
+                16,
+                {0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd},
+                50,
+                (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
+        },
+        };
+#ifndef NOPROTO
+static char *pt(unsigned char *md);
+#else
+static char *pt();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        char *p;
+        for (i=0; i<4; i++)
+                {
+                p=pt(HMAC(EVP_md5(),
+                        test[i].key, test[i].key_len,
+                        test[i].data, test[i].data_len,
+                        NULL,NULL));
+                if (strcmp(p,(char *)test[i].digest) != 0)
+                        {
+                        printf("error calculating HMAC on %d entry'\n",i);
+                        printf("got %s instead of %s\n",p,test[i].digest);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                }
+        exit(err);
+        return(0);
+        }
+static char *pt(md)
+unsigned char *md;
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<MD5_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
diff --git a/src/lib/libssl/src/crypto/lhash/lh_stats.c b/src/lib/libssl/src/crypto/lhash/lh_stats.c
new file mode 100644
index 0000000000..23fe82f777
--- /dev/null
+++ b/src/lib/libssl/src/crypto/lhash/lh_stats.c
@@ -0,0 +1,289 @@
+/* crypto/lhash/lh_stats.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+/* If you wish to build this outside of SSLeay, remove the following lines
+ * and things should work as expected */
+#include "cryptlib.h"
+#include "lhash.h"
+#ifndef HEADER_BIO_H
+void lh_stats(lh, out)
+LHASH *lh;
+FILE *out;
+        {
+        fprintf(out,"num_items             = %lu\n",lh->num_items);
+        fprintf(out,"num_nodes             = %u\n",lh->num_nodes);
+        fprintf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
+        fprintf(out,"num_expands           = %lu\n",lh->num_expands);
+        fprintf(out,"num_expand_reallocs   = %lu\n",lh->num_expand_reallocs);
+        fprintf(out,"num_contracts         = %lu\n",lh->num_contracts);
+        fprintf(out,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);
+        fprintf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);
+        fprintf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);
+        fprintf(out,"num_insert            = %lu\n",lh->num_insert);
+        fprintf(out,"num_replace           = %lu\n",lh->num_replace);
+        fprintf(out,"num_delete            = %lu\n",lh->num_delete);
+        fprintf(out,"num_no_delete         = %lu\n",lh->num_no_delete);
+        fprintf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
+        fprintf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
+        fprintf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
+#ifdef DEBUG
+        fprintf(out,"p                     = %u\n",lh->p);
+        fprintf(out,"pmax                  = %u\n",lh->pmax);
+        fprintf(out,"up_load               = %lu\n",lh->up_load);
+        fprintf(out,"down_load             = %lu\n",lh->down_load);
+#endif
+        }
+void lh_node_stats(lh, out)
+LHASH *lh;
+FILE *out;
+        {
+        LHASH_NODE *n;
+        unsigned int i,num;
+        for (i=0; i<lh->num_nodes; i++)
+                {
+                for (n=lh->b[i],num=0; n != NULL; n=n->next)
+                        num++;
+                fprintf(out,"node %6u -> %3u\n",i,num);
+                }
+        }
+void lh_node_usage_stats(lh, out)
+LHASH *lh;
+FILE *out;
+        {
+        LHASH_NODE *n;
+        unsigned long num;
+        unsigned int i;
+        unsigned long total=0,n_used=0;
+        for (i=0; i<lh->num_nodes; i++)
+                {
+                for (n=lh->b[i],num=0; n != NULL; n=n->next)
+                        num++;
+                if (num != 0)
+                        {
+                        n_used++;
+                        total+=num;
+                        }
+                }
+        fprintf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
+        fprintf(out,"%lu items\n",total);
+        if (n_used == 0) return;
+        fprintf(out,"load %d.%02d  actual load %d.%02d\n",
+                (int)(total/lh->num_nodes),
+                (int)((total%lh->num_nodes)*100/lh->num_nodes),
+                (int)(total/n_used),
+                (int)((total%n_used)*100/n_used));
+        }
+#else
+#ifndef NO_FP_API
+void lh_stats(lh,fp)
+LHASH *lh;
+FILE *fp;
+        {
+        BIO *bp;
+        bp=BIO_new(BIO_s_file());
+        if (bp == NULL) goto end;
+        BIO_set_fp(bp,fp,BIO_NOCLOSE);
+        lh_stats_bio(lh,bp);
+        BIO_free(bp);
+end:;
+        }
+void lh_node_stats(lh,fp)
+LHASH *lh;
+FILE *fp;
+        {
+        BIO *bp;
+        bp=BIO_new(BIO_s_file());
+        if (bp == NULL) goto end;
+        BIO_set_fp(bp,fp,BIO_NOCLOSE);
+        lh_node_stats_bio(lh,bp);
+        BIO_free(bp);
+end:;
+        }
+void lh_node_usage_stats(lh,fp)
+LHASH *lh;
+FILE *fp;
+        {
+        BIO *bp;
+        bp=BIO_new(BIO_s_file());
+        if (bp == NULL) goto end;
+        BIO_set_fp(bp,fp,BIO_NOCLOSE);
+        lh_node_usage_stats_bio(lh,bp);
+        BIO_free(bp);
+end:;
+        }
+#endif
+void lh_stats_bio(lh, out)
+LHASH *lh;
+BIO *out;
+        {
+        char buf[128];
+        sprintf(buf,"num_items             = %lu\n",lh->num_items);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_nodes             = %u\n",lh->num_nodes);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_expands           = %lu\n",lh->num_expands);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_expand_reallocs   = %lu\n",lh->num_expand_reallocs);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_contracts         = %lu\n",lh->num_contracts);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_hash_calls        = %lu\n",lh->num_hash_calls);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_comp_calls        = %lu\n",lh->num_comp_calls);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_insert            = %lu\n",lh->num_insert);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_replace           = %lu\n",lh->num_replace);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_delete            = %lu\n",lh->num_delete);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_no_delete         = %lu\n",lh->num_no_delete);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_retrieve          = %lu\n",lh->num_retrieve);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
+        BIO_puts(out,buf);
+        sprintf(buf,"num_hash_comps        = %lu\n",lh->num_hash_comps);
+        BIO_puts(out,buf);
+#ifdef DEBUG
+        sprintf(buf,"p                     = %u\n",lh->p);
+        BIO_puts(out,buf);
+        sprintf(buf,"pmax                  = %u\n",lh->pmax);
+        BIO_puts(out,buf);
+        sprintf(buf,"up_load               = %lu\n",lh->up_load);
+        BIO_puts(out,buf);
+        sprintf(buf,"down_load             = %lu\n",lh->down_load);
+        BIO_puts(out,buf);
+#endif
+        }
+void lh_node_stats_bio(lh, out)
+LHASH *lh;
+BIO *out;
+        {
+        LHASH_NODE *n;
+        unsigned int i,num;
+        char buf[128];
+        for (i=0; i<lh->num_nodes; i++)
+                {
+                for (n=lh->b[i],num=0; n != NULL; n=n->next)
+                        num++;
+                sprintf(buf,"node %6u -> %3u\n",i,num);
+                BIO_puts(out,buf);
+                }
+        }
+void lh_node_usage_stats_bio(lh, out)
+LHASH *lh;
+BIO *out;
+        {
+        LHASH_NODE *n;
+        unsigned long num;
+        unsigned int i;
+        unsigned long total=0,n_used=0;
+        char buf[128];
+        for (i=0; i<lh->num_nodes; i++)
+                {
+                for (n=lh->b[i],num=0; n != NULL; n=n->next)
+                        num++;
+                if (num != 0)
+                        {
+                        n_used++;
+                        total+=num;
+                        }
+                }
+        sprintf(buf,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
+        BIO_puts(out,buf);
+        sprintf(buf,"%lu items\n",total);
+        BIO_puts(out,buf);
+        if (n_used == 0) return;
+        sprintf(buf,"load %d.%02d  actual load %d.%02d\n",
+                (int)(total/lh->num_nodes),
+                (int)((total%lh->num_nodes)*100/lh->num_nodes),
+                (int)(total/n_used),
+                (int)((total%n_used)*100/n_used));
+        BIO_puts(out,buf);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/lhash/lh_test.c b/src/lib/libssl/src/crypto/lhash/lh_test.c
new file mode 100644
index 0000000000..294b42bc82
--- /dev/null
+++ b/src/lib/libssl/src/crypto/lhash/lh_test.c
@@ -0,0 +1,89 @@
+/* crypto/lhash/lh_test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "lhash.h"
+main()
+        {
+        LHASH *conf;
+        char buf[256];
+        int i;
+        conf=lh_new(lh_strhash,strcmp);
+        for (;;)
+                {
+                char *p;
+                buf[0]='\0';
+                fgets(buf,256,stdin);
+                if (buf[0] == '\0') break;
+                buf[256]='\0';
+                i=strlen(buf);
+                p=Malloc(i+1);
+                memcpy(p,buf,i+1);
+                lh_insert(conf,p);
+                }
+        lh_node_stats(conf,stdout);
+        lh_stats(conf,stdout);
+        lh_node_usage_stats(conf,stdout);
+        exit(0);
+        }
diff --git a/src/lib/libssl/src/crypto/lhash/lhash.c b/src/lib/libssl/src/crypto/lhash/lhash.c
new file mode 100644
index 0000000000..6dfb5c9ccc
--- /dev/null
+++ b/src/lib/libssl/src/crypto/lhash/lhash.c
@@ -0,0 +1,489 @@
+/* crypto/lhash/lhash.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+char *lh_version="lhash part of SSLeay 0.9.0b 29-Jun-1998";
+/* Code for dynamic hash table routines
+ * Author - Eric Young v 2.0
+ *
+ * 2.0 eay - Fixed a bug that occured when using lh_delete
+ *           from inside lh_doall().  As entries were deleted,
+ *           the 'table' was 'contract()ed', making some entries
+ *           jump from the end of the table to the start, there by
+ *           skiping the lh_doall() processing. eay - 4/12/95
+ *
+ * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
+ *           were not being free()ed. 21/11/95
+ *
+ * 1.8 eay - Put the stats routines into a separate file, lh_stats.c
+ *           19/09/95
+ *
+ * 1.7 eay - Removed the fputs() for realloc failures - the code
+ *           should silently tolerate them.  I have also fixed things
+ *           lint complained about 04/05/95
+ *
+ * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92
+ *
+ * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992
+ *
+ * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91
+ *
+ * 1.3 eay - Fixed a few lint problems 19/3/1991
+ *
+ * 1.2 eay - Fixed lh_doall problem 13/3/1991
+ *
+ * 1.1 eay - Added lh_doall
+ *
+ * 1.0 eay - First version
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "lhash.h"
+#undef MIN_NODES 
+#define MIN_NODES       16
+#define UP_LOAD         (2*LH_LOAD_MULT) /* load times 256  (default 2) */
+#define DOWN_LOAD       (LH_LOAD_MULT)   /* load times 256  (default 1) */
+#ifndef NOPROTO
+#define P_CP    char *
+#define P_CPP   char *,char *
+static void expand(LHASH *lh);
+static void contract(LHASH *lh);
+static LHASH_NODE **getrn(LHASH *lh, char *data, unsigned long *rhash);
+#else
+#define P_CP
+#define P_CPP
+static void expand();
+static void contract();
+static LHASH_NODE **getrn();
+#endif
+LHASH *lh_new(h, c)
+unsigned long (*h)();
+int (*c)();
+        {
+        LHASH *ret;
+        int i;
+        if ((ret=(LHASH *)malloc(sizeof(LHASH))) == NULL)
+                goto err0;
+        if ((ret->b=(LHASH_NODE **)malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
+                goto err1;
+        for (i=0; i<MIN_NODES; i++)
+                ret->b[i]=NULL;
+        ret->comp=((c == NULL)?(int (*)())strcmp:c);
+        ret->hash=((h == NULL)?(unsigned long (*)())lh_strhash:h);
+        ret->num_nodes=MIN_NODES/2;
+        ret->num_alloc_nodes=MIN_NODES;
+        ret->p=0;
+        ret->pmax=MIN_NODES/2;
+        ret->up_load=UP_LOAD;
+        ret->down_load=DOWN_LOAD;
+        ret->num_items=0;
+        ret->num_expands=0;
+        ret->num_expand_reallocs=0;
+        ret->num_contracts=0;
+        ret->num_contract_reallocs=0;
+        ret->num_hash_calls=0;
+        ret->num_comp_calls=0;
+        ret->num_insert=0;
+        ret->num_replace=0;
+        ret->num_delete=0;
+        ret->num_no_delete=0;
+        ret->num_retrieve=0;
+        ret->num_retrieve_miss=0;
+        ret->num_hash_comps=0;
+        return(ret);
+err1:
+        free((char *)ret);
+err0:
+        return(NULL);
+        }
+void lh_free(lh)
+LHASH *lh;
+        {
+        unsigned int i;
+        LHASH_NODE *n,*nn;
+        for (i=0; i<lh->num_nodes; i++)
+                {
+                n=lh->b[i];
+                while (n != NULL)
+                        {
+                        nn=n->next;
+                        free(n);
+                        n=nn;
+                        }
+                }
+        free((char *)lh->b);
+        free((char *)lh);
+        }
+char *lh_insert(lh, data)
+LHASH *lh;
+char *data;
+        {
+        unsigned long hash;
+        LHASH_NODE *nn,**rn;
+        char *ret;
+        if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))
+                expand(lh);
+        rn=getrn(lh,data,&hash);
+        if (*rn == NULL)
+                {
+                if ((nn=(LHASH_NODE *)malloc(sizeof(LHASH_NODE))) == NULL)
+                        return(NULL);
+                nn->data=data;
+                nn->next=NULL;
+#ifndef NO_HASH_COMP
+                nn->hash=hash;
+#endif
+                *rn=nn;
+                ret=NULL;
+                lh->num_insert++;
+                lh->num_items++;
+                }
+        else /* replace same key */
+                {
+                ret= (*rn)->data;
+                (*rn)->data=data;
+                lh->num_replace++;
+                }
+        return(ret);
+        }
+char *lh_delete(lh, data)
+LHASH *lh;
+char *data;
+        {
+        unsigned long hash;
+        LHASH_NODE *nn,**rn;
+        char *ret;
+        rn=getrn(lh,data,&hash);
+        if (*rn == NULL)
+                {
+                lh->num_no_delete++;
+                return(NULL);
+                }
+        else
+                {
+                nn= *rn;
+                *rn=nn->next;
+                ret=nn->data;
+                free((char *)nn);
+                lh->num_delete++;
+                }
+        lh->num_items--;
+        if ((lh->num_nodes > MIN_NODES) &&
+                (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)))
+                contract(lh);
+        return(ret);
+        }
+char *lh_retrieve(lh, data)
+LHASH *lh;
+char *data;
+        {
+        unsigned long hash;
+        LHASH_NODE **rn;
+        char *ret;
+        rn=getrn(lh,data,&hash);
+        if (*rn == NULL)
+                {
+                lh->num_retrieve_miss++;
+                return(NULL);
+                }
+        else
+                {
+                ret= (*rn)->data;
+                lh->num_retrieve++;
+                }
+        return(ret);
+        }
+void lh_doall(lh, func)
+LHASH *lh;
+void (*func)();
+        {
+        lh_doall_arg(lh,func,NULL);
+        }
+void lh_doall_arg(lh, func, arg)
+LHASH *lh;
+void (*func)();
+char *arg;
+        {
+        int i;
+        LHASH_NODE *a,*n;
+        /* reverse the order so we search from 'top to bottom'
+         * We were having memory leaks otherwise */
+        for (i=lh->num_nodes-1; i>=0; i--)
+                {
+                a=lh->b[i];
+                while (a != NULL)
+                        {
+                        /* 28/05/91 - eay - n added so items can be deleted
+                         * via lh_doall */
+                        n=a->next;
+                        func(a->data,arg);
+                        a=n;
+                        }
+                }
+        }
+static void expand(lh)
+LHASH *lh;
+        {
+        LHASH_NODE **n,**n1,**n2,*np;
+        unsigned int p,i,j;
+        unsigned long hash,nni;
+        lh->num_nodes++;
+        lh->num_expands++;
+        p=(int)lh->p++;
+        n1= &(lh->b[p]);
+        n2= &(lh->b[p+(int)lh->pmax]);
+        *n2=NULL;        /* 27/07/92 - eay - undefined pointer bug */
+        nni=lh->num_alloc_nodes;
+        
+        for (np= *n1; np != NULL; )
+                {
+#ifndef NO_HASH_COMP
+                hash=np->hash;
+#else
+                hash=(*(lh->hash))(np->data);
+                lh->num_hash_calls++;
+#endif
+                if ((hash%nni) != p)
+                        { /* move it */
+                        *n1= (*n1)->next;
+                        np->next= *n2;
+                        *n2=np;
+                        }
+                else
+                        n1= &((*n1)->next);
+                np= *n1;
+                }
+        if ((lh->p) >= lh->pmax)
+                {
+                j=(int)lh->num_alloc_nodes*2;
+                n=(LHASH_NODE **)realloc((char *)lh->b,
+                        (unsigned int)sizeof(LHASH_NODE *)*j);
+                if (n == NULL)
+                        {
+/*                      fputs("realloc error in lhash",stderr); */
+                        lh->p=0;
+                        return;
+                        }
+                /* else */
+                for (i=(int)lh->num_alloc_nodes; i<j; i++)/* 26/02/92 eay */
+                        n[i]=NULL;                        /* 02/03/92 eay */
+                lh->pmax=lh->num_alloc_nodes;
+                lh->num_alloc_nodes=j;
+                lh->num_expand_reallocs++;
+                lh->p=0;
+                lh->b=n;
+                }
+        }
+static void contract(lh)
+LHASH *lh;
+        {
+        LHASH_NODE **n,*n1,*np;
+        np=lh->b[lh->p+lh->pmax-1];
+        lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */
+        if (lh->p == 0)
+                {
+                n=(LHASH_NODE **)realloc((char *)lh->b,
+                        (unsigned int)(sizeof(LHASH_NODE *)*lh->pmax));
+                if (n == NULL)
+                        {
+/*                      fputs("realloc error in lhash",stderr); */
+                        return;
+                        }
+                lh->num_contract_reallocs++;
+                lh->num_alloc_nodes/=2;
+                lh->pmax/=2;
+                lh->p=lh->pmax-1;
+                lh->b=n;
+                }
+        else
+                lh->p--;
+        lh->num_nodes--;
+        lh->num_contracts++;
+        n1=lh->b[(int)lh->p];
+        if (n1 == NULL)
+                lh->b[(int)lh->p]=np;
+        else
+                {
+                while (n1->next != NULL)
+                        n1=n1->next;
+                n1->next=np;
+                }
+        }
+static LHASH_NODE **getrn(lh, data, rhash)
+LHASH *lh;
+char *data;
+unsigned long *rhash;
+        {
+        LHASH_NODE **ret,*n1;
+        unsigned long hash,nn;
+        int (*cf)();
+        hash=(*(lh->hash))(data);
+        lh->num_hash_calls++;
+        *rhash=hash;
+        nn=hash%lh->pmax;
+        if (nn < lh->p)
+                nn=hash%lh->num_alloc_nodes;
+        cf=lh->comp;
+        ret= &(lh->b[(int)nn]);
+        for (n1= *ret; n1 != NULL; n1=n1->next)
+                {
+#ifndef NO_HASH_COMP
+                lh->num_hash_comps++;
+                if (n1->hash != hash)
+                        {
+                        ret= &(n1->next);
+                        continue;
+                        }
+#endif
+                lh->num_comp_calls++;
+                if ((*cf)(n1->data,data) == 0)
+                        break;
+                ret= &(n1->next);
+                }
+        return(ret);
+        }
+/*
+static unsigned long lh_strhash(str)
+char *str;
+        {
+        int i,l;
+        unsigned long ret=0;
+        unsigned short *s;
+        if (str == NULL) return(0);
+        l=(strlen(str)+1)/2;
+        s=(unsigned short *)str;
+        for (i=0; i<l; i++)
+                ret^=(s[i]<<(i&0x0f));
+        return(ret);
+        } */
+/* The following hash seems to work very well on normal text strings
+ * no collisions on /usr/dict/words and it distributes on %2^n quite
+ * well, not as good as MD5, but still good.
+ */
+unsigned long lh_strhash(c)
+char *c;
+        {
+        unsigned long ret=0;
+        long n;
+        unsigned long v;
+        int r;
+        if ((c == NULL) || (*c == '\0'))
+                return(ret);
+/*
+        unsigned char b[16];
+        MD5(c,strlen(c),b);
+        return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); 
+*/
+        n=0x100;
+        while (*c)
+                {
+                v=n|(*c);
+                n+=0x100;
+                r= (int)((v>>2)^v)&0x0f;
+                ret=(ret<<r)|(ret>>(32-r));
+                ret&=0xFFFFFFFFL;
+                ret^=v*v;
+                c++;
+                }
+        return((ret>>16)^ret);
+        }
diff --git a/src/lib/libssl/src/crypto/lhash/lhash.h b/src/lib/libssl/src/crypto/lhash/lhash.h
new file mode 100644
index 0000000000..70cbc6dfe7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/lhash/lhash.h
@@ -0,0 +1,155 @@
+/* crypto/lhash/lhash.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* Header for dynamic hash table routines
+ * Author - Eric Young
+ */
+#ifndef HEADER_LHASH_H
+#define HEADER_LHASH_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+typedef struct lhash_node_st
+        {
+        char *data;
+        struct lhash_node_st *next;
+#ifndef NO_HASH_COMP
+        unsigned long hash;
+#endif
+        } LHASH_NODE;
+typedef struct lhash_st
+        {
+        LHASH_NODE **b;
+        int (*comp)();
+        unsigned long (*hash)();
+        unsigned int num_nodes;
+        unsigned int num_alloc_nodes;
+        unsigned int p;
+        unsigned int pmax;
+        unsigned long up_load; /* load times 256 */
+        unsigned long down_load; /* load times 256 */
+        unsigned long num_items;
+        unsigned long num_expands;
+        unsigned long num_expand_reallocs;
+        unsigned long num_contracts;
+        unsigned long num_contract_reallocs;
+        unsigned long num_hash_calls;
+        unsigned long num_comp_calls;
+        unsigned long num_insert;
+        unsigned long num_replace;
+        unsigned long num_delete;
+        unsigned long num_no_delete;
+        unsigned long num_retrieve;
+        unsigned long num_retrieve_miss;
+        unsigned long num_hash_comps;
+        } LHASH;
+#define LH_LOAD_MULT    256
+#ifndef NOPROTO
+LHASH *lh_new(unsigned long (*h)(), int (*c)());
+void lh_free(LHASH *lh);
+char *lh_insert(LHASH *lh, char *data);
+char *lh_delete(LHASH *lh, char *data);
+char *lh_retrieve(LHASH *lh, char *data);
+void lh_doall(LHASH *lh, void (*func)(/* char *b */));
+void lh_doall_arg(LHASH *lh, void (*func)(/*char *a,char *b*/),char *arg);
+unsigned long lh_strhash(char *c);
+#ifndef NO_FP_API
+void lh_stats(LHASH *lh, FILE *out);
+void lh_node_stats(LHASH *lh, FILE *out);
+void lh_node_usage_stats(LHASH *lh, FILE *out);
+#endif
+#ifdef HEADER_BIO_H
+void lh_stats_bio(LHASH *lh, BIO *out);
+void lh_node_stats_bio(LHASH *lh, BIO *out);
+void lh_node_usage_stats_bio(LHASH *lh, BIO *out);
+#endif
+#else
+LHASH *lh_new();
+void lh_free();
+char *lh_insert();
+char *lh_delete();
+char *lh_retrieve();
+void lh_doall();
+void lh_doall_arg();
+unsigned long lh_strhash();
+#ifndef NO_FP_API
+void lh_stats();
+void lh_node_stats();
+void lh_node_usage_stats();
+#endif
+void lh_stats_bio();
+void lh_node_stats_bio();
+void lh_node_usage_stats_bio();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/lhash/num.pl b/src/lib/libssl/src/crypto/lhash/num.pl
new file mode 100644
index 0000000000..4d937c1f90
--- /dev/null
+++ b/src/lib/libssl/src/crypto/lhash/num.pl
@@ -0,0 +1,17 @@
+#!/usr/bin/perl
+#node     10 ->   4
+while (<>)
+        {
+        next unless /^node/;
+        chop;
+        @a=split;
+        $num{$a[3]}++;
+        }
+@a=sort {$a <=> $b } keys %num;
+foreach (0 .. $a[$#a])
+        {
+        printf "%4d:%4d\n",$_,$num{$_};
+        }
diff --git a/src/lib/libssl/src/crypto/md2/md2.c b/src/lib/libssl/src/crypto/md2/md2.c
new file mode 100644
index 0000000000..7f3ab64a43
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md2/md2.c
@@ -0,0 +1,136 @@
+/* crypto/md2/md2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "md2.h"
+#define BUFSIZE 1024*16
+#ifndef NOPROTO
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+void exit(int);
+#else
+void do_fp();
+void pt();
+int read();
+void exit();
+#endif
+int main(argc, argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("MD2(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        return(err);
+        }
+void do_fp(f)
+FILE *f;
+        {
+        MD2_CTX c;
+        unsigned char md[MD2_DIGEST_LENGTH];
+        int fd,i;
+        static unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        MD2_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                MD2_Update(&c,buf,(unsigned long)i);
+                }
+        MD2_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(md)
+unsigned char *md;
+        {
+        int i;
+        for (i=0; i<MD2_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libssl/src/crypto/md2/md2_dgst.c b/src/lib/libssl/src/crypto/md2/md2_dgst.c
new file mode 100644
index 0000000000..5cbd36f3fe
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md2/md2_dgst.c
@@ -0,0 +1,235 @@
+/* crypto/md2/md2_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "md2.h"
+char *MD2_version="MD2 part of SSLeay 0.9.0b 29-Jun-1998";
+/* Implemented from RFC1319 The MD2 Message-Digest Algorithm
+ */
+#define UCHAR   unsigned char
+#ifndef NOPROTO
+static void md2_block(MD2_CTX *c, unsigned char *d);
+#else
+static void md2_block();
+#endif
+/* The magic S table - I have converted it to hex since it is
+ * basicaly just a random byte string. */
+static MD2_INT S[256]={
+        0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
+        0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
+        0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
+        0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
+        0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
+        0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
+        0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
+        0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
+        0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
+        0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
+        0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
+        0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
+        0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
+        0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
+        0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+        0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
+        0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
+        0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
+        0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
+        0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
+        0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
+        0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
+        0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
+        0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
+        0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
+        0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
+        0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
+        0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
+        0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
+        0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+        0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
+        0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
+        };
+char *MD2_options()
+        {
+        if (sizeof(MD2_INT) == 1)
+                return("md2(char)");
+        else
+                return("md2(int)");
+        }
+void MD2_Init(c)
+MD2_CTX *c;
+        {
+        c->num=0;
+        memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT));
+        memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT));
+        memset(c->data,0,MD2_BLOCK);
+        }
+void MD2_Update(c, data, len)
+MD2_CTX *c;
+register unsigned char *data;
+unsigned long len;
+        {
+        register UCHAR *p;
+        if (len == 0) return;
+        p=c->data;
+        if (c->num != 0)
+                {
+                if ((c->num+len) >= MD2_BLOCK)
+                        {
+                        memcpy(&(p[c->num]),data,MD2_BLOCK-c->num);
+                        md2_block(c,c->data);
+                        data+=(MD2_BLOCK - c->num);
+                        len-=(MD2_BLOCK - c->num);
+                        c->num=0;
+                        /* drop through and do the rest */
+                        }
+                else
+                        {
+                        memcpy(&(p[c->num]),data,(int)len);
+                        /* data+=len; */
+                        c->num+=(int)len;
+                        return;
+                        }
+                }
+        /* we now can process the input data in blocks of MD2_BLOCK
+         * chars and save the leftovers to c->data. */
+        while (len >= MD2_BLOCK)
+                {
+                md2_block(c,data);
+                data+=MD2_BLOCK;
+                len-=MD2_BLOCK;
+                }
+        memcpy(p,data,(int)len);
+        c->num=(int)len;
+        }
+static void md2_block(c, d)
+MD2_CTX *c;
+unsigned char *d;
+        {
+        register MD2_INT t,*sp1,*sp2;
+        register int i,j;
+        MD2_INT state[48];
+        sp1=c->state;
+        sp2=c->cksm;
+        j=sp2[MD2_BLOCK-1];
+        for (i=0; i<16; i++)
+                {
+                state[i]=sp1[i];
+                state[i+16]=t=d[i];
+                state[i+32]=(t^sp1[i]);
+                j=sp2[i]^=S[t^j];
+                }
+        t=0;
+        for (i=0; i<18; i++)
+                {
+                for (j=0; j<48; j+=8)
+                        {
+                        t= state[j+ 0]^=S[t];
+                        t= state[j+ 1]^=S[t];
+                        t= state[j+ 2]^=S[t];
+                        t= state[j+ 3]^=S[t];
+                        t= state[j+ 4]^=S[t];
+                        t= state[j+ 5]^=S[t];
+                        t= state[j+ 6]^=S[t];
+                        t= state[j+ 7]^=S[t];
+                        }
+                t=(t+i)&0xff;
+                }
+        memcpy(sp1,state,16*sizeof(MD2_INT));
+        memset(state,0,48*sizeof(MD2_INT));
+        }
+void MD2_Final(md, c)
+unsigned char *md;
+MD2_CTX *c;
+        {
+        int i,v;
+        register UCHAR *cp;
+        register MD2_INT *p1,*p2;
+        cp=c->data;
+        p1=c->state;
+        p2=c->cksm;
+        v=MD2_BLOCK-c->num;
+        for (i=c->num; i<MD2_BLOCK; i++)
+                cp[i]=(UCHAR)v;
+        md2_block(c,cp);
+        for (i=0; i<MD2_BLOCK; i++)
+                cp[i]=(UCHAR)p2[i];
+        md2_block(c,cp);
+        for (i=0; i<16; i++)
+                md[i]=(UCHAR)(p1[i]&0xff);
+        memset((char *)&c,0,sizeof(c));
+        }
diff --git a/src/lib/libssl/src/crypto/md2/md2_one.c b/src/lib/libssl/src/crypto/md2/md2_one.c
new file mode 100644
index 0000000000..513bf62fdb
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md2/md2_one.c
@@ -0,0 +1,80 @@
+/* crypto/md2/md2_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "md2.h"
+/* This is a separate file so that #defines in cryptlib.h can
+ * map my MD functions to different names */
+unsigned char *MD2(d, n, md)
+unsigned char *d;
+unsigned long n;
+unsigned char *md;
+        {
+        MD2_CTX c;
+        static unsigned char m[MD2_DIGEST_LENGTH];
+        if (md == NULL) md=m;
+        MD2_Init(&c);
+        MD2_Update(&c,d,n);
+        MD2_Final(md,&c);
+        memset(&c,0,sizeof(c)); /* Security consideration */
+        return(md);
+        }
diff --git a/src/lib/libssl/src/crypto/md2/md2test.c b/src/lib/libssl/src/crypto/md2/md2test.c
new file mode 100644
index 0000000000..55924d44cd
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md2/md2test.c
@@ -0,0 +1,130 @@
+/* crypto/md2/md2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "md2.h"
+char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+char *ret[]={
+        "8350e5a3e24c153df2275c9f80692773",
+        "32ec01ec4a6dac72c0ab96fb34c0b5d1",
+        "da853b0d3f88d99b30283a69e6ded6bb",
+        "ab4f496bfb2a530b219ff33031fe06b0",
+        "4e8ddff3650292ab5a4108c3aa47940b",
+        "da33def2a42df13975352846c30338cd",
+        "d5976f79d83d3a0dc9806c3c66f3efd8",
+        };
+#ifndef NOPROTO
+static char *pt(unsigned char *md);
+#else
+static char *pt();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        char **P,**R;
+        char *p;
+        P=test;
+        R=ret;
+        i=1;
+        while (*P != NULL)
+                {
+                p=pt(MD2((unsigned char *)*P,(unsigned long)strlen(*P),NULL));
+                if (strcmp(p,*R) != 0)
+                        {
+                        printf("error calculating MD2 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        exit(err);
+        return(0);
+        }
+static char *pt(md)
+unsigned char *md;
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<MD2_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
diff --git a/src/lib/libssl/src/crypto/md5/asm/md5-586.pl b/src/lib/libssl/src/crypto/md5/asm/md5-586.pl
new file mode 100644
index 0000000000..2c7fb7dd98
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md5/asm/md5-586.pl
@@ -0,0 +1,304 @@
+#!/usr/bin/perl
+# Normal is the
+# md5_block_x86(MD5_CTX *c, ULONG *X);
+# version, non-normal is the
+# md5_block_x86(MD5_CTX *c, ULONG *X,int blocks);
+$normal=0;
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+&asm_init($ARGV[0],$0);
+$A="eax";
+$B="ebx";
+$C="ecx";
+$D="edx";
+$tmp1="edi";
+$tmp2="ebp";
+$X="esi";
+# What we need to load into $tmp for the next round
+%Ltmp1=("R0",&Np($C), "R1",&Np($C), "R2",&Np($C), "R3",&Np($D));
+@xo=(
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,  # R0
+ 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,  # R1
+ 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,  # R2
+ 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,  # R3
+ );
+&md5_block("md5_block_x86");
+&asm_finish();
+sub Np
+        {
+        local($p)=@_;
+        local(%n)=($A,$D,$B,$A,$C,$B,$D,$C);
+        return($n{$p});
+        }
+sub R0
+        {
+        local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+        &mov($tmp1,$C)  if $pos < 0;
+         &mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one 
+        # body proper
+        &comment("R0 $ki");
+        &xor($tmp1,$d); # F function - part 2
+        &and($tmp1,$b); # F function - part 3
+        &lea($a,&DWP($t,$a,$tmp2,1));
+        &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+        &xor($tmp1,$d); # F function - part 4
+        &add($a,$tmp1);
+        &mov($tmp1,&Np($c)) if $pos < 1;        # next tmp1 for R0
+        &mov($tmp1,&Np($c)) if $pos == 1;       # next tmp1 for R1
+        &rotl($a,$s);
+        &add($a,$b);
+        }
+sub R1
+        {
+        local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+        &comment("R1 $ki");
+        &lea($a,&DWP($t,$a,$tmp2,1));
+        &xor($tmp1,$b); # G function - part 2
+        &and($tmp1,$d); # G function - part 3
+        &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+        &xor($tmp1,$c);                 # G function - part 4
+        &add($a,$tmp1);
+        &mov($tmp1,&Np($c)) if $pos < 1;        # G function - part 1
+        &mov($tmp1,&Np($c)) if $pos == 1;       # G function - part 1
+        &rotl($a,$s);
+        &add($a,$b);
+        }
+sub R2
+        {
+        local($n,$pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+        # This one is different, only 3 logical operations
+if (($n & 1) == 0)
+        {
+        &comment("R2 $ki");
+        # make sure to do 'D' first, not 'B', else we clash with
+        # the last add from the previous round.
+         &xor($tmp1,$d); # H function - part 2
+        &xor($tmp1,$b); # H function - part 3
+         &lea($a,&DWP($t,$a,$tmp2,1));
+        &add($a,$tmp1);
+         &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0));
+        &rotl($a,$s);
+        &mov($tmp1,&Np($c));
+        }
+else
+        {
+        &comment("R2 $ki");
+        # make sure to do 'D' first, not 'B', else we clash with
+        # the last add from the previous round.
+         &lea($a,&DWP($t,$a,$tmp2,1));
+        &add($b,$c);                    # MOVED FORWARD
+         &xor($tmp1,$d); # H function - part 2
+        &xor($tmp1,$b); # H function - part 3
+         &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+        &add($a,$tmp1);
+         &mov($tmp1,&Np($c)) if $pos < 1;       # H function - part 1
+         &mov($tmp1,-1) if $pos == 1;           # I function - part 1
+        &rotl($a,$s);
+        &add($a,$b);
+        }
+        }
+sub R3
+        {
+        local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+        &comment("R3 $ki");
+        # &not($tmp1)
+        &xor($tmp1,$d) if $pos < 0;     # I function - part 2
+        &or($tmp1,$b);                          # I function - part 3
+         &lea($a,&DWP($t,$a,$tmp2,1));
+        &xor($tmp1,$c);                         # I function - part 4
+         &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if $pos != 2; # load X/k value
+         &mov($tmp2,&wparam(0)) if $pos == 2;
+        &add($a,$tmp1);
+         &mov($tmp1,-1) if $pos < 1;    # H function - part 1
+         &add($K,64) if $pos >=1 && !$normal;
+        &rotl($a,$s);
+        &xor($tmp1,&Np($d)) if $pos <= 0;       # I function - part = first time
+        &mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0;
+         &add($a,$b);
+        }
+sub md5_block
+        {
+        local($name)=@_;
+        &function_begin_B($name,"",3);
+        # parameter 1 is the MD5_CTX structure.
+        # A     0
+        # B     4
+        # C     8
+        # D     12
+        &push("esi");
+         &push("edi");
+        &mov($tmp1,     &wparam(0)); # edi
+         &mov($X,       &wparam(1)); # esi
+        &mov($C,        &wparam(2));
+         &push("ebp");
+        &push("ebx");
+         &add($C,       $X); # offset we end at
+        &sub($C,        64);
+         &mov($A,       &DWP( 0,$tmp1,"",0));
+        &push($C);      # Put on the TOS
+         &mov($B,       &DWP( 4,$tmp1,"",0));
+        &mov($C,        &DWP( 8,$tmp1,"",0));
+         &mov($D,       &DWP(12,$tmp1,"",0));
+        &set_label("start") unless $normal;
+        &comment("");
+        &comment("R0 section");
+        &R0(-2,$A,$B,$C,$D,$X, 0, 7,0xd76aa478);
+        &R0( 0,$D,$A,$B,$C,$X, 1,12,0xe8c7b756);
+        &R0( 0,$C,$D,$A,$B,$X, 2,17,0x242070db);
+        &R0( 0,$B,$C,$D,$A,$X, 3,22,0xc1bdceee);
+        &R0( 0,$A,$B,$C,$D,$X, 4, 7,0xf57c0faf);
+        &R0( 0,$D,$A,$B,$C,$X, 5,12,0x4787c62a);
+        &R0( 0,$C,$D,$A,$B,$X, 6,17,0xa8304613);
+        &R0( 0,$B,$C,$D,$A,$X, 7,22,0xfd469501);
+        &R0( 0,$A,$B,$C,$D,$X, 8, 7,0x698098d8);
+        &R0( 0,$D,$A,$B,$C,$X, 9,12,0x8b44f7af);
+        &R0( 0,$C,$D,$A,$B,$X,10,17,0xffff5bb1);
+        &R0( 0,$B,$C,$D,$A,$X,11,22,0x895cd7be);
+        &R0( 0,$A,$B,$C,$D,$X,12, 7,0x6b901122);
+        &R0( 0,$D,$A,$B,$C,$X,13,12,0xfd987193);
+        &R0( 0,$C,$D,$A,$B,$X,14,17,0xa679438e);
+        &R0( 1,$B,$C,$D,$A,$X,15,22,0x49b40821);
+        &comment("");
+        &comment("R1 section");
+        &R1(-1,$A,$B,$C,$D,$X,16, 5,0xf61e2562);
+        &R1( 0,$D,$A,$B,$C,$X,17, 9,0xc040b340);
+        &R1( 0,$C,$D,$A,$B,$X,18,14,0x265e5a51);
+        &R1( 0,$B,$C,$D,$A,$X,19,20,0xe9b6c7aa);
+        &R1( 0,$A,$B,$C,$D,$X,20, 5,0xd62f105d);
+        &R1( 0,$D,$A,$B,$C,$X,21, 9,0x02441453);
+        &R1( 0,$C,$D,$A,$B,$X,22,14,0xd8a1e681);
+        &R1( 0,$B,$C,$D,$A,$X,23,20,0xe7d3fbc8);
+        &R1( 0,$A,$B,$C,$D,$X,24, 5,0x21e1cde6);
+        &R1( 0,$D,$A,$B,$C,$X,25, 9,0xc33707d6);
+        &R1( 0,$C,$D,$A,$B,$X,26,14,0xf4d50d87);
+        &R1( 0,$B,$C,$D,$A,$X,27,20,0x455a14ed);
+        &R1( 0,$A,$B,$C,$D,$X,28, 5,0xa9e3e905);
+        &R1( 0,$D,$A,$B,$C,$X,29, 9,0xfcefa3f8);
+        &R1( 0,$C,$D,$A,$B,$X,30,14,0x676f02d9);
+        &R1( 1,$B,$C,$D,$A,$X,31,20,0x8d2a4c8a);
+        &comment("");
+        &comment("R2 section");
+        &R2( 0,-1,$A,$B,$C,$D,$X,32, 4,0xfffa3942);
+        &R2( 1, 0,$D,$A,$B,$C,$X,33,11,0x8771f681);
+        &R2( 2, 0,$C,$D,$A,$B,$X,34,16,0x6d9d6122);
+        &R2( 3, 0,$B,$C,$D,$A,$X,35,23,0xfde5380c);
+        &R2( 4, 0,$A,$B,$C,$D,$X,36, 4,0xa4beea44);
+        &R2( 5, 0,$D,$A,$B,$C,$X,37,11,0x4bdecfa9);
+        &R2( 6, 0,$C,$D,$A,$B,$X,38,16,0xf6bb4b60);
+        &R2( 7, 0,$B,$C,$D,$A,$X,39,23,0xbebfbc70);
+        &R2( 8, 0,$A,$B,$C,$D,$X,40, 4,0x289b7ec6);
+        &R2( 9, 0,$D,$A,$B,$C,$X,41,11,0xeaa127fa);
+        &R2(10, 0,$C,$D,$A,$B,$X,42,16,0xd4ef3085);
+        &R2(11, 0,$B,$C,$D,$A,$X,43,23,0x04881d05);
+        &R2(12, 0,$A,$B,$C,$D,$X,44, 4,0xd9d4d039);
+        &R2(13, 0,$D,$A,$B,$C,$X,45,11,0xe6db99e5);
+        &R2(14, 0,$C,$D,$A,$B,$X,46,16,0x1fa27cf8);
+        &R2(15, 1,$B,$C,$D,$A,$X,47,23,0xc4ac5665);
+        &comment("");
+        &comment("R3 section");
+        &R3(-1,$A,$B,$C,$D,$X,48, 6,0xf4292244);
+        &R3( 0,$D,$A,$B,$C,$X,49,10,0x432aff97);
+        &R3( 0,$C,$D,$A,$B,$X,50,15,0xab9423a7);
+        &R3( 0,$B,$C,$D,$A,$X,51,21,0xfc93a039);
+        &R3( 0,$A,$B,$C,$D,$X,52, 6,0x655b59c3);
+        &R3( 0,$D,$A,$B,$C,$X,53,10,0x8f0ccc92);
+        &R3( 0,$C,$D,$A,$B,$X,54,15,0xffeff47d);
+        &R3( 0,$B,$C,$D,$A,$X,55,21,0x85845dd1);
+        &R3( 0,$A,$B,$C,$D,$X,56, 6,0x6fa87e4f);
+        &R3( 0,$D,$A,$B,$C,$X,57,10,0xfe2ce6e0);
+        &R3( 0,$C,$D,$A,$B,$X,58,15,0xa3014314);
+        &R3( 0,$B,$C,$D,$A,$X,59,21,0x4e0811a1);
+        &R3( 0,$A,$B,$C,$D,$X,60, 6,0xf7537e82);
+        &R3( 0,$D,$A,$B,$C,$X,61,10,0xbd3af235);
+        &R3( 0,$C,$D,$A,$B,$X,62,15,0x2ad7d2bb);
+        &R3( 2,$B,$C,$D,$A,$X,63,21,0xeb86d391);
+        # &mov($tmp2,&wparam(0));       # done in the last R3
+        # &mov($tmp1,   &DWP( 0,$tmp2,"",0)); # done is the last R3
+        &add($A,$tmp1);
+         &mov($tmp1,    &DWP( 4,$tmp2,"",0));
+        &add($B,$tmp1);
+        &mov($tmp1,     &DWP( 8,$tmp2,"",0));
+        &add($C,$tmp1);
+        &mov($tmp1,     &DWP(12,$tmp2,"",0));
+        &add($D,$tmp1);
+        &mov(&DWP( 0,$tmp2,"",0),$A);
+        &mov(&DWP( 4,$tmp2,"",0),$B);
+        &mov($tmp1,&swtmp(0)) unless $normal;
+        &mov(&DWP( 8,$tmp2,"",0),$C);
+         &mov(&DWP(12,$tmp2,"",0),$D);
+        &cmp($tmp1,$X) unless $normal;                  # check count
+         &jge(&label("start")) unless $normal;
+        &pop("eax"); # pop the temp variable off the stack
+         &pop("ebx");
+        &pop("ebp");
+         &pop("edi");
+        &pop("esi");
+         &ret();
+        &function_end_B($name);
+        }
diff --git a/src/lib/libssl/src/crypto/md5/md5.c b/src/lib/libssl/src/crypto/md5/md5.c
new file mode 100644
index 0000000000..9d6f5a6003
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md5/md5.c
@@ -0,0 +1,135 @@
+/* crypto/md5/md5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "md5.h"
+#define BUFSIZE 1024*16
+#ifndef NOPROTO
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+#else
+void do_fp();
+void pt();
+int read();
+#endif
+int main(argc, argv)
+int argc;
+char **argv;
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("MD5(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+void do_fp(f)
+FILE *f;
+        {
+        MD5_CTX c;
+        unsigned char md[MD5_DIGEST_LENGTH];
+        int fd;
+        int i;
+        static unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        MD5_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                MD5_Update(&c,buf,(unsigned long)i);
+                }
+        MD5_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(md)
+unsigned char *md;
+        {
+        int i;
+        for (i=0; i<MD5_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libssl/src/crypto/md5/md5.h b/src/lib/libssl/src/crypto/md5/md5.h
new file mode 100644
index 0000000000..357c6c625d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md5/md5.h
@@ -0,0 +1,99 @@
+/* crypto/md5/md5.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_MD5_H
+#define HEADER_MD5_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#define MD5_CBLOCK      64
+#define MD5_LBLOCK      16
+#define MD5_BLOCK       16
+#define MD5_LAST_BLOCK  56
+#define MD5_LENGTH_BLOCK 8
+#define MD5_DIGEST_LENGTH 16
+typedef struct MD5state_st
+        {
+        unsigned long A,B,C,D;
+        unsigned long Nl,Nh;
+        unsigned long data[MD5_LBLOCK];
+        int num;
+        } MD5_CTX;
+#ifndef NOPROTO
+void MD5_Init(MD5_CTX *c);
+void MD5_Update(MD5_CTX *c, unsigned char *data, unsigned long len);
+void MD5_Final(unsigned char *md, MD5_CTX *c);
+unsigned char *MD5(unsigned char *d, unsigned long n, unsigned char *md);
+void MD5_Transform(MD5_CTX *c, unsigned char *b);
+#else
+void MD5_Init();
+void MD5_Update();
+void MD5_Final();
+unsigned char *MD5();
+void MD5_Transform();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/md5/md5_dgst.c b/src/lib/libssl/src/crypto/md5/md5_dgst.c
new file mode 100644
index 0000000000..43b3498d92
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md5/md5_dgst.c
@@ -0,0 +1,440 @@
+/* crypto/md5/md5_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "md5_locl.h"
+char *MD5_version="MD5 part of SSLeay 0.9.0b 29-Jun-1998";
+/* Implemented from RFC1321 The MD5 Message-Digest Algorithm
+ */
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+#ifndef NOPROTO
+#  ifdef MD5_ASM
+     void md5_block_x86(MD5_CTX *c, unsigned long *p,int num);
+#    define md5_block md5_block_x86
+#  else
+     static void md5_block(MD5_CTX *c, unsigned long *p,int num);
+#  endif
+#else
+#  ifdef MD5_ASM
+     void md5_block_x86();
+#    define md5_block md5_block_x86
+#  else
+     static void md5_block();
+#  endif
+#endif
+void MD5_Init(c)
+MD5_CTX *c;
+        {
+        c->A=INIT_DATA_A;
+        c->B=INIT_DATA_B;
+        c->C=INIT_DATA_C;
+        c->D=INIT_DATA_D;
+        c->Nl=0;
+        c->Nh=0;
+        c->num=0;
+        }
+void MD5_Update(c, data, len)
+MD5_CTX *c;
+register unsigned char *data;
+unsigned long len;
+        {
+        register ULONG *p;
+        int sw,sc;
+        ULONG l;
+        if (len == 0) return;
+        l=(c->Nl+(len<<3))&0xffffffffL;
+        /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
+         * Wei Dai <weidai@eskimo.com> for pointing it out. */
+        if (l < c->Nl) /* overflow */
+                c->Nh++;
+        c->Nh+=(len>>29);
+        c->Nl=l;
+        if (c->num != 0)
+                {
+                p=c->data;
+                sw=c->num>>2;
+                sc=c->num&0x03;
+                if ((c->num+len) >= MD5_CBLOCK)
+                        {
+                        l= p[sw];
+                        p_c2l(data,l,sc);
+                        p[sw++]=l;
+                        for (; sw<MD5_LBLOCK; sw++)
+                                {
+                                c2l(data,l);
+                                p[sw]=l;
+                                }
+                        len-=(MD5_CBLOCK-c->num);
+                        md5_block(c,p,64);
+                        c->num=0;
+                        /* drop through and do the rest */
+                        }
+                else
+                        {
+                        int ew,ec;
+                        c->num+=(int)len;
+                        if ((sc+len) < 4) /* ugly, add char's to a word */
+                                {
+                                l= p[sw];
+                                p_c2l_p(data,l,sc,len);
+                                p[sw]=l;
+                                }
+                        else
+                                {
+                                ew=(c->num>>2);
+                                ec=(c->num&0x03);
+                                l= p[sw];
+                                p_c2l(data,l,sc);
+                                p[sw++]=l;
+                                for (; sw < ew; sw++)
+                                        { c2l(data,l); p[sw]=l; }
+                                if (ec)
+                                        {
+                                        c2l_p(data,l,ec);
+                                        p[sw]=l;
+                                        }
+                                }
+                        return;
+                        }
+                }
+        /* we now can process the input data in blocks of MD5_CBLOCK
+         * chars and save the leftovers to c->data. */
+#ifdef L_ENDIAN
+        if ((((unsigned long)data)%sizeof(ULONG)) == 0)
+                {
+                sw=(int)len/MD5_CBLOCK;
+                if (sw > 0)
+                        {
+                        sw*=MD5_CBLOCK;
+                        md5_block(c,(ULONG *)data,sw);
+                        data+=sw;
+                        len-=sw;
+                        }
+                }
+#endif
+        p=c->data;
+        while (len >= MD5_CBLOCK)
+                {
+#if defined(L_ENDIAN) || defined(B_ENDIAN)
+                if (p != (unsigned long *)data)
+                        memcpy(p,data,MD5_CBLOCK);
+                data+=MD5_CBLOCK;
+#ifdef B_ENDIAN
+                for (sw=(MD5_LBLOCK/4); sw; sw--)
+                        {
+                        Endian_Reverse32(p[0]);
+                        Endian_Reverse32(p[1]);
+                        Endian_Reverse32(p[2]);
+                        Endian_Reverse32(p[3]);
+                        p+=4;
+                        }
+#endif
+#else
+                for (sw=(MD5_LBLOCK/4); sw; sw--)
+                        {
+                        c2l(data,l); *(p++)=l;
+                        c2l(data,l); *(p++)=l;
+                        c2l(data,l); *(p++)=l;
+                        c2l(data,l); *(p++)=l; 
+                        } 
+#endif
+                p=c->data;
+                md5_block(c,p,64);
+                len-=MD5_CBLOCK;
+                }
+        sc=(int)len;
+        c->num=sc;
+        if (sc)
+                {
+                sw=sc>>2;       /* words to copy */
+#ifdef L_ENDIAN
+                p[sw]=0;
+                memcpy(p,data,sc);
+#else
+                sc&=0x03;
+                for ( ; sw; sw--)
+                        { c2l(data,l); *(p++)=l; }
+                c2l_p(data,l,sc);
+                *p=l;
+#endif
+                }
+        }
+void MD5_Transform(c,b)
+MD5_CTX *c;
+unsigned char *b;
+        {
+        ULONG p[16];
+#if !defined(L_ENDIAN)
+        ULONG *q;
+        int i;
+#endif
+#if defined(B_ENDIAN) || defined(L_ENDIAN)
+        memcpy(p,b,64);
+#ifdef B_ENDIAN
+        q=p;
+        for (i=(MD5_LBLOCK/4); i; i--)
+                {
+                Endian_Reverse32(q[0]);
+                Endian_Reverse32(q[1]);
+                Endian_Reverse32(q[2]);
+                Endian_Reverse32(q[3]);
+                q+=4;
+                }
+#endif
+#else
+        q=p;
+        for (i=(MD5_LBLOCK/4); i; i--)
+                {
+                ULONG l;
+                c2l(b,l); *(q++)=l;
+                c2l(b,l); *(q++)=l;
+                c2l(b,l); *(q++)=l;
+                c2l(b,l); *(q++)=l; 
+                } 
+#endif
+        md5_block(c,p,64);
+        }
+#ifndef MD5_ASM
+static void md5_block(c, X, num)
+MD5_CTX *c;
+register ULONG *X;
+int num;
+        {
+        register ULONG A,B,C,D;
+        A=c->A;
+        B=c->B;
+        C=c->C;
+        D=c->D;
+        for (;;)
+                {
+        /* Round 0 */
+        R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
+        R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
+        R0(C,D,A,B,X[ 2],17,0x242070dbL);
+        R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
+        R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);
+        R0(D,A,B,C,X[ 5],12,0x4787c62aL);
+        R0(C,D,A,B,X[ 6],17,0xa8304613L);
+        R0(B,C,D,A,X[ 7],22,0xfd469501L);
+        R0(A,B,C,D,X[ 8], 7,0x698098d8L);
+        R0(D,A,B,C,X[ 9],12,0x8b44f7afL);
+        R0(C,D,A,B,X[10],17,0xffff5bb1L);
+        R0(B,C,D,A,X[11],22,0x895cd7beL);
+        R0(A,B,C,D,X[12], 7,0x6b901122L);
+        R0(D,A,B,C,X[13],12,0xfd987193L);
+        R0(C,D,A,B,X[14],17,0xa679438eL);
+        R0(B,C,D,A,X[15],22,0x49b40821L);
+        /* Round 1 */
+        R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
+        R1(D,A,B,C,X[ 6], 9,0xc040b340L);
+        R1(C,D,A,B,X[11],14,0x265e5a51L);
+        R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
+        R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
+        R1(D,A,B,C,X[10], 9,0x02441453L);
+        R1(C,D,A,B,X[15],14,0xd8a1e681L);
+        R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
+        R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
+        R1(D,A,B,C,X[14], 9,0xc33707d6L);
+        R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
+        R1(B,C,D,A,X[ 8],20,0x455a14edL);
+        R1(A,B,C,D,X[13], 5,0xa9e3e905L);
+        R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
+        R1(C,D,A,B,X[ 7],14,0x676f02d9L);
+        R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
+        /* Round 2 */
+        R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
+        R2(D,A,B,C,X[ 8],11,0x8771f681L);
+        R2(C,D,A,B,X[11],16,0x6d9d6122L);
+        R2(B,C,D,A,X[14],23,0xfde5380cL);
+        R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
+        R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
+        R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
+        R2(B,C,D,A,X[10],23,0xbebfbc70L);
+        R2(A,B,C,D,X[13], 4,0x289b7ec6L);
+        R2(D,A,B,C,X[ 0],11,0xeaa127faL);
+        R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
+        R2(B,C,D,A,X[ 6],23,0x04881d05L);
+        R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
+        R2(D,A,B,C,X[12],11,0xe6db99e5L);
+        R2(C,D,A,B,X[15],16,0x1fa27cf8L);
+        R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
+        /* Round 3 */
+        R3(A,B,C,D,X[ 0], 6,0xf4292244L);
+        R3(D,A,B,C,X[ 7],10,0x432aff97L);
+        R3(C,D,A,B,X[14],15,0xab9423a7L);
+        R3(B,C,D,A,X[ 5],21,0xfc93a039L);
+        R3(A,B,C,D,X[12], 6,0x655b59c3L);
+        R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
+        R3(C,D,A,B,X[10],15,0xffeff47dL);
+        R3(B,C,D,A,X[ 1],21,0x85845dd1L);
+        R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
+        R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
+        R3(C,D,A,B,X[ 6],15,0xa3014314L);
+        R3(B,C,D,A,X[13],21,0x4e0811a1L);
+        R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
+        R3(D,A,B,C,X[11],10,0xbd3af235L);
+        R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
+        R3(B,C,D,A,X[ 9],21,0xeb86d391L);
+        A+=c->A&0xffffffffL;
+        B+=c->B&0xffffffffL;
+        c->A=A;
+        c->B=B;
+        C+=c->C&0xffffffffL;
+        D+=c->D&0xffffffffL;
+        c->C=C;
+        c->D=D;
+        X+=16;
+        num-=64;
+        if (num <= 0) break;
+                }
+        }
+#endif
+void MD5_Final(md, c)
+unsigned char *md;
+MD5_CTX *c;
+        {
+        register int i,j;
+        register ULONG l;
+        register ULONG *p;
+        static unsigned char end[4]={0x80,0x00,0x00,0x00};
+        unsigned char *cp=end;
+        /* c->num should definitly have room for at least one more byte. */
+        p=c->data;
+        j=c->num;
+        i=j>>2;
+        /* purify often complains about the following line as an
+         * Uninitialized Memory Read.  While this can be true, the
+         * following p_c2l macro will reset l when that case is true.
+         * This is because j&0x03 contains the number of 'valid' bytes
+         * already in p[i].  If and only if j&0x03 == 0, the UMR will
+         * occur but this is also the only time p_c2l will do
+         * l= *(cp++) instead of l|= *(cp++)
+         * Many thanks to Alex Tang <altitude@cic.net> for pickup this
+         * 'potential bug' */
+#ifdef PURIFY
+        if ((j&0x03) == 0) p[i]=0;
+#endif
+        l=p[i];
+        p_c2l(cp,l,j&0x03);
+        p[i]=l;
+        i++;
+        /* i is the next 'undefined word' */
+        if (c->num >= MD5_LAST_BLOCK)
+                {
+                for (; i<MD5_LBLOCK; i++)
+                        p[i]=0;
+                md5_block(c,p,64);
+                i=0;
+                }
+        for (; i<(MD5_LBLOCK-2); i++)
+                p[i]=0;
+        p[MD5_LBLOCK-2]=c->Nl;
+        p[MD5_LBLOCK-1]=c->Nh;
+        md5_block(c,p,64);
+        cp=md;
+        l=c->A; l2c(l,cp);
+        l=c->B; l2c(l,cp);
+        l=c->C; l2c(l,cp);
+        l=c->D; l2c(l,cp);
+        /* clear stuff, md5_block may be leaving some stuff on the stack
+         * but I'm not worried :-) */
+        c->num=0;
+/*      memset((char *)&c,0,sizeof(c));*/
+        }
+#ifdef undef
+int printit(l)
+unsigned long *l;
+        {
+        int i,ii;
+        for (i=0; i<2; i++)
+                {
+                for (ii=0; ii<8; ii++)
+                        {
+                        fprintf(stderr,"%08lx ",l[i*8+ii]);
+                        }
+                fprintf(stderr,"\n");
+                }
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/md5/md5_locl.h b/src/lib/libssl/src/crypto/md5/md5_locl.h
new file mode 100644
index 0000000000..dbbe1b71ca
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md5/md5_locl.h
@@ -0,0 +1,195 @@
+/* crypto/md5/md5_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* On sparc, this actually slows things down :-( */
+#if defined(sun)
+#undef B_ENDIAN
+#endif
+#include <stdlib.h>
+#include <string.h>
+#include "md5.h"
+#define ULONG   unsigned long
+#define UCHAR   unsigned char
+#define UINT    unsigned int
+#if defined(NOCONST)
+#define const
+#endif
+#undef c2l
+#define c2l(c,l)        (l = ((unsigned long)(*((c)++)))     , \
+                         l|=(((unsigned long)(*((c)++)))<< 8), \
+                         l|=(((unsigned long)(*((c)++)))<<16), \
+                         l|=(((unsigned long)(*((c)++)))<<24))
+#undef p_c2l
+#define p_c2l(c,l,n)    { \
+                        switch (n) { \
+                        case 0: l =((unsigned long)(*((c)++))); \
+                        case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+                        case 2: l|=((unsigned long)(*((c)++)))<<16; \
+                        case 3: l|=((unsigned long)(*((c)++)))<<24; \
+                                } \
+                        }
+/* NOTE the pointer is not incremented at the end of this */
+#undef c2l_p
+#define c2l_p(c,l,n)    { \
+                        l=0; \
+                        (c)+=n; \
+                        switch (n) { \
+                        case 3: l =((unsigned long)(*(--(c))))<<16; \
+                        case 2: l|=((unsigned long)(*(--(c))))<< 8; \
+                        case 1: l|=((unsigned long)(*(--(c))))    ; \
+                                } \
+                        }
+#undef p_c2l_p
+#define p_c2l_p(c,l,sc,len) { \
+                        switch (sc) \
+                                { \
+                        case 0: l =((unsigned long)(*((c)++))); \
+                                if (--len == 0) break; \
+                        case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+                                if (--len == 0) break; \
+                        case 2: l|=((unsigned long)(*((c)++)))<<16; \
+                                } \
+                        }
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)    )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff))
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                                } \
+                        }
+/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
+#if defined(WIN32)
+/* 5 instructions with rotate instruction, else 9 */
+#define Endian_Reverse32(a) \
+        { \
+        unsigned long l=(a); \
+        (a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
+        }
+#else
+/* 6 instructions with rotate instruction, else 8 */
+#define Endian_Reverse32(a) \
+        { \
+        unsigned long l=(a); \
+        l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
+        (a)=ROTATE(l,16L); \
+        }
+#endif
+/*
+#define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
+#define G(x,y,z)        (((x) & (z))  |  ((y) & (~(z))))
+*/
+/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
+ * simplified to the code below.  Wei attributes these optimisations
+ * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
+ */
+#define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
+#define G(b,c,d)        ((((b) ^ (c)) & (d)) ^ (c))
+#define H(b,c,d)        ((b) ^ (c) ^ (d))
+#define I(b,c,d)        (((~(d)) | (b)) ^ (c))
+#undef ROTATE
+#if defined(WIN32)
+#define ROTATE(a,n)     _lrotl(a,n)
+#else
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+#define R0(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+F((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };\
+#define R1(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+G((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
+#define R2(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+H((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
+#define R3(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+I((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
diff --git a/src/lib/libssl/src/crypto/md5/md5_one.c b/src/lib/libssl/src/crypto/md5/md5_one.c
new file mode 100644
index 0000000000..ab6bb435f9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md5/md5_one.c
@@ -0,0 +1,77 @@
+/* crypto/md5/md5_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "md5_locl.h"
+unsigned char *MD5(d, n, md)
+unsigned char *d;
+unsigned long n;
+unsigned char *md;
+        {
+        MD5_CTX c;
+        static unsigned char m[MD5_DIGEST_LENGTH];
+        if (md == NULL) md=m;
+        MD5_Init(&c);
+        MD5_Update(&c,d,n);
+        MD5_Final(md,&c);
+        memset(&c,0,sizeof(c)); /* security consideration */
+        return(md);
+        }
diff --git a/src/lib/libssl/src/crypto/md5/md5s.cpp b/src/lib/libssl/src/crypto/md5/md5s.cpp
new file mode 100644
index 0000000000..ef8e175df0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md5/md5s.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "md5.h"
+extern "C" {
+void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
+}
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        MD5_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        md5_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        md5_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        md5_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        md5_block_x86(&ctx,buffer,num);
+                        }
+                printf("md5 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/md5/md5test.c b/src/lib/libssl/src/crypto/md5/md5test.c
new file mode 100644
index 0000000000..74b84bc67f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md5/md5test.c
@@ -0,0 +1,130 @@
+/* crypto/md5/md5test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "md5.h"
+char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+char *ret[]={
+        "d41d8cd98f00b204e9800998ecf8427e",
+        "0cc175b9c0f1b6a831c399e269772661",
+        "900150983cd24fb0d6963f7d28e17f72",
+        "f96b697d7cb7938d525a2f31aaf161d0",
+        "c3fcd3d76192e4007dfb496cca67e13b",
+        "d174ab98d277d9f5a5611c2c9f419d9f",
+        "57edf4a22be3c955ac49da2e2107b67a",
+        };
+#ifndef NOPROTO
+static char *pt(unsigned char *md);
+#else
+static char *pt();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        char *p;
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                p=pt(MD5(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating MD5 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        exit(err);
+        return(0);
+        }
+static char *pt(md)
+unsigned char *md;
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<MD5_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2.h b/src/lib/libssl/src/crypto/mdc2/mdc2.h
new file mode 100644
index 0000000000..0b104be184
--- /dev/null
+++ b/src/lib/libssl/src/crypto/mdc2/mdc2.h
@@ -0,0 +1,100 @@
+/* crypto/mdc2/mdc2.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_MDC2_H
+#define HEADER_MDC2_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "des.h"
+#define MDC2_BLOCK              8
+#define MDC2_DIGEST_LENGTH      16
+ 
+typedef struct mdc2_ctx_st
+        {
+        int num;
+        unsigned char data[MDC2_BLOCK];
+        des_cblock h,hh;
+        int pad_type; /* either 1 or 2, default 1 */
+        } MDC2_CTX;
+#ifndef NOPROTO
+void MDC2_Init(MDC2_CTX *c);
+void MDC2_Update(MDC2_CTX *c, unsigned char *data, unsigned long len);
+void MDC2_Final(unsigned char *md, MDC2_CTX *c);
+unsigned char *MDC2(unsigned char *d, unsigned long n, unsigned char *md);
+#else
+void MDC2_Init();
+void MDC2_Update();
+void MDC2_Final();
+unsigned char *MDC2();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/mem.c b/src/lib/libssl/src/crypto/mem.c
new file mode 100644
index 0000000000..72e501ad0f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/mem.c
@@ -0,0 +1,353 @@
+/* crypto/mem.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "buffer.h"
+#include "bio.h"
+#include "lhash.h"
+#include "cryptlib.h"
+static int mh_mode=CRYPTO_MEM_CHECK_OFF;
+static unsigned long order=0;
+static LHASH *mh=NULL;
+typedef struct mem_st
+        {
+        char *addr;
+        int num;
+        char *file;
+        int line;
+        unsigned long order;
+        } MEM;
+int CRYPTO_mem_ctrl(mode)
+int mode;
+        {
+        int ret=mh_mode;
+        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+        switch (mode)
+                {
+        case CRYPTO_MEM_CHECK_ON:
+                mh_mode|=CRYPTO_MEM_CHECK_ON;
+                break;
+        case CRYPTO_MEM_CHECK_OFF:
+                mh_mode&= ~CRYPTO_MEM_CHECK_ON;
+                break;
+        default:
+                break;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+        return(ret);
+        }
+static int mem_cmp(a,b)
+MEM *a,*b;
+        {
+        return(a->addr - b->addr);
+        }
+static unsigned long mem_hash(a)
+MEM *a;
+        {
+        unsigned long ret;
+        ret=(unsigned long)a->addr;
+        ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
+        return(ret);
+        }
+static char *(*malloc_func)()=  (char *(*)())malloc;
+static char *(*realloc_func)()= (char *(*)())realloc;
+static void (*free_func)()=     (void (*)())free;
+void CRYPTO_set_mem_functions(m,r,f)
+char *(*m)();
+char *(*r)();
+void (*f)();
+        {
+        if ((m == NULL) || (r == NULL) || (f == NULL)) return;
+        malloc_func=m;
+        realloc_func=r;
+        free_func=f;
+        }
+void CRYPTO_get_mem_functions(m,r,f)
+char *(**m)();
+char *(**r)();
+void (**f)();
+        {
+        if (m != NULL) *m=malloc_func;
+        if (r != NULL) *r=realloc_func;
+        if (f != NULL) *f=free_func;
+        }
+char *CRYPTO_malloc(num)
+int num;
+        {
+        return(malloc_func(num));
+        }
+char *CRYPTO_realloc(str,num)
+char *str;
+int num;
+        {
+        return(realloc_func(str,num));
+        }
+void CRYPTO_free(str)
+char *str;
+        {
+        free_func(str);
+        }
+char *CRYPTO_dbg_malloc(num,file,line)
+int num;
+char *file;
+int line;
+        {
+        char *ret;
+        MEM *m,*mm;
+        if ((ret=malloc_func(num)) == NULL)
+                return(NULL);
+        if (mh_mode & CRYPTO_MEM_CHECK_ON)
+                {
+                if ((m=(MEM *)malloc(sizeof(MEM))) == NULL)
+                        {
+                        free(ret);
+                        return(NULL);
+                        }
+                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+                if (mh == NULL)
+                        {
+                        if ((mh=lh_new(mem_hash,mem_cmp)) == NULL)
+                                {
+                                free(ret);
+                                free(m);
+                                return(NULL);
+                                }
+                        }
+                m->addr=ret;
+                m->file=file;
+                m->line=line;
+                m->num=num;
+                m->order=order++;
+                if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
+                        {
+                        /* Not good, but don't sweat it */
+                        free(mm);
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+                }
+        return(ret);
+        }
+void CRYPTO_dbg_free(addr)
+char *addr;
+        {
+        MEM m,*mp;
+        if ((mh_mode & CRYPTO_MEM_CHECK_ON) && (mh != NULL))
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+                m.addr=addr;
+                mp=(MEM *)lh_delete(mh,(char *)&m);
+                if (mp != NULL)
+                        free(mp);
+                CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+                }
+        free_func(addr);
+        }
+char *CRYPTO_dbg_realloc(addr,num,file,line)
+char *addr;
+int num;
+char *file;
+int line;
+        {
+        char *ret;
+        MEM m,*mp;
+        ret=realloc_func(addr,num);
+        if (ret == addr) return(ret);
+        if (mh_mode & CRYPTO_MEM_CHECK_ON)
+                {
+                if (ret == NULL) return(NULL);
+                m.addr=addr;
+                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+                mp=(MEM *)lh_delete(mh,(char *)&m);
+                if (mp != NULL)
+                        {
+                        mp->addr=ret;
+                        lh_insert(mh,(char *)mp);
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+                }
+        return(ret);
+        }
+char *CRYPTO_remalloc(a,n)
+char *a;
+int n;
+        {
+        if (a != NULL) Free(a);
+        a=(char *)Malloc(n);
+        return(a);
+        }
+char *CRYPTO_dbg_remalloc(a,n,file,line)
+char *a;
+int n;
+char *file;
+int line;
+        {
+        if (a != NULL) CRYPTO_dbg_free(a);
+        a=(char *)CRYPTO_dbg_malloc(n,file,line);
+        return(a);
+        }
+typedef struct mem_leak_st
+        {
+        BIO *bio;
+        int chunks;
+        long bytes;
+        } MEM_LEAK;
+static void print_leak(m,l)
+MEM *m;
+MEM_LEAK *l;
+        {
+        char buf[128];
+        sprintf(buf,"%5ld file=%s, line=%d, number=%d, address=%08lX\n",
+                m->order,m->file,m->line,m->num,(long)m->addr);
+        BIO_puts(l->bio,buf);
+        l->chunks++;
+        l->bytes+=m->num;
+        }
+void CRYPTO_mem_leaks(b)
+BIO *b;
+        {
+        MEM_LEAK ml;
+        char buf[80];
+        if (mh == NULL) return;
+        ml.bio=b;
+        ml.bytes=0;
+        ml.chunks=0;
+        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+        lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml);
+        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+        if (ml.chunks != 0)
+                {
+                sprintf(buf,"%ld bytes leaked in %d chunks\n",
+                        ml.bytes,ml.chunks);
+                BIO_puts(b,buf);
+                }
+        /*
+        lh_stats_bio(mh,b);
+        lh_node_stats_bio(mh,b);
+        lh_node_usage_stats_bio(mh,b);
+        */
+        }
+static void (*mem_cb)()=NULL;
+static void cb_leak(m,cb)
+MEM *m;
+char *cb;
+        {
+        void (*mem_callback)()=(void (*)())cb;
+        mem_callback(m->order,m->file,m->line,m->num,m->addr);
+        }
+void CRYPTO_mem_leaks_cb(cb)
+void (*cb)();
+        {
+        if (mh == NULL) return;
+        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+        mem_cb=cb;
+        lh_doall_arg(mh,(void (*)())cb_leak,(char *)mem_cb);
+        mem_cb=NULL;
+        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+        }
+#ifndef NO_FP_API
+void CRYPTO_mem_leaks_fp(fp)
+FILE *fp;
+        {
+        BIO *b;
+        if (mh == NULL) return;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                return;
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        CRYPTO_mem_leaks(b);
+        BIO_free(b);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c
new file mode 100644
index 0000000000..34866ebbd2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.c
@@ -0,0 +1,578 @@
+/* crypto/objects/obj_dat.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include "lhash.h"
+#include "asn1.h"
+#include "objects.h"
+/* obj_dat.h is generated from objects.h by obj_dat.pl */
+#include "obj_dat.h"
+#ifndef NOPROTO
+static int sn_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
+static int ln_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
+static int obj_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
+#else
+static int sn_cmp();
+static int ln_cmp();
+static int obj_cmp();
+#endif
+#define ADDED_DATA      0
+#define ADDED_SNAME     1
+#define ADDED_LNAME     2
+#define ADDED_NID       3
+typedef struct added_obj_st
+        {
+        int type;
+        ASN1_OBJECT *obj;
+        } ADDED_OBJ;
+static int new_nid=NUM_NID;
+static LHASH *added=NULL;
+static int sn_cmp(ap,bp)
+ASN1_OBJECT **ap;
+ASN1_OBJECT **bp;
+        { return(strcmp((*ap)->sn,(*bp)->sn)); }
+static int ln_cmp(ap,bp)
+ASN1_OBJECT **ap;
+ASN1_OBJECT **bp;
+        { return(strcmp((*ap)->ln,(*bp)->ln)); }
+static unsigned long add_hash(ca)
+ADDED_OBJ *ca;
+        {
+        ASN1_OBJECT *a;
+        int i;
+        unsigned long ret=0;
+        unsigned char *p;
+        a=ca->obj;
+        switch (ca->type)
+                {
+        case ADDED_DATA:
+                ret=a->length<<20L;
+                p=(unsigned char *)a->data;
+                for (i=0; i<a->length; i++)
+                        ret^=p[i]<<((i*3)%24);
+                break;
+        case ADDED_SNAME:
+                ret=lh_strhash(a->sn);
+                break;
+        case ADDED_LNAME:
+                ret=lh_strhash(a->ln);
+                break;
+        case ADDED_NID:
+                ret=a->nid;
+                break;
+        default:
+                abort();
+                }
+        ret&=0x3fffffffL;
+        ret|=ca->type<<30L;
+        return(ret);
+        }
+static int add_cmp(ca,cb)
+ADDED_OBJ *ca,*cb;
+        {
+        ASN1_OBJECT *a,*b;
+        int i;
+        i=ca->type-cb->type;
+        if (i) return(i);
+        a=ca->obj;
+        b=cb->obj;
+        switch (ca->type)
+                {
+        case ADDED_DATA:
+                i=(a->length - b->length);
+                if (i) return(i);
+                return(memcmp(a->data,b->data,a->length));
+        case ADDED_SNAME:
+                if (a->sn == NULL) return(-1);
+                else if (b->sn == NULL) return(1);
+                else return(strcmp(a->sn,b->sn));
+        case ADDED_LNAME:
+                if (a->ln == NULL) return(-1);
+                else if (b->ln == NULL) return(1);
+                else return(strcmp(a->ln,b->ln));
+        case ADDED_NID:
+                return(a->nid-b->nid);
+        default:
+                abort();
+                }
+        }
+static int init_added()
+        {
+        if (added != NULL) return(1);
+        added=lh_new(add_hash,add_cmp);
+        return(added != NULL);
+        }
+static void cleanup1(a)
+ADDED_OBJ *a;
+        {
+        a->obj->nid=0;
+        a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC|
+                        ASN1_OBJECT_FLAG_DYNAMIC_STRINGS;
+        }
+static void cleanup2(a)
+ADDED_OBJ *a;
+        { a->obj->nid++; }
+static void cleanup3(a)
+ADDED_OBJ *a;
+        {
+        if (--a->obj->nid == 0)
+                ASN1_OBJECT_free(a->obj);
+        Free(a);
+        }
+void OBJ_cleanup()
+        {
+        if (added == NULL) return;
+        added->down_load=0;
+        lh_doall(added,cleanup1); /* zero counters */
+        lh_doall(added,cleanup2); /* set counters */
+        lh_doall(added,cleanup3); /* free objects */
+        lh_free(added);
+        added=NULL;
+        }
+int OBJ_new_nid(num)
+int num;
+        {
+        int i;
+        i=new_nid;
+        new_nid+=num;
+        return(i);
+        }
+int OBJ_add_object(obj)
+ASN1_OBJECT *obj;
+        {
+        ASN1_OBJECT *o;
+        ADDED_OBJ *ao[4],*aop;
+        int i;
+        if (added == NULL)
+                if (!init_added()) return(0);
+        if ((o=OBJ_dup(obj)) == NULL) goto err;
+        ao[ADDED_DATA]=NULL;
+        ao[ADDED_SNAME]=NULL;
+        ao[ADDED_LNAME]=NULL;
+        ao[ADDED_NID]=NULL;
+        ao[ADDED_NID]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+        if ((o->length != 0) && (obj->data != NULL))
+                ao[ADDED_DATA]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+        if (o->sn != NULL)
+                ao[ADDED_SNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+        if (o->ln != NULL)
+                ao[ADDED_LNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+        for (i=ADDED_DATA; i<=ADDED_NID; i++)
+                {
+                if (ao[i] != NULL)
+                        {
+                        ao[i]->type=i;
+                        ao[i]->obj=o;
+                        aop=(ADDED_OBJ *)lh_insert(added,(char *)ao[i]);
+                        /* memory leak, buit should not normally matter */
+                        if (aop != NULL)
+                                Free(aop);
+                        }
+                }
+        o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS);
+        return(o->nid);
+err:
+        for (i=ADDED_DATA; i<=ADDED_NID; i++)
+                if (ao[i] != NULL) Free(ao[i]);
+        if (o != NULL) Free(o);
+        return(NID_undef);
+        }
+ASN1_OBJECT *OBJ_nid2obj(n)
+int n;
+        {
+        ADDED_OBJ ad,*adp;
+        ASN1_OBJECT ob;
+        if ((n >= 0) && (n < NUM_NID))
+                {
+                if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
+                        {
+                        OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
+                        return(NULL);
+                        }
+                return((ASN1_OBJECT *)&(nid_objs[n]));
+                }
+        else if (added == NULL)
+                return(NULL);
+        else
+                {
+                ad.type=ADDED_NID;
+                ad.obj= &ob;
+                ob.nid=n;
+                adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+                if (adp != NULL)
+                        return(adp->obj);
+                else
+                        {
+                        OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
+                        return(NULL);
+                        }
+                }
+        }
+char *OBJ_nid2sn(n)
+int n;
+        {
+        ADDED_OBJ ad,*adp;
+        ASN1_OBJECT ob;
+        if ((n >= 0) && (n < NUM_NID))
+                {
+                if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
+                        {
+                        OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
+                        return(NULL);
+                        }
+                return(nid_objs[n].sn);
+                }
+        else if (added == NULL)
+                return(NULL);
+        else
+                {
+                ad.type=ADDED_NID;
+                ad.obj= &ob;
+                ob.nid=n;
+                adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+                if (adp != NULL)
+                        return(adp->obj->sn);
+                else
+                        {
+                        OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
+                        return(NULL);
+                        }
+                }
+        }
+char *OBJ_nid2ln(n)
+int n;
+        {
+        ADDED_OBJ ad,*adp;
+        ASN1_OBJECT ob;
+        if ((n >= 0) && (n < NUM_NID))
+                {
+                if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
+                        {
+                        OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
+                        return(NULL);
+                        }
+                return(nid_objs[n].ln);
+                }
+        else if (added == NULL)
+                return(NULL);
+        else
+                {
+                ad.type=ADDED_NID;
+                ad.obj= &ob;
+                ob.nid=n;
+                adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+                if (adp != NULL)
+                        return(adp->obj->ln);
+                else
+                        {
+                        OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
+                        return(NULL);
+                        }
+                }
+        }
+int OBJ_obj2nid(a)
+ASN1_OBJECT *a;
+        {
+        ASN1_OBJECT **op;
+        ADDED_OBJ ad,*adp;
+        if (a == NULL)
+                return(NID_undef);
+        if (a->nid != 0)
+                return(a->nid);
+        if (added != NULL)
+                {
+                ad.type=ADDED_DATA;
+                ad.obj=a;
+                adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+                if (adp != NULL) return (adp->obj->nid);
+                }
+        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ,
+                sizeof(ASN1_OBJECT *),(int (*)())obj_cmp);
+        if (op == NULL)
+                return(NID_undef);
+        return((*op)->nid);
+        }
+int OBJ_txt2nid(s)
+char *s;
+        {
+        int ret;
+        ret=OBJ_sn2nid(s);
+        if (ret == NID_undef)
+                {
+                ret=OBJ_ln2nid(s);
+                if (ret == NID_undef)
+                        {
+                        ASN1_OBJECT *op=NULL;
+                        unsigned char *buf,*p;
+                        int i;
+                        i=a2d_ASN1_OBJECT(NULL,0,s,-1);
+                        if (i <= 0)
+                                {
+                                /* clear the error */
+                                ERR_get_error();
+                                return(0);
+                                }
+                        if ((buf=(unsigned char *)Malloc(i)) == NULL)
+                                return(NID_undef);
+                        a2d_ASN1_OBJECT(buf,i,s,-1);
+                        p=buf;
+                        op=d2i_ASN1_OBJECT(NULL,&p,i);
+                        if (op == NULL) return(NID_undef);
+                        ret=OBJ_obj2nid(op);
+                        ASN1_OBJECT_free(op);
+                        Free(buf);
+                        }
+                }
+        return(ret);
+        }
+int OBJ_ln2nid(s)
+char *s;
+        {
+        ASN1_OBJECT o,*oo= &o,**op;
+        ADDED_OBJ ad,*adp;
+        o.ln=s;
+        if (added != NULL)
+                {
+                ad.type=ADDED_LNAME;
+                ad.obj= &o;
+                adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+                if (adp != NULL) return (adp->obj->nid);
+                }
+        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN,
+                sizeof(ASN1_OBJECT *),(int (*)())ln_cmp);
+        if (op == NULL) return(NID_undef);
+        return((*op)->nid);
+        }
+int OBJ_sn2nid(s)
+char *s;
+        {
+        ASN1_OBJECT o,*oo= &o,**op;
+        ADDED_OBJ ad,*adp;
+        o.sn=s;
+        if (added != NULL)
+                {
+                ad.type=ADDED_SNAME;
+                ad.obj= &o;
+                adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+                if (adp != NULL) return (adp->obj->nid);
+                }
+        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
+                sizeof(ASN1_OBJECT *),(int (*)())sn_cmp);
+        if (op == NULL) return(NID_undef);
+        return((*op)->nid);
+        }
+static int obj_cmp(ap, bp)
+ASN1_OBJECT **ap;
+ASN1_OBJECT **bp;
+        {
+        int j;
+        ASN1_OBJECT *a= *ap;
+        ASN1_OBJECT *b= *bp;
+        j=(a->length - b->length);
+        if (j) return(j);
+        return(memcmp(a->data,b->data,a->length));
+        }
+char *OBJ_bsearch(key,base,num,size,cmp)
+char *key;
+char *base;
+int num;
+int size;
+int (*cmp)();
+        {
+        int l,h,i,c;
+        char *p;
+        if (num == 0) return(NULL);
+        l=0;
+        h=num;
+        while (l < h)
+                {
+                i=(l+h)/2;
+                p= &(base[i*size]);
+                c=(*cmp)(key,p);
+                if (c < 0)
+                        h=i;
+                else if (c > 0)
+                        l=i+1;
+                else
+                        return(p);
+                }
+        return(NULL);
+        }
+int OBJ_create_objects(in)
+BIO *in;
+        {
+        MS_STATIC char buf[512];
+        int i,num= -1;
+        char *o,*s,*l=NULL;
+        for (;;)
+                {
+                s=o=NULL;
+                i=BIO_gets(in,buf,512);
+                if (i <= 0) return(num);
+                buf[i-1]='\0';
+                if (!isalnum(buf[0])) return(num);
+                o=s=buf;
+                while (isdigit(*s) || (*s == '.'))
+                        s++;
+                if (*s != '\0')
+                        {
+                        *(s++)='\0';
+                        while (isspace(*s))
+                                s++;
+                        if (*s == '\0')
+                                s=NULL;
+                        else
+                                {
+                                l=s;
+                                while ((*l != '\0') && !isspace(*l))
+                                        l++;
+                                if (*l != '\0')
+                                        {
+                                        *(l++)='\0';
+                                        while (isspace(*l))
+                                                l++;
+                                        if (*l == '\0') l=NULL;
+                                        }
+                                else
+                                        l=NULL;
+                                }
+                        }
+                else
+                        s=NULL;
+                if ((o == NULL) || (*o == '\0')) return(num);
+                if (!OBJ_create(o,s,l)) return(num);
+                num++;
+                }
+        return(num);
+        }
+int OBJ_create(oid,sn,ln)
+char *oid;
+char *sn;
+char *ln;
+        {
+        int ok=0;
+        ASN1_OBJECT *op=NULL;
+        unsigned char *buf;
+        int i;
+        i=a2d_ASN1_OBJECT(NULL,0,oid,-1);
+        if (i <= 0) return(0);
+        if ((buf=(unsigned char *)Malloc(i)) == NULL)
+                {
+                OBJerr(OBJ_F_OBJ_CREATE,OBJ_R_MALLOC_FAILURE);
+                return(0);
+                }
+        i=a2d_ASN1_OBJECT(buf,i,oid,-1);
+        op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln);
+        if (op == NULL) 
+                goto err;
+        ok=OBJ_add_object(op);
+err:
+        ASN1_OBJECT_free(op);
+        Free((char *)buf);
+        return(ok);
+        }
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.h b/src/lib/libssl/src/crypto/objects/obj_dat.h
new file mode 100644
index 0000000000..48143ae3c7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.h
@@ -0,0 +1,656 @@
+/* lib/obj/obj_dat.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
+ * following command:
+ * perl obj_dat.pl < objects.h > obj_dat.h
+ */
+#define NUM_NID 124
+#define NUM_SN 95
+#define NUM_LN 122
+#define NUM_OBJ 95
+static unsigned char lvalues[600]={
+0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,     /* [ 21] OBJ_md5 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,     /* [ 29] OBJ_rc4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 55] OBJ_md5WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 64] OBJ_pbeWithMD2AndDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 73] OBJ_pbeWithMD5AndDES_CBC */
+0x55,                                        /* [ 82] OBJ_X500 */
+0x55,0x04,                                   /* [ 83] OBJ_X509 */
+0x55,0x04,0x03,                              /* [ 85] OBJ_commonName */
+0x55,0x04,0x06,                              /* [ 88] OBJ_countryName */
+0x55,0x04,0x07,                              /* [ 91] OBJ_localityName */
+0x55,0x04,0x08,                              /* [ 94] OBJ_stateOrProvinceName */
+0x55,0x04,0x0A,                              /* [ 97] OBJ_organizationName */
+0x55,0x04,0x0B,                              /* [100] OBJ_organizationalUnitName */
+0x55,0x08,0x01,0x01,                         /* [103] OBJ_rsa */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,     /* [107] OBJ_pkcs7 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [115] OBJ_pkcs7_data */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [124] OBJ_pkcs7_signed */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [133] OBJ_pkcs7_enveloped */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [142] OBJ_pkcs7_signedAndEnveloped */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [151] OBJ_pkcs7_digest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [160] OBJ_pkcs7_encrypted */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,     /* [169] OBJ_pkcs3 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [177] OBJ_dhKeyAgreement */
+0x2B,0x0E,0x03,0x02,0x06,                    /* [186] OBJ_des_ecb */
+0x2B,0x0E,0x03,0x02,0x09,                    /* [191] OBJ_des_cfb64 */
+0x2B,0x0E,0x03,0x02,0x07,                    /* [196] OBJ_des_cbc */
+0x2B,0x0E,0x03,0x02,0x11,                    /* [201] OBJ_des_ede */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [206] OBJ_rc2_cbc */
+0x2B,0x0E,0x03,0x02,0x12,                    /* [214] OBJ_sha */
+0x2B,0x0E,0x03,0x02,0x0F,                    /* [219] OBJ_shaWithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,     /* [224] OBJ_des_ede3_cbc */
+0x2B,0x0E,0x03,0x02,0x08,                    /* [232] OBJ_des_ofb64 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,     /* [237] OBJ_pkcs9 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [245] OBJ_pkcs9_emailAddress */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [254] OBJ_pkcs9_unstructuredName */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [263] OBJ_pkcs9_contentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [272] OBJ_pkcs9_messageDigest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [281] OBJ_pkcs9_signingTime */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [290] OBJ_pkcs9_countersignature */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [299] OBJ_pkcs9_challengePassword */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [308] OBJ_pkcs9_unstructuredAddress */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [317] OBJ_pkcs9_extCertAttributes */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,          /* [326] OBJ_netscape */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,     /* [333] OBJ_netscape_cert_extension */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,     /* [341] OBJ_netscape_data_type */
+0x2B,0x0E,0x03,0x02,0x1A,                    /* [349] OBJ_sha1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [354] OBJ_sha1WithRSAEncryption */
+0x2B,0x0E,0x03,0x02,0x0D,                    /* [363] OBJ_dsaWithSHA */
+0x2B,0x0E,0x03,0x02,0x0C,                    /* [368] OBJ_dsa_2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [373] OBJ_pbeWithSHA1AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [382] OBJ_pbeWithSHA1AndRC4 */
+0x2B,0x0E,0x03,0x02,0x1B,                    /* [391] OBJ_dsaWithSHA1_2 */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [396] OBJ_netscape_cert_type */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [405] OBJ_netscape_base_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [414] OBJ_netscape_revocation_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [423] OBJ_netscape_ca_revocation_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [432] OBJ_netscape_renewal_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [441] OBJ_netscape_ca_policy_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [450] OBJ_netscape_ssl_server_name */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [459] OBJ_netscape_comment */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [468] OBJ_netscape_cert_sequence */
+0x55,0x1D,                                   /* [477] OBJ_ld_ce */
+0x55,0x1D,0x0E,                              /* [479] OBJ_subject_key_identifier */
+0x55,0x1D,0x0F,                              /* [482] OBJ_key_usage */
+0x55,0x1D,0x10,                              /* [485] OBJ_private_key_usage_period */
+0x55,0x1D,0x11,                              /* [488] OBJ_subject_alt_name */
+0x55,0x1D,0x12,                              /* [491] OBJ_issuer_alt_name */
+0x55,0x1D,0x13,                              /* [494] OBJ_basic_constraints */
+0x55,0x1D,0x14,                              /* [497] OBJ_crl_number */
+0x55,0x1D,0x20,                              /* [500] OBJ_certificate_policies */
+0x55,0x1D,0x23,                              /* [503] OBJ_authority_key_identifier */
+0x55,0x08,0x03,0x65,                         /* [506] OBJ_mdc2 */
+0x55,0x08,0x03,0x64,                         /* [510] OBJ_mdc2WithRSA */
+0x55,0x04,0x2A,                              /* [514] OBJ_givenName */
+0x55,0x04,0x04,                              /* [517] OBJ_surname */
+0x55,0x04,0x2B,                              /* [520] OBJ_initials */
+0x55,0x04,0x2D,                              /* [523] OBJ_uniqueIdentifier */
+0x55,0x1D,0x1F,                              /* [526] OBJ_crl_distribution_points */
+0x2B,0x0E,0x03,0x02,0x03,                    /* [529] OBJ_md5WithRSA */
+0x55,0x04,0x05,                              /* [534] OBJ_serialNumber */
+0x55,0x04,0x0C,                              /* [537] OBJ_title */
+0x55,0x04,0x0D,                              /* [540] OBJ_description */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [543] OBJ_cast5_cbc */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [552] OBJ_pbeWithMD5AndCast5_CBC */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [561] OBJ_dsaWithSHA1 */
+0x2B,0x0E,0x03,0x02,0x1D,                    /* [568] OBJ_sha1WithRSA */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [573] OBJ_dsa */
+0x2B,0x24,0x03,0x02,0x01,                    /* [580] OBJ_ripemd160 */
+0x2B,0x24,0x03,0x03,0x01,0x02,               /* [585] OBJ_ripemd160WithRSA */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [591] OBJ_rc5_cbc */
+};
+static ASN1_OBJECT nid_objs[NUM_NID]={
+{"UNDEF","undefined",NID_undef,0,NULL},
+{"rsadsi","rsadsi",NID_rsadsi,6,&(lvalues[0]),0},
+{"pkcs","pkcs",NID_pkcs,7,&(lvalues[6]),0},
+{"MD2","md2",NID_md2,8,&(lvalues[13]),0},
+{"MD5","md5",NID_md5,8,&(lvalues[21]),0},
+{"RC4","rc4",NID_rc4,8,&(lvalues[29]),0},
+{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[37]),0},
+{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9,
+        &(lvalues[46]),0},
+{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9,
+        &(lvalues[55]),0},
+{"pbeWithMD2AndDES-CBC","pbeWithMD2AndDES-CBC",
+        NID_pbeWithMD2AndDES_CBC,9,&(lvalues[64]),0},
+{"pbeWithMD5AndDES-CBC","pbeWithMD5AndDES-CBC",
+        NID_pbeWithMD5AndDES_CBC,9,&(lvalues[73]),0},
+{"X500","X500",NID_X500,1,&(lvalues[82]),0},
+{"X509","X509",NID_X509,2,&(lvalues[83]),0},
+{"CN","commonName",NID_commonName,3,&(lvalues[85]),0},
+{"C","countryName",NID_countryName,3,&(lvalues[88]),0},
+{"L","localityName",NID_localityName,3,&(lvalues[91]),0},
+{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[94]),0},
+{"O","organizationName",NID_organizationName,3,&(lvalues[97]),0},
+{"OU","organizationalUnitName",NID_organizationalUnitName,3,
+        &(lvalues[100]),0},
+{"RSA","rsa",NID_rsa,4,&(lvalues[103]),0},
+{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[107]),0},
+{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[115]),0},
+{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9,
+        &(lvalues[124]),0},
+{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9,
+        &(lvalues[133]),0},
+{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData",
+        NID_pkcs7_signedAndEnveloped,9,&(lvalues[142]),0},
+{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9,
+        &(lvalues[151]),0},
+{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9,
+        &(lvalues[160]),0},
+{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[169]),0},
+{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9,
+        &(lvalues[177]),0},
+{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[186]),0},
+{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[191]),0},
+{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[196]),0},
+{"DES-EDE","des-ede",NID_des_ede,5,&(lvalues[201]),0},
+{"DES-EDE3","des-ede3",NID_des_ede3,0,NULL},
+{"IDEA-CBC","idea-cbc",NID_idea_cbc,0,NULL},
+{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL},
+{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL},
+{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[206]),0},
+{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL},
+{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL},
+{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL},
+{"SHA","sha",NID_sha,5,&(lvalues[214]),0},
+{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5,
+        &(lvalues[219]),0},
+{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL},
+{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[224]),0},
+{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[232]),0},
+{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL},
+{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[237]),0},
+{"Email","emailAddress",NID_pkcs9_emailAddress,9,&(lvalues[245]),0},
+{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9,
+        &(lvalues[254]),0},
+{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[263]),0},
+{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9,
+        &(lvalues[272]),0},
+{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[281]),0},
+{"countersignature","countersignature",NID_pkcs9_countersignature,9,
+        &(lvalues[290]),0},
+{"challengePassword","challengePassword",NID_pkcs9_challengePassword,
+        9,&(lvalues[299]),0},
+{"unstructuredAddress","unstructuredAddress",
+        NID_pkcs9_unstructuredAddress,9,&(lvalues[308]),0},
+{"extendedCertificateAttributes","extendedCertificateAttributes",
+        NID_pkcs9_extCertAttributes,9,&(lvalues[317]),0},
+{"Netscape","Netscape Communications Corp.",NID_netscape,7,
+        &(lvalues[326]),0},
+{"nsCertExt","Netscape Certificate Extension",
+        NID_netscape_cert_extension,8,&(lvalues[333]),0},
+{"nsDataType","Netscape Data Type",NID_netscape_data_type,8,
+        &(lvalues[341]),0},
+{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL},
+{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL},
+{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL},
+{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL},
+{"SHA1","sha1",NID_sha1,5,&(lvalues[349]),0},
+{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,
+        &(lvalues[354]),0},
+{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[363]),0},
+{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[368]),0},
+{"pbeWithSHA1AndRC2-CBC","pbeWithSHA1AndRC2-CBC",
+        NID_pbeWithSHA1AndRC2_CBC,9,&(lvalues[373]),0},
+{"pbeWithSHA1AndRC4","pbeWithSHA1AndRC4",NID_pbeWithSHA1AndRC4,9,
+        &(lvalues[382]),0},
+{"DSA-SHA1-old","dsaWithSHA1",NID_dsaWithSHA1_2,5,&(lvalues[391]),0},
+{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9,
+        &(lvalues[396]),0},
+{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9,
+        &(lvalues[405]),0},
+{"nsRevocationUrl","Netscape Revocation Url",
+        NID_netscape_revocation_url,9,&(lvalues[414]),0},
+{"nsCaRevocationUrl","Netscape CA Revocation Url",
+        NID_netscape_ca_revocation_url,9,&(lvalues[423]),0},
+{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9,
+        &(lvalues[432]),0},
+{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url,
+        9,&(lvalues[441]),0},
+{"nsSslServerName","Netscape SSL Server Name",
+        NID_netscape_ssl_server_name,9,&(lvalues[450]),0},
+{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[459]),0},
+{"nsCertSequence","Netscape Certificate Sequence",
+        NID_netscape_cert_sequence,9,&(lvalues[468]),0},
+{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL},
+{"ld-ce","ld-ce",NID_ld_ce,2,&(lvalues[477]),0},
+{"subjectKeyIdentifier","X509v3 Subject Key Identifier",
+        NID_subject_key_identifier,3,&(lvalues[479]),0},
+{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[482]),0},
+{"privateKeyUsagePeriod","X509v3 Private Key Usage Period",
+        NID_private_key_usage_period,3,&(lvalues[485]),0},
+{"subjectAltName","X509v3 Subject Alternative Name",
+        NID_subject_alt_name,3,&(lvalues[488]),0},
+{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name,
+        3,&(lvalues[491]),0},
+{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints,
+        3,&(lvalues[494]),0},
+{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[497]),0},
+{"certificatePolicies","X509v3 Certificate Policies",
+        NID_certificate_policies,3,&(lvalues[500]),0},
+{"authorityKeyIdentifier","X509v3 Authority Key Identifier",
+        NID_authority_key_identifier,3,&(lvalues[503]),0},
+{"BF-CBC","bf-cbc",NID_bf_cbc,0,NULL},
+{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL},
+{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL},
+{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL},
+{"MDC2","mdc2",NID_mdc2,4,&(lvalues[506]),0},
+{"RSA-MDC2","mdc2withRSA",NID_mdc2WithRSA,4,&(lvalues[510]),0},
+{"RC4-40","rc4-40",NID_rc4_40,0,NULL},
+{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
+{"G","givenName",NID_givenName,3,&(lvalues[514]),0},
+{"S","surname",NID_surname,3,&(lvalues[517]),0},
+{"I","initials",NID_initials,3,&(lvalues[520]),0},
+{"UID","uniqueIdentifier",NID_uniqueIdentifier,3,&(lvalues[523]),0},
+{"crlDistributionPoints","X509v3 CRL Distribution Points",
+        NID_crl_distribution_points,3,&(lvalues[526]),0},
+{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[529]),0},
+{"SN","serialNumber",NID_serialNumber,3,&(lvalues[534]),0},
+{"T","title",NID_title,3,&(lvalues[537]),0},
+{"D","description",NID_description,3,&(lvalues[540]),0},
+{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[543]),0},
+{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL},
+{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL},
+{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL},
+{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
+        NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[552]),0},
+{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[561]),0},
+{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL},
+{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[568]),0},
+{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[573]),0},
+{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[580]),0},
+{NULL,NULL,NID_undef,0,NULL},
+{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
+        &(lvalues[585]),0},
+{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[591]),0},
+{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL},
+{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL},
+{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL},
+};
+static ASN1_OBJECT *sn_objs[NUM_SN]={
+&(nid_objs[91]),/* "BF-CBC" */
+&(nid_objs[93]),/* "BF-CFB" */
+&(nid_objs[92]),/* "BF-ECB" */
+&(nid_objs[94]),/* "BF-OFB" */
+&(nid_objs[14]),/* "C" */
+&(nid_objs[108]),/* "CAST5-CBC" */
+&(nid_objs[110]),/* "CAST5-CFB" */
+&(nid_objs[109]),/* "CAST5-ECB" */
+&(nid_objs[111]),/* "CAST5-OFB" */
+&(nid_objs[13]),/* "CN" */
+&(nid_objs[107]),/* "D" */
+&(nid_objs[31]),/* "DES-CBC" */
+&(nid_objs[30]),/* "DES-CFB" */
+&(nid_objs[29]),/* "DES-ECB" */
+&(nid_objs[32]),/* "DES-EDE" */
+&(nid_objs[43]),/* "DES-EDE-CBC" */
+&(nid_objs[60]),/* "DES-EDE-CFB" */
+&(nid_objs[62]),/* "DES-EDE-OFB" */
+&(nid_objs[33]),/* "DES-EDE3" */
+&(nid_objs[44]),/* "DES-EDE3-CBC" */
+&(nid_objs[61]),/* "DES-EDE3-CFB" */
+&(nid_objs[63]),/* "DES-EDE3-OFB" */
+&(nid_objs[45]),/* "DES-OFB" */
+&(nid_objs[80]),/* "DESX-CBC" */
+&(nid_objs[116]),/* "DSA" */
+&(nid_objs[66]),/* "DSA-SHA" */
+&(nid_objs[113]),/* "DSA-SHA1" */
+&(nid_objs[70]),/* "DSA-SHA1-old" */
+&(nid_objs[67]),/* "DSA-old" */
+&(nid_objs[48]),/* "Email" */
+&(nid_objs[99]),/* "G" */
+&(nid_objs[101]),/* "I" */
+&(nid_objs[34]),/* "IDEA-CBC" */
+&(nid_objs[35]),/* "IDEA-CFB" */
+&(nid_objs[36]),/* "IDEA-ECB" */
+&(nid_objs[46]),/* "IDEA-OFB" */
+&(nid_objs[15]),/* "L" */
+&(nid_objs[ 3]),/* "MD2" */
+&(nid_objs[ 4]),/* "MD5" */
+&(nid_objs[114]),/* "MD5-SHA1" */
+&(nid_objs[95]),/* "MDC2" */
+&(nid_objs[57]),/* "Netscape" */
+&(nid_objs[17]),/* "O" */
+&(nid_objs[18]),/* "OU" */
+&(nid_objs[98]),/* "RC2-40-CBC" */
+&(nid_objs[37]),/* "RC2-CBC" */
+&(nid_objs[39]),/* "RC2-CFB" */
+&(nid_objs[38]),/* "RC2-ECB" */
+&(nid_objs[40]),/* "RC2-OFB" */
+&(nid_objs[ 5]),/* "RC4" */
+&(nid_objs[97]),/* "RC4-40" */
+&(nid_objs[120]),/* "RC5-CBC" */
+&(nid_objs[122]),/* "RC5-CFB" */
+&(nid_objs[121]),/* "RC5-ECB" */
+&(nid_objs[123]),/* "RC5-OFB" */
+&(nid_objs[117]),/* "RIPEMD160" */
+&(nid_objs[19]),/* "RSA" */
+&(nid_objs[ 7]),/* "RSA-MD2" */
+&(nid_objs[ 8]),/* "RSA-MD5" */
+&(nid_objs[96]),/* "RSA-MDC2" */
+&(nid_objs[104]),/* "RSA-NP-MD5" */
+&(nid_objs[119]),/* "RSA-RIPEMD160" */
+&(nid_objs[42]),/* "RSA-SHA" */
+&(nid_objs[65]),/* "RSA-SHA1" */
+&(nid_objs[115]),/* "RSA-SHA1-2" */
+&(nid_objs[100]),/* "S" */
+&(nid_objs[41]),/* "SHA" */
+&(nid_objs[64]),/* "SHA1" */
+&(nid_objs[105]),/* "SN" */
+&(nid_objs[16]),/* "ST" */
+&(nid_objs[106]),/* "T" */
+&(nid_objs[102]),/* "UID" */
+&(nid_objs[ 0]),/* "UNDEF" */
+&(nid_objs[90]),/* "authorityKeyIdentifier" */
+&(nid_objs[87]),/* "basicConstraints" */
+&(nid_objs[89]),/* "certificatePolicies" */
+&(nid_objs[103]),/* "crlDistributionPoints" */
+&(nid_objs[88]),/* "crlNumber" */
+&(nid_objs[86]),/* "issuerAltName" */
+&(nid_objs[83]),/* "keyUsage" */
+&(nid_objs[81]),/* "ld-ce" */
+&(nid_objs[72]),/* "nsBaseUrl" */
+&(nid_objs[76]),/* "nsCaPolicyUrl" */
+&(nid_objs[74]),/* "nsCaRevocationUrl" */
+&(nid_objs[58]),/* "nsCertExt" */
+&(nid_objs[79]),/* "nsCertSequence" */
+&(nid_objs[71]),/* "nsCertType" */
+&(nid_objs[78]),/* "nsComment" */
+&(nid_objs[59]),/* "nsDataType" */
+&(nid_objs[75]),/* "nsRenewalUrl" */
+&(nid_objs[73]),/* "nsRevocationUrl" */
+&(nid_objs[77]),/* "nsSslServerName" */
+&(nid_objs[84]),/* "privateKeyUsagePeriod" */
+&(nid_objs[85]),/* "subjectAltName" */
+&(nid_objs[82]),/* "subjectKeyIdentifier" */
+};
+static ASN1_OBJECT *ln_objs[NUM_LN]={
+&(nid_objs[72]),/* "Netscape Base Url" */
+&(nid_objs[76]),/* "Netscape CA Policy Url" */
+&(nid_objs[74]),/* "Netscape CA Revocation Url" */
+&(nid_objs[71]),/* "Netscape Cert Type" */
+&(nid_objs[58]),/* "Netscape Certificate Extension" */
+&(nid_objs[79]),/* "Netscape Certificate Sequence" */
+&(nid_objs[78]),/* "Netscape Comment" */
+&(nid_objs[57]),/* "Netscape Communications Corp." */
+&(nid_objs[59]),/* "Netscape Data Type" */
+&(nid_objs[75]),/* "Netscape Renewal Url" */
+&(nid_objs[73]),/* "Netscape Revocation Url" */
+&(nid_objs[77]),/* "Netscape SSL Server Name" */
+&(nid_objs[11]),/* "X500" */
+&(nid_objs[12]),/* "X509" */
+&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
+&(nid_objs[87]),/* "X509v3 Basic Constraints" */
+&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
+&(nid_objs[88]),/* "X509v3 CRL Number" */
+&(nid_objs[89]),/* "X509v3 Certificate Policies" */
+&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
+&(nid_objs[83]),/* "X509v3 Key Usage" */
+&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
+&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
+&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
+&(nid_objs[91]),/* "bf-cbc" */
+&(nid_objs[93]),/* "bf-cfb" */
+&(nid_objs[92]),/* "bf-ecb" */
+&(nid_objs[94]),/* "bf-ofb" */
+&(nid_objs[108]),/* "cast5-cbc" */
+&(nid_objs[110]),/* "cast5-cfb" */
+&(nid_objs[109]),/* "cast5-ecb" */
+&(nid_objs[111]),/* "cast5-ofb" */
+&(nid_objs[54]),/* "challengePassword" */
+&(nid_objs[13]),/* "commonName" */
+&(nid_objs[50]),/* "contentType" */
+&(nid_objs[53]),/* "countersignature" */
+&(nid_objs[14]),/* "countryName" */
+&(nid_objs[31]),/* "des-cbc" */
+&(nid_objs[30]),/* "des-cfb" */
+&(nid_objs[29]),/* "des-ecb" */
+&(nid_objs[32]),/* "des-ede" */
+&(nid_objs[43]),/* "des-ede-cbc" */
+&(nid_objs[60]),/* "des-ede-cfb" */
+&(nid_objs[62]),/* "des-ede-ofb" */
+&(nid_objs[33]),/* "des-ede3" */
+&(nid_objs[44]),/* "des-ede3-cbc" */
+&(nid_objs[61]),/* "des-ede3-cfb" */
+&(nid_objs[63]),/* "des-ede3-ofb" */
+&(nid_objs[45]),/* "des-ofb" */
+&(nid_objs[107]),/* "description" */
+&(nid_objs[80]),/* "desx-cbc" */
+&(nid_objs[28]),/* "dhKeyAgreement" */
+&(nid_objs[116]),/* "dsaEncryption" */
+&(nid_objs[67]),/* "dsaEncryption-old" */
+&(nid_objs[66]),/* "dsaWithSHA" */
+&(nid_objs[113]),/* "dsaWithSHA1" */
+&(nid_objs[70]),/* "dsaWithSHA1" */
+&(nid_objs[48]),/* "emailAddress" */
+&(nid_objs[56]),/* "extendedCertificateAttributes" */
+&(nid_objs[99]),/* "givenName" */
+&(nid_objs[34]),/* "idea-cbc" */
+&(nid_objs[35]),/* "idea-cfb" */
+&(nid_objs[36]),/* "idea-ecb" */
+&(nid_objs[46]),/* "idea-ofb" */
+&(nid_objs[101]),/* "initials" */
+&(nid_objs[15]),/* "localityName" */
+&(nid_objs[ 3]),/* "md2" */
+&(nid_objs[ 7]),/* "md2WithRSAEncryption" */
+&(nid_objs[ 4]),/* "md5" */
+&(nid_objs[114]),/* "md5-sha1" */
+&(nid_objs[104]),/* "md5WithRSA" */
+&(nid_objs[ 8]),/* "md5WithRSAEncryption" */
+&(nid_objs[95]),/* "mdc2" */
+&(nid_objs[96]),/* "mdc2withRSA" */
+&(nid_objs[51]),/* "messageDigest" */
+&(nid_objs[17]),/* "organizationName" */
+&(nid_objs[18]),/* "organizationalUnitName" */
+&(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */
+&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
+&(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */
+&(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */
+&(nid_objs[69]),/* "pbeWithSHA1AndRC4" */
+&(nid_objs[ 2]),/* "pkcs" */
+&(nid_objs[27]),/* "pkcs3" */
+&(nid_objs[20]),/* "pkcs7" */
+&(nid_objs[21]),/* "pkcs7-data" */
+&(nid_objs[25]),/* "pkcs7-digestData" */
+&(nid_objs[26]),/* "pkcs7-encryptedData" */
+&(nid_objs[23]),/* "pkcs7-envelopedData" */
+&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
+&(nid_objs[22]),/* "pkcs7-signedData" */
+&(nid_objs[47]),/* "pkcs9" */
+&(nid_objs[98]),/* "rc2-40-cbc" */
+&(nid_objs[37]),/* "rc2-cbc" */
+&(nid_objs[39]),/* "rc2-cfb" */
+&(nid_objs[38]),/* "rc2-ecb" */
+&(nid_objs[40]),/* "rc2-ofb" */
+&(nid_objs[ 5]),/* "rc4" */
+&(nid_objs[97]),/* "rc4-40" */
+&(nid_objs[120]),/* "rc5-cbc" */
+&(nid_objs[122]),/* "rc5-cfb" */
+&(nid_objs[121]),/* "rc5-ecb" */
+&(nid_objs[123]),/* "rc5-ofb" */
+&(nid_objs[117]),/* "ripemd160" */
+&(nid_objs[119]),/* "ripemd160WithRSA" */
+&(nid_objs[19]),/* "rsa" */
+&(nid_objs[ 6]),/* "rsaEncryption" */
+&(nid_objs[ 1]),/* "rsadsi" */
+&(nid_objs[105]),/* "serialNumber" */
+&(nid_objs[41]),/* "sha" */
+&(nid_objs[64]),/* "sha1" */
+&(nid_objs[115]),/* "sha1WithRSA" */
+&(nid_objs[65]),/* "sha1WithRSAEncryption" */
+&(nid_objs[42]),/* "shaWithRSAEncryption" */
+&(nid_objs[52]),/* "signingTime" */
+&(nid_objs[16]),/* "stateOrProvinceName" */
+&(nid_objs[100]),/* "surname" */
+&(nid_objs[106]),/* "title" */
+&(nid_objs[ 0]),/* "undefined" */
+&(nid_objs[102]),/* "uniqueIdentifier" */
+&(nid_objs[55]),/* "unstructuredAddress" */
+&(nid_objs[49]),/* "unstructuredName" */
+};
+static ASN1_OBJECT *obj_objs[NUM_OBJ]={
+&(nid_objs[11]),/* OBJ_X500                         2 5 */
+&(nid_objs[12]),/* OBJ_X509                         2 5 4 */
+&(nid_objs[81]),/* OBJ_ld_ce                        2 5 29 */
+&(nid_objs[13]),/* OBJ_commonName                   2 5 4 3 */
+&(nid_objs[100]),/* OBJ_surname                      2 5 4 4 */
+&(nid_objs[105]),/* OBJ_serialNumber                 2 5 4 5 */
+&(nid_objs[14]),/* OBJ_countryName                  2 5 4 6 */
+&(nid_objs[15]),/* OBJ_localityName                 2 5 4 7 */
+&(nid_objs[16]),/* OBJ_stateOrProvinceName          2 5 4 8 */
+&(nid_objs[17]),/* OBJ_organizationName             2 5 4 10 */
+&(nid_objs[18]),/* OBJ_organizationalUnitName       2 5 4 11 */
+&(nid_objs[106]),/* OBJ_title                        2 5 4 12 */
+&(nid_objs[107]),/* OBJ_description                  2 5 4 13 */
+&(nid_objs[99]),/* OBJ_givenName                    2 5 4 42 */
+&(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */
+&(nid_objs[102]),/* OBJ_uniqueIdentifier             2 5 4 45 */
+&(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
+&(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
+&(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */
+&(nid_objs[85]),/* OBJ_subject_alt_name             2 5 29 17 */
+&(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */
+&(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
+&(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
+&(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
+&(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
+&(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
+&(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
+&(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
+&(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
+&(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
+&(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
+&(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
+&(nid_objs[45]),/* OBJ_des_ofb64                    1 3 14 3 2 8 */
+&(nid_objs[30]),/* OBJ_des_cfb64                    1 3 14 3 2 9 */
+&(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */
+&(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
+&(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
+&(nid_objs[32]),/* OBJ_des_ede                      1 3 14 3 2 17 */
+&(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */
+&(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */
+&(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
+&(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
+&(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
+&(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
+&(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
+&(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
+&(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
+&(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+&(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
+&(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
+&(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */
+&(nid_objs[47]),/* OBJ_pkcs9                        1 2 840 113549 1 9 */
+&(nid_objs[ 3]),/* OBJ_md2                          1 2 840 113549 2 2 */
+&(nid_objs[ 4]),/* OBJ_md5                          1 2 840 113549 2 5 */
+&(nid_objs[37]),/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
+&(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
+&(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
+&(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+&(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
+&(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
+&(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
+&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
+&(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
+&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
+&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
+&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
+&(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
+&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
+&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
+&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11  */
+&(nid_objs[69]),/* OBJ_pbeWithSHA1AndRC4            1 2 840 113549 1 5 12  */
+&(nid_objs[21]),/* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
+&(nid_objs[22]),/* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
+&(nid_objs[23]),/* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
+&(nid_objs[24]),/* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
+&(nid_objs[25]),/* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
+&(nid_objs[26]),/* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
+&(nid_objs[48]),/* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
+&(nid_objs[49]),/* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
+&(nid_objs[50]),/* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
+&(nid_objs[51]),/* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
+&(nid_objs[52]),/* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
+&(nid_objs[53]),/* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
+&(nid_objs[54]),/* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
+&(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
+&(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
+&(nid_objs[71]),/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
+&(nid_objs[72]),/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
+&(nid_objs[73]),/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
+&(nid_objs[74]),/* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
+&(nid_objs[75]),/* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
+&(nid_objs[76]),/* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
+&(nid_objs[77]),/* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
+&(nid_objs[78]),/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
+&(nid_objs[79]),/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
+};
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.pl b/src/lib/libssl/src/crypto/objects/obj_dat.pl
new file mode 100644
index 0000000000..4e7879d3f3
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.pl
@@ -0,0 +1,269 @@
+#!/usr/bin/perl
+sub obj_cmp
+        {
+        local(@a,@b,$_,$r);
+        $A=$obj_len{$obj{$nid{$a}}};
+        $B=$obj_len{$obj{$nid{$b}}};
+        $r=($A-$B);
+        return($r) if $r != 0;
+        $A=$obj_der{$obj{$nid{$a}}};
+        $B=$obj_der{$obj{$nid{$b}}};
+        return($A cmp $B);
+        }
+sub expand_obj
+        {
+        local(*v)=@_;
+        local($k,$d);
+        local($i);
+        do      {
+                $i=0;
+                foreach $k (keys %v)
+                        {
+                        if (($v{$k} =~ s/(OBJ_[^,]+),/$v{$1},/))
+                                { $i++; }
+                        }
+                } while($i);
+        foreach $k (keys %v)
+                {
+                @a=split(/,/,$v{$k});
+                $objn{$k}=$#a+1;
+                }
+        return(%objn);
+        }
+while (<>)
+        {
+        next unless /^\#define\s+(\S+)\s+(.*)$/;
+        $v=$1;
+        $d=$2;
+        if ($v =~ /^SN_(.*)$/)
+                { $sn{$1}=$d; }
+        elsif ($v =~ /^LN_(.*)$/)
+                { $ln{$1}=$d; }
+        elsif ($v =~ /^NID_(.*)$/)
+                { $nid{$d}=$1; }
+        elsif ($v =~ /^OBJ_(.*)$/)
+                {
+                $obj{$1}=$v;
+                $objd{$v}=$d;
+                }
+        }
+%ob=&expand_obj(*objd);
+@a=sort { $a <=> $b } keys %nid;
+$n=$a[$#a]+1;
+@lvalues=();
+$lvalues=0;
+for ($i=0; $i<$n; $i++)
+        {
+        if (!defined($nid{$i}))
+                {
+                push(@out,"{NULL,NULL,NID_undef,0,NULL},\n");
+                }
+        else
+                {
+                $sn=defined($sn{$nid{$i}})?"$sn{$nid{$i}}":"NULL";
+                $ln=defined($ln{$nid{$i}})?"$ln{$nid{$i}}":"NULL";
+                $sn=$ln if ($sn eq "NULL");
+                $ln=$sn if ($ln eq "NULL");
+                $out ="{";
+                $out.=$sn;
+                $out.=",".$ln;
+                $out.=",NID_$nid{$i},";
+                if (defined($obj{$nid{$i}}))
+                        {
+                        $v=$objd{$obj{$nid{$i}}};
+                        $v =~ s/L//g;
+                        $v =~ s/,/ /g;
+                        $r=&der_it($v);
+                        $z="";
+                        $length=0;
+                        foreach (unpack("C*",$r))
+                                {
+                                $z.=sprintf("0x%02X,",$_);
+                                $length++;
+                                }
+                        $obj_der{$obj{$nid{$i}}}=$z;
+                        $obj_len{$obj{$nid{$i}}}=$length;
+                        push(@lvalues,sprintf("%-45s/* [%3d] %s */\n",
+                                $z,$lvalues,$obj{$nid{$i}}));
+                        $out.="$length,&(lvalues[$lvalues]),0";
+                        $lvalues+=$length;
+                        }
+                else
+                        {
+                        $out.="0,NULL";
+                        }
+                $out.="},\n";
+                push(@out,$out);
+                }
+        }
+@a=grep(defined($sn{$nid{$_}}),0 .. $n);
+foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a)
+        {
+        push(@sn,sprintf("&(nid_objs[%2d]),/* $sn{$nid{$_}} */\n",$_));
+        }
+@a=grep(defined($ln{$nid{$_}}),0 .. $n);
+foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a)
+        {
+        push(@ln,sprintf("&(nid_objs[%2d]),/* $ln{$nid{$_}} */\n",$_));
+        }
+@a=grep(defined($obj{$nid{$_}}),0 .. $n);
+foreach (sort obj_cmp @a)
+        {
+        $m=$obj{$nid{$_}};
+        $v=$objd{$m};
+        $v =~ s/L//g;
+        $v =~ s/,/ /g;
+        push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v));
+        }
+print <<'EOF';
+/* lib/obj/obj_dat.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
+ * following command:
+ * perl obj_dat.pl < objects.h > obj_dat.h
+ */
+EOF
+printf "#define NUM_NID %d\n",$n;
+printf "#define NUM_SN %d\n",$#sn+1;
+printf "#define NUM_LN %d\n",$#ln+1;
+printf "#define NUM_OBJ %d\n\n",$#ob+1;
+printf "static unsigned char lvalues[%d]={\n",$lvalues+1;
+print @lvalues;
+print "};\n\n";
+printf "static ASN1_OBJECT nid_objs[NUM_NID]={\n";
+foreach (@out)
+        {
+        if (length($_) > 75)
+                {
+                $out="";
+                foreach (split(/,/))
+                        {
+                        $t=$out.$_.",";
+                        if (length($t) > 70)
+                                {
+                                print "$out\n";
+                                $t="\t$_,";
+                                }
+                        $out=$t;
+                        }
+                chop $out;
+                print "$out";
+                }
+        else
+                { print $_; }
+        }
+print  "};\n\n";
+printf "static ASN1_OBJECT *sn_objs[NUM_SN]={\n";
+print  @sn;
+print  "};\n\n";
+printf "static ASN1_OBJECT *ln_objs[NUM_LN]={\n";
+print  @ln;
+print  "};\n\n";
+printf "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n";
+print  @ob;
+print  "};\n\n";
+sub der_it
+        {
+        local($v)=@_;
+        local(@a,$i,$ret,@r);
+        @a=split(/\s+/,$v);
+        $ret.=pack("C*",$a[0]*40+$a[1]);
+        shift @a;
+        shift @a;
+        while ($_=shift(@a))
+                {
+                @r=();
+                $t=0;
+                while ($_ >= 128)
+                        {
+                        $x=$_%128;
+                        $_/=128;
+                        push(@r,((($t++)?0x80:0)|$x));
+                        }
+                push(@r,((($t++)?0x80:0)|$_));
+                $ret.=pack("C*",reverse(@r));
+                }
+        return($ret);
+        }
diff --git a/src/lib/libssl/src/crypto/objects/obj_err.c b/src/lib/libssl/src/crypto/objects/obj_err.c
new file mode 100644
index 0000000000..45206c616c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/obj_err.c
@@ -0,0 +1,96 @@
+/* lib/obj/obj_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "objects.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA OBJ_str_functs[]=
+        {
+{ERR_PACK(0,OBJ_F_OBJ_CREATE,0),        "OBJ_create"},
+{ERR_PACK(0,OBJ_F_OBJ_DUP,0),   "OBJ_dup"},
+{ERR_PACK(0,OBJ_F_OBJ_NID2LN,0),        "OBJ_nid2ln"},
+{ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0),       "OBJ_nid2obj"},
+{ERR_PACK(0,OBJ_F_OBJ_NID2SN,0),        "OBJ_nid2sn"},
+{0,NULL},
+        };
+static ERR_STRING_DATA OBJ_str_reasons[]=
+        {
+{OBJ_R_MALLOC_FAILURE                    ,"malloc failure"},
+{OBJ_R_UNKNOWN_NID                       ,"unknown nid"},
+{0,NULL},
+        };
+#endif
+void ERR_load_OBJ_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs);
+                ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/objects/obj_lib.c b/src/lib/libssl/src/crypto/objects/obj_lib.c
new file mode 100644
index 0000000000..0a9c756197
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/obj_lib.c
@@ -0,0 +1,126 @@
+/* crypto/objects/obj_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "lhash.h"
+#include "objects.h"
+#include "buffer.h"
+ASN1_OBJECT *OBJ_dup(o)
+ASN1_OBJECT *o;
+        {
+        ASN1_OBJECT *r;
+        int i;
+        if (o == NULL) return(NULL);
+        if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+                return(o);
+        r=(ASN1_OBJECT *)ASN1_OBJECT_new();
+        if (r == NULL)
+                {
+                OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB);
+                return(NULL);
+                }
+        r->data=(unsigned char *)Malloc(o->length);
+        if (r->data == NULL)
+                goto err;
+        memcpy(r->data,o->data,o->length);
+        r->length=o->length;
+        r->nid=o->nid;
+        r->ln=r->sn=NULL;
+        if (o->ln != NULL)
+                {
+                i=strlen(o->ln)+1;
+                r->ln=(char *)Malloc(i);
+                if (r->ln == NULL) goto err;
+                memcpy(r->ln,o->ln,i);
+                }
+        if (o->sn != NULL)
+                {
+                i=strlen(o->sn)+1;
+                r->sn=(char *)Malloc(i);
+                if (r->sn == NULL) goto err;
+                memcpy(r->sn,o->sn,i);
+                }
+        r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC|
+                ASN1_OBJECT_FLAG_DYNAMIC_STRINGS);
+        return(r);
+err:
+        OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);
+        if (r != NULL)
+                {
+                if (r->ln != NULL) Free(r->ln);
+                if (r->data != NULL) Free(r->data);
+                Free(r);
+                }
+        return(NULL);
+        }
+int OBJ_cmp(a,b)
+ASN1_OBJECT *a;
+ASN1_OBJECT *b;
+        {
+        int ret;
+        ret=(a->length-b->length);
+        if (ret) return(ret);
+        return(memcmp(a->data,b->data,a->length));
+        }
diff --git a/src/lib/libssl/src/crypto/objects/objects.h b/src/lib/libssl/src/crypto/objects/objects.h
new file mode 100644
index 0000000000..e1d555b47c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/objects.h
@@ -0,0 +1,724 @@
+/* crypto/objects/objects.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_OBJECTS_H
+#define HEADER_OBJECTS_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#define SN_undef                        "UNDEF"
+#define LN_undef                        "undefined"
+#define NID_undef                       0
+#define SN_Algorithm                    "Algorithm"
+#define LN_algorithm                    "algorithm"
+#define NID_algorithm                   38
+#define OBJ_algorithm                   1L,3L,14L,3L,2L
+#define LN_rsadsi                       "rsadsi"
+#define NID_rsadsi                      1
+#define OBJ_rsadsi                      1L,2L,840L,113549L
+#define LN_pkcs                         "pkcs"
+#define NID_pkcs                        2
+#define OBJ_pkcs                        OBJ_rsadsi,1L
+#define SN_md2                          "MD2"
+#define LN_md2                          "md2"
+#define NID_md2                         3
+#define OBJ_md2                         OBJ_rsadsi,2L,2L
+#define SN_md5                          "MD5"
+#define LN_md5                          "md5"
+#define NID_md5                         4
+#define OBJ_md5                         OBJ_rsadsi,2L,5L
+#define SN_rc4                          "RC4"
+#define LN_rc4                          "rc4"
+#define NID_rc4                         5
+#define OBJ_rc4                         OBJ_rsadsi,3L,4L
+#define LN_rsaEncryption                "rsaEncryption"
+#define NID_rsaEncryption               6
+#define OBJ_rsaEncryption               OBJ_pkcs,1L,1L
+#define SN_md2WithRSAEncryption         "RSA-MD2"
+#define LN_md2WithRSAEncryption         "md2WithRSAEncryption"
+#define NID_md2WithRSAEncryption        7
+#define OBJ_md2WithRSAEncryption        OBJ_pkcs,1L,2L
+#define SN_md5WithRSAEncryption         "RSA-MD5"
+#define LN_md5WithRSAEncryption         "md5WithRSAEncryption"
+#define NID_md5WithRSAEncryption        8
+#define OBJ_md5WithRSAEncryption        OBJ_pkcs,1L,4L
+#define LN_pbeWithMD2AndDES_CBC         "pbeWithMD2AndDES-CBC"
+#define NID_pbeWithMD2AndDES_CBC        9
+#define OBJ_pbeWithMD2AndDES_CBC        OBJ_pkcs,5L,1L
+#define LN_pbeWithMD5AndDES_CBC         "pbeWithMD5AndDES-CBC"
+#define NID_pbeWithMD5AndDES_CBC        10
+#define OBJ_pbeWithMD5AndDES_CBC        OBJ_pkcs,5L,3L
+#define LN_X500                         "X500"
+#define NID_X500                        11
+#define OBJ_X500                        2L,5L
+#define LN_X509                         "X509"
+#define NID_X509                        12
+#define OBJ_X509                        OBJ_X500,4L
+#define SN_commonName                   "CN"
+#define LN_commonName                   "commonName"
+#define NID_commonName                  13
+#define OBJ_commonName                  OBJ_X509,3L
+#define SN_countryName                  "C"
+#define LN_countryName                  "countryName"
+#define NID_countryName                 14
+#define OBJ_countryName                 OBJ_X509,6L
+#define SN_localityName                 "L"
+#define LN_localityName                 "localityName"
+#define NID_localityName                15
+#define OBJ_localityName                OBJ_X509,7L
+/* Postal Address? PA */
+/* should be "ST" (rfc1327) but MS uses 'S' */
+#define SN_stateOrProvinceName          "ST"
+#define LN_stateOrProvinceName          "stateOrProvinceName"
+#define NID_stateOrProvinceName         16
+#define OBJ_stateOrProvinceName         OBJ_X509,8L
+#define SN_organizationName             "O"
+#define LN_organizationName             "organizationName"
+#define NID_organizationName            17
+#define OBJ_organizationName            OBJ_X509,10L
+#define SN_organizationalUnitName       "OU"
+#define LN_organizationalUnitName       "organizationalUnitName"
+#define NID_organizationalUnitName      18
+#define OBJ_organizationalUnitName      OBJ_X509,11L
+#define SN_rsa                          "RSA"
+#define LN_rsa                          "rsa"
+#define NID_rsa                         19
+#define OBJ_rsa                         OBJ_X500,8L,1L,1L
+#define LN_pkcs7                        "pkcs7"
+#define NID_pkcs7                       20
+#define OBJ_pkcs7                       OBJ_pkcs,7L
+#define LN_pkcs7_data                   "pkcs7-data"
+#define NID_pkcs7_data                  21
+#define OBJ_pkcs7_data                  OBJ_pkcs7,1L
+#define LN_pkcs7_signed                 "pkcs7-signedData"
+#define NID_pkcs7_signed                22
+#define OBJ_pkcs7_signed                OBJ_pkcs7,2L
+#define LN_pkcs7_enveloped              "pkcs7-envelopedData"
+#define NID_pkcs7_enveloped             23
+#define OBJ_pkcs7_enveloped             OBJ_pkcs7,3L
+#define LN_pkcs7_signedAndEnveloped     "pkcs7-signedAndEnvelopedData"
+#define NID_pkcs7_signedAndEnveloped    24
+#define OBJ_pkcs7_signedAndEnveloped    OBJ_pkcs7,4L
+#define LN_pkcs7_digest                 "pkcs7-digestData"
+#define NID_pkcs7_digest                25
+#define OBJ_pkcs7_digest                OBJ_pkcs7,5L
+#define LN_pkcs7_encrypted              "pkcs7-encryptedData"
+#define NID_pkcs7_encrypted             26
+#define OBJ_pkcs7_encrypted             OBJ_pkcs7,6L
+#define LN_pkcs3                        "pkcs3"
+#define NID_pkcs3                       27
+#define OBJ_pkcs3                       OBJ_pkcs,3L
+#define LN_dhKeyAgreement               "dhKeyAgreement"
+#define NID_dhKeyAgreement              28
+#define OBJ_dhKeyAgreement              OBJ_pkcs3,1L
+#define SN_des_ecb                      "DES-ECB"
+#define LN_des_ecb                      "des-ecb"
+#define NID_des_ecb                     29
+#define OBJ_des_ecb                     OBJ_algorithm,6L
+#define SN_des_cfb64                    "DES-CFB"
+#define LN_des_cfb64                    "des-cfb"
+#define NID_des_cfb64                   30
+/* IV + num */
+#define OBJ_des_cfb64                   OBJ_algorithm,9L
+#define SN_des_cbc                      "DES-CBC"
+#define LN_des_cbc                      "des-cbc"
+#define NID_des_cbc                     31
+/* IV */
+#define OBJ_des_cbc                     OBJ_algorithm,7L
+#define SN_des_ede                      "DES-EDE"
+#define LN_des_ede                      "des-ede"
+#define NID_des_ede                     32
+/* ?? */
+#define OBJ_des_ede                     OBJ_algorithm,17L
+#define SN_des_ede3                     "DES-EDE3"
+#define LN_des_ede3                     "des-ede3"
+#define NID_des_ede3                    33
+#define SN_idea_cbc                     "IDEA-CBC"
+#define LN_idea_cbc                     "idea-cbc"
+#define NID_idea_cbc                    34
+#define SN_idea_cfb64                   "IDEA-CFB"
+#define LN_idea_cfb64                   "idea-cfb"
+#define NID_idea_cfb64                  35
+#define SN_idea_ecb                     "IDEA-ECB"
+#define LN_idea_ecb                     "idea-ecb"
+#define NID_idea_ecb                    36
+#define SN_rc2_cbc                      "RC2-CBC"
+#define LN_rc2_cbc                      "rc2-cbc"
+#define NID_rc2_cbc                     37
+#define OBJ_rc2_cbc                     OBJ_rsadsi,3L,2L
+#define SN_rc2_ecb                      "RC2-ECB"
+#define LN_rc2_ecb                      "rc2-ecb"
+#define NID_rc2_ecb                     38
+#define SN_rc2_cfb64                    "RC2-CFB"
+#define LN_rc2_cfb64                    "rc2-cfb"
+#define NID_rc2_cfb64                   39
+#define SN_rc2_ofb64                    "RC2-OFB"
+#define LN_rc2_ofb64                    "rc2-ofb"
+#define NID_rc2_ofb64                   40
+#define SN_sha                          "SHA"
+#define LN_sha                          "sha"
+#define NID_sha                         41
+#define OBJ_sha                         OBJ_algorithm,18L
+#define SN_shaWithRSAEncryption         "RSA-SHA"
+#define LN_shaWithRSAEncryption         "shaWithRSAEncryption"
+#define NID_shaWithRSAEncryption        42
+#define OBJ_shaWithRSAEncryption        OBJ_algorithm,15L
+#define SN_des_ede_cbc                  "DES-EDE-CBC"
+#define LN_des_ede_cbc                  "des-ede-cbc"
+#define NID_des_ede_cbc                 43
+#define SN_des_ede3_cbc                 "DES-EDE3-CBC"
+#define LN_des_ede3_cbc                 "des-ede3-cbc"
+#define NID_des_ede3_cbc                44
+#define OBJ_des_ede3_cbc                OBJ_rsadsi,3L,7L
+#define SN_des_ofb64                    "DES-OFB"
+#define LN_des_ofb64                    "des-ofb"
+#define NID_des_ofb64                   45
+#define OBJ_des_ofb64                   OBJ_algorithm,8L
+#define SN_idea_ofb64                   "IDEA-OFB"
+#define LN_idea_ofb64                   "idea-ofb"
+#define NID_idea_ofb64                  46
+#define LN_pkcs9                        "pkcs9"
+#define NID_pkcs9                       47
+#define OBJ_pkcs9                       OBJ_pkcs,9L
+#define SN_pkcs9_emailAddress           "Email"
+#define LN_pkcs9_emailAddress           "emailAddress"
+#define NID_pkcs9_emailAddress          48
+#define OBJ_pkcs9_emailAddress          OBJ_pkcs9,1L
+#define LN_pkcs9_unstructuredName       "unstructuredName"
+#define NID_pkcs9_unstructuredName      49
+#define OBJ_pkcs9_unstructuredName      OBJ_pkcs9,2L
+#define LN_pkcs9_contentType            "contentType"
+#define NID_pkcs9_contentType           50
+#define OBJ_pkcs9_contentType           OBJ_pkcs9,3L
+#define LN_pkcs9_messageDigest          "messageDigest"
+#define NID_pkcs9_messageDigest         51
+#define OBJ_pkcs9_messageDigest         OBJ_pkcs9,4L
+#define LN_pkcs9_signingTime            "signingTime"
+#define NID_pkcs9_signingTime           52
+#define OBJ_pkcs9_signingTime           OBJ_pkcs9,5L
+#define LN_pkcs9_countersignature       "countersignature"
+#define NID_pkcs9_countersignature      53
+#define OBJ_pkcs9_countersignature      OBJ_pkcs9,6L
+#define LN_pkcs9_challengePassword      "challengePassword"
+#define NID_pkcs9_challengePassword     54
+#define OBJ_pkcs9_challengePassword     OBJ_pkcs9,7L
+#define LN_pkcs9_unstructuredAddress    "unstructuredAddress"
+#define NID_pkcs9_unstructuredAddress   55
+#define OBJ_pkcs9_unstructuredAddress   OBJ_pkcs9,8L
+#define LN_pkcs9_extCertAttributes      "extendedCertificateAttributes"
+#define NID_pkcs9_extCertAttributes     56
+#define OBJ_pkcs9_extCertAttributes     OBJ_pkcs9,9L
+#define SN_netscape                     "Netscape"
+#define LN_netscape                     "Netscape Communications Corp."
+#define NID_netscape                    57
+#define OBJ_netscape                    2L,16L,840L,1L,113730L
+#define SN_netscape_cert_extension      "nsCertExt"
+#define LN_netscape_cert_extension      "Netscape Certificate Extension"
+#define NID_netscape_cert_extension     58
+#define OBJ_netscape_cert_extension     OBJ_netscape,1L
+#define SN_netscape_data_type           "nsDataType"
+#define LN_netscape_data_type           "Netscape Data Type"
+#define NID_netscape_data_type          59
+#define OBJ_netscape_data_type          OBJ_netscape,2L
+#define SN_des_ede_cfb64                "DES-EDE-CFB"
+#define LN_des_ede_cfb64                "des-ede-cfb"
+#define NID_des_ede_cfb64               60
+#define SN_des_ede3_cfb64               "DES-EDE3-CFB"
+#define LN_des_ede3_cfb64               "des-ede3-cfb"
+#define NID_des_ede3_cfb64              61
+#define SN_des_ede_ofb64                "DES-EDE-OFB"
+#define LN_des_ede_ofb64                "des-ede-ofb"
+#define NID_des_ede_ofb64               62
+#define SN_des_ede3_ofb64               "DES-EDE3-OFB"
+#define LN_des_ede3_ofb64               "des-ede3-ofb"
+#define NID_des_ede3_ofb64              63
+/* I'm not sure about the object ID */
+#define SN_sha1                         "SHA1"
+#define LN_sha1                         "sha1"
+#define NID_sha1                        64
+#define OBJ_sha1                        OBJ_algorithm,26L
+/* 28 Jun 1996 - eay */
+/* #define OBJ_sha1                     1L,3L,14L,2L,26L,05L <- wrong */
+#define SN_sha1WithRSAEncryption        "RSA-SHA1"
+#define LN_sha1WithRSAEncryption        "sha1WithRSAEncryption"
+#define NID_sha1WithRSAEncryption       65
+#define OBJ_sha1WithRSAEncryption       OBJ_pkcs,1L,5L
+#define SN_dsaWithSHA                   "DSA-SHA"
+#define LN_dsaWithSHA                   "dsaWithSHA"
+#define NID_dsaWithSHA                  66
+#define OBJ_dsaWithSHA                  OBJ_algorithm,13L
+#define SN_dsa_2                        "DSA-old"
+#define LN_dsa_2                        "dsaEncryption-old"
+#define NID_dsa_2                       67
+#define OBJ_dsa_2                       OBJ_algorithm,12L
+/* proposed by microsoft to RSA */
+#define LN_pbeWithSHA1AndRC2_CBC        "pbeWithSHA1AndRC2-CBC"
+#define NID_pbeWithSHA1AndRC2_CBC       68
+#define OBJ_pbeWithSHA1AndRC2_CBC       OBJ_pkcs,5L,11L 
+/* proposed by microsoft to RSA */
+#define LN_pbeWithSHA1AndRC4            "pbeWithSHA1AndRC4"
+#define NID_pbeWithSHA1AndRC4           69
+#define OBJ_pbeWithSHA1AndRC4           OBJ_pkcs,5L,12L 
+#define SN_dsaWithSHA1_2                "DSA-SHA1-old"
+#define LN_dsaWithSHA1_2                "dsaWithSHA1"
+#define NID_dsaWithSHA1_2               70
+/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */
+#define OBJ_dsaWithSHA1_2               OBJ_algorithm,27L
+#define SN_netscape_cert_type           "nsCertType"
+#define LN_netscape_cert_type           "Netscape Cert Type"
+#define NID_netscape_cert_type          71
+#define OBJ_netscape_cert_type          OBJ_netscape_cert_extension,1L
+#define SN_netscape_base_url            "nsBaseUrl"
+#define LN_netscape_base_url            "Netscape Base Url"
+#define NID_netscape_base_url           72
+#define OBJ_netscape_base_url           OBJ_netscape_cert_extension,2L
+#define SN_netscape_revocation_url      "nsRevocationUrl"
+#define LN_netscape_revocation_url      "Netscape Revocation Url"
+#define NID_netscape_revocation_url     73
+#define OBJ_netscape_revocation_url     OBJ_netscape_cert_extension,3L
+#define SN_netscape_ca_revocation_url   "nsCaRevocationUrl"
+#define LN_netscape_ca_revocation_url   "Netscape CA Revocation Url"
+#define NID_netscape_ca_revocation_url  74
+#define OBJ_netscape_ca_revocation_url  OBJ_netscape_cert_extension,4L
+#define SN_netscape_renewal_url         "nsRenewalUrl"
+#define LN_netscape_renewal_url         "Netscape Renewal Url"
+#define NID_netscape_renewal_url        75
+#define OBJ_netscape_renewal_url        OBJ_netscape_cert_extension,7L
+#define SN_netscape_ca_policy_url       "nsCaPolicyUrl"
+#define LN_netscape_ca_policy_url       "Netscape CA Policy Url"
+#define NID_netscape_ca_policy_url      76
+#define OBJ_netscape_ca_policy_url      OBJ_netscape_cert_extension,8L
+#define SN_netscape_ssl_server_name     "nsSslServerName"
+#define LN_netscape_ssl_server_name     "Netscape SSL Server Name"
+#define NID_netscape_ssl_server_name    77
+#define OBJ_netscape_ssl_server_name    OBJ_netscape_cert_extension,12L
+#define SN_netscape_comment             "nsComment"
+#define LN_netscape_comment             "Netscape Comment"
+#define NID_netscape_comment            78
+#define OBJ_netscape_comment            OBJ_netscape_cert_extension,13L
+#define SN_netscape_cert_sequence       "nsCertSequence"
+#define LN_netscape_cert_sequence       "Netscape Certificate Sequence"
+#define NID_netscape_cert_sequence      79
+#define OBJ_netscape_cert_sequence      OBJ_netscape_data_type,5L
+#define SN_desx_cbc                     "DESX-CBC"
+#define LN_desx_cbc                     "desx-cbc"
+#define NID_desx_cbc                    80
+#define SN_ld_ce                        "ld-ce"
+#define NID_ld_ce                       81
+#define OBJ_ld_ce                       2L,5L,29L
+#define SN_subject_key_identifier       "subjectKeyIdentifier"
+#define LN_subject_key_identifier       "X509v3 Subject Key Identifier"
+#define NID_subject_key_identifier      82
+#define OBJ_subject_key_identifier      OBJ_ld_ce,14L
+#define SN_key_usage                    "keyUsage"
+#define LN_key_usage                    "X509v3 Key Usage"
+#define NID_key_usage                   83
+#define OBJ_key_usage                   OBJ_ld_ce,15L
+#define SN_private_key_usage_period     "privateKeyUsagePeriod"
+#define LN_private_key_usage_period     "X509v3 Private Key Usage Period"
+#define NID_private_key_usage_period    84
+#define OBJ_private_key_usage_period    OBJ_ld_ce,16L
+#define SN_subject_alt_name             "subjectAltName"
+#define LN_subject_alt_name             "X509v3 Subject Alternative Name"
+#define NID_subject_alt_name            85
+#define OBJ_subject_alt_name            OBJ_ld_ce,17L
+#define SN_issuer_alt_name              "issuerAltName"
+#define LN_issuer_alt_name              "X509v3 Issuer Alternative Name"
+#define NID_issuer_alt_name             86
+#define OBJ_issuer_alt_name             OBJ_ld_ce,18L
+#define SN_basic_constraints            "basicConstraints"
+#define LN_basic_constraints            "X509v3 Basic Constraints"
+#define NID_basic_constraints           87
+#define OBJ_basic_constraints           OBJ_ld_ce,19L
+#define SN_crl_number                   "crlNumber"
+#define LN_crl_number                   "X509v3 CRL Number"
+#define NID_crl_number                  88
+#define OBJ_crl_number                  OBJ_ld_ce,20L
+#define SN_certificate_policies         "certificatePolicies"
+#define LN_certificate_policies         "X509v3 Certificate Policies"
+#define NID_certificate_policies        89
+#define OBJ_certificate_policies        OBJ_ld_ce,32L
+#define SN_authority_key_identifier     "authorityKeyIdentifier"
+#define LN_authority_key_identifier     "X509v3 Authority Key Identifier"
+#define NID_authority_key_identifier    90
+#define OBJ_authority_key_identifier    OBJ_ld_ce,35L
+#define SN_bf_cbc                       "BF-CBC"
+#define LN_bf_cbc                       "bf-cbc"
+#define NID_bf_cbc                      91
+#define SN_bf_ecb                       "BF-ECB"
+#define LN_bf_ecb                       "bf-ecb"
+#define NID_bf_ecb                      92
+#define SN_bf_cfb64                     "BF-CFB"
+#define LN_bf_cfb64                     "bf-cfb"
+#define NID_bf_cfb64                    93
+#define SN_bf_ofb64                     "BF-OFB"
+#define LN_bf_ofb64                     "bf-ofb"
+#define NID_bf_ofb64                    94
+#define SN_mdc2                         "MDC2"
+#define LN_mdc2                         "mdc2"
+#define NID_mdc2                        95
+#define OBJ_mdc2                        2L,5L,8L,3L,101L
+/* An alternative?                      1L,3L,14L,3L,2L,19L */
+#define SN_mdc2WithRSA                  "RSA-MDC2"
+#define LN_mdc2WithRSA                  "mdc2withRSA"
+#define NID_mdc2WithRSA                 96
+#define OBJ_mdc2WithRSA                 2L,5L,8L,3L,100L
+#define SN_rc4_40                       "RC4-40"
+#define LN_rc4_40                       "rc4-40"
+#define NID_rc4_40                      97
+#define SN_rc2_40_cbc                   "RC2-40-CBC"
+#define LN_rc2_40_cbc                   "rc2-40-cbc"
+#define NID_rc2_40_cbc                  98
+#define SN_givenName                    "G"
+#define LN_givenName                    "givenName"
+#define NID_givenName                   99
+#define OBJ_givenName                   OBJ_X509,42L
+#define SN_surname                      "S"
+#define LN_surname                      "surname"
+#define NID_surname                     100
+#define OBJ_surname                     OBJ_X509,4L
+#define SN_initials                     "I"
+#define LN_initials                     "initials"
+#define NID_initials                    101
+#define OBJ_initials                    OBJ_X509,43L
+#define SN_uniqueIdentifier             "UID"
+#define LN_uniqueIdentifier             "uniqueIdentifier"
+#define NID_uniqueIdentifier            102
+#define OBJ_uniqueIdentifier            OBJ_X509,45L
+#define SN_crl_distribution_points      "crlDistributionPoints"
+#define LN_crl_distribution_points      "X509v3 CRL Distribution Points"
+#define NID_crl_distribution_points     103
+#define OBJ_crl_distribution_points     OBJ_ld_ce,31L
+#define SN_md5WithRSA                   "RSA-NP-MD5"
+#define LN_md5WithRSA                   "md5WithRSA"
+#define NID_md5WithRSA                  104
+#define OBJ_md5WithRSA                  OBJ_algorithm,3L
+#define SN_serialNumber                 "SN"
+#define LN_serialNumber                 "serialNumber"
+#define NID_serialNumber                105
+#define OBJ_serialNumber                OBJ_X509,5L
+#define SN_title                        "T"
+#define LN_title                        "title"
+#define NID_title                       106
+#define OBJ_title                       OBJ_X509,12L
+#define SN_description                  "D"
+#define LN_description                  "description"
+#define NID_description                 107
+#define OBJ_description                 OBJ_X509,13L
+/* CAST5 is CAST-128, I'm just sticking with the documentation */
+#define SN_cast5_cbc                    "CAST5-CBC"
+#define LN_cast5_cbc                    "cast5-cbc"
+#define NID_cast5_cbc                   108
+#define OBJ_cast5_cbc                   1L,2L,840L,113533L,7L,66L,10L
+#define SN_cast5_ecb                    "CAST5-ECB"
+#define LN_cast5_ecb                    "cast5-ecb"
+#define NID_cast5_ecb                   109
+#define SN_cast5_cfb64                  "CAST5-CFB"
+#define LN_cast5_cfb64                  "cast5-cfb"
+#define NID_cast5_cfb64                 110
+#define SN_cast5_ofb64                  "CAST5-OFB"
+#define LN_cast5_ofb64                  "cast5-ofb"
+#define NID_cast5_ofb64                 111
+#define LN_pbeWithMD5AndCast5_CBC       "pbeWithMD5AndCast5CBC"
+#define NID_pbeWithMD5AndCast5_CBC      112
+#define OBJ_pbeWithMD5AndCast5_CBC      1L,2L,840L,113533L,7L,66L,12L
+/* This is one sun will soon be using :-(
+ * id-dsa-with-sha1 ID  ::= {
+ *   iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }
+ */
+#define SN_dsaWithSHA1                  "DSA-SHA1"
+#define LN_dsaWithSHA1                  "dsaWithSHA1"
+#define NID_dsaWithSHA1                 113
+#define OBJ_dsaWithSHA1                 1L,2L,840L,10040L,4L,3L
+#define NID_md5_sha1                    114
+#define SN_md5_sha1                     "MD5-SHA1"
+#define LN_md5_sha1                     "md5-sha1"
+#define SN_sha1WithRSA                  "RSA-SHA1-2"
+#define LN_sha1WithRSA                  "sha1WithRSA"
+#define NID_sha1WithRSA                 115
+#define OBJ_sha1WithRSA                 OBJ_algorithm,29L
+#define SN_dsa                          "DSA"
+#define LN_dsa                          "dsaEncryption"
+#define NID_dsa                         116
+#define OBJ_dsa                         1L,2L,840L,10040L,4L,1L
+#define SN_ripemd160                    "RIPEMD160"
+#define LN_ripemd160                    "ripemd160"
+#define NID_ripemd160                   117
+#define OBJ_ripemd160                   1L,3L,36L,3L,2L,1L
+/* The name should actually be rsaSignatureWithripemd160, but I'm going
+ * to contiune using the convention I'm using with the other ciphers */
+#define SN_ripemd160WithRSA             "RSA-RIPEMD160"
+#define LN_ripemd160WithRSA             "ripemd160WithRSA"
+#define NID_ripemd160WithRSA            119
+#define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L
+/* Taken from rfc2040
+ *  RC5_CBC_Parameters ::= SEQUENCE {
+ *      version           INTEGER (v1_0(16)),
+ *      rounds            INTEGER (8..127),
+ *      blockSizeInBits   INTEGER (64, 128),
+ *      iv                OCTET STRING OPTIONAL
+ *      }
+ */
+#define SN_rc5_cbc                      "RC5-CBC"
+#define LN_rc5_cbc                      "rc5-cbc"
+#define NID_rc5_cbc                     120
+#define OBJ_rc5_cbc                     OBJ_rsadsi,3L,8L
+#define SN_rc5_ecb                      "RC5-ECB"
+#define LN_rc5_ecb                      "rc5-ecb"
+#define NID_rc5_ecb                     121
+#define SN_rc5_cfb64                    "RC5-CFB"
+#define LN_rc5_cfb64                    "rc5-cfb"
+#define NID_rc5_cfb64                   122
+#define SN_rc5_ofb64                    "RC5-OFB"
+#define LN_rc5_ofb64                    "rc5-ofb"
+#define NID_rc5_ofb64                   123
+#include "bio.h"
+#include "asn1.h"
+#define         OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
+#ifndef NOPROTO
+ASN1_OBJECT *   OBJ_dup(ASN1_OBJECT *o);
+ASN1_OBJECT *   OBJ_nid2obj(int n);
+char *          OBJ_nid2ln(int n);
+char *          OBJ_nid2sn(int n);
+int             OBJ_obj2nid(ASN1_OBJECT *o);
+int             OBJ_txt2nid(char *s);
+int             OBJ_ln2nid(char *s);
+int             OBJ_sn2nid(char *s);
+int             OBJ_cmp(ASN1_OBJECT *a,ASN1_OBJECT *b);
+char *          OBJ_bsearch(char *key,char *base,int num,int size,int (*cmp)());
+void            ERR_load_OBJ_strings(void );
+int             OBJ_new_nid(int num);
+int             OBJ_add_object(ASN1_OBJECT *obj);
+int             OBJ_create(char *oid,char *sn,char *ln);
+void            OBJ_cleanup(void );
+int             OBJ_create_objects(BIO *in);
+#else
+ASN1_OBJECT *   OBJ_dup();
+ASN1_OBJECT *   OBJ_nid2obj();
+char *          OBJ_nid2ln();
+char *          OBJ_nid2sn();
+int             OBJ_obj2nid();
+int             OBJ_txt2nid();
+int             OBJ_ln2nid();
+int             OBJ_sn2nid();
+int             OBJ_cmp();
+char *          OBJ_bsearch();
+void            ERR_load_OBJ_strings();
+int             OBJ_new_nid();
+int             OBJ_add_object();
+int             OBJ_create();
+void            OBJ_cleanup();
+int             OBJ_create_objects();
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the OBJ functions. */
+/* Function codes. */
+#define OBJ_F_OBJ_CREATE                                 100
+#define OBJ_F_OBJ_DUP                                    101
+#define OBJ_F_OBJ_NID2LN                                 102
+#define OBJ_F_OBJ_NID2OBJ                                103
+#define OBJ_F_OBJ_NID2SN                                 104
+/* Reason codes. */
+#define OBJ_R_MALLOC_FAILURE                             100
+#define OBJ_R_UNKNOWN_NID                                101
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/objects/objects.txt b/src/lib/libssl/src/crypto/objects/objects.txt
new file mode 100644
index 0000000000..cb276e90e9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/objects.txt
@@ -0,0 +1,40 @@
+1 2                     : ISO member bodies
+1 2 840                 : US (ANSI)
+1 2 840 113549          : rsadsi        : RSA Data Security, Inc.
+1 2 840 113549 1        : pkcs          : RSA Data Security, Inc. PKCS
+1 2 840 113549 1 1 1    : rsaEncryption
+1 2 840 113549 1 1 2    : md2withRSAEncryption
+1 2 840 113549 1 1 4    : md5withRSAEncryption
+1 2 840 113549 1 7      : pkcs-7
+1 2 840 113549 1 7 1    : pkcs-7-data
+1 2 840 113549 1 7 2    : pkcs-7-signedData
+1 2 840 113549 1 7 3    : pkcs-7-envelopedData
+1 2 840 113549 1 7 4    : pkcs-7-signedAndEnvelopedData
+1 2 840 113549 1 7 5    : pkcs-7-digestData
+1 2 840 113549 1 7 6    : pkcs-7-encryptedData
+1 2 840 113549 2 2      : md2
+1 2 840 113549 2 4      : md4
+1 2 840 113549 2 5      : md5
+1 2 840 113549 3 4      : rc4
+1 2 840 113549 5 1      : pbeWithMD2AndDES_CBC
+1 2 840 113549 5 3      : pbeWithMD5AndDES_CBC
+2 5                     : X500          : directory services (X.500)
+2 5 4                   : X509
+2 5 4 3                 : commonName
+2 5 4 6                 : countryName
+2 5 4 7                 : localityName
+2 5 4 8                 : stateOrProvinceName
+2 5 4 10                : organizationName
+2 5 4 11                : organizationalUnitName
+2 5 8                   : directory services - algorithms
+2 5 8 1 1               : rsa
+algorithm 18            : sha
+encryptionAlgorithm 1   : rsa
+algorithm 11            : rsaSignature
+algorithm 6             : desECB
+algorithm 7             : desCBC
+algorithm 8             : desOFB
+algorithm 9             : desCFB
+algorithm 17            : desEDE2
diff --git a/src/lib/libssl/src/crypto/pem/message b/src/lib/libssl/src/crypto/pem/message
new file mode 100644
index 0000000000..e8bf9d7592
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pem/message
@@ -0,0 +1,16 @@
+-----BEGIN PRIVACY-ENHANCED MESSAGE-----
+Proc-Type: 4,ENCRYPTED
+Proc-Type: 4,MIC-ONLY
+Proc-Type: 4,MIC-CLEAR
+Content-Domain: RFC822
+DEK-Info: DES-CBC,0123456789abcdef
+Originator-Certificate
+ xxxx
+Issuer-Certificate
+ xxxx
+MIC-Info: RSA-MD5,RSA,
+ xxxx
+-----END PRIVACY-ENHANCED MESSAGE-----
diff --git a/src/lib/libssl/src/crypto/pem/pem.h b/src/lib/libssl/src/crypto/pem/pem.h
new file mode 100644
index 0000000000..55fbaeffe2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pem/pem.h
@@ -0,0 +1,562 @@
+/* crypto/pem/pem.org */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
+ *
+ * Always modify pem.org since pem.h is automatically generated from
+ * it during SSLeay configuration.
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+#ifndef HEADER_PEM_H
+#define HEADER_PEM_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "evp.h"
+#include "x509.h"
+#define PEM_OBJ_UNDEF           0
+#define PEM_OBJ_X509            1
+#define PEM_OBJ_X509_REQ        2
+#define PEM_OBJ_CRL             3
+#define PEM_OBJ_SSL_SESSION     4
+#define PEM_OBJ_PRIV_KEY        10
+#define PEM_OBJ_PRIV_RSA        11
+#define PEM_OBJ_PRIV_DSA        12
+#define PEM_OBJ_PRIV_DH         13
+#define PEM_OBJ_PUB_RSA         14
+#define PEM_OBJ_PUB_DSA         15
+#define PEM_OBJ_PUB_DH          16
+#define PEM_OBJ_DHPARAMS        17
+#define PEM_OBJ_DSAPARAMS       18
+#define PEM_OBJ_PRIV_RSA_PUBLIC 19
+#define PEM_ERROR               30
+#define PEM_DEK_DES_CBC         40
+#define PEM_DEK_IDEA_CBC        45
+#define PEM_DEK_DES_EDE         50
+#define PEM_DEK_DES_ECB         60
+#define PEM_DEK_RSA             70
+#define PEM_DEK_RSA_MD2         80
+#define PEM_DEK_RSA_MD5         90
+#define PEM_MD_MD2              NID_md2
+#define PEM_MD_MD5              NID_md5
+#define PEM_MD_SHA              NID_sha
+#define PEM_MD_MD2_RSA          NID_md2WithRSAEncryption
+#define PEM_MD_MD5_RSA          NID_md5WithRSAEncryption
+#define PEM_MD_SHA_RSA          NID_sha1WithRSAEncryption
+#define PEM_STRING_X509_OLD     "X509 CERTIFICATE"
+#define PEM_STRING_X509         "CERTIFICATE"
+#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
+#define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
+#define PEM_STRING_X509_CRL     "X509 CRL"
+#define PEM_STRING_EVP_PKEY     "PRIVATE KEY"
+#define PEM_STRING_RSA          "RSA PRIVATE KEY"
+#define PEM_STRING_RSA_PUBLIC   "RSA PUBLIC KEY"
+#define PEM_STRING_DSA          "DSA PRIVATE KEY"
+#define PEM_STRING_PKCS7        "PKCS7"
+#define PEM_STRING_DHPARAMS     "DH PARAMETERS"
+#define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
+#define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
+#ifndef HEADER_ENVELOPE_H
+#define EVP_ENCODE_CTX_SIZE  96
+#define EVP_MD_SIZE  60
+#define EVP_MD_CTX_SIZE  152
+#define EVP_CIPHER_SIZE  40
+#define EVP_CIPHER_CTX_SIZE  4212
+#define EVP_MAX_MD_SIZE  20
+typedef struct evp_encode_ctx_st
+        {
+        char data[EVP_ENCODE_CTX_SIZE];
+        } EVP_ENCODE_CTX;
+typedef struct env_md_ctx_st
+        {
+        char data[EVP_MD_CTX_SIZE];
+        } EVP_MD_CTX;
+typedef struct evp_cipher_st
+        {
+        char data[EVP_CIPHER_SIZE];
+        } EVP_CIPHER;
+typedef struct evp_cipher_ctx_st
+        {
+        char data[EVP_CIPHER_CTX_SIZE];
+        } EVP_CIPHER_CTX;
+#endif
+typedef struct PEM_Encode_Seal_st
+        {
+        EVP_ENCODE_CTX encode;
+        EVP_MD_CTX md;
+        EVP_CIPHER_CTX cipher;
+        } PEM_ENCODE_SEAL_CTX;
+/* enc_type is one off */
+#define PEM_TYPE_ENCRYPTED      10
+#define PEM_TYPE_MIC_ONLY       20
+#define PEM_TYPE_MIC_CLEAR      30
+#define PEM_TYPE_CLEAR          40
+typedef struct pem_recip_st
+        {
+        char *name;
+        X509_NAME *dn;
+        int cipher;
+        int key_enc;
+        char iv[8];
+        } PEM_USER;
+typedef struct pem_ctx_st
+        {
+        int type;               /* what type of object */
+        struct  {
+                int version;    
+                int mode;               
+                } proc_type;
+        char *domain;
+        struct  {
+                int cipher;
+                unsigned char iv[8];
+                } DEK_info;
+                
+        PEM_USER *originator;
+        int num_recipient;
+        PEM_USER **recipient;
+#ifdef HEADER_STACK_H
+        STACK *x509_chain;      /* certificate chain */
+#else
+        char *x509_chain;       /* certificate chain */
+#endif
+        EVP_MD *md;             /* signature type */
+        int md_enc;             /* is the md encrypted or not? */
+        int md_len;             /* length of md_data */
+        char *md_data;          /* message digest, could be pkey encrypted */
+        EVP_CIPHER *dec;        /* date encryption cipher */
+        int key_len;            /* key length */
+        unsigned char *key;     /* key */
+        unsigned char iv[8];    /* the iv */
+        
+        int  data_enc;          /* is the data encrypted */
+        int data_len;
+        unsigned char *data;
+        } PEM_CTX;
+#ifdef SSLEAY_MACROS
+#define PEM_write_SSL_SESSION(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
+                        PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL)
+#define PEM_write_X509(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
+                        (char *)x, NULL,NULL,0,NULL)
+#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
+                (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
+                        NULL,NULL,0,NULL)
+#define PEM_write_X509_CRL(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
+                        fp,(char *)x, NULL,NULL,0,NULL)
+#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) \
+                PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
+                        (char *)x,enc,kstr,klen,cb)
+#define PEM_write_RSAPublicKey(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
+                        PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL)
+#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) \
+                PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
+                        (char *)x,enc,kstr,klen,cb)
+#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb) \
+                PEM_ASN1_write((int (*)())i2d_PrivateKey,\
+                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
+                        bp,(char *)x,enc,kstr,klen,cb)
+#define PEM_write_PKCS7(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
+                        (char *)x, NULL,NULL,0,NULL)
+#define PEM_write_DHparams(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
+                        (char *)x,NULL,NULL,0,NULL)
+#define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \
+        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb)
+#define PEM_read_X509(fp,x,cb) (X509 *)PEM_ASN1_read( \
+        (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb)
+#define PEM_read_X509_REQ(fp,x,cb) (X509_REQ *)PEM_ASN1_read( \
+        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb)
+#define PEM_read_X509_CRL(fp,x,cb) (X509_CRL *)PEM_ASN1_read( \
+        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb)
+#define PEM_read_RSAPrivateKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
+        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb)
+#define PEM_read_RSAPublicKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
+        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb)
+#define PEM_read_DSAPrivateKey(fp,x,cb) (DSA *)PEM_ASN1_read( \
+        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb)
+#define PEM_read_PrivateKey(fp,x,cb) (EVP_PKEY *)PEM_ASN1_read( \
+        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb)
+#define PEM_read_PKCS7(fp,x,cb) (PKCS7 *)PEM_ASN1_read( \
+        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb)
+#define PEM_read_DHparams(fp,x,cb) (DH *)PEM_ASN1_read( \
+        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb)
+#define PEM_write_bio_SSL_SESSION(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
+                        PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
+#define PEM_write_bio_X509(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
+                        (char *)x, NULL,NULL,0,NULL)
+#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
+                (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
+                        NULL,NULL,0,NULL)
+#define PEM_write_bio_X509_CRL(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
+                        bp,(char *)x, NULL,NULL,0,NULL)
+#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) \
+                PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
+                        bp,(char *)x,enc,kstr,klen,cb)
+#define PEM_write_bio_RSAPublicKey(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
+                        PEM_STRING_RSA_PUBLIC,\
+                        bp,(char *)x,NULL,NULL,0,NULL)
+#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) \
+                PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
+                        bp,(char *)x,enc,kstr,klen,cb)
+#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb) \
+                PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
+                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
+                        bp,(char *)x,enc,kstr,klen,cb)
+#define PEM_write_bio_PKCS7(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
+                        (char *)x, NULL,NULL,0,NULL)
+#define PEM_write_bio_DHparams(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
+                        bp,(char *)x,NULL,NULL,0,NULL)
+#define PEM_write_bio_DSAparams(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
+                        PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL)
+#define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb)
+#define PEM_read_bio_X509(bp,x,cb) (X509 *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb)
+#define PEM_read_bio_X509_REQ(bp,x,cb) (X509_REQ *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb)
+#define PEM_read_bio_X509_CRL(bp,x,cb) (X509_CRL *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb)
+#define PEM_read_bio_RSAPrivateKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb)
+#define PEM_read_bio_RSAPublicKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb)
+#define PEM_read_bio_DSAPrivateKey(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb)
+#define PEM_read_bio_PrivateKey(bp,x,cb) (EVP_PKEY *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb)
+#define PEM_read_bio_PKCS7(bp,x,cb) (PKCS7 *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb)
+#define PEM_read_bio_DHparams(bp,x,cb) (DH *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb)
+#define PEM_read_bio_DSAparams(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb)
+#endif
+#ifndef NOPROTO
+int     PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
+int     PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
+                int (*callback)());
+#ifdef HEADER_BIO_H
+int     PEM_read_bio(BIO *bp, char **name, char **header,
+                unsigned char **data,long *len);
+int     PEM_write_bio(BIO *bp,char *name,char *hdr,unsigned char *data,
+                long len);
+char *  PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,
+                int (*cb)());
+int     PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
+                EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
+STACK * PEM_X509_INFO_read_bio(BIO *bp, STACK *sk, int (*cb)());
+int     PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
+                unsigned char *kstr, int klen, int (*cb)());
+#endif
+#ifndef WIN16
+int     PEM_read(FILE *fp, char **name, char **header,
+                unsigned char **data,long *len);
+int     PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
+char *  PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,
+                int (*cb)());
+int     PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
+                EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
+STACK * PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
+#endif
+int     PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
+                EVP_MD *md_type, unsigned char **ek, int *ekl,
+                unsigned char *iv, EVP_PKEY **pubk, int npubk);
+void    PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
+                unsigned char *in, int inl);
+int     PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,
+                unsigned char *out, int *outl, EVP_PKEY *priv);
+void    PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
+void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
+int     PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                unsigned int *siglen, EVP_PKEY *pkey);
+void    ERR_load_PEM_strings(void);
+void    PEM_proc_type(char *buf, int type);
+void    PEM_dek_info(char *buf, char *type, int len, char *str);
+#ifndef SSLEAY_MACROS
+#ifndef WIN16
+X509 *PEM_read_X509(FILE *fp,X509 **x,int (*cb)());
+X509_REQ *PEM_read_X509_REQ(FILE *fp,X509_REQ **x,int (*cb)());
+X509_CRL *PEM_read_X509_CRL(FILE *fp,X509_CRL **x,int (*cb)());
+RSA *PEM_read_RSAPrivateKey(FILE *fp,RSA **x,int (*cb)());
+RSA *PEM_read_RSAPublicKey(FILE *fp,RSA **x,int (*cb)());
+DSA *PEM_read_DSAPrivateKey(FILE *fp,DSA **x,int (*cb)());
+EVP_PKEY *PEM_read_PrivateKey(FILE *fp,EVP_PKEY **x,int (*cb)());
+PKCS7 *PEM_read_PKCS7(FILE *fp,PKCS7 **x,int (*cb)());
+DH *PEM_read_DHparams(FILE *fp,DH **x,int (*cb)());
+DSA *PEM_read_DSAparams(FILE *fp,DSA **x,int (*cb)());
+int PEM_write_X509(FILE *fp,X509 *x);
+int PEM_write_X509_REQ(FILE *fp,X509_REQ *x);
+int PEM_write_X509_CRL(FILE *fp,X509_CRL *x);
+int PEM_write_RSAPrivateKey(FILE *fp,RSA *x,EVP_CIPHER *enc,unsigned char *kstr,
+        int klen,int (*cb)());
+int PEM_write_RSAPublicKey(FILE *fp,RSA *x);
+int PEM_write_DSAPrivateKey(FILE *fp,DSA *x,EVP_CIPHER *enc,unsigned char *kstr,
+        int klen,int (*cb)());
+int PEM_write_PrivateKey(FILE *fp,EVP_PKEY *x,EVP_CIPHER *enc,
+        unsigned char *kstr,int klen,int (*cb)());
+int PEM_write_PKCS7(FILE *fp,PKCS7 *x);
+int PEM_write_DHparams(FILE *fp,DH *x);
+int PEM_write_DSAparams(FILE *fp,DSA *x);
+#endif
+#ifdef HEADER_BIO_H
+X509 *PEM_read_bio_X509(BIO *bp,X509 **x,int (*cb)());
+X509_REQ *PEM_read_bio_X509_REQ(BIO *bp,X509_REQ **x,int (*cb)());
+X509_CRL *PEM_read_bio_X509_CRL(BIO *bp,X509_CRL **x,int (*cb)());
+RSA *PEM_read_bio_RSAPrivateKey(BIO *bp,RSA **x,int (*cb)());
+RSA *PEM_read_bio_RSAPublicKey(BIO *bp,RSA **x,int (*cb)());
+DSA *PEM_read_bio_DSAPrivateKey(BIO *bp,DSA **x,int (*cb)());
+EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp,EVP_PKEY **x,int (*cb)());
+PKCS7 *PEM_read_bio_PKCS7(BIO *bp,PKCS7 **x,int (*cb)());
+DH *PEM_read_bio_DHparams(BIO *bp,DH **x,int (*cb)());
+DSA *PEM_read_bio_DSAparams(BIO *bp,DSA **x,int (*cb)());
+int PEM_write_bio_X509(BIO *bp,X509 *x);
+int PEM_write_bio_X509_REQ(BIO *bp,X509_REQ *x);
+int PEM_write_bio_X509_CRL(BIO *bp,X509_CRL *x);
+int PEM_write_bio_RSAPrivateKey(BIO *fp,RSA *x,EVP_CIPHER *enc,
+        unsigned char *kstr,int klen,int (*cb)());
+int PEM_write_bio_RSAPublicKey(BIO *fp,RSA *x);
+int PEM_write_bio_DSAPrivateKey(BIO *fp,DSA *x,EVP_CIPHER *enc,
+        unsigned char *kstr,int klen,int (*cb)());
+int PEM_write_bio_PrivateKey(BIO *fp,EVP_PKEY *x,EVP_CIPHER *enc,
+        unsigned char *kstr,int klen,int (*cb)());
+int PEM_write_bio_PKCS7(BIO *bp,PKCS7 *x);
+int PEM_write_bio_DHparams(BIO *bp,DH *x);
+int PEM_write_bio_DSAparams(BIO *bp,DSA *x);
+#endif
+#endif /* SSLEAY_MACROS */
+#else
+int     PEM_get_EVP_CIPHER_INFO();
+int     PEM_do_header();
+int     PEM_read_bio();
+int     PEM_write_bio();
+#ifndef WIN16
+int     PEM_read();
+int     PEM_write();
+STACK * PEM_X509_INFO_read();
+char *  PEM_ASN1_read();
+int     PEM_ASN1_write();
+#endif
+STACK * PEM_X509_INFO_read_bio();
+int     PEM_X509_INFO_write_bio();
+char *  PEM_ASN1_read_bio();
+int     PEM_ASN1_write_bio();
+int     PEM_SealInit();
+void    PEM_SealUpdate();
+int     PEM_SealFinal();
+int     PEM_SignFinal();
+void    ERR_load_PEM_strings();
+void    PEM_proc_type();
+void    PEM_dek_info();
+#ifndef SSLEAY_MACROS
+#ifndef WIN16
+X509 *PEM_read_X509();
+X509_REQ *PEM_read_X509_REQ();
+X509_CRL *PEM_read_X509_CRL();
+RSA *PEM_read_RSAPrivateKey();
+RSA *PEM_read_RSAPublicKey();
+DSA *PEM_read_DSAPrivateKey();
+EVP_PKEY *PEM_read_PrivateKey();
+PKCS7 *PEM_read_PKCS7();
+DH *PEM_read_DHparams();
+DSA *PEM_read_DSAparams();
+int PEM_write_X509();
+int PEM_write_X509_REQ();
+int PEM_write_X509_CRL();
+int PEM_write_RSAPrivateKey();
+int PEM_write_RSAPublicKey();
+int PEM_write_DSAPrivateKey();
+int PEM_write_PrivateKey();
+int PEM_write_PKCS7();
+int PEM_write_DHparams();
+int PEM_write_DSAparams();
+#endif
+X509 *PEM_read_bio_X509();
+X509_REQ *PEM_read_bio_X509_REQ();
+X509_CRL *PEM_read_bio_X509_CRL();
+RSA *PEM_read_bio_RSAPrivateKey();
+RSA *PEM_read_bio_RSAPublicKey();
+DSA *PEM_read_bio_DSAPrivateKey();
+EVP_PKEY *PEM_read_bio_PrivateKey();
+PKCS7 *PEM_read_bio_PKCS7();
+DH *PEM_read_bio_DHparams();
+DSA *PEM_read_bio_DSAparams();
+int PEM_write_bio_X509();
+int PEM_write_bio_X509_REQ();
+int PEM_write_bio_X509_CRL();
+int PEM_write_bio_RSAPrivateKey();
+int PEM_write_bio_RSAPublicKey();
+int PEM_write_bio_DSAPrivateKey();
+int PEM_write_bio_PrivateKey();
+int PEM_write_bio_PKCS7();
+int PEM_write_bio_DHparams();
+int PEM_write_bio_DSAparams();
+#endif /* SSLEAY_MACROS */
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the PEM functions. */
+/* Function codes. */
+#define PEM_F_DEF_CALLBACK                               100
+#define PEM_F_LOAD_IV                                    101
+#define PEM_F_PEM_ASN1_READ                              102
+#define PEM_F_PEM_ASN1_READ_BIO                          103
+#define PEM_F_PEM_ASN1_WRITE                             104
+#define PEM_F_PEM_ASN1_WRITE_BIO                         105
+#define PEM_F_PEM_DO_HEADER                              106
+#define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
+#define PEM_F_PEM_READ                                   108
+#define PEM_F_PEM_READ_BIO                               109
+#define PEM_F_PEM_SEALFINAL                              110
+#define PEM_F_PEM_SEALINIT                               111
+#define PEM_F_PEM_SIGNFINAL                              112
+#define PEM_F_PEM_WRITE                                  113
+#define PEM_F_PEM_WRITE_BIO                              114
+#define PEM_F_PEM_X509_INFO_READ                         115
+#define PEM_F_PEM_X509_INFO_READ_BIO                     116
+#define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
+/* Reason codes. */
+#define PEM_R_BAD_BASE64_DECODE                          100
+#define PEM_R_BAD_DECRYPT                                101
+#define PEM_R_BAD_END_LINE                               102
+#define PEM_R_BAD_IV_CHARS                               103
+#define PEM_R_BAD_PASSWORD_READ                          104
+#define PEM_R_NOT_DEK_INFO                               105
+#define PEM_R_NOT_ENCRYPTED                              106
+#define PEM_R_NOT_PROC_TYPE                              107
+#define PEM_R_NO_START_LINE                              108
+#define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
+#define PEM_R_PUBLIC_KEY_NO_RSA                          110
+#define PEM_R_READ_KEY                                   111
+#define PEM_R_SHORT_HEADER                               112
+#define PEM_R_UNSUPPORTED_CIPHER                         113
+#define PEM_R_UNSUPPORTED_ENCRYPTION                     114
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/pem/pem_all.c b/src/lib/libssl/src/crypto/pem/pem_all.c
new file mode 100644
index 0000000000..d1cda7aabe
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pem/pem_all.c
@@ -0,0 +1,488 @@
+/* crypto/pem/pem_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include "cryptlib.h"
+#include "bio.h"
+#include "evp.h"
+#include "x509.h"
+#include "pkcs7.h"
+#include "pem.h"
+#ifndef NO_FP_API
+/* The X509 functions */
+X509 *PEM_read_X509(fp,x,cb)
+FILE *fp;
+X509 **x;
+int (*cb)();
+        {
+        return((X509 *)PEM_ASN1_read((char *(*)())d2i_X509,
+                PEM_STRING_X509,fp,(char **)x,cb));
+        }
+#endif
+X509 *PEM_read_bio_X509(bp,x,cb)
+BIO *bp;
+X509 **x;
+int (*cb)();
+        {
+        return((X509 *)PEM_ASN1_read_bio((char *(*)())d2i_X509,
+                PEM_STRING_X509,bp,(char **)x,cb));
+        }
+#ifndef NO_FP_API
+int PEM_write_X509(fp,x)
+FILE *fp;
+X509 *x;
+        {
+        return(PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp,
+                (char *)x, NULL,NULL,0,NULL));
+        }
+#endif
+int PEM_write_bio_X509(bp,x)
+BIO *bp;
+X509 *x;
+        {
+        return(PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp,
+                (char *)x, NULL,NULL,0,NULL));
+        }
+#ifndef NO_FP_API
+/* The X509_REQ functions */
+X509_REQ *PEM_read_X509_REQ(fp,x,cb)
+FILE *fp;
+X509_REQ **x;
+int (*cb)();
+        {
+        return((X509_REQ *)PEM_ASN1_read((char *(*)())d2i_X509_REQ,
+                PEM_STRING_X509_REQ,fp,(char **)x,cb));
+        }
+#endif
+X509_REQ *PEM_read_bio_X509_REQ(bp,x,cb)
+BIO *bp;
+X509_REQ **x;
+int (*cb)();
+        {
+        return((X509_REQ *)PEM_ASN1_read_bio((char *(*)())d2i_X509_REQ,
+                PEM_STRING_X509_REQ,bp,(char **)x,cb));
+        }
+#ifndef NO_FP_API
+int PEM_write_X509_REQ(fp,x)
+FILE *fp;
+X509_REQ *x;
+        {
+        return(PEM_ASN1_write((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,
+                (char *)x, NULL,NULL,0,NULL));
+        }
+#endif
+int PEM_write_bio_X509_REQ(bp,x)
+BIO *bp;
+X509_REQ *x;
+        {
+        return(PEM_ASN1_write_bio((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,
+                bp,(char *)x, NULL,NULL,0,NULL));
+        }
+#ifndef NO_FP_API
+/* The X509_CRL functions */
+X509_CRL *PEM_read_X509_CRL(fp,x,cb)
+FILE *fp;
+X509_CRL **x;
+int (*cb)();
+        {
+        return((X509_CRL *)PEM_ASN1_read((char *(*)())d2i_X509_CRL,
+                PEM_STRING_X509_CRL,fp,(char **)x,cb));
+        }
+#endif
+X509_CRL *PEM_read_bio_X509_CRL(bp,x,cb)
+BIO *bp;
+X509_CRL **x;
+int (*cb)();
+        {
+        return((X509_CRL *)PEM_ASN1_read_bio((char *(*)())d2i_X509_CRL,
+                PEM_STRING_X509_CRL,bp,(char **)x,cb));
+        }
+#ifndef NO_FP_API
+int PEM_write_X509_CRL(fp,x)
+FILE *fp;
+X509_CRL *x;
+        {
+        return(PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,fp,
+                (char *)x, NULL,NULL,0,NULL));
+        }
+#endif
+int PEM_write_bio_X509_CRL(bp,x)
+BIO *bp;
+X509_CRL *x;
+        {
+        return(PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,
+                bp,(char *)x, NULL,NULL,0,NULL));
+        }
+#ifndef NO_RSA
+#ifndef NO_FP_API
+/* The RSAPrivateKey functions */
+RSA *PEM_read_RSAPrivateKey(fp,x,cb)
+FILE *fp;
+RSA **x;
+int (*cb)();
+        {
+        return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPrivateKey,
+                PEM_STRING_RSA,fp,(char **)x,cb));
+        }
+RSA *PEM_read_RSAPublicKey(fp,x,cb)
+FILE *fp;
+RSA **x;
+int (*cb)();
+        {
+        return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPublicKey,
+                PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb));
+        }
+#endif
+RSA *PEM_read_bio_RSAPrivateKey(bp,x,cb)
+BIO *bp;
+RSA **x;
+int (*cb)();
+        {
+        return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPrivateKey,
+                PEM_STRING_RSA,bp,(char **)x,cb));
+        }
+RSA *PEM_read_bio_RSAPublicKey(bp,x,cb)
+BIO *bp;
+RSA **x;
+int (*cb)();
+        {
+        return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPublicKey,
+                PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb));
+        }
+#ifndef NO_FP_API
+int PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb)
+FILE *fp;
+RSA *x;
+EVP_CIPHER *enc;
+unsigned char *kstr;
+int klen;
+int (*cb)();
+        {
+        return(PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,
+                (char *)x,enc,kstr,klen,cb));
+        }
+int PEM_write_RSAPublicKey(fp,x)
+FILE *fp;
+RSA *x;
+        {
+        return(PEM_ASN1_write((int (*)())i2d_RSAPublicKey,
+                PEM_STRING_RSA_PUBLIC,fp,
+                (char *)x,NULL,NULL,0,NULL));
+        }
+#endif
+int PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb)
+BIO *bp;
+RSA *x;
+EVP_CIPHER *enc;
+unsigned char *kstr;
+int klen;
+int (*cb)();
+        {
+        return(PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,
+                bp,(char *)x,enc,kstr,klen,cb));
+        }
+int PEM_write_bio_RSAPublicKey(bp,x)
+BIO *bp;
+RSA *x;
+        {
+        return(PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey,
+                PEM_STRING_RSA_PUBLIC,
+                bp,(char *)x,NULL,NULL,0,NULL));
+        }
+#endif /* !NO_RSA */
+#ifndef NO_DSA
+#ifndef NO_FP_API
+/* The DSAPrivateKey functions */
+DSA *PEM_read_DSAPrivateKey(fp,x,cb)
+FILE *fp;
+DSA **x;
+int (*cb)();
+        {
+        return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAPrivateKey,
+                PEM_STRING_DSA,fp,(char **)x,cb));
+        }
+#endif
+DSA *PEM_read_bio_DSAPrivateKey(bp,x,cb)
+BIO *bp;
+DSA **x;
+int (*cb)();
+        {
+        return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAPrivateKey,
+                PEM_STRING_DSA,bp,(char **)x,cb));
+        }
+#ifndef NO_FP_API
+int PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb)
+FILE *fp;
+DSA *x;
+EVP_CIPHER *enc;
+unsigned char *kstr;
+int klen;
+int (*cb)();
+        {
+        return(PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,
+                (char *)x,enc,kstr,klen,cb));
+        }
+#endif
+int PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb)
+BIO *bp;
+DSA *x;
+EVP_CIPHER *enc;
+unsigned char *kstr;
+int klen;
+int (*cb)();
+        {
+        return(PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,
+                bp,(char *)x,enc,kstr,klen,cb));
+        }
+#endif
+#ifndef NO_FP_API
+/* The PrivateKey functions */
+EVP_PKEY *PEM_read_PrivateKey(fp,x,cb)
+FILE *fp;
+EVP_PKEY **x;
+int (*cb)();
+        {
+        return((EVP_PKEY *)PEM_ASN1_read((char *(*)())d2i_PrivateKey,
+                PEM_STRING_EVP_PKEY,fp,(char **)x,cb));
+        }
+#endif
+EVP_PKEY *PEM_read_bio_PrivateKey(bp,x,cb)
+BIO *bp;
+EVP_PKEY **x;
+int (*cb)();
+        {
+        return((EVP_PKEY *)PEM_ASN1_read_bio((char *(*)())d2i_PrivateKey,
+                PEM_STRING_EVP_PKEY,bp,(char **)x,cb));
+        }
+#ifndef NO_FP_API
+int PEM_write_PrivateKey(fp,x,enc,kstr,klen,cb)
+FILE *fp;
+EVP_PKEY *x;
+EVP_CIPHER *enc;
+unsigned char *kstr;
+int klen;
+int (*cb)();
+        {
+        return(PEM_ASN1_write((int (*)())i2d_PrivateKey,
+                ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
+                fp,(char *)x,enc,kstr,klen,cb));
+        }
+#endif
+int PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb)
+BIO *bp;
+EVP_PKEY *x;
+EVP_CIPHER *enc;
+unsigned char *kstr;
+int klen;
+int (*cb)();
+        {
+        return(PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,
+                ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
+                bp,(char *)x,enc,kstr,klen,cb));
+        }
+#ifndef NO_FP_API
+/* The PKCS7 functions */
+PKCS7 *PEM_read_PKCS7(fp,x,cb)
+FILE *fp;
+PKCS7 **x;
+int (*cb)();
+        {
+        return((PKCS7 *)PEM_ASN1_read((char *(*)())d2i_PKCS7,
+                PEM_STRING_PKCS7,fp,(char **)x,cb));
+        }
+#endif
+PKCS7 *PEM_read_bio_PKCS7(bp,x,cb)
+BIO *bp;
+PKCS7 **x;
+int (*cb)();
+        {
+        return((PKCS7 *)PEM_ASN1_read_bio((char *(*)())d2i_PKCS7,
+                PEM_STRING_PKCS7,bp,(char **)x,cb));
+        }
+#ifndef NO_FP_API
+int PEM_write_PKCS7(fp,x)
+FILE *fp;
+PKCS7 *x;
+        {
+        return(PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp,
+                (char *)x, NULL,NULL,0,NULL));
+        }
+#endif
+int PEM_write_bio_PKCS7(bp,x)
+BIO *bp;
+PKCS7 *x;
+        {
+        return(PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp,
+                (char *)x, NULL,NULL,0,NULL));
+        }
+#ifndef NO_DH
+#ifndef NO_FP_API
+/* The DHparams functions */
+DH *PEM_read_DHparams(fp,x,cb)
+FILE *fp;
+DH **x;
+int (*cb)();
+        {
+        return((DH *)PEM_ASN1_read((char *(*)())d2i_DHparams,
+                PEM_STRING_DHPARAMS,fp,(char **)x,cb));
+        }
+#endif
+DH *PEM_read_bio_DHparams(bp,x,cb)
+BIO *bp;
+DH **x;
+int (*cb)();
+        {
+        return((DH *)PEM_ASN1_read_bio((char *(*)())d2i_DHparams,
+                PEM_STRING_DHPARAMS,bp,(char **)x,cb));
+        }
+#ifndef NO_FP_API
+int PEM_write_DHparams(fp,x)
+FILE *fp;
+DH *x;
+        {
+        return(PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,
+                (char *)x, NULL,NULL,0,NULL));
+        }
+#endif
+int PEM_write_bio_DHparams(bp,x)
+BIO *bp;
+DH *x;
+        {
+        return(PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,
+                bp,(char *)x, NULL,NULL,0,NULL));
+        }
+#endif
+#ifndef NO_DSA
+#ifndef NO_FP_API
+/* The DSAparams functions */
+DSA *PEM_read_DSAparams(fp,x,cb)
+FILE *fp;
+DSA **x;
+int (*cb)();
+        {
+        return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAparams,
+                PEM_STRING_DSAPARAMS,fp,(char **)x,cb));
+        }
+#endif
+DSA *PEM_read_bio_DSAparams(bp,x,cb)
+BIO *bp;
+DSA **x;
+int (*cb)();
+        {
+        return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAparams,
+                PEM_STRING_DSAPARAMS,bp,(char **)x,cb));
+        }
+#ifndef NO_FP_API
+int PEM_write_DSAparams(fp,x)
+FILE *fp;
+DSA *x;
+        {
+        return(PEM_ASN1_write((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,fp,
+                (char *)x, NULL,NULL,0,NULL));
+        }
+#endif
+int PEM_write_bio_DSAparams(bp,x)
+BIO *bp;
+DSA *x;
+        {
+        return(PEM_ASN1_write_bio((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,
+                bp,(char *)x, NULL,NULL,0,NULL));
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/pem/pem_err.c b/src/lib/libssl/src/crypto/pem/pem_err.c
new file mode 100644
index 0000000000..e17fcdb540
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pem/pem_err.c
@@ -0,0 +1,122 @@
+/* lib/pem/pem_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "pem.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA PEM_str_functs[]=
+        {
+{ERR_PACK(0,PEM_F_DEF_CALLBACK,0),      "DEF_CALLBACK"},
+{ERR_PACK(0,PEM_F_LOAD_IV,0),   "LOAD_IV"},
+{ERR_PACK(0,PEM_F_PEM_ASN1_READ,0),     "PEM_ASN1_read"},
+{ERR_PACK(0,PEM_F_PEM_ASN1_READ_BIO,0), "PEM_ASN1_read_bio"},
+{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0),    "PEM_ASN1_write"},
+{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0),        "PEM_ASN1_write_bio"},
+{ERR_PACK(0,PEM_F_PEM_DO_HEADER,0),     "PEM_do_header"},
+{ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0),   "PEM_get_EVP_CIPHER_INFO"},
+{ERR_PACK(0,PEM_F_PEM_READ,0),  "PEM_read"},
+{ERR_PACK(0,PEM_F_PEM_READ_BIO,0),      "PEM_read_bio"},
+{ERR_PACK(0,PEM_F_PEM_SEALFINAL,0),     "PEM_SealFinal"},
+{ERR_PACK(0,PEM_F_PEM_SEALINIT,0),      "PEM_SealInit"},
+{ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0),     "PEM_SignFinal"},
+{ERR_PACK(0,PEM_F_PEM_WRITE,0), "PEM_write"},
+{ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0),     "PEM_write_bio"},
+{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0),        "PEM_X509_INFO_read"},
+{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0),    "PEM_X509_INFO_read_bio"},
+{ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0),   "PEM_X509_INFO_write_bio"},
+{0,NULL},
+        };
+static ERR_STRING_DATA PEM_str_reasons[]=
+        {
+{PEM_R_BAD_BASE64_DECODE                 ,"bad base64 decode"},
+{PEM_R_BAD_DECRYPT                       ,"bad decrypt"},
+{PEM_R_BAD_END_LINE                      ,"bad end line"},
+{PEM_R_BAD_IV_CHARS                      ,"bad iv chars"},
+{PEM_R_BAD_PASSWORD_READ                 ,"bad password read"},
+{PEM_R_NOT_DEK_INFO                      ,"not dek info"},
+{PEM_R_NOT_ENCRYPTED                     ,"not encrypted"},
+{PEM_R_NOT_PROC_TYPE                     ,"not proc type"},
+{PEM_R_NO_START_LINE                     ,"no start line"},
+{PEM_R_PROBLEMS_GETTING_PASSWORD         ,"problems getting password"},
+{PEM_R_PUBLIC_KEY_NO_RSA                 ,"public key no rsa"},
+{PEM_R_READ_KEY                          ,"read key"},
+{PEM_R_SHORT_HEADER                      ,"short header"},
+{PEM_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
+{PEM_R_UNSUPPORTED_ENCRYPTION            ,"unsupported encryption"},
+{0,NULL},
+        };
+#endif
+void ERR_load_PEM_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_PEM,PEM_str_functs);
+                ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/pem/pem_info.c b/src/lib/libssl/src/crypto/pem/pem_info.c
new file mode 100644
index 0000000000..4b69833b62
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pem/pem_info.c
@@ -0,0 +1,365 @@
+/* crypto/pem/pem_info.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+#ifndef NO_FP_API
+STACK *PEM_X509_INFO_read(fp,sk,cb)
+FILE *fp;
+STACK *sk;
+int (*cb)();
+        {
+        BIO *b;
+        STACK *ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_X509_INFO_read_bio(b,sk,cb);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+STACK *PEM_X509_INFO_read_bio(bp,sk,cb)
+BIO *bp;
+STACK *sk;
+int (*cb)();
+        {
+        X509_INFO *xi=NULL;
+        char *name=NULL,*header=NULL,**pp;
+        unsigned char *data=NULL,*p;
+        long len,error=0;
+        int ok=0;
+        STACK *ret=NULL;
+        unsigned int i,raw;
+        char *(*d2i)();
+        if (sk == NULL)
+                {
+                if ((ret=sk_new_null()) == NULL)
+                        {
+                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                }
+        else
+                ret=sk;
+        if ((xi=X509_INFO_new()) == NULL) goto err;
+        for (;;)
+                {
+                raw=0;
+                i=PEM_read_bio(bp,&name,&header,&data,&len);
+                if (i == 0)
+                        {
+                        error=ERR_GET_REASON(ERR_peek_error());
+                        if (error == PEM_R_NO_START_LINE)
+                                {
+                                ERR_clear_error();
+                                break;
+                                }
+                        goto err;
+                        }
+start:
+                if (    (strcmp(name,PEM_STRING_X509) == 0) ||
+                        (strcmp(name,PEM_STRING_X509_OLD) == 0))
+                        {
+                        d2i=(char *(*)())d2i_X509;
+                        if (xi->x509 != NULL)
+                                {
+                                if (!sk_push(ret,(char *)xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+                        pp=(char **)&(xi->x509);
+                        }
+                else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
+                        {
+                        d2i=(char *(*)())d2i_X509_CRL;
+                        if (xi->crl != NULL)
+                                {
+                                if (!sk_push(ret,(char *)xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+                        pp=(char **)&(xi->crl);
+                        }
+                else
+#ifndef NO_RSA
+                        if (strcmp(name,PEM_STRING_RSA) == 0)
+                        {
+                        d2i=(char *(*)())d2i_RSAPrivateKey;
+                        if (xi->x_pkey != NULL) 
+                                {
+                                if (!sk_push(ret,(char *)xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+                        xi->enc_data=NULL;
+                        xi->enc_len=0;
+                        xi->x_pkey=X509_PKEY_new();
+                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+                                goto err;
+                        xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA;
+                        pp=(char **)&(xi->x_pkey->dec_pkey->pkey.rsa);
+                        if ((int)strlen(header) > 10) /* assume encrypted */
+                                raw=1;
+                        }
+                else
+#endif
+#ifndef NO_DSA
+                        if (strcmp(name,PEM_STRING_DSA) == 0)
+                        {
+                        d2i=(char *(*)())d2i_DSAPrivateKey;
+                        if (xi->x_pkey != NULL) 
+                                {
+                                if (!sk_push(ret,(char *)xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+                        xi->enc_data=NULL;
+                        xi->enc_len=0;
+                        xi->x_pkey=X509_PKEY_new();
+                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+                                goto err;
+                        xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA;
+                        pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa);
+                        if ((int)strlen(header) > 10) /* assume encrypted */
+                                raw=1;
+                        }
+                else
+#endif
+                        {
+                        d2i=NULL;
+                        pp=NULL;
+                        }
+                if (d2i != NULL)
+                        {
+                        if (!raw)
+                                {
+                                EVP_CIPHER_INFO cipher;
+                                if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
+                                        goto err;
+                                if (!PEM_do_header(&cipher,data,&len,cb))
+                                        goto err;
+                                p=data;
+                                if (d2i(pp,&p,len) == NULL)
+                                        {
+                                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
+                                        goto err;
+                                        }
+                                }
+                        else
+                                { /* encrypted RSA data */
+                                if (!PEM_get_EVP_CIPHER_INFO(header,
+                                        &xi->enc_cipher)) goto err;
+                                xi->enc_data=(char *)data;
+                                xi->enc_len=(int)len;
+                                data=NULL;
+                                }
+                        }
+                else    {
+                        /* unknown */
+                        }
+                if (name != NULL) Free(name);
+                if (header != NULL) Free(header);
+                if (data != NULL) Free(data);
+                name=NULL;
+                header=NULL;
+                data=NULL;
+                }
+        /* if the last one hasn't been pushed yet and there is anything
+         * in it then add it to the stack ... 
+         */
+        if ((xi->x509 != NULL) || (xi->crl != NULL) ||
+                (xi->x_pkey != NULL) || (xi->enc_data != NULL))
+                {
+                if (!sk_push(ret,(char *)xi)) goto err;
+                xi=NULL;
+                }
+        ok=1;
+err:
+        if (xi != NULL) X509_INFO_free(xi);
+        if (!ok)
+                {
+                for (i=0; ((int)i)<sk_num(ret); i++)
+                        {
+                        xi=(X509_INFO *)sk_value(ret,i);
+                        X509_INFO_free(xi);
+                        }
+                if (ret != sk) sk_free(ret);
+                ret=NULL;
+                }
+                
+        if (name != NULL) Free(name);
+        if (header != NULL) Free(header);
+        if (data != NULL) Free(data);
+        return(ret);
+        }
+/* A TJH addition */
+int PEM_X509_INFO_write_bio(bp,xi,enc,kstr,klen,cb)
+BIO *bp;
+X509_INFO *xi;
+EVP_CIPHER *enc;
+unsigned char *kstr;
+int klen;
+int (*cb)();
+        {
+        EVP_CIPHER_CTX ctx;
+        int i,ret=0;
+        unsigned char *data=NULL;
+        char *objstr=NULL;
+#define PEM_BUFSIZE     1024
+        char buf[PEM_BUFSIZE];
+        unsigned char *iv=NULL;
+        
+        if (enc != NULL)
+                {
+                objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
+                if (objstr == NULL)
+                        {
+                        PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
+                        goto err;
+                        }
+                }
+        /* now for the fun part ... if we have a private key then 
+         * we have to be able to handle a not-yet-decrypted key
+         * being written out correctly ... if it is decrypted or
+         * it is non-encrypted then we use the base code
+         */
+        if (xi->x_pkey!=NULL)
+                {
+                if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
+                        {
+                        /* copy from wierdo names into more normal things */
+                        iv=xi->enc_cipher.iv;
+                        data=(unsigned char *)xi->enc_data;
+                        i=xi->enc_len;
+                        /* we take the encryption data from the
+                         * internal stuff rather than what the
+                         * user has passed us ... as we have to 
+                         * match exactly for some strange reason
+                         */
+                        objstr=OBJ_nid2sn(
+                                EVP_CIPHER_nid(xi->enc_cipher.cipher));
+                        if (objstr == NULL)
+                                {
+                                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
+                                goto err;
+                                }
+                        /* create the right magic header stuff */
+                        buf[0]='\0';
+                        PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+                        PEM_dek_info(buf,objstr,8,(char *)iv);
+                        /* use the normal code to write things out */
+                        i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
+                        if (i <= 0) goto err;
+                        }
+                else
+                        {
+                        /* Add DSA/DH */
+#ifndef NO_RSA
+                        /* normal optionally encrypted stuff */
+                        if (PEM_write_bio_RSAPrivateKey(bp,
+                                xi->x_pkey->dec_pkey->pkey.rsa,
+                                enc,kstr,klen,cb)<=0)
+                                goto err;
+#endif
+                        }
+                }
+        /* if we have a certificate then write it out now */
+        if ((xi->x509 != NULL) || (PEM_write_bio_X509(bp,xi->x509) <= 0))
+                goto err;
+        /* we are ignoring anything else that is loaded into the X509_INFO
+         * structure for the moment ... as I don't need it so I'm not
+         * coding it here and Eric can do it when this makes it into the
+         * base library --tjh
+         */
+        ret=1;
+err:
+        memset((char *)&ctx,0,sizeof(ctx));
+        memset(buf,0,PEM_BUFSIZE);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c
new file mode 100644
index 0000000000..7a2c0ad83b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pem/pem_lib.c
@@ -0,0 +1,762 @@
+/* crypto/pem/pem_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "objects.h"
+#include "evp.h"
+#include "rand.h"
+#include "x509.h"
+#include "pem.h"
+#ifndef NO_DES
+#include "des.h"
+#endif
+char *PEM_version="PEM part of SSLeay 0.9.0b 29-Jun-1998";
+#define MIN_LENGTH      4
+/* PEMerr(PEM_F_PEM_WRITE_BIO,ERR_R_MALLOC_FAILURE);
+ * PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
+ */
+#ifndef NOPROTO
+static int def_callback(char *buf, int num, int w);
+static int load_iv(unsigned char **fromp,unsigned char *to, int num);
+#else
+static int def_callback();
+static int load_iv();
+#endif
+static int def_callback(buf, num, w)
+char *buf;
+int num;
+int w;
+        {
+#ifdef NO_FP_API
+        /* We should not ever call the default callback routine from
+         * windows. */
+        PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return(-1);
+#else
+        int i,j;
+        char *prompt;
+        prompt=EVP_get_pw_prompt();
+        if (prompt == NULL)
+                prompt="Enter PEM pass phrase:";
+        for (;;)
+                {
+                i=EVP_read_pw_string(buf,num,prompt,w);
+                if (i != 0)
+                        {
+                        PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
+                        memset(buf,0,(unsigned int)num);
+                        return(-1);
+                        }
+                j=strlen(buf);
+                if (j < MIN_LENGTH)
+                        {
+                        fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH);
+                        }
+                else
+                        break;
+                }
+        return(j);
+#endif
+        }
+void PEM_proc_type(buf, type)
+char *buf;
+int type;
+        {
+        char *str;
+        if (type == PEM_TYPE_ENCRYPTED)
+                str="ENCRYPTED";
+        else if (type == PEM_TYPE_MIC_CLEAR)
+                str="MIC-CLEAR";
+        else if (type == PEM_TYPE_MIC_ONLY)
+                str="MIC-ONLY";
+        else
+                str="BAD-TYPE";
+                
+        strcat(buf,"Proc-Type: 4,");
+        strcat(buf,str);
+        strcat(buf,"\n");
+        }
+void PEM_dek_info(buf, type, len, str)
+char *buf;
+char *type;
+int len;
+char *str;
+        {
+        static unsigned char map[17]="0123456789ABCDEF";
+        long i;
+        int j;
+        strcat(buf,"DEK-Info: ");
+        strcat(buf,type);
+        strcat(buf,",");
+        j=strlen(buf);
+        for (i=0; i<len; i++)
+                {
+                buf[j+i*2]  =map[(str[i]>>4)&0x0f];
+                buf[j+i*2+1]=map[(str[i]   )&0x0f];
+                }
+        buf[j+i*2]='\n';
+        buf[j+i*2+1]='\0';
+        }
+#ifndef NO_FP_API
+char *PEM_ASN1_read(d2i,name,fp, x, cb)
+char *(*d2i)();
+char *name;
+FILE *fp;
+char **x;
+int (*cb)();
+        {
+        BIO *b;
+        char *ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+char *PEM_ASN1_read_bio(d2i,name,bp, x, cb)
+char *(*d2i)();
+char *name;
+BIO *bp;
+char **x;
+int (*cb)();
+        {
+        EVP_CIPHER_INFO cipher;
+        char *nm=NULL,*header=NULL;
+        unsigned char *p=NULL,*data=NULL;
+        long len;
+        char *ret=NULL;
+        for (;;)
+                {
+                if (!PEM_read_bio(bp,&nm,&header,&data,&len)) return(NULL);
+                if (    (strcmp(nm,name) == 0) ||
+                        ((strcmp(nm,PEM_STRING_RSA) == 0) &&
+                         (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+                        ((strcmp(nm,PEM_STRING_DSA) == 0) &&
+                         (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+                        ((strcmp(nm,PEM_STRING_X509_OLD) == 0) &&
+                         (strcmp(name,PEM_STRING_X509) == 0)) ||
+                        ((strcmp(nm,PEM_STRING_X509_REQ_OLD) == 0) &&
+                         (strcmp(name,PEM_STRING_X509_REQ) == 0))
+                        )
+                        break;
+                Free(nm);
+                Free(header);
+                Free(data);
+                }
+        if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
+        if (!PEM_do_header(&cipher,data,&len,cb)) goto err;
+        p=data;
+        if (strcmp(name,PEM_STRING_EVP_PKEY) == 0)
+                {
+                if (strcmp(nm,PEM_STRING_RSA) == 0)
+                        ret=d2i(EVP_PKEY_RSA,x,&p,len);
+                else if (strcmp(nm,PEM_STRING_DSA) == 0)
+                        ret=d2i(EVP_PKEY_DSA,x,&p,len);
+                }
+        else    
+                ret=d2i(x,&p,len);
+        if (ret == NULL)
+                PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
+err:
+        Free(nm);
+        Free(header);
+        Free(data);
+        return(ret);
+        }
+#ifndef NO_FP_API
+int PEM_ASN1_write(i2d,name,fp, x, enc, kstr, klen, callback)
+int (*i2d)();
+char *name;
+FILE *fp;
+char *x;
+EVP_CIPHER *enc;
+unsigned char *kstr;
+int klen;
+int (*callback)();
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int PEM_ASN1_write_bio(i2d,name,bp, x, enc, kstr, klen, callback)
+int (*i2d)();
+char *name;
+BIO *bp;
+char *x;
+EVP_CIPHER *enc;
+unsigned char *kstr;
+int klen;
+int (*callback)();
+        {
+        EVP_CIPHER_CTX ctx;
+        int dsize=0,i,j,ret=0;
+        unsigned char *p,*data=NULL;
+        char *objstr=NULL;
+#define PEM_BUFSIZE     1024
+        char buf[PEM_BUFSIZE];
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        
+        if (enc != NULL)
+                {
+                objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
+                if (objstr == NULL)
+                        {
+                        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
+                        goto err;
+                        }
+                }
+        if ((dsize=i2d(x,NULL)) < 0)
+                {
+                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
+                dsize=0;
+                goto err;
+                }
+        /* dzise + 8 bytes are needed */
+        data=(unsigned char *)Malloc((unsigned int)dsize+20);
+        if (data == NULL)
+                {
+                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p=data;
+        i=i2d(x,&p);
+        if (enc != NULL)
+                {
+                if (kstr == NULL)
+                        {
+                        if (callback == NULL)
+                                klen=def_callback(buf,PEM_BUFSIZE,1);
+                        else
+                                klen=(*callback)(buf,PEM_BUFSIZE,1);
+                        if (klen <= 0)
+                                {
+                                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
+                                goto err;
+                                }
+                        kstr=(unsigned char *)buf;
+                        }
+                RAND_seed(data,i);/* put in the RSA key. */
+                RAND_bytes(iv,8);       /* Generate a salt */
+                /* The 'iv' is used as the iv and as a salt.  It is
+                 * NOT taken from the BytesToKey function */
+                EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+                if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+                buf[0]='\0';
+                PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+                PEM_dek_info(buf,objstr,8,(char *)iv);
+                /* k=strlen(buf); */
+        
+                EVP_EncryptInit(&ctx,enc,key,iv);
+                EVP_EncryptUpdate(&ctx,data,&j,data,i);
+                EVP_EncryptFinal(&ctx,&(data[j]),&i);
+                i+=j;
+                ret=1;
+                }
+        else
+                {
+                ret=1;
+                buf[0]='\0';
+                }
+        i=PEM_write_bio(bp,name,buf,data,i);
+        if (i <= 0) ret=0;
+err:
+        memset(key,0,sizeof(key));
+        memset(iv,0,sizeof(iv));
+        memset((char *)&ctx,0,sizeof(ctx));
+        memset(buf,0,PEM_BUFSIZE);
+        memset(data,0,(unsigned int)dsize);
+        Free(data);
+        return(ret);
+        }
+int PEM_do_header(cipher, data, plen, callback)
+EVP_CIPHER_INFO *cipher;
+unsigned char *data;
+long *plen;
+int (*callback)();
+        {
+        int i,j,o,klen;
+        long len;
+        EVP_CIPHER_CTX ctx;
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        char buf[PEM_BUFSIZE];
+        len= *plen;
+        if (cipher->cipher == NULL) return(1);
+        if (callback == NULL)
+                klen=def_callback(buf,PEM_BUFSIZE,0);
+        else
+                klen=callback(buf,PEM_BUFSIZE,0);
+        if (klen <= 0)
+                {
+                PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
+                return(0);
+                }
+        EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
+                (unsigned char *)buf,klen,1,key,NULL);
+        j=(int)len;
+        EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0]));
+        EVP_DecryptUpdate(&ctx,data,&i,data,j);
+        o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        memset((char *)buf,0,sizeof(buf));
+        memset((char *)key,0,sizeof(key));
+        j+=i;
+        if (!o)
+                {
+                PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);
+                return(0);
+                }
+        *plen=j;
+        return(1);
+        }
+int PEM_get_EVP_CIPHER_INFO(header,cipher)
+char *header;
+EVP_CIPHER_INFO *cipher;
+        {
+        int o;
+        EVP_CIPHER *enc=NULL;
+        char *p,c;
+        cipher->cipher=NULL;
+        if ((header == NULL) || (*header == '\0') || (*header == '\n'))
+                return(1);
+        if (strncmp(header,"Proc-Type: ",11) != 0)
+                { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); }
+        header+=11;
+        if (*header != '4') return(0); header++;
+        if (*header != ',') return(0); header++;
+        if (strncmp(header,"ENCRYPTED",9) != 0)
+                { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); }
+        for (; (*header != '\n') && (*header != '\0'); header++)
+                ;
+        if (*header == '\0')
+                { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); }
+        header++;
+        if (strncmp(header,"DEK-Info: ",10) != 0)
+                { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); }
+        header+=10;
+        p=header;
+        for (;;)
+                {
+                c= *header;
+                if (!(  ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
+                        ((c >= '0') && (c <= '9'))))
+                        break;
+                header++;
+                }
+        *header='\0';
+        o=OBJ_sn2nid(p);
+        cipher->cipher=enc=EVP_get_cipherbyname(p);
+        *header=c;
+        header++;
+        if (enc == NULL)
+                {
+                PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
+                return(0);
+                }
+        if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0);
+        return(1);
+        }
+static int load_iv(fromp,to,num)
+unsigned char **fromp,*to;
+int num;
+        {
+        int v,i;
+        unsigned char *from;
+        from= *fromp;
+        for (i=0; i<num; i++) to[i]=0;
+        num*=2;
+        for (i=0; i<num; i++)
+                {
+                if ((*from >= '0') && (*from <= '9'))
+                        v= *from-'0';
+                else if ((*from >= 'A') && (*from <= 'F'))
+                        v= *from-'A'+10;
+                else if ((*from >= 'a') && (*from <= 'f'))
+                        v= *from-'a'+10;
+                else
+                        {
+                        PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS);
+                        return(0);
+                        }
+                from++;
+                to[i/2]|=v<<(long)((!(i&1))*4);
+                }
+        *fromp=from;
+        return(1);
+        }
+#ifndef NO_FP_API
+int PEM_write(fp, name, header, data,len)
+FILE *fp;
+char *name;
+char *header;
+unsigned char *data;
+long len;
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_write_bio(b, name, header, data,len);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int PEM_write_bio(bp, name, header, data,len)
+BIO *bp;
+char *name;
+char *header;
+unsigned char *data;
+long len;
+        {
+        int nlen,n,i,j,outl;
+        unsigned char *buf;
+        EVP_ENCODE_CTX ctx;
+        int reason=ERR_R_BUF_LIB;
+        
+        EVP_EncodeInit(&ctx);
+        nlen=strlen(name);
+        if (    (BIO_write(bp,"-----BEGIN ",11) != 11) ||
+                (BIO_write(bp,name,nlen) != nlen) ||
+                (BIO_write(bp,"-----\n",6) != 6))
+                goto err;
+                
+        i=strlen(header);
+        if (i > 0)
+                {
+                if (    (BIO_write(bp,header,i) != i) ||
+                        (BIO_write(bp,"\n",1) != 1))
+                        goto err;
+                }
+        buf=(unsigned char *)Malloc(PEM_BUFSIZE*8);
+        if (buf == NULL)
+                {
+                reason=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+        i=j=0;
+        while (len > 0)
+                {
+                n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len);
+                EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n);
+                if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))
+                        goto err;
+                i+=outl;
+                len-=n;
+                j+=n;
+                }
+        EVP_EncodeFinal(&ctx,buf,&outl);
+        if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
+        Free(buf);
+        if (    (BIO_write(bp,"-----END ",9) != 9) ||
+                (BIO_write(bp,name,nlen) != nlen) ||
+                (BIO_write(bp,"-----\n",6) != 6))
+                goto err;
+        return(i+outl);
+err:
+        PEMerr(PEM_F_PEM_WRITE_BIO,reason);
+        return(0);
+        }
+#ifndef NO_FP_API
+int PEM_read(fp, name, header, data,len)
+FILE *fp;
+char **name;
+char **header;
+unsigned char **data;
+long *len;
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_read_bio(b, name, header, data,len);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int PEM_read_bio(bp, name, header, data, len)
+BIO *bp;
+char **name;
+char **header;
+unsigned char **data;
+long *len;
+        {
+        EVP_ENCODE_CTX ctx;
+        int end=0,i,k,bl=0,hl=0,nohead=0;
+        char buf[256];
+        BUF_MEM *nameB;
+        BUF_MEM *headerB;
+        BUF_MEM *dataB,*tmpB;
+        
+        nameB=BUF_MEM_new();
+        headerB=BUF_MEM_new();
+        dataB=BUF_MEM_new();
+        if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))
+                {
+                PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        buf[254]='\0';
+        for (;;)
+                {
+                i=BIO_gets(bp,buf,254);
+                if (i <= 0)
+                        {
+                        PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);
+                        goto err;
+                        }
+                while ((i >= 0) && (buf[i] <= ' ')) i--;
+                buf[++i]='\n'; buf[++i]='\0';
+                if (strncmp(buf,"-----BEGIN ",11) == 0)
+                        {
+                        i=strlen(&(buf[11]));
+                        if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0)
+                                continue;
+                        if (!BUF_MEM_grow(nameB,i+9))
+                                {
+                                PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        strncpy(nameB->data,&(buf[11]),(unsigned int)i-6);
+                        nameB->data[i-6]='\0';
+                        break;
+                        }
+                }
+        hl=0;
+        if (!BUF_MEM_grow(headerB,256))
+                { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
+        headerB->data[0]='\0';
+        for (;;)
+                {
+                i=BIO_gets(bp,buf,254);
+                if (i <= 0) break;
+                while ((i >= 0) && (buf[i] <= ' ')) i--;
+                buf[++i]='\n'; buf[++i]='\0';
+                if (buf[0] == '\n') break;
+                if (!BUF_MEM_grow(headerB,hl+i+9))
+                        { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
+                if (strncmp(buf,"-----END ",9) == 0)
+                        {
+                        nohead=1;
+                        break;
+                        }
+                strncpy(&(headerB->data[hl]),buf,(unsigned int)i);
+                headerB->data[hl+i]='\0';
+                hl+=i;
+                }
+        bl=0;
+        if (!BUF_MEM_grow(dataB,1024))
+                { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
+        dataB->data[0]='\0';
+        if (!nohead)
+                {
+                for (;;)
+                        {
+                        i=BIO_gets(bp,buf,254);
+                        if (i <= 0) break;
+                        while ((i >= 0) && (buf[i] <= ' ')) i--;
+                        buf[++i]='\n'; buf[++i]='\0';
+                        if (i != 65) end=1;
+                        if (strncmp(buf,"-----END ",9) == 0)
+                                break;
+                        if (i > 65) break;
+                        if (!BUF_MEM_grow(dataB,i+bl+9))
+                                {
+                                PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        strncpy(&(dataB->data[bl]),buf,(unsigned int)i);
+                        dataB->data[bl+i]='\0';
+                        bl+=i;
+                        if (end)
+                                {
+                                buf[0]='\0';
+                                i=BIO_gets(bp,buf,254);
+                                if (i <= 0) break;
+                                while ((i >= 0) && (buf[i] <= ' ')) i--;
+                                buf[++i]='\n'; buf[++i]='\0';
+                                break;
+                                }
+                        }
+                }
+        else
+                {
+                tmpB=headerB;
+                headerB=dataB;
+                dataB=tmpB;
+                bl=hl;
+                }
+        i=strlen(nameB->data);
+        if (    (strncmp(buf,"-----END ",9) != 0) ||
+                (strncmp(nameB->data,&(buf[9]),(unsigned int)i) != 0) ||
+                (strncmp(&(buf[9+i]),"-----\n",6) != 0))
+                {
+                PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
+                goto err;
+                }
+        EVP_DecodeInit(&ctx);
+        i=EVP_DecodeUpdate(&ctx,
+                (unsigned char *)dataB->data,&bl,
+                (unsigned char *)dataB->data,bl);
+        if (i < 0)
+                {
+                PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
+                goto err;
+                }
+        i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k);
+        if (i < 0)
+                {
+                PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
+                goto err;
+                }
+        bl+=k;
+        if (bl == 0) goto err;
+        *name=nameB->data;
+        *header=headerB->data;
+        *data=(unsigned char *)dataB->data;
+        *len=bl;
+        Free(nameB);
+        Free(headerB);
+        Free(dataB);
+        return(1);
+err:
+        BUF_MEM_free(nameB);
+        BUF_MEM_free(headerB);
+        BUF_MEM_free(dataB);
+        return(0);
+        }
diff --git a/src/lib/libssl/src/crypto/pem/pem_seal.c b/src/lib/libssl/src/crypto/pem/pem_seal.c
new file mode 100644
index 0000000000..b4b36df453
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pem/pem_seal.c
@@ -0,0 +1,191 @@
+/* crypto/pem/pem_seal.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "rand.h"
+#include "objects.h"
+#include "x509.h"
+#include "pem.h"
+int PEM_SealInit(ctx,type,md_type,ek,ekl,iv,pubk,npubk)
+PEM_ENCODE_SEAL_CTX *ctx;
+EVP_CIPHER *type;
+EVP_MD *md_type;
+unsigned char **ek;
+int *ekl;
+unsigned char *iv;
+EVP_PKEY **pubk;
+int npubk;
+        {
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        int ret= -1;
+        int i,j,max=0;
+        char *s=NULL;
+        for (i=0; i<npubk; i++)
+                {
+                if (pubk[i]->type != EVP_PKEY_RSA)
+                        {
+                        PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA);
+                        goto err;
+                        }
+                j=RSA_size(pubk[i]->pkey.rsa);
+                if (j > max) max=j;
+                }
+        s=(char *)Malloc(max*2);
+        if (s == NULL)
+                {
+                PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        EVP_EncodeInit(&(ctx->encode));
+        EVP_SignInit(&(ctx->md),md_type);
+        ret=EVP_SealInit(&(ctx->cipher),type,ek,ekl,iv,pubk,npubk);
+        if (!ret) goto err;
+        /* base64 encode the keys */
+        for (i=0; i<npubk; i++)
+                {
+                j=EVP_EncodeBlock((unsigned char *)s,ek[i],
+                        RSA_size(pubk[i]->pkey.rsa));
+                ekl[i]=j;
+                memcpy(ek[i],s,j+1);
+                }
+        ret=npubk;
+err:
+        if (s != NULL) Free(s);
+        memset(key,0,EVP_MAX_KEY_LENGTH);
+        return(ret);
+        }
+void PEM_SealUpdate(ctx,out,outl,in,inl)
+PEM_ENCODE_SEAL_CTX *ctx;
+unsigned char *out;
+int *outl;
+unsigned char *in;
+int inl;
+        {
+        unsigned char buffer[1600];
+        int i,j;
+        *outl=0;
+        EVP_SignUpdate(&(ctx->md),in,inl);
+        for (;;)
+                {
+                if (inl <= 0) break;
+                if (inl > 1200)
+                        i=1200;
+                else
+                        i=inl;
+                EVP_EncryptUpdate(&(ctx->cipher),buffer,&j,in,i);
+                EVP_EncodeUpdate(&(ctx->encode),out,&j,buffer,j);
+                *outl+=j;
+                out+=j;
+                in+=i;
+                inl-=i;
+                }
+        }
+int PEM_SealFinal(ctx,sig,sigl,out,outl,priv)
+PEM_ENCODE_SEAL_CTX *ctx;
+unsigned char *sig;
+int *sigl;
+unsigned char *out;
+int *outl;
+EVP_PKEY *priv;
+        {
+        unsigned char *s=NULL;
+        int ret=0,j;
+        unsigned int i;
+        if (priv->type != EVP_PKEY_RSA)
+                {
+                PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA);
+                goto err;
+                }
+        i=RSA_size(priv->pkey.rsa);
+        if (i < 100) i=100;
+        s=(unsigned char *)Malloc(i*2);
+        if (s == NULL)
+                {
+                PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        EVP_EncryptFinal(&(ctx->cipher),s,(int *)&i);
+        EVP_EncodeUpdate(&(ctx->encode),out,&j,s,i);
+        *outl=j;
+        out+=j;
+        EVP_EncodeFinal(&(ctx->encode),out,&j);
+        *outl+=j;
+        if (!EVP_SignFinal(&(ctx->md),s,&i,priv)) goto err;
+        *sigl=EVP_EncodeBlock(sig,s,i);
+        ret=1;
+err:
+        memset((char *)&(ctx->md),0,sizeof(ctx->md));
+        memset((char *)&(ctx->cipher),0,sizeof(ctx->cipher));
+        if (s != NULL) Free(s);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/pem/pem_sign.c b/src/lib/libssl/src/crypto/pem/pem_sign.c
new file mode 100644
index 0000000000..d56f9f9e14
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pem/pem_sign.c
@@ -0,0 +1,109 @@
+/* crypto/pem/pem_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "rand.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "pem.h"
+void PEM_SignInit(ctx,type)
+EVP_MD_CTX *ctx;
+EVP_MD *type;
+        {
+        EVP_DigestInit(ctx,type);
+        }
+void PEM_SignUpdate(ctx,data,count)
+EVP_MD_CTX *ctx;
+unsigned char *data;
+unsigned int count;
+        {
+        EVP_DigestUpdate(ctx,data,count);
+        }
+int PEM_SignFinal(ctx,sigret,siglen,pkey)
+EVP_MD_CTX *ctx;
+unsigned char *sigret;
+unsigned int *siglen;
+EVP_PKEY *pkey;
+        {
+        unsigned char *m;
+        int i,ret=0;
+        unsigned int m_len;
+        m=(unsigned char *)Malloc(EVP_PKEY_size(pkey)+2);
+        if (m == NULL)
+                {
+                PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err;
+        i=EVP_EncodeBlock(sigret,m,m_len);
+        *siglen=i;
+        ret=1;
+err:
+        /* ctx has been zeroed by EVP_SignFinal() */
+        if (m != NULL) Free(m);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/pem/pkcs7.lis b/src/lib/libssl/src/crypto/pem/pkcs7.lis
new file mode 100644
index 0000000000..be90c5d87f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pem/pkcs7.lis
@@ -0,0 +1,22 @@
+21     0:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
+ 00     2:d=0 hl=2 l=  9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData
+ 21    13:d=0 hl=2 l=  0 cons: cont: 00                 # explicit tag
+  21    15:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
+   00    17:d=0 hl=2 l=  1 prim: univ: INTEGER          # version 
+   20    20:d=0 hl=2 l=  0 cons: univ: SET               
+   21    22:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
+    00    24:d=0 hl=2 l=  9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data
+    00    35:d=0 hl=2 l=  0 prim: univ: EOC               
+   21    37:d=0 hl=2 l=  0 cons: cont: 00               # cert tag
+    20    39:d=0 hl=4 l=545 cons: univ: SEQUENCE          
+    20   588:d=0 hl=4 l=524 cons: univ: SEQUENCE          
+    00  1116:d=0 hl=2 l=  0 prim: univ: EOC               
+   21  1118:d=0 hl=2 l=  0 cons: cont: 01               # crl tag
+    20  1120:d=0 hl=4 l=653 cons: univ: SEQUENCE          
+    20  1777:d=0 hl=4 l=285 cons: univ: SEQUENCE          
+    00  2066:d=0 hl=2 l=  0 prim: univ: EOC               
+   21  2068:d=0 hl=2 l=  0 cons: univ: SET              # signers 
+    00  2070:d=0 hl=2 l=  0 prim: univ: EOC               
+  00  2072:d=0 hl=2 l=  0 prim: univ: EOC               
+ 00  2074:d=0 hl=2 l=  0 prim: univ: EOC               
+00  2076:d=0 hl=2 l=  0 prim: univ: EOC               
diff --git a/src/lib/libssl/src/crypto/perlasm/cbc.pl b/src/lib/libssl/src/crypto/perlasm/cbc.pl
new file mode 100644
index 0000000000..2789305790
--- /dev/null
+++ b/src/lib/libssl/src/crypto/perlasm/cbc.pl
@@ -0,0 +1,342 @@
+#!/usr/bin/perl
+# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+# des_cblock (*input);
+# des_cblock (*output);
+# long length;
+# des_key_schedule schedule;
+# des_cblock (*ivec);
+# int enc;
+#
+# calls 
+# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+#
+#&cbc("des_ncbc_encrypt","des_encrypt",0);
+#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",
+#       1,4,5,3,5,-1);
+#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",
+#       0,4,5,3,5,-1);
+#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",
+#       0,6,7,3,4,5);
+#
+# When doing a cipher that needs bigendian order,
+# for encrypt, the iv is kept in bigendian form,
+# while for decrypt, it is kept in little endian.
+sub cbc
+        {
+        local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_;
+        # name is the function name
+        # enc_func and dec_func and the functions to call for encrypt/decrypt
+        # swap is true if byte order needs to be reversed
+        # iv_off is parameter number for the iv 
+        # enc_off is parameter number for the encrypt/decrypt flag
+        # p1,p2,p3 are the offsets for parameters to be passed to the
+        # underlying calls.
+        &function_begin_B($name,"");
+        &comment("");
+        $in="esi";
+        $out="edi";
+        $count="ebp";
+        &push("ebp");
+        &push("ebx");
+        &push("esi");
+        &push("edi");
+        $data_off=4;
+        $data_off+=4 if ($p1 > 0);
+        $data_off+=4 if ($p2 > 0);
+        $data_off+=4 if ($p3 > 0);
+        &mov($count,    &wparam(2));    # length
+        &comment("getting iv ptr from parameter $iv_off");
+        &mov("ebx",     &wparam($iv_off));      # Get iv ptr
+        &mov($in,       &DWP(0,"ebx","",0));#   iv[0]
+        &mov($out,      &DWP(4,"ebx","",0));#   iv[1]
+        &push($out);
+        &push($in);
+        &push($out);    # used in decrypt for iv[1]
+        &push($in);     # used in decrypt for iv[0]
+        &mov("ebx",     "esp");         # This is the address of tin[2]
+        &mov($in,       &wparam(0));    # in
+        &mov($out,      &wparam(1));    # out
+        # We have loaded them all, how lets push things
+        &comment("getting encrypt flag from parameter $enc_off");
+        &mov("ecx",     &wparam($enc_off));     # Get enc flag
+        if ($p3 > 0)
+                {
+                &comment("get and push parameter $p3");
+                if ($enc_off != $p3)
+                        { &mov("eax",   &wparam($p3)); &push("eax"); }
+                else    { &push("ecx"); }
+                }
+        if ($p2 > 0)
+                {
+                &comment("get and push parameter $p2");
+                if ($enc_off != $p2)
+                        { &mov("eax",   &wparam($p2)); &push("eax"); }
+                else    { &push("ecx"); }
+                }
+        if ($p1 > 0)
+                {
+                &comment("get and push parameter $p1");
+                if ($enc_off != $p1)
+                        { &mov("eax",   &wparam($p1)); &push("eax"); }
+                else    { &push("ecx"); }
+                }
+        &push("ebx");           # push data/iv
+        &cmp("ecx",0);
+        &jz(&label("decrypt"));
+        &and($count,0xfffffff8);
+        &mov("eax",     &DWP($data_off,"esp","",0));    # load iv[0]
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));  # load iv[1]
+        &jz(&label("encrypt_finish"));
+        #############################################################
+        &set_label("encrypt_loop");
+        # encrypt start 
+        # "eax" and "ebx" hold iv (or the last cipher text)
+        &mov("ecx",     &DWP(0,$in,"",0));      # load first 4 bytes
+        &mov("edx",     &DWP(4,$in,"",0));      # second 4 bytes
+        &xor("eax",     "ecx");
+        &xor("ebx",     "edx");
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put in array for call
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+        &call($enc_func);
+        &mov("eax",     &DWP($data_off,"esp","",0));
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+        &mov(&DWP(0,$out,"",0),"eax");
+        &mov(&DWP(4,$out,"",0),"ebx");
+        # eax and ebx are the next iv.
+        &add($in,       8);
+        &add($out,      8);
+        &sub($count,    8);
+        &jnz(&label("encrypt_loop"));
+###################################################################3
+        &set_label("encrypt_finish");
+        &mov($count,    &wparam(2));    # length
+        &and($count,    7);
+        &jz(&label("finish"));
+        &xor("ecx","ecx");
+        &xor("edx","edx");
+        &mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4));
+        &jmp_ptr($count);
+&set_label("ej7");
+        &xor("edx",             "edx") if $ppro; # ppro friendly
+        &movb(&HB("edx"),       &BP(6,$in,"",0));
+        &shl("edx",8);
+&set_label("ej6");
+        &movb(&HB("edx"),       &BP(5,$in,"",0));
+&set_label("ej5");
+        &movb(&LB("edx"),       &BP(4,$in,"",0));
+&set_label("ej4");
+        &mov("ecx",             &DWP(0,$in,"",0));
+        &jmp(&label("ejend"));
+&set_label("ej3");
+        &movb(&HB("ecx"),       &BP(2,$in,"",0));
+        &xor("ecx",             "ecx") if $ppro; # ppro friendly
+        &shl("ecx",8);
+&set_label("ej2");
+        &movb(&HB("ecx"),       &BP(1,$in,"",0));
+&set_label("ej1");
+        &movb(&LB("ecx"),       &BP(0,$in,"",0));
+&set_label("ejend");
+        &xor("eax",     "ecx");
+        &xor("ebx",     "edx");
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put in array for call
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+        &call($enc_func);
+        &mov("eax",     &DWP($data_off,"esp","",0));
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+        &mov(&DWP(0,$out,"",0),"eax");
+        &mov(&DWP(4,$out,"",0),"ebx");
+        &jmp(&label("finish"));
+        #############################################################
+        #############################################################
+        &set_label("decrypt",1);
+        # decrypt start 
+        &and($count,0xfffffff8);
+        # The next 2 instructions are only for if the jz is taken
+        &mov("eax",     &DWP($data_off+8,"esp","",0));  # get iv[0]
+        &mov("ebx",     &DWP($data_off+12,"esp","",0)); # get iv[1]
+        &jz(&label("decrypt_finish"));
+        &set_label("decrypt_loop");
+        &mov("eax",     &DWP(0,$in,"",0));      # load first 4 bytes
+        &mov("ebx",     &DWP(4,$in,"",0));      # second 4 bytes
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put back
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+        &call($dec_func);
+        &mov("eax",     &DWP($data_off,"esp","",0));    # get return
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));  #
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+        &mov("ecx",     &DWP($data_off+8,"esp","",0));  # get iv[0]
+        &mov("edx",     &DWP($data_off+12,"esp","",0)); # get iv[1]
+        &xor("ecx",     "eax");
+        &xor("edx",     "ebx");
+        &mov("eax",     &DWP(0,$in,"",0));      # get old cipher text,
+        &mov("ebx",     &DWP(4,$in,"",0));      # next iv actually
+        &mov(&DWP(0,$out,"",0),"ecx");
+        &mov(&DWP(4,$out,"",0),"edx");
+        &mov(&DWP($data_off+8,"esp","",0),      "eax"); # save iv
+        &mov(&DWP($data_off+12,"esp","",0),     "ebx"); #
+        &add($in,       8);
+        &add($out,      8);
+        &sub($count,    8);
+        &jnz(&label("decrypt_loop"));
+############################ ENDIT #######################3
+        &set_label("decrypt_finish");
+        &mov($count,    &wparam(2));    # length
+        &and($count,    7);
+        &jz(&label("finish"));
+        &mov("eax",     &DWP(0,$in,"",0));      # load first 4 bytes
+        &mov("ebx",     &DWP(4,$in,"",0));      # second 4 bytes
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put back
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+        &call($dec_func);
+        &mov("eax",     &DWP($data_off,"esp","",0));    # get return
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));  #
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+        &mov("ecx",     &DWP($data_off+8,"esp","",0));  # get iv[0]
+        &mov("edx",     &DWP($data_off+12,"esp","",0)); # get iv[1]
+        &xor("ecx",     "eax");
+        &xor("edx",     "ebx");
+        # this is for when we exit
+        &mov("eax",     &DWP(0,$in,"",0));      # get old cipher text,
+        &mov("ebx",     &DWP(4,$in,"",0));      # next iv actually
+&set_label("dj7");
+        &rotr("edx",    16);
+        &movb(&BP(6,$out,"",0), &LB("edx"));
+        &shr("edx",16);
+&set_label("dj6");
+        &movb(&BP(5,$out,"",0), &HB("edx"));
+&set_label("dj5");
+        &movb(&BP(4,$out,"",0), &LB("edx"));
+&set_label("dj4");
+        &mov(&DWP(0,$out,"",0), "ecx");
+        &jmp(&label("djend"));
+&set_label("dj3");
+        &rotr("ecx",    16);
+        &movb(&BP(2,$out,"",0), &LB("ecx"));
+        &shl("ecx",16);
+&set_label("dj2");
+        &movb(&BP(1,$in,"",0),  &HB("ecx"));
+&set_label("dj1");
+        &movb(&BP(0,$in,"",0),  &LB("ecx"));
+&set_label("djend");
+        # final iv is still in eax:ebx
+        &jmp(&label("finish"));
+############################ FINISH #######################3
+        &set_label("finish",1);
+        &mov("ecx",     &wparam($iv_off));      # Get iv ptr
+        #################################################
+        $total=16+4;
+        $total+=4 if ($p1 > 0);
+        $total+=4 if ($p2 > 0);
+        $total+=4 if ($p3 > 0);
+        &add("esp",$total);
+        &mov(&DWP(0,"ecx","",0),        "eax"); # save iv
+        &mov(&DWP(4,"ecx","",0),        "ebx"); # save iv
+        &function_end_A($name);
+        &set_label("cbc_enc_jmp_table",1);
+        &data_word("0");
+        &data_word(&label("ej1"));
+        &data_word(&label("ej2"));
+        &data_word(&label("ej3"));
+        &data_word(&label("ej4"));
+        &data_word(&label("ej5"));
+        &data_word(&label("ej6"));
+        &data_word(&label("ej7"));
+        &set_label("cbc_dec_jmp_table",1);
+        &data_word("0");
+        &data_word(&label("dj1"));
+        &data_word(&label("dj2"));
+        &data_word(&label("dj3"));
+        &data_word(&label("dj4"));
+        &data_word(&label("dj5"));
+        &data_word(&label("dj6"));
+        &data_word(&label("dj7"));
+        &function_end_B($name);
+        
+        }
+1;
diff --git a/src/lib/libssl/src/crypto/perlasm/readme b/src/lib/libssl/src/crypto/perlasm/readme
new file mode 100644
index 0000000000..f02bbee75a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/perlasm/readme
@@ -0,0 +1,124 @@
+The perl scripts in this directory are my 'hack' to generate
+multiple different assembler formats via the one origional script.
+The way to use this library is to start with adding the path to this directory
+and then include it.
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+The first thing we do is setup the file and type of assember
+&asm_init($ARGV[0],$0);
+The first argument is the 'type'.  Currently
+'cpp', 'sol', 'a.out', 'elf' or 'win32'.
+Argument 2 is the file name.
+The reciprocal function is
+&asm_finish() which should be called at the end.
+There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler,
+and x86unix.pl which is the unix (gas) version.
+Functions of interest are:
+&external_label("des_SPtrans"); declare and external variable
+&LB(reg);                       Low byte for a register
+&HB(reg);                       High byte for a register
+&BP(off,base,index,scale)       Byte pointer addressing
+&DWP(off,base,index,scale)      Word pointer addressing
+&stack_push(num)                Basically a 'sub esp, num*4' with extra
+&stack_pop(num)                 inverse of stack_push
+&function_begin(name,extra)     Start a function with pushing of
+                                edi, esi, ebx and ebp.  extra is extra win32
+                                external info that may be required.
+&function_begin_B(name,extra)   Same as norma function_begin but no pushing.
+&function_end(name)             Call at end of function.
+&function_end_A(name)           Standard pop and ret, for use inside functions
+&function_end_B(name)           Call at end but with poping or 'ret'.
+&swtmp(num)                     Address on stack temp word.
+&wparam(num)                    Parameter number num, that was push
+                                in C convention.  This all works over pushes
+                                and pops.
+&comment("hello there")         Put in a comment.
+&label("loop")                  Refer to a label, normally a jmp target.
+&set_label("loop")              Set a label at this point.
+&data_word(word)                Put in a word of data.
+So how does this all hold together?  Given
+int calc(int len, int *data)
+        {
+        int i,j=0;
+        for (i=0; i<len; i++)
+                {
+                j+=other(data[i]);
+                }
+        }
+So a very simple version of this function could be coded as
+        push(@INC,"perlasm","../../perlasm");
+        require "x86asm.pl";
+        
+        &asm_init($ARGV[0],"cacl.pl");
+        &external_label("other");
+        $tmp1=  "eax";
+        $j=     "edi";
+        $data=  "esi";
+        $i=     "ebp";
+        &comment("a simple function");
+        &function_begin("calc");
+        &mov(   $data,          &wparam(1)); # data
+        &xor(   $j,             $j);
+        &xor(   $i,             $i);
+        &set_label("loop");
+        &cmp(   $i,             &wparam(0));
+        &jge(   &label("end"));
+        &mov(   $tmp1,          &DWP(0,$data,$i,4));
+        &push(  $tmp1);
+        &call(  "other");
+        &add(   $j,             "eax");
+        &pop(   $tmp1);
+        &inc(   $i);
+        &jmp(   &label("loop"));
+        &set_label("end");
+        &mov(   "eax",          $j);
+        &function_end("calc");
+        &asm_finish();
+The above example is very very unoptimised but gives an idea of how
+things work.
+There is also a cbc mode function generator in cbc.pl
+&cbc(   $name,
+        $encrypt_function_name,
+        $decrypt_function_name,
+        $true_if_byte_swap_needed,
+        $parameter_number_for_iv,
+        $parameter_number_for_encrypt_flag,
+        $first_parameter_to_pass,
+        $second_parameter_to_pass,
+        $third_parameter_to_pass);
+So for example, given
+void BF_encrypt(BF_LONG *data,BF_KEY *key);
+void BF_decrypt(BF_LONG *data,BF_KEY *key);
+void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+        BF_KEY *ks, unsigned char *iv, int enc);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);
+&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
diff --git a/src/lib/libssl/src/crypto/perlasm/x86asm.pl b/src/lib/libssl/src/crypto/perlasm/x86asm.pl
new file mode 100644
index 0000000000..6a9156ae9a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/perlasm/x86asm.pl
@@ -0,0 +1,113 @@
+#!/usr/bin/perl
+# require 'x86asm.pl';
+# &asm_init("cpp","des-586.pl");
+# XXX
+# XXX
+# main'asm_finish
+sub main'asm_finish
+        {
+        &file_end();
+        &asm_finish_cpp() if $cpp;
+        print &asm_get_output();
+        }
+sub main'asm_init
+        {
+        ($type,$fn)=@_;
+        $filename=$fn;
+        $cpp=$sol=$aout=$win32=0;
+        if (    ($type eq "elf"))
+                { require "x86unix.pl"; }
+        elsif ( ($type eq "a.out"))
+                { $aout=1; require "x86unix.pl"; }
+        elsif ( ($type eq "sol"))
+                { $sol=1; require "x86unix.pl"; }
+        elsif ( ($type eq "cpp"))
+                { $cpp=1; require "x86unix.pl"; }
+        elsif ( ($type eq "win32"))
+                { $win32=1; require "x86ms.pl"; }
+        else
+                {
+                print STDERR <<"EOF";
+Pick one target type from
+        elf     - linux, FreeBSD etc
+        a.out   - old linux
+        sol     - x86 solaris
+        cpp     - format so x86unix.cpp can be used
+        win32   - Windows 95/Windows NT
+EOF
+                exit(1);
+                }
+        &asm_init_output();
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $filename");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, BSDI,Win32, or Solaris");
+&comment("eric <eay\@cryptsoft.com>");
+&comment("");
+        $filename =~ s/\.pl$//;
+        &file($filename);
+        }
+sub asm_finish_cpp
+        {
+        return unless $cpp;
+        local($tmp,$i);
+        foreach $i (&get_labels())
+                {
+                $tmp.="#define $i _$i\n";
+                }
+        print <<"EOF";
+/* Run the C pre-processor over this file with one of the following defined
+ * ELF - elf object files,
+ * OUT - a.out object files,
+ * BSDI - BSDI style a.out object files
+ * SOL - Solaris style elf
+ */
+#define TYPE(a,b)       .type   a,b
+#define SIZE(a,b)       .size   a,b
+#if defined(OUT) || defined(BSDI)
+$tmp
+#endif
+#ifdef OUT
+#define OK      1
+#define ALIGN   4
+#endif
+#ifdef BSDI
+#define OK              1
+#define ALIGN           4
+#undef SIZE
+#undef TYPE
+#define SIZE(a,b)
+#define TYPE(a,b)
+#endif
+#if defined(ELF) || defined(SOL)
+#define OK              1
+#define ALIGN           16
+#endif
+#ifndef OK
+You need to define one of
+ELF - elf systems - linux-elf, NetBSD and DG-UX
+OUT - a.out systems - linux-a.out and FreeBSD
+SOL - solaris systems, which are elf with strange comment lines
+BSDI - a.out with a very primative version of as.
+#endif
+/* Let the Assembler begin :-) */
+EOF
+        }
+1;
diff --git a/src/lib/libssl/src/crypto/perlasm/x86ms.pl b/src/lib/libssl/src/crypto/perlasm/x86ms.pl
new file mode 100644
index 0000000000..893b50b1a4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/perlasm/x86ms.pl
@@ -0,0 +1,348 @@
+#!/usr/bin/perl
+package x86ms;
+$label="L000";
+%lb=(   'eax',  'al',
+        'ebx',  'bl',
+        'ecx',  'cl',
+        'edx',  'dl',
+        'ax',   'al',
+        'bx',   'bl',
+        'cx',   'cl',
+        'dx',   'dl',
+        );
+%hb=(   'eax',  'ah',
+        'ebx',  'bh',
+        'ecx',  'ch',
+        'edx',  'dh',
+        'ax',   'ah',
+        'bx',   'bh',
+        'cx',   'ch',
+        'dx',   'dh',
+        );
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+sub main'LB
+        {
+        (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+        return($lb{$_[0]});
+        }
+sub main'HB
+        {
+        (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+        return($hb{$_[0]});
+        }
+sub main'BP
+        {
+        &get_mem("BYTE",@_);
+        }
+sub main'DWP
+        {
+        &get_mem("DWORD",@_);
+        }
+sub main'stack_push
+        {
+        local($num)=@_;
+        $stack+=$num*4;
+        &main'sub("esp",$num*4);
+        }
+sub main'stack_pop
+        {
+        local($num)=@_;
+        $stack-=$num*4;
+        &main'add("esp",$num*4);
+        }
+sub get_mem
+        {
+        local($size,$addr,$reg1,$reg2,$idx)=@_;
+        local($t,$post);
+        local($ret)="$size PTR ";
+        $addr =~ s/^\s+//;
+        if ($addr =~ /^(.+)\+(.+)$/)
+                {
+                $reg2=&conv($1);
+                $addr="_$2";
+                }
+        elsif ($addr =~ /^[_a-zA-Z]/)
+                {
+                $addr="_$addr";
+                }
+        $reg1="$regs{$reg1}" if defined($regs{$reg1});
+        $reg2="$regs{$reg2}" if defined($regs{$reg2});
+        if (($addr ne "") && ($addr ne 0))
+                {
+                if ($addr !~ /^-/)
+                        { $ret.=$addr; }
+                else    { $post=$addr; }
+                }
+        if ($reg2 ne "")
+                {
+                $t="";
+                $t="*$idx" if ($idx != 0);
+                $reg1="+".$reg1 if ("$reg1$post" ne "");
+                $ret.="[$reg2$t$reg1$post]";
+                }
+        else
+                {
+                $ret.="[$reg1$post]"
+                }
+        return($ret);
+        }
+sub main'mov    { &out2("mov",@_); }
+sub main'movb   { &out2("mov",@_); }
+sub main'and    { &out2("and",@_); }
+sub main'or     { &out2("or",@_); }
+sub main'shl    { &out2("shl",@_); }
+sub main'shr    { &out2("shr",@_); }
+sub main'xor    { &out2("xor",@_); }
+sub main'xorb   { &out2("xor",@_); }
+sub main'add    { &out2("add",@_); }
+sub main'adc    { &out2("adc",@_); }
+sub main'sub    { &out2("sub",@_); }
+sub main'rotl   { &out2("rol",@_); }
+sub main'rotr   { &out2("ror",@_); }
+sub main'exch   { &out2("xchg",@_); }
+sub main'cmp    { &out2("cmp",@_); }
+sub main'lea    { &out2("lea",@_); }
+sub main'mul    { &out1("mul",@_); }
+sub main'div    { &out1("div",@_); }
+sub main'dec    { &out1("dec",@_); }
+sub main'inc    { &out1("inc",@_); }
+sub main'jmp    { &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+sub main'je     { &out1("je",@_); }
+sub main'jle    { &out1("jle",@_); }
+sub main'jz     { &out1("jz",@_); }
+sub main'jge    { &out1("jge",@_); }
+sub main'jl     { &out1("jl",@_); }
+sub main'jb     { &out1("jb",@_); }
+sub main'jc     { &out1("jc",@_); }
+sub main'jnc    { &out1("jnc",@_); }
+sub main'jnz    { &out1("jnz",@_); }
+sub main'jne    { &out1("jne",@_); }
+sub main'jno    { &out1("jno",@_); }
+sub main'push   { &out1("push",@_); $stack+=4; }
+sub main'pop    { &out1("pop",@_); $stack-=4; }
+sub main'bswap  { &out1("bswap",@_); &using486(); }
+sub main'not    { &out1("not",@_); }
+sub main'call   { &out1("call",'_'.$_[0]); }
+sub main'ret    { &out0("ret"); }
+sub main'nop    { &out0("nop"); }
+sub out2
+        {
+        local($name,$p1,$p2)=@_;
+        local($l,$t);
+        push(@out,"\t$name\t");
+        $t=&conv($p1).",";
+        $l=length($t);
+        push(@out,$t);
+        $l=4-($l+9)/8;
+        push(@out,"\t" x $l);
+        push(@out,&conv($p2));
+        push(@out,"\n");
+        }
+sub out0
+        {
+        local($name)=@_;
+        push(@out,"\t$name\n");
+        }
+sub out1
+        {
+        local($name,$p1)=@_;
+        local($l,$t);
+        push(@out,"\t$name\t".&conv($p1)."\n");
+        }
+sub conv
+        {
+        local($p)=@_;
+        $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+        return $p;
+        }
+sub using486
+        {
+        return if $using486;
+        $using486++;
+        grep(s/\.386/\.486/,@out);
+        }
+sub main'file
+        {
+        local($file)=@_;
+        local($tmp)=<<"EOF";
+        TITLE   $file.asm
+        .386
+.model FLAT
+EOF
+        push(@out,$tmp);
+        }
+sub main'function_begin
+        {
+        local($func,$extra)=@_;
+        push(@labels,$func);
+        local($tmp)=<<"EOF";
+_TEXT   SEGMENT
+PUBLIC  _$func
+$extra
+_$func PROC NEAR
+        push    ebp
+        push    ebx
+        push    esi
+        push    edi
+EOF
+        push(@out,$tmp);
+        $stack=20;
+        }
+sub main'function_begin_B
+        {
+        local($func,$extra)=@_;
+        local($tmp)=<<"EOF";
+_TEXT   SEGMENT
+PUBLIC  _$func
+$extra
+_$func PROC NEAR
+EOF
+        push(@out,$tmp);
+        $stack=4;
+        }
+sub main'function_end
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+        pop     edi
+        pop     esi
+        pop     ebx
+        pop     ebp
+        ret
+_$func ENDP
+_TEXT   ENDS
+EOF
+        push(@out,$tmp);
+        $stack=0;
+        %label=();
+        }
+sub main'function_end_B
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+_$func ENDP
+_TEXT   ENDS
+EOF
+        push(@out,$tmp);
+        $stack=0;
+        %label=();
+        }
+sub main'function_end_A
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+        pop     edi
+        pop     esi
+        pop     ebx
+        pop     ebp
+        ret
+EOF
+        push(@out,$tmp);
+        }
+sub main'file_end
+        {
+        push(@out,"END\n");
+        }
+sub main'wparam
+        {
+        local($num)=@_;
+        return(&main'DWP($stack+$num*4,"esp","",0));
+        }
+sub main'swtmp
+        {
+        return(&main'DWP($_[0]*4,"esp","",0));
+        }
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#       {
+#       local($num)=@_;
+#
+#       return(&main'DWP(-(($num+1)*4),"esp","",0));
+#       }
+sub main'comment
+        {
+        foreach (@_)
+                {
+                push(@out,"\t; $_\n");
+                }
+        }
+sub main'label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}="\$${label}${_[0]}";
+                $label++;
+                }
+        return($label{$_[0]});
+        }
+sub main'set_label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}="${label}${_[0]}";
+                $label++;
+                }
+        push(@out,"$label{$_[0]}:\n");
+        }
+sub main'data_word
+        {
+        push(@out,"\tDD\t$_[0]\n");
+        }
+sub out1p
+        {
+        local($name,$p1)=@_;
+        local($l,$t);
+        push(@out,"\t$name\t ".&conv($p1)."\n");
+        }
diff --git a/src/lib/libssl/src/crypto/perlasm/x86unix.pl b/src/lib/libssl/src/crypto/perlasm/x86unix.pl
new file mode 100644
index 0000000000..6ee4dd3245
--- /dev/null
+++ b/src/lib/libssl/src/crypto/perlasm/x86unix.pl
@@ -0,0 +1,429 @@
+#!/usr/bin/perl
+# Because the bswapl instruction is not supported for old assembers
+# (it was a new instruction for the 486), I've added .byte xxxx code
+# to put it in.
+# eric 24-Apr-1998
+#
+package x86unix;
+$label="L000";
+$align=($main'aout)?"4":"16";
+$under=($main'aout)?"_":"";
+$com_start=($main'sol)?"/":"#";
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+if ($main'cpp)
+        {
+        $align="ALIGN";
+        $under="";
+        $com_start='/*';
+        $com_end='*/';
+        }
+%lb=(   'eax',  '%al',
+        'ebx',  '%bl',
+        'ecx',  '%cl',
+        'edx',  '%dl',
+        'ax',   '%al',
+        'bx',   '%bl',
+        'cx',   '%cl',
+        'dx',   '%dl',
+        );
+%hb=(   'eax',  '%ah',
+        'ebx',  '%bh',
+        'ecx',  '%ch',
+        'edx',  '%dh',
+        'ax',   '%ah',
+        'bx',   '%bh',
+        'cx',   '%ch',
+        'dx',   '%dh',
+        );
+%regs=( 'eax',  '%eax',
+        'ebx',  '%ebx',
+        'ecx',  '%ecx',
+        'edx',  '%edx',
+        'esi',  '%esi',
+        'edi',  '%edi',
+        'ebp',  '%ebp',
+        'esp',  '%esp',
+        );
+%reg_val=(
+        'eax',  0x00,
+        'ebx',  0x03,
+        'ecx',  0x01,
+        'edx',  0x02,
+        'esi',  0x06,
+        'edi',  0x07,
+        'ebp',  0x05,
+        'esp',  0x04,
+        );
+sub main'LB
+        {
+        (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+        return($lb{$_[0]});
+        }
+sub main'HB
+        {
+        (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+        return($hb{$_[0]});
+        }
+sub main'DWP
+        {
+        local($addr,$reg1,$reg2,$idx)=@_;
+        $ret="";
+        $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+        $reg1="$regs{$reg1}" if defined($regs{$reg1});
+        $reg2="$regs{$reg2}" if defined($regs{$reg2});
+        $ret.=$addr if ($addr ne "") && ($addr ne 0);
+        if ($reg2 ne "")
+                { $ret.="($reg1,$reg2,$idx)"; }
+        else
+                { $ret.="($reg1)" }
+        return($ret);
+        }
+sub main'BP
+        {
+        return(&main'DWP(@_));
+        }
+#sub main'BP
+#       {
+#       local($addr,$reg1,$reg2,$idx)=@_;
+#
+#       $ret="";
+#
+#       $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+#       $reg1="$regs{$reg1}" if defined($regs{$reg1});
+#       $reg2="$regs{$reg2}" if defined($regs{$reg2});
+#       $ret.=$addr if ($addr ne "") && ($addr ne 0);
+#       if ($reg2 ne "")
+#               { $ret.="($reg1,$reg2,$idx)"; }
+#       else
+#               { $ret.="($reg1)" }
+#       return($ret);
+#       }
+sub main'mov    { &out2("movl",@_); }
+sub main'movb   { &out2("movb",@_); }
+sub main'and    { &out2("andl",@_); }
+sub main'or     { &out2("orl",@_); }
+sub main'shl    { &out2("sall",@_); }
+sub main'shr    { &out2("shrl",@_); }
+sub main'xor    { &out2("xorl",@_); }
+sub main'xorb   { &out2("xorb",@_); }
+sub main'add    { &out2("addl",@_); }
+sub main'adc    { &out2("adcl",@_); }
+sub main'sub    { &out2("subl",@_); }
+sub main'rotl   { &out2("roll",@_); }
+sub main'rotr   { &out2("rorl",@_); }
+sub main'exch   { &out2("xchg",@_); }
+sub main'cmp    { &out2("cmpl",@_); }
+sub main'lea    { &out2("leal",@_); }
+sub main'mul    { &out1("mull",@_); }
+sub main'div    { &out1("divl",@_); }
+sub main'jmp    { &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+sub main'je     { &out1("je",@_); }
+sub main'jle    { &out1("jle",@_); }
+sub main'jne    { &out1("jne",@_); }
+sub main'jnz    { &out1("jnz",@_); }
+sub main'jz     { &out1("jz",@_); }
+sub main'jge    { &out1("jge",@_); }
+sub main'jl     { &out1("jl",@_); }
+sub main'jb     { &out1("jb",@_); }
+sub main'jc     { &out1("jc",@_); }
+sub main'jnc    { &out1("jnc",@_); }
+sub main'jno    { &out1("jno",@_); }
+sub main'dec    { &out1("decl",@_); }
+sub main'inc    { &out1("incl",@_); }
+sub main'push   { &out1("pushl",@_); $stack+=4; }
+sub main'pop    { &out1("popl",@_); $stack-=4; }
+sub main'bswap  { &out1("bswapl",@_); }
+sub main'not    { &out1("notl",@_); }
+sub main'call   { &out1("call",$under.$_[0]); }
+sub main'ret    { &out0("ret"); }
+sub main'nop    { &out0("nop"); }
+sub out2
+        {
+        local($name,$p1,$p2)=@_;
+        local($l,$ll,$t);
+        local(%special)=(       "roll",0xD1C0,"rorl",0xD1C8,
+                                "rcll",0xD1D0,"rcrl",0xD1D8,
+                                "shll",0xD1E0,"shrl",0xD1E8,
+                                "sarl",0xD1F8);
+        
+        if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1))
+                {
+                $op=$special{$name}|$reg_val{$p1};
+                $tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+                $tmp2=sprintf(".byte %d\t",$op     &0xff);
+                push(@out,$tmp1);
+                push(@out,$tmp2);
+                $p2=&conv($p2);
+                $p1=&conv($p1);
+                &main'comment("$name $p2 $p1");
+                return;
+                }
+        push(@out,"\t$name\t");
+        $t=&conv($p2).",";
+        $l=length($t);
+        push(@out,$t);
+        $ll=4-($l+9)/8;
+        $tmp1=sprintf("\t" x $ll);
+        push(@out,$tmp1);
+        push(@out,&conv($p1)."\n");
+        }
+sub out1
+        {
+        local($name,$p1)=@_;
+        local($l,$t);
+        local(%special)=("bswapl",0x0FC8);
+        if ((defined($special{$name})) && defined($regs{$p1}))
+                {
+                $op=$special{$name}|$reg_val{$p1};
+                $tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+                $tmp2=sprintf(".byte %d\t",$op     &0xff);
+                push(@out,$tmp1);
+                push(@out,$tmp2);
+                $p2=&conv($p2);
+                $p1=&conv($p1);
+                &main'comment("$name $p2 $p1");
+                return;
+                }
+        push(@out,"\t$name\t".&conv($p1)."\n");
+        }
+sub out1p
+        {
+        local($name,$p1)=@_;
+        local($l,$t);
+        push(@out,"\t$name\t*".&conv($p1)."\n");
+        }
+sub out0
+        {
+        push(@out,"\t$_[0]\n");
+        }
+sub conv
+        {
+        local($p)=@_;
+#       $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+        $p=$regs{$p} if (defined($regs{$p}));
+        $p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/;
+        $p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/;
+        return $p;
+        }
+sub main'file
+        {
+        local($file)=@_;
+        local($tmp)=<<"EOF";
+        .file   "$file.s"
+        .version        "01.01"
+gcc2_compiled.:
+EOF
+        push(@out,$tmp);
+        }
+sub main'function_begin
+        {
+        local($func)=@_;
+        &main'external_label($func);
+        $func=$under.$func;
+        local($tmp)=<<"EOF";
+.text
+        .align $align
+.globl $func
+EOF
+        push(@out,$tmp);
+        if ($main'cpp)
+                { $tmp=push(@out,"\tTYPE($func,\@function)\n"); }
+        else    { $tmp=push(@out,"\t.type\t$func,\@function\n"); }
+        push(@out,"$func:\n");
+        $tmp=<<"EOF";
+        pushl   %ebp
+        pushl   %ebx
+        pushl   %esi
+        pushl   %edi
+EOF
+        push(@out,$tmp);
+        $stack=20;
+        }
+sub main'function_begin_B
+        {
+        local($func,$extra)=@_;
+        &main'external_label($func);
+        $func=$under.$func;
+        local($tmp)=<<"EOF";
+.text
+        .align $align
+.globl $func
+EOF
+        push(@out,$tmp);
+        if ($main'cpp)
+                { push(@out,"\tTYPE($func,\@function)\n"); }
+        else    { push(@out,"\t.type    $func,\@function\n"); }
+        push(@out,"$func:\n");
+        $stack=4;
+        }
+sub main'function_end
+        {
+        local($func)=@_;
+        $func=$under.$func;
+        local($tmp)=<<"EOF";
+        popl    %edi
+        popl    %esi
+        popl    %ebx
+        popl    %ebp
+        ret
+.${func}_end:
+EOF
+        push(@out,$tmp);
+        if ($main'cpp)
+                { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
+        else    { push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
+        push(@out,".ident       \"$func\"\n");
+        $stack=0;
+        %label=();
+        }
+sub main'function_end_A
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+        popl    %edi
+        popl    %esi
+        popl    %ebx
+        popl    %ebp
+        ret
+EOF
+        push(@out,$tmp);
+        }
+sub main'function_end_B
+        {
+        local($func)=@_;
+        $func=$under.$func;
+        push(@out,".${func}_end:\n");
+        if ($main'cpp)
+                { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
+        else    { push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
+        push(@out,".ident       \"desasm.pl\"\n");
+        $stack=0;
+        %label=();
+        }
+sub main'wparam
+        {
+        local($num)=@_;
+        return(&main'DWP($stack+$num*4,"esp","",0));
+        }
+sub main'stack_push
+        {
+        local($num)=@_;
+        $stack+=$num*4;
+        &main'sub("esp",$num*4);
+        }
+sub main'stack_pop
+        {
+        local($num)=@_;
+        $stack-=$num*4;
+        &main'add("esp",$num*4);
+        }
+sub main'swtmp
+        {
+        return(&main'DWP($_[0]*4,"esp","",0));
+        }
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#       {
+#       local($num)=@_;
+#
+#       return(&main'DWP(-($num+1)*4,"esp","",0));
+#       }
+sub main'comment
+        {
+        foreach (@_)
+                {
+                if (/^\s*$/)
+                        { push(@out,"\n"); }
+                else
+                        { push(@out,"\t$com_start $_ $com_end\n"); }
+                }
+        }
+sub main'label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}=".${label}${_[0]}";
+                $label++;
+                }
+        return($label{$_[0]});
+        }
+sub main'set_label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}=".${label}${_[0]}";
+                $label++;
+                }
+        push(@out,".align $align\n") if ($_[1] != 0);
+        push(@out,"$label{$_[0]}:\n");
+        }
+sub main'file_end
+        {
+        }
+sub main'data_word
+        {
+        push(@out,"\t.long $_[0]\n");
+        }
diff --git a/src/lib/libssl/src/crypto/pkcs7/doc b/src/lib/libssl/src/crypto/pkcs7/doc
new file mode 100644
index 0000000000..d2e8b7b2a3
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/doc
@@ -0,0 +1,24 @@
+int PKCS7_set_content_type(PKCS7 *p7, int type);
+Call to set the type of PKCS7 object we are working on
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+        EVP_MD *dgst);
+Use this to setup a signer info
+There will also be functions to add signed and unsigned attributes.
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
+Add a signer info to the content.
+int PKCS7_add_certificae(PKCS7 *p7, X509 *x509);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+----
+p7=PKCS7_new();
+PKCS7_set_content_type(p7,NID_pkcs7_signed);
+signer=PKCS7_SINGNER_INFO_new();
+PKCS7_SIGNER_INFO_set(signer,x509,pkey,EVP_md5());
+PKCS7_add_signer(py,signer);
+we are now setup.
diff --git a/src/lib/libssl/src/crypto/pkcs7/enc.c b/src/lib/libssl/src/crypto/pkcs7/enc.c
new file mode 100644
index 0000000000..625a7c2285
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/enc.c
@@ -0,0 +1,144 @@
+/* crypto/pkcs7/enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bio.h"
+#include "x509.h"
+#include "pem.h"
+main(argc,argv)
+int argc;
+char *argv[];
+        {
+        X509 *x509;
+        EVP_PKEY *pkey;
+        PKCS7 *p7;
+        PKCS7 *p7_data;
+        PKCS7_SIGNER_INFO *si;
+        BIO *in;
+        BIO *data,*p7bio;
+        char buf[1024*4];
+        int i,j;
+        int nodetach=0;
+        EVP_add_digest(EVP_sha1());
+        EVP_add_cipher(EVP_des_cbc());
+        data=BIO_new(BIO_s_file());
+again:
+        if (argc > 1)
+                {
+                if (strcmp(argv[1],"-nd") == 0)
+                        {
+                        nodetach=1;
+                        argv++; argc--;
+                        goto again;
+                        }
+                if (!BIO_read_filename(data,argv[1]))
+                        goto err;
+                }
+        else
+                BIO_set_fp(data,stdin,BIO_NOCLOSE);
+        if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
+        if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+        BIO_reset(in);
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+        BIO_free(in);
+        p7=PKCS7_new();
+        PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);
+         
+        if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
+        if (!PKCS7_set_cipher(p7,EVP_des_cbc())) goto err;
+        if (PKCS7_add_recipient(p7,x509) == NULL) goto err;
+        /* we may want to add more */
+        PKCS7_add_certificate(p7,x509);
+        /* Set the content of the signed to 'data' */
+        /* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */
+        /* could be used, but not in this version :-)
+        if (!nodetach) PKCS7_set_detached(p7,1);
+        */
+        if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
+        for (;;)
+                {
+                i=BIO_read(data,buf,sizeof(buf));
+                if (i <= 0) break;
+                BIO_write(p7bio,buf,i);
+                }
+        BIO_flush(p7bio);
+        if (!PKCS7_dataSign(p7,p7bio)) goto err;
+        BIO_free(p7bio);
+        PEM_write_PKCS7(stdout,p7);
+        PKCS7_free(p7);
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
diff --git a/src/lib/libssl/src/crypto/pkcs7/p7/a1 b/src/lib/libssl/src/crypto/pkcs7/p7/a1
new file mode 100644
index 0000000000..56ca943762
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/p7/a1
@@ -0,0 +1,2 @@
+j,H>_��_�D�zE�L� VJ��觬���E3��Y�x%_�k
+3�)DLSc�8%�M
+\ No newline at end of file
diff --git a/src/lib/libssl/src/crypto/pkcs7/p7/a2 b/src/lib/libssl/src/crypto/pkcs7/p7/a2
new file mode 100644
index 0000000000..23d8fb5e93
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/p7/a2
@@ -0,0 +1 @@
+k~@a�,N�M͹� <O( KP�騠�K�>��U�o_�Bqrm�?٠t?t��ρ�Id2��
+\ No newline at end of file
diff --git a/src/lib/libssl/src/crypto/pkcs7/p7/cert.p7c b/src/lib/libssl/src/crypto/pkcs7/p7/cert.p7c
new file mode 100644
index 0000000000..2b75ec05f7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/p7/cert.p7c
Binary files differ
diff --git a/src/lib/libssl/src/crypto/pkcs7/p7/smime.p7m b/src/lib/libssl/src/crypto/pkcs7/p7/smime.p7m
new file mode 100644
index 0000000000..2b6e6f82ba
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/p7/smime.p7m
Binary files differ
diff --git a/src/lib/libssl/src/crypto/pkcs7/p7/smime.p7s b/src/lib/libssl/src/crypto/pkcs7/p7/smime.p7s
new file mode 100644
index 0000000000..2b5d4fb0e3
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/p7/smime.p7s
Binary files differ
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_dgst.c b/src/lib/libssl/src/crypto/pkcs7/pk7_dgst.c
new file mode 100644
index 0000000000..7769abeb1e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_dgst.c
@@ -0,0 +1,66 @@
+/* crypto/pkcs7/pk7_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "rand.h"
+#include "objects.h"
+#include "x509.h"
+#include "pkcs7.h"
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
new file mode 100644
index 0000000000..b5689b3fe4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
@@ -0,0 +1,408 @@
+/* crypto/pkcs7/pk7_doit.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "rand.h"
+#include "objects.h"
+#include "x509.h"
+BIO *PKCS7_dataInit(p7,bio)
+PKCS7 *p7;
+BIO *bio;
+        {
+        int i,j;
+        BIO *out=NULL,*btmp;
+        X509_ALGOR *xa;
+        EVP_MD *evp_md;
+        EVP_CIPHER *evp_cipher=NULL;
+        STACK *md_sk=NULL,*rsk=NULL;
+        X509_ALGOR *xalg=NULL;
+        PKCS7_RECIP_INFO *ri=NULL;
+        EVP_PKEY *pkey;
+        i=OBJ_obj2nid(p7->type);
+        p7->state=PKCS7_S_HEADER;
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                md_sk=p7->d.sign->md_algs;
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                rsk=p7->d.signed_and_enveloped->recipientinfo;
+                md_sk=p7->d.signed_and_enveloped->md_algs;
+                evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(p7->d.signed_and_enveloped->enc_data->algorithm->algorithm)));
+                if (evp_cipher == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+                        goto err;
+                        }
+                xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                goto err;
+                }
+        if (md_sk != NULL)
+                {
+                for (i=0; i<sk_num(md_sk); i++)
+                        {
+                        xa=(X509_ALGOR *)sk_value(md_sk,i);
+                        if ((btmp=BIO_new(BIO_f_md())) == NULL) goto err;
+                        j=OBJ_obj2nid(xa->algorithm);
+                        evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
+                        if (evp_md == NULL)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
+                                goto err;
+                                }
+                        BIO_set_md(btmp,evp_md);
+                        if (out == NULL)
+                                out=btmp;
+                        else
+                                BIO_push(out,btmp);
+                        }
+                }
+        if (evp_cipher != NULL)
+                {
+                unsigned char key[EVP_MAX_KEY_LENGTH];
+                unsigned char iv[EVP_MAX_IV_LENGTH];
+                int keylen,ivlen;
+                int jj,max;
+                unsigned char *tmp;
+                if ((btmp=BIO_new(BIO_f_cipher())) == NULL) goto err;
+                keylen=EVP_CIPHER_key_length(evp_cipher);
+                ivlen=EVP_CIPHER_iv_length(evp_cipher);
+                if (ivlen > 0)
+                        {
+                        ASN1_OCTET_STRING *os;
+                        RAND_bytes(iv,ivlen);
+                        os=ASN1_OCTET_STRING_new();
+                        ASN1_OCTET_STRING_set(os,iv,ivlen);
+                /*      ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING,
+                                (char *)os);
+                */      }
+                RAND_bytes(key,keylen);
+                /* Lets do the pub key stuff :-) */
+                max=0;
+                for (i=0; i<sk_num(rsk); i++)
+                        {
+                        ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
+                        if (ri->cert == NULL) abort();
+                        pkey=X509_get_pubkey(ri->cert);
+                        jj=EVP_PKEY_size(pkey);
+                        if (max < jj) max=jj;
+                        }
+                if ((tmp=(unsigned char *)Malloc(max)) == NULL) abort();
+                for (i=0; i<sk_num(rsk); i++)
+                        {
+                        ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
+                        pkey=X509_get_pubkey(ri->cert);
+                        jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
+                        if (jj <= 0) abort();
+                        ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+                        }
+                BIO_set_cipher(btmp,evp_cipher,key,iv,1);
+                if (out == NULL)
+                        out=btmp;
+                else
+                        BIO_push(out,btmp);
+                }
+        if (bio == NULL) /* ??????????? */
+                {
+                if (p7->detached)
+                        bio=BIO_new(BIO_s_null());
+                else
+                        {
+                        bio=BIO_new(BIO_s_mem());
+                        if (PKCS7_type_is_signed(p7) &&
+                                PKCS7_type_is_data(p7->d.sign->contents))
+                                {
+                                ASN1_OCTET_STRING *os;
+                                os=p7->d.sign->contents->d.data;
+                                if (os->length > 0)
+                                        BIO_write(bio,(char *)os->data,
+                                                os->length);
+                                }
+                        }
+                }
+        BIO_push(out,bio);
+        return(out);
+err:
+        return(NULL);
+        }
+int PKCS7_dataSign(p7,bio)
+PKCS7 *p7;
+BIO *bio;
+        {
+        int ret=0;
+        int i,j;
+        BIO *btmp;
+        BUF_MEM *buf_mem=NULL;
+        BUF_MEM *buf=NULL;
+        PKCS7_SIGNER_INFO *si;
+        EVP_MD_CTX *mdc,ctx_tmp;
+        STACK *sk,*si_sk=NULL;
+        unsigned char *p,*pp=NULL;
+        int x;
+        ASN1_OCTET_STRING *os=NULL;
+        i=OBJ_obj2nid(p7->type);
+        p7->state=PKCS7_S_HEADER;
+        switch (i)
+                {
+        case NID_pkcs7_signedAndEnveloped:
+                /* XXXXXXXXXXXXXXXX */
+                si_sk=p7->d.signed_and_enveloped->signer_info;
+                os=ASN1_OCTET_STRING_new();
+                p7->d.signed_and_enveloped->enc_data->enc_data=os;
+                break;
+        case NID_pkcs7_signed:
+                si_sk=p7->d.sign->signer_info;
+                os=p7->d.sign->contents->d.data;
+                break;
+                }
+        if (si_sk != NULL)
+                {
+                if ((buf=BUF_MEM_new()) == NULL) goto err;
+                for (i=0; i<sk_num(si_sk); i++)
+                        {
+                        si=(PKCS7_SIGNER_INFO *)
+                                sk_value(si_sk,i);
+                        if (si->pkey == NULL)
+                                continue;
+                        j=OBJ_obj2nid(si->digest_enc_alg->algorithm);
+                        btmp=bio;
+                        for (;;)
+                                {
+                                if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) 
+                                        == NULL)
+                                        {
+                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+                                        goto err;
+                                        }
+                                BIO_get_md_ctx(btmp,&mdc);
+                                if (mdc == NULL)
+                                        {
+                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR);
+                                        goto err;
+                                        }
+                                if (EVP_MD_pkey_type(EVP_MD_CTX_type(mdc)) == j)
+                                        break;
+                                else
+                                        btmp=btmp->next_bio;
+                                }
+                        
+                        /* We now have the EVP_MD_CTX, lets do the
+                         * signing. */
+                        memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp));
+                        if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
+                                goto err;
+                        sk=si->auth_attr;
+                        if ((sk != NULL) && (sk_num(sk) != 0))
+                                {
+                                x=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE,
+                                        V_ASN1_SET,V_ASN1_UNIVERSAL);
+                                pp=(unsigned char *)Malloc(i);
+                                p=pp;
+                                i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE,
+                                        V_ASN1_SET,V_ASN1_UNIVERSAL);
+                                EVP_SignUpdate(&ctx_tmp,pp,x);
+                                Free(pp);
+                                }
+                        if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
+                                (unsigned int *)&buf->length,si->pkey))
+                                goto err;
+                        if (!ASN1_STRING_set(si->enc_digest,
+                                (unsigned char *)buf->data,buf->length))
+                                goto err;
+                        }
+                if (p7->detached)
+                        ASN1_OCTET_STRING_set(os,(unsigned char *)"",0);
+                else
+                        {
+                        btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+                        if (btmp == NULL)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+                                goto err;
+                                }
+                        BIO_get_mem_ptr(btmp,&buf_mem);
+                        ASN1_OCTET_STRING_set(os,
+                                (unsigned char *)buf_mem->data,buf_mem->length);
+                        }
+                if (pp != NULL) Free(pp);
+                pp=NULL;
+                }
+        ret=1;
+err:
+        if (buf != NULL) BUF_MEM_free(buf);
+        return(ret);
+        }
+int PKCS7_dataVerify(cert_store,ctx,bio,p7,si)
+X509_STORE *cert_store;
+X509_STORE_CTX *ctx;
+BIO *bio;
+PKCS7 *p7;
+PKCS7_SIGNER_INFO *si;
+        {
+        PKCS7_SIGNED *s;
+        ASN1_OCTET_STRING *os;
+        EVP_MD_CTX mdc_tmp,*mdc;
+        unsigned char *pp,*p;
+        PKCS7_ISSUER_AND_SERIAL *ias;
+        int ret=0,md_type,i;
+        STACK *sk;
+        BIO *btmp;
+        X509 *x509;
+        if (!PKCS7_type_is_signed(p7)) abort();
+        /* XXXXXXXXXXXXXXXXXXXXXXX */
+        ias=si->issuer_and_serial;
+        s=p7->d.sign;
+        x509=X509_find_by_issuer_and_serial(s->cert,ias->issuer,ias->serial);
+        /* were we able to find the cert in passed to us */
+        if (x509 == NULL)
+                {
+                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
+                goto err;
+                }
+        /* Lets verify */
+        X509_STORE_CTX_init(ctx,cert_store,x509,s->cert);
+        i=X509_verify_cert(ctx);
+        if (i <= 0) goto err;
+        X509_STORE_CTX_cleanup(ctx);
+        /* So we like 'x509', lets check the signature. */
+        md_type=OBJ_obj2nid(si->digest_alg->algorithm);
+        btmp=bio;
+        for (;;)
+                {
+                if ((btmp == NULL) ||
+                        ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+                        goto err;
+                        }
+                BIO_get_md_ctx(btmp,&mdc);
+                if (mdc == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == md_type)
+                        break;
+                btmp=btmp->next_bio;    
+                }
+        /* mdc is the digest ctx that we want */
+        memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp));
+        sk=si->auth_attr;
+        if ((sk != NULL) && (sk_num(sk) != 0))
+                {
+                i=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE,
+                        V_ASN1_SET,V_ASN1_UNIVERSAL);
+                pp=(unsigned char *)malloc(i);
+                p=pp;
+                i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE,
+                        V_ASN1_SET,V_ASN1_UNIVERSAL);
+                EVP_VerifyUpdate(&mdc_tmp,pp,i);
+                free(pp);
+                }
+        os=si->enc_digest;
+        i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length,
+                X509_get_pubkey(x509));
+        if (i <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_SIGNATURE_FAILURE);
+                ret= -1;
+                goto err;
+                }
+        else
+                ret=1;
+err:
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_enc.c b/src/lib/libssl/src/crypto/pkcs7/pk7_enc.c
new file mode 100644
index 0000000000..a5b6dc463f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_enc.c
@@ -0,0 +1,76 @@
+/* crypto/pkcs7/pk7_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "rand.h"
+#include "objects.h"
+#include "x509.h"
+#include "pkcs7.h"
+PKCS7_in_bio(PKCS7 *p7,BIO *in);
+PKCS7_out_bio(PKCS7 *p7,BIO *out);
+PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key);
+PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher);
+PKCS7_Init(PKCS7 *p7);
+PKCS7_Update(PKCS7 *p7);
+PKCS7_Finish(PKCS7 *p7);
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
new file mode 100644
index 0000000000..7d14ad1173
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
@@ -0,0 +1,449 @@
+/* crypto/pkcs7/pk7_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "objects.h"
+#include "x509.h"
+long PKCS7_ctrl(p7,cmd,larg,parg)
+PKCS7 *p7;
+int cmd;
+long larg;
+char *parg;
+        {
+        int nid;
+        long ret;
+        nid=OBJ_obj2nid(p7->type);
+        switch (cmd)
+                {
+        case PKCS7_OP_SET_DETACHED_SIGNATURE:
+                if (nid == NID_pkcs7_signed)
+                        {
+                        ret=p7->detached=(int)larg;
+                        }
+                else
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+                        ret=0;
+                        }
+                break;
+        case PKCS7_OP_GET_DETACHED_SIGNATURE:
+                if (nid == NID_pkcs7_signed)
+                        {
+                        ret=p7->detached;
+                        }
+                else
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+                        ret=0;
+                        }
+                        
+                break;
+        default:
+                abort();
+                }
+        return(ret);
+        }
+int PKCS7_content_new(p7,type)
+PKCS7 *p7;
+int type;
+        {
+        PKCS7 *ret=NULL;
+        if ((ret=PKCS7_new()) == NULL) goto err;
+        if (!PKCS7_set_type(ret,type)) goto err;
+        if (!PKCS7_set_content(p7,ret)) goto err;
+        return(1);
+err:
+        if (ret != NULL) PKCS7_free(ret);
+        return(0);
+        }
+int PKCS7_set_content(p7,p7_data)
+PKCS7 *p7;
+PKCS7 *p7_data;
+        {
+        int i;
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                if (p7->d.sign->contents != NULL)
+                        PKCS7_content_free(p7->d.sign->contents);
+                p7->d.sign->contents=p7_data;
+                break;
+        case NID_pkcs7_digest:
+        case NID_pkcs7_data:
+        case NID_pkcs7_enveloped:
+        case NID_pkcs7_signedAndEnveloped:
+        case NID_pkcs7_encrypted:
+        default:
+                PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                goto err;
+                }
+        return(1);
+err:
+        return(0);
+        }
+int PKCS7_set_type(p7,type)
+PKCS7 *p7;
+int type;
+        {
+        ASN1_OBJECT *obj;
+        PKCS7_content_free(p7);
+        obj=OBJ_nid2obj(type); /* will not fail */
+        switch (type)
+                {
+        case NID_pkcs7_signed:
+                p7->type=obj;
+                if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
+                        goto err;
+                ASN1_INTEGER_set(p7->d.sign->version,1);
+                break;
+        case NID_pkcs7_data:
+                p7->type=obj;
+                if ((p7->d.data=ASN1_OCTET_STRING_new()) == NULL)
+                        goto err;
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                p7->type=obj;
+                if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
+                        == NULL)
+                        goto err;
+                ASN1_INTEGER_set(p7->d.sign->version,1);
+                break;
+        case NID_pkcs7_digest:
+        case NID_pkcs7_enveloped:
+        case NID_pkcs7_encrypted:
+        default:
+                PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                goto err;
+                }
+        return(1);
+err:
+        return(0);
+        }
+int PKCS7_add_signer(p7,psi)
+PKCS7 *p7;
+PKCS7_SIGNER_INFO *psi;
+        {
+        int i,j,nid;
+        X509_ALGOR *alg;
+        STACK *signer_sk;
+        STACK *md_sk;
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                signer_sk=      p7->d.sign->signer_info;
+                md_sk=          p7->d.sign->md_algs;
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                signer_sk=      p7->d.signed_and_enveloped->signer_info;
+                md_sk=          p7->d.signed_and_enveloped->md_algs;
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+        nid=OBJ_obj2nid(psi->digest_alg->algorithm);
+        /* If the digest is not currently listed, add it */
+        j=0;
+        for (i=0; i<sk_num(md_sk); i++)
+                {
+                alg=(X509_ALGOR *)sk_value(md_sk,i);
+                if (OBJ_obj2nid(alg->algorithm) == nid)
+                        {
+                        j=1;
+                        break;
+                        }
+                }
+        if (!j) /* we need to add another algorithm */
+                {
+                alg=X509_ALGOR_new();
+                alg->algorithm=OBJ_nid2obj(nid);
+                sk_push(md_sk,(char *)alg);
+                }
+        sk_push(signer_sk,(char *)psi);
+        return(1);
+        }
+int PKCS7_add_certificate(p7,x509)
+PKCS7 *p7;
+X509 *x509;
+        {
+        int i;
+        STACK **sk;
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                sk= &(p7->d.sign->cert);
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                sk= &(p7->d.signed_and_enveloped->cert);
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+        if (*sk == NULL)
+                *sk=sk_new_null();
+        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+        sk_push(*sk,(char *)x509);
+        return(1);
+        }
+int PKCS7_add_crl(p7,crl)
+PKCS7 *p7;
+X509_CRL *crl;
+        {
+        int i;
+        STACK **sk;
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                sk= &(p7->d.sign->crl);
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                sk= &(p7->d.signed_and_enveloped->crl);
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+        if (*sk == NULL)
+                *sk=sk_new_null();
+        CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
+        sk_push(*sk,(char *)crl);
+        return(1);
+        }
+int PKCS7_SIGNER_INFO_set(p7i,x509,pkey,dgst)
+PKCS7_SIGNER_INFO *p7i;
+X509 *x509;
+EVP_PKEY *pkey;
+EVP_MD *dgst;
+        {
+        /* We now need to add another PKCS7_SIGNER_INFO entry */
+        ASN1_INTEGER_set(p7i->version,1);
+        X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                X509_get_issuer_name(x509));
+        /* because ASN1_INTEGER_set is used to set a 'long' we will do
+         * things the ugly way. */
+        ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+        p7i->issuer_and_serial->serial=
+                ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+        /* lets keep the pkey around for a while */
+        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+        p7i->pkey=pkey;
+        /* Set the algorithms */
+        p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
+        p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_MD_pkey_type(dgst));
+#if 1
+        if (p7i->digest_enc_alg->parameter != NULL)
+                ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
+        if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL)
+                goto err;
+        p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+#endif
+        return(1);
+err:
+        return(0);
+        }
+PKCS7_SIGNER_INFO *PKCS7_add_signature(p7,x509,pkey,dgst)
+PKCS7 *p7;
+X509 *x509;
+EVP_PKEY *pkey;
+EVP_MD *dgst;
+        {
+        PKCS7_SIGNER_INFO *si;
+        if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
+        if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
+        if (!PKCS7_add_signer(p7,si)) goto err;
+        return(si);
+err:
+        return(NULL);
+        }
+STACK *PKCS7_get_signer_info(p7)
+PKCS7 *p7;
+        {
+        if (PKCS7_type_is_signed(p7))
+                {
+                return(p7->d.sign->signer_info);
+                }
+        else
+                return(NULL);
+        }
+PKCS7_RECIP_INFO *PKCS7_add_recipient(p7,x509)
+PKCS7 *p7;
+X509 *x509;
+        {
+        PKCS7_RECIP_INFO *ri;
+        if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
+        if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
+        if (!PKCS7_add_recipient_info(p7,ri)) goto err;
+        return(ri);
+err:
+        return(NULL);
+        }
+int PKCS7_add_recipient_info(p7,ri)
+PKCS7 *p7;
+PKCS7_RECIP_INFO *ri;
+        {
+        int i;
+        STACK *sk;
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signedAndEnveloped:
+                sk=     p7->d.signed_and_enveloped->recipientinfo;
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+        sk_push(sk,(char *)ri);
+        return(1);
+        }
+int PKCS7_RECIP_INFO_set(p7i,x509)
+PKCS7_RECIP_INFO *p7i;
+X509 *x509;
+        {
+        ASN1_INTEGER_set(p7i->version,0);
+        X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                X509_get_issuer_name(x509));
+        ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+        p7i->issuer_and_serial->serial=
+                ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+        p7i->cert=x509;
+        return(1);
+        }
+X509 *PKCS7_cert_from_signer_info(p7,si)
+PKCS7 *p7;
+PKCS7_SIGNER_INFO *si;
+        {
+        if (PKCS7_type_is_signed(p7))
+                return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
+                        si->issuer_and_serial->issuer,
+                        si->issuer_and_serial->serial));
+        else
+                return(NULL);
+        }
+int PKCS7_set_cipher(p7,cipher)
+PKCS7 *p7;
+EVP_CIPHER *cipher;
+        {
+        int i;
+        PKCS7_ENC_CONTENT *ec;
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signedAndEnveloped:
+                ec=p7->d.signed_and_enveloped->enc_data;
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+        ec->algorithm->algorithm=OBJ_nid2obj(EVP_CIPHER_nid(cipher));
+        return(ec->algorithm->algorithm != NULL);
+        }
diff --git a/src/lib/libssl/src/crypto/pkcs7/pkcs7.h b/src/lib/libssl/src/crypto/pkcs7/pkcs7.h
new file mode 100644
index 0000000000..ee12f670a8
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/pkcs7.h
@@ -0,0 +1,449 @@
+/* crypto/pkcs7/pkcs7.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_PKCS7_H
+#define HEADER_PKCS7_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "bio.h"
+#include "x509.h"
+/*
+Encryption_ID           DES-CBC
+Digest_ID               MD5
+Digest_Encryption_ID    rsaEncryption
+Key_Encryption_ID       rsaEncryption
+*/
+typedef struct pkcs7_issuer_and_serial_st
+        {
+        X509_NAME *issuer;
+        ASN1_INTEGER *serial;
+        } PKCS7_ISSUER_AND_SERIAL;
+typedef struct pkcs7_signer_info_st
+        {
+        ASN1_INTEGER                    *version;       /* version 1 */
+        PKCS7_ISSUER_AND_SERIAL         *issuer_and_serial;
+        X509_ALGOR                      *digest_alg;
+        STACK /* X509_ATTRIBUTE */      *auth_attr;     /* [ 0 ] */
+        X509_ALGOR                      *digest_enc_alg;
+        ASN1_OCTET_STRING               *enc_digest;
+        STACK /* X509_ATTRIBUTE */      *unauth_attr;   /* [ 1 ] */
+        /* The private key to sign with */
+        EVP_PKEY                        *pkey;
+        } PKCS7_SIGNER_INFO;
+typedef struct pkcs7_recip_info_st
+        {
+        ASN1_INTEGER                    *version;       /* version 0 */
+        PKCS7_ISSUER_AND_SERIAL         *issuer_and_serial;
+        X509_ALGOR                      *key_enc_algor;
+        ASN1_OCTET_STRING               *enc_key;
+        X509                            *cert; /* get the pub-key from this */
+        } PKCS7_RECIP_INFO;
+typedef struct pkcs7_signed_st
+        {
+        ASN1_INTEGER                    *version;       /* version 1 */
+        STACK /* X509_ALGOR's */        *md_algs;       /* md used */
+        STACK /* X509 */                *cert;          /* [ 0 ] */
+        STACK /* X509_CRL */            *crl;           /* [ 1 ] */
+        STACK /* PKCS7_SIGNER_INFO */   *signer_info;
+        struct pkcs7_st                 *contents;
+        } PKCS7_SIGNED;
+/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.
+ * How about merging the two */
+typedef struct pkcs7_enc_content_st
+        {
+        ASN1_OBJECT                     *content_type;
+        X509_ALGOR                      *algorithm;
+        ASN1_OCTET_STRING               *enc_data;      /* [ 0 ] */
+        } PKCS7_ENC_CONTENT;
+typedef struct pkcs7_enveloped_st
+        {
+        ASN1_INTEGER                    *version;       /* version 0 */
+        STACK /* PKCS7_RECIP_INFO */    *recipientinfo;
+        PKCS7_ENC_CONTENT               *enc_data;
+        } PKCS7_ENVELOPE;
+        
+typedef struct pkcs7_signedandenveloped_st
+        {
+        ASN1_INTEGER                    *version;       /* version 1 */
+        STACK /* X509_ALGOR's */        *md_algs;       /* md used */
+        STACK /* X509 */                *cert;          /* [ 0 ] */
+        STACK /* X509_CRL */            *crl;           /* [ 1 ] */
+        STACK /* PKCS7_SIGNER_INFO */   *signer_info;
+        PKCS7_ENC_CONTENT               *enc_data;
+        STACK /* PKCS7_RECIP_INFO */    *recipientinfo;
+        } PKCS7_SIGN_ENVELOPE;
+typedef struct pkcs7_digest_st
+        {
+        ASN1_INTEGER                    *version;       /* version 0 */
+        X509_ALGOR                      *md;            /* md used */
+        struct pkcs7_st                 *contents;
+        ASN1_OCTET_STRING               *digest;
+        } PKCS7_DIGEST;
+typedef struct pkcs7_encrypted_st
+        {
+        ASN1_INTEGER                    *version;       /* version 0 */
+        PKCS7_ENC_CONTENT               *enc_data;
+        } PKCS7_ENCRYPT;
+typedef struct pkcs7_st
+        {
+        /* The following is non NULL if it contains ASN1 encoding of
+         * this structure */
+        unsigned char *asn1;
+        long length;
+#define PKCS7_S_HEADER  0
+#define PKCS7_S_BODY    1
+#define PKCS7_S_TAIL    2
+        int state; /* used during processing */
+        int detached;
+        ASN1_OBJECT *type;
+        /* content as defined by the type */
+        /* all encryption/message digests are applied to the 'contents',
+         * leaving out the 'type' field. */
+        union   {
+                char *ptr;
+                /* NID_pkcs7_data */
+                ASN1_OCTET_STRING *data;
+                /* NID_pkcs7_signed */
+                PKCS7_SIGNED *sign;
+                /* NID_pkcs7_enveloped */
+                PKCS7_ENVELOPE *enveloped;
+                /* NID_pkcs7_signedAndEnveloped */
+                PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
+                /* NID_pkcs7_digest */
+                PKCS7_DIGEST *digest;
+                /* NID_pkcs7_encrypted */
+                PKCS7_ENCRYPT *encrypted;
+                } d;
+        } PKCS7;
+#define PKCS7_OP_SET_DETACHED_SIGNATURE 1
+#define PKCS7_OP_GET_DETACHED_SIGNATURE 2
+#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
+#define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
+#define PKCS7_set_detached(p,v) \
+                PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
+#define PKCS7_get_detached(p) \
+                PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
+#ifdef SSLEAY_MACROS
+#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
+        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
+                        (char *)data,md,len)
+#endif
+#ifndef NOPROTO
+PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void );
+void                    PKCS7_ISSUER_AND_SERIAL_free(
+                                PKCS7_ISSUER_AND_SERIAL *a);
+int                     i2d_PKCS7_ISSUER_AND_SERIAL(
+                                PKCS7_ISSUER_AND_SERIAL *a,unsigned char **pp);
+PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(
+                                PKCS7_ISSUER_AND_SERIAL **a,
+                                unsigned char **pp, long length);
+#ifndef SSLEAY_MACROS
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,EVP_MD *type,
+        unsigned char *md,unsigned int *len);
+#ifndef NO_FP_API
+PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 *p7);
+int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
+#endif
+PKCS7 *PKCS7_dup(PKCS7 *p7);
+PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 *p7);
+int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
+#endif
+PKCS7_SIGNER_INFO       *PKCS7_SIGNER_INFO_new(void);
+void                    PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a);
+int                     i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a,
+                                unsigned char **pp);
+PKCS7_SIGNER_INFO       *d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a,
+                                unsigned char **pp,long length);
+PKCS7_RECIP_INFO        *PKCS7_RECIP_INFO_new(void);
+void                    PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a);
+int                     i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a,
+                                unsigned char **pp);
+PKCS7_RECIP_INFO        *d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a,
+                                unsigned char **pp,long length);
+PKCS7_SIGNED            *PKCS7_SIGNED_new(void);
+void                    PKCS7_SIGNED_free(PKCS7_SIGNED *a);
+int                     i2d_PKCS7_SIGNED(PKCS7_SIGNED *a,
+                                unsigned char **pp);
+PKCS7_SIGNED            *d2i_PKCS7_SIGNED(PKCS7_SIGNED **a,
+                                unsigned char **pp,long length);
+PKCS7_ENC_CONTENT       *PKCS7_ENC_CONTENT_new(void);
+void                    PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a);
+int                     i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a,
+                                unsigned char **pp);
+PKCS7_ENC_CONTENT       *d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a,
+                                unsigned char **pp,long length);
+PKCS7_ENVELOPE          *PKCS7_ENVELOPE_new(void);
+void                    PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a);
+int                     i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a,
+                                unsigned char **pp);
+PKCS7_ENVELOPE          *d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a,
+                                unsigned char **pp,long length);
+PKCS7_SIGN_ENVELOPE     *PKCS7_SIGN_ENVELOPE_new(void);
+void                    PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a);
+int                     i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a,
+                                unsigned char **pp);
+PKCS7_SIGN_ENVELOPE     *d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a,
+                                unsigned char **pp,long length);
+PKCS7_DIGEST            *PKCS7_DIGEST_new(void);
+void                    PKCS7_DIGEST_free(PKCS7_DIGEST *a);
+int                     i2d_PKCS7_DIGEST(PKCS7_DIGEST *a,
+                                unsigned char **pp);
+PKCS7_DIGEST            *d2i_PKCS7_DIGEST(PKCS7_DIGEST **a,
+                                unsigned char **pp,long length);
+PKCS7_ENCRYPT           *PKCS7_ENCRYPT_new(void);
+void                    PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a);
+int                     i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a,
+                                unsigned char **pp);
+PKCS7_ENCRYPT           *d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a,
+                                unsigned char **pp,long length);
+PKCS7                   *PKCS7_new(void);
+void                    PKCS7_free(PKCS7 *a);
+void                    PKCS7_content_free(PKCS7 *a);
+int                     i2d_PKCS7(PKCS7 *a,
+                                unsigned char **pp);
+PKCS7                   *d2i_PKCS7(PKCS7 **a,
+                                unsigned char **pp,long length);
+void ERR_load_PKCS7_strings(void);
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
+int PKCS7_set_type(PKCS7 *p7, int type);
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+        EVP_MD *dgst);
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_content_new(PKCS7 *p7, int nid);
+int PKCS7_dataSign(PKCS7 *p7, BIO *bio);
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
+        BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); 
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
+/*int PKCS7_DataFinal(PKCS7 *p7, BIO *bio); */
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
+        EVP_PKEY *pkey, EVP_MD *dgst);
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+STACK *PKCS7_get_signer_info(PKCS7 *p7);
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
+int PKCS7_set_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
+#else
+PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new();
+void                    PKCS7_ISSUER_AND_SERIAL_free();
+int                     i2d_PKCS7_ISSUER_AND_SERIAL();
+PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL();
+#ifndef SSLEAY_MACROS
+int                     PKCS7_ISSUER_AND_SERIAL_digest();
+#ifndef NO_FP_API
+PKCS7 *d2i_PKCS7_fp();
+int i2d_PKCS7_fp();
+#endif
+PKCS7 *PKCS7_dup();
+PKCS7 *d2i_PKCS7_bio();
+int i2d_PKCS7_bio();
+#endif
+PKCS7_SIGNER_INFO       *PKCS7_SIGNER_INFO_new();
+void                    PKCS7_SIGNER_INFO_free();
+int                     i2d_PKCS7_SIGNER_INFO();
+PKCS7_SIGNER_INFO       *d2i_PKCS7_SIGNER_INFO();
+PKCS7_RECIP_INFO        *PKCS7_RECIP_INFO_new();
+void                    PKCS7_RECIP_INFO_free();
+int                     i2d_PKCS7_RECIP_INFO();
+PKCS7_RECIP_INFO        *d2i_PKCS7_RECIP_INFO();
+PKCS7_SIGNED            *PKCS7_SIGNED_new();
+void                    PKCS7_SIGNED_free();
+int                     i2d_PKCS7_SIGNED();
+PKCS7_SIGNED            *d2i_PKCS7_SIGNED();
+PKCS7_ENC_CONTENT       *PKCS7_ENC_CONTENT_new();
+void                    PKCS7_ENC_CONTENT_free();
+int                     i2d_PKCS7_ENC_CONTENT();
+PKCS7_ENC_CONTENT       *d2i_PKCS7_ENC_CONTENT();
+PKCS7_ENVELOPE          *PKCS7_ENVELOPE_new();
+void                    PKCS7_ENVELOPE_free();
+int                     i2d_PKCS7_ENVELOPE();
+PKCS7_ENVELOPE          *d2i_PKCS7_ENVELOPE();
+PKCS7_SIGN_ENVELOPE     *PKCS7_SIGN_ENVELOPE_new();
+void                    PKCS7_SIGN_ENVELOPE_free();
+int                     i2d_PKCS7_SIGN_ENVELOPE();
+PKCS7_SIGN_ENVELOPE     *d2i_PKCS7_SIGN_ENVELOPE();
+PKCS7_DIGEST            *PKCS7_DIGEST_new();
+void                    PKCS7_DIGEST_free();
+int                     i2d_PKCS7_DIGEST();
+PKCS7_DIGEST            *d2i_PKCS7_DIGEST();
+PKCS7_ENCRYPT           *PKCS7_ENCRYPT_new();
+void                    PKCS7_ENCRYPT_free();
+int                     i2d_PKCS7_ENCRYPT();
+PKCS7_ENCRYPT           *d2i_PKCS7_ENCRYPT();
+PKCS7                   *PKCS7_new();
+void                    PKCS7_free();
+void                    PKCS7_content_free();
+int                     i2d_PKCS7();
+PKCS7                   *d2i_PKCS7();
+void ERR_load_PKCS7_strings();
+long PKCS7_ctrl();
+int PKCS7_set_type();
+int PKCS7_set_content();
+int PKCS7_SIGNER_INFO_set();
+int PKCS7_add_signer();
+int PKCS7_add_certificate();
+int PKCS7_add_crl();
+int PKCS7_content_new();
+int PKCS7_dataSign();
+int PKCS7_dataVerify();
+BIO *PKCS7_dataInit();
+PKCS7_SIGNER_INFO *PKCS7_add_signature();
+X509 *PKCS7_cert_from_signer_info();
+STACK *PKCS7_get_signer_info();
+PKCS7_RECIP_INFO *PKCS7_add_recipient();
+int PKCS7_add_recipient_info();
+int PKCS7_RECIP_INFO_set();
+int PKCS7_set_cipher();
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the PKCS7 functions. */
+/* Function codes. */
+#define PKCS7_F_PKCS7_ADD_CERTIFICATE                    100
+#define PKCS7_F_PKCS7_ADD_CRL                            101
+#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                 102
+#define PKCS7_F_PKCS7_ADD_SIGNER                         103
+#define PKCS7_F_PKCS7_CTRL                               104
+#define PKCS7_F_PKCS7_DATAINIT                           105
+#define PKCS7_F_PKCS7_DATASIGN                           106
+#define PKCS7_F_PKCS7_DATAVERIFY                         107
+#define PKCS7_F_PKCS7_SET_CIPHER                         108
+#define PKCS7_F_PKCS7_SET_CONTENT                        109
+#define PKCS7_F_PKCS7_SET_TYPE                           110
+/* Reason codes. */
+#define PKCS7_R_INTERNAL_ERROR                           100
+#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     101
+#define PKCS7_R_SIGNATURE_FAILURE                        102
+#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE               103
+#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO                   104
+#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST            105
+#define PKCS7_R_UNKNOWN_DIGEST_TYPE                      106
+#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE                  107
+#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE                 108
+#define PKCS7_R_WRONG_CONTENT_TYPE                       109
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
new file mode 100644
index 0000000000..f851057422
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
@@ -0,0 +1,110 @@
+/* lib/pkcs7/pkcs7_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "pkcs7.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA PKCS7_str_functs[]=
+        {
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0),   "PKCS7_add_certificate"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0),   "PKCS7_add_crl"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0),        "PKCS7_add_recipient_info"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0),        "PKCS7_add_signer"},
+{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0),      "PKCS7_ctrl"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0),  "PKCS7_dataInit"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0),  "PKCS7_dataSign"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0),        "PKCS7_dataVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0),        "PKCS7_set_cipher"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0),       "PKCS7_set_content"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0),  "PKCS7_set_type"},
+{0,NULL},
+        };
+static ERR_STRING_DATA PKCS7_str_reasons[]=
+        {
+{PKCS7_R_INTERNAL_ERROR                  ,"internal error"},
+{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"},
+{PKCS7_R_SIGNATURE_FAILURE               ,"signature failure"},
+{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE      ,"unable to find certificate"},
+{PKCS7_R_UNABLE_TO_FIND_MEM_BIO          ,"unable to find mem bio"},
+{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST   ,"unable to find message digest"},
+{PKCS7_R_UNKNOWN_DIGEST_TYPE             ,"unknown digest type"},
+{PKCS7_R_UNSUPPORTED_CIPHER_TYPE         ,"unsupported cipher type"},
+{PKCS7_R_UNSUPPORTED_CONTENT_TYPE        ,"unsupported content type"},
+{PKCS7_R_WRONG_CONTENT_TYPE              ,"wrong content type"},
+{0,NULL},
+        };
+#endif
+void ERR_load_PKCS7_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs);
+                ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/pkcs7/server.pem b/src/lib/libssl/src/crypto/pkcs7/server.pem
new file mode 100644
index 0000000000..750aac2094
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/server.pem
@@ -0,0 +1,24 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
+MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
+Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
+mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
+xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
+irObpESxAZLySCmPPg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/crypto/pkcs7/sign.c b/src/lib/libssl/src/crypto/pkcs7/sign.c
new file mode 100644
index 0000000000..ead1cb65ca
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/sign.c
@@ -0,0 +1,140 @@
+/* crypto/pkcs7/sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bio.h"
+#include "x509.h"
+#include "pem.h"
+main(argc,argv)
+int argc;
+char *argv[];
+        {
+        X509 *x509;
+        EVP_PKEY *pkey;
+        PKCS7 *p7;
+        PKCS7 *p7_data;
+        PKCS7_SIGNER_INFO *si;
+        BIO *in;
+        BIO *data,*p7bio;
+        char buf[1024*4];
+        int i,j;
+        int nodetach=0;
+        EVP_add_digest(EVP_md2());
+        EVP_add_digest(EVP_md5());
+        EVP_add_digest(EVP_sha1());
+        EVP_add_digest(EVP_mdc2());
+        data=BIO_new(BIO_s_file());
+again:
+        if (argc > 1)
+                {
+                if (strcmp(argv[1],"-nd") == 0)
+                        {
+                        nodetach=1;
+                        argv++; argc--;
+                        goto again;
+                        }
+                if (!BIO_read_filename(data,argv[1]))
+                        goto err;
+                }
+        else
+                BIO_set_fp(data,stdin,BIO_NOCLOSE);
+        if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
+        if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+        BIO_reset(in);
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+        BIO_free(in);
+        p7=PKCS7_new();
+        PKCS7_set_type(p7,NID_pkcs7_signed);
+         
+        if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
+        /* we may want to add more */
+        PKCS7_add_certificate(p7,x509);
+        /* Set the content of the signed to 'data' */
+        PKCS7_content_new(p7,NID_pkcs7_data);
+        if (!nodetach)
+                PKCS7_set_detached(p7,1);
+        if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
+        for (;;)
+                {
+                i=BIO_read(data,buf,sizeof(buf));
+                if (i <= 0) break;
+                BIO_write(p7bio,buf,i);
+                }
+        if (!PKCS7_dataSign(p7,p7bio)) goto err;
+        BIO_free(p7bio);
+        PEM_write_PKCS7(stdout,p7);
+        PKCS7_free(p7);
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
diff --git a/src/lib/libssl/src/crypto/pkcs7/verify.c b/src/lib/libssl/src/crypto/pkcs7/verify.c
new file mode 100644
index 0000000000..0e1c1b26dc
--- /dev/null
+++ b/src/lib/libssl/src/crypto/pkcs7/verify.c
@@ -0,0 +1,238 @@
+/* crypto/pkcs7/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "asn1.h"
+#include "bio.h"
+#include "x509.h"
+#include "pem.h"
+int verify_callback(int ok, X509_STORE_CTX *ctx);
+BIO *bio_err=NULL;
+main(argc,argv)
+int argc;
+char *argv[];
+        {
+        X509 *x509,*x;
+        PKCS7 *p7;
+        PKCS7_SIGNED *s;
+        PKCS7_SIGNER_INFO *si;
+        PKCS7_ISSUER_AND_SERIAL *ias;
+        X509_STORE_CTX cert_ctx;
+        X509_STORE *cert_store=NULL;
+        X509_LOOKUP *lookup=NULL;
+        BIO *data,*detached=NULL,*p7bio=NULL;
+        char buf[1024*4];
+        unsigned char *p,*pp;
+        int i,j,printit=0;
+        STACK *sk;
+        bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        EVP_add_digest(EVP_md2());
+        EVP_add_digest(EVP_md5());
+        EVP_add_digest(EVP_sha1());
+        EVP_add_digest(EVP_mdc2());
+        data=BIO_new(BIO_s_file());
+again:
+        pp=NULL;
+        while (argc > 1)
+                {
+                argc--;
+                argv++;
+                if (strcmp(argv[0],"-p") == 0)
+                        {
+                        printit=1;
+                        }
+                else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
+                        {
+                        detached=BIO_new(BIO_s_file());
+                        if (!BIO_read_filename(detached,argv[1]))
+                                goto err;
+                        argc--;
+                        argv++;
+                        }
+                else
+                        {
+                        pp=argv[0];
+                        if (!BIO_read_filename(data,argv[0]))
+                                goto err;
+                        }
+                }
+        if (pp == NULL)
+                BIO_set_fp(data,stdin,BIO_NOCLOSE);
+        /* Load the PKCS7 object from a file */
+        if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) goto err;
+        /* This stuff is being setup for certificate verification.
+         * When using SSL, it could be replaced with a 
+         * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
+        cert_store=X509_STORE_new();
+        X509_STORE_set_default_paths(cert_store);
+        X509_STORE_load_locations(cert_store,NULL,"../../certs");
+        X509_STORE_set_verify_cb_func(cert_store,verify_callback);
+        ERR_clear_errors();
+        /* We need to process the data */
+        if (PKCS7_get_detached(p7))
+                {
+                if (detached == NULL)
+                        {
+                        printf("no data to verify the signature on\n");
+                        exit(1);
+                        }
+                else
+                        p7bio=PKCS7_dataInit(p7,detached);
+                }
+        else
+                {
+                p7bio=PKCS7_dataInit(p7,NULL);
+                }
+        /* We now have to 'read' from p7bio to calculate digests etc. */
+        for (;;)
+                {
+                i=BIO_read(p7bio,buf,sizeof(buf));
+                /* print it? */
+                if (i <= 0) break;
+                }
+        /* We can now verify signatures */
+        sk=PKCS7_get_signer_info(p7);
+        if (sk == NULL)
+                {
+                printf("there are no signatures on this data\n");
+                exit(1);
+                }
+        /* Ok, first we need to, for each subject entry, see if we can verify */
+        for (i=0; i<sk_num(sk); i++)
+                {
+                si=(PKCS7_SIGNER_INFO *)sk_value(sk,i);
+                i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
+                if (i <= 0)
+                        goto err;
+                }
+        X509_STORE_free(cert_store);
+        printf("done\n");
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
+/* should be X509 * but we can just have them as char *. */
+int verify_callback(ok, ctx)
+int ok;
+X509_STORE_CTX *ctx;
+        {
+        char buf[256];
+        X509 *err_cert;
+        int err,depth;
+        err_cert=X509_STORE_CTX_get_current_cert(ctx);
+        err=    X509_STORE_CTX_get_error(ctx);
+        depth=  X509_STORE_CTX_get_error_depth(ctx);
+        X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+        BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
+        if (!ok)
+                {
+                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+                        X509_verify_cert_error_string(err));
+                if (depth < 6)
+                        {
+                        ok=1;
+                        X509_STORE_CTX_set_error(ctx,X509_V_OK);
+                        }
+                else
+                        {
+                        ok=0;
+                        X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
+                        }
+                }
+        switch (ctx->error)
+                {
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+                X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+                BIO_printf(bio_err,"issuer= %s\n",buf);
+                break;
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+                BIO_printf(bio_err,"notBefore=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+                BIO_printf(bio_err,"notAfter=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+                }
+        BIO_printf(bio_err,"verify return:%d\n",ok);
+        return(ok);
+        }
diff --git a/src/lib/libssl/src/crypto/rand/md_rand.c b/src/lib/libssl/src/crypto/rand/md_rand.c
new file mode 100644
index 0000000000..f44b36a8b9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rand/md_rand.c
@@ -0,0 +1,405 @@
+/* crypto/rand/md_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <sys/types.h>
+#include <time.h>
+#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
+#ifndef NO_MD5
+#define USE_MD5_RAND
+#elif !defined(NO_SHA1)
+#define USE_SHA1_RAND
+#elif !defined(NO_MDC2)
+#define USE_MDC2_RAND
+#elif !defined(NO_MD2)
+#define USE_MD2_RAND
+#else
+We need a message digest of some type 
+#endif
+#endif
+/* Changed how the state buffer used.  I now attempt to 'wrap' such
+ * that I don't run over the same locations the next time  go through
+ * the 1023 bytes - many thanks to
+ * Robert J. LeBlanc <rjl@renaissoft.com> for his comments
+ */
+#if defined(USE_MD5_RAND)
+#include "md5.h"
+#define MD_DIGEST_LENGTH        MD5_DIGEST_LENGTH
+#define MD_CTX                  MD5_CTX
+#define MD_Init(a)              MD5_Init(a)
+#define MD_Update(a,b,c)        MD5_Update(a,b,c)
+#define MD_Final(a,b)           MD5_Final(a,b)
+#elif defined(USE_SHA1_RAND)
+#include "sha.h"
+#define MD_DIGEST_LENGTH        SHA_DIGEST_LENGTH
+#define MD_CTX                  SHA_CTX
+#define MD_Init(a)              SHA1_Init(a)
+#define MD_Update(a,b,c)        SHA1_Update(a,b,c)
+#define MD_Final(a,b)           SHA1_Final(a,b)
+#elif defined(USE_MDC2_RAND)
+#include "mdc2.h"
+#define MD_DIGEST_LENGTH        MDC2_DIGEST_LENGTH
+#define MD_CTX                  MDC2_CTX
+#define MD_Init(a)              MDC2_Init(a)
+#define MD_Update(a,b,c)        MDC2_Update(a,b,c)
+#define MD_Final(a,b)           MDC2_Final(a,b)
+#elif defined(USE_MD2_RAND)
+#include "md2.h"
+#define MD_DIGEST_LENGTH        MD2_DIGEST_LENGTH
+#define MD_CTX                  MD2_CTX
+#define MD_Init(a)              MD2_Init(a)
+#define MD_Update(a,b,c)        MD2_Update(a,b,c)
+#define MD_Final(a,b)           MD2_Final(a,b)
+#endif
+#include "rand.h"
+/*#define NORAND        1 */
+/*#define PREDICT       1 */
+#define STATE_SIZE      1023
+static int state_num=0,state_index=0;
+static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
+static unsigned char md[MD_DIGEST_LENGTH];
+static int md_count=0;
+char *RAND_version="RAND part of SSLeay 0.9.0b 29-Jun-1998";
+void RAND_cleanup()
+        {
+        memset(state,0,sizeof(state));
+        state_num=0;
+        state_index=0;
+        memset(md,0,MD_DIGEST_LENGTH);
+        md_count=0;
+        }
+void RAND_seed(buf,num)
+unsigned char *buf;
+int num;
+        {
+        int i,j,k,st_idx,st_num;
+        MD_CTX m;
+#ifdef NORAND
+        return;
+#endif
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        st_idx=state_index;
+        st_num=state_num;
+        state_index=(state_index+num);
+        if (state_index >= STATE_SIZE)
+                {
+                state_index%=STATE_SIZE;
+                state_num=STATE_SIZE;
+                }
+        else if (state_num < STATE_SIZE)        
+                {
+                if (state_index > state_num)
+                        state_num=state_index;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        for (i=0; i<num; i+=MD_DIGEST_LENGTH)
+                {
+                j=(num-i);
+                j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;
+                MD_Init(&m);
+                MD_Update(&m,md,MD_DIGEST_LENGTH);
+                k=(st_idx+j)-STATE_SIZE;
+                if (k > 0)
+                        {
+                        MD_Update(&m,&(state[st_idx]),j-k);
+                        MD_Update(&m,&(state[0]),k);
+                        }
+                else
+                        MD_Update(&m,&(state[st_idx]),j);
+                        
+                MD_Update(&m,buf,j);
+                MD_Final(md,&m);
+                buf+=j;
+                for (k=0; k<j; k++)
+                        {
+                        state[st_idx++]^=md[k];
+                        if (st_idx >= STATE_SIZE)
+                                {
+                                st_idx=0;
+                                st_num=STATE_SIZE;
+                                }
+                        }
+                }
+        memset((char *)&m,0,sizeof(m));
+        }
+void RAND_bytes(buf,num)
+unsigned char *buf;
+int num;
+        {
+        int i,j,k,st_num,st_idx;
+        MD_CTX m;
+        static int init=1;
+        unsigned long l;
+#ifdef DEVRANDOM
+        FILE *fh;
+#endif
+#ifdef PREDICT
+        {
+        static unsigned char val=0;
+        for (i=0; i<num; i++)
+                buf[i]=val++;
+        return;
+        }
+#endif
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        if (init)
+                {
+                init=0;
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+                /* put in some default random data, we need more than
+                 * just this */
+                RAND_seed((unsigned char *)&m,sizeof(m));
+#ifndef MSDOS
+                l=getpid();
+                RAND_seed((unsigned char *)&l,sizeof(l));
+                l=getuid();
+                RAND_seed((unsigned char *)&l,sizeof(l));
+#endif
+                l=time(NULL);
+                RAND_seed((unsigned char *)&l,sizeof(l));
+/* #ifdef DEVRANDOM */
+                /* 
+                 * Use a random entropy pool device.
+                 * Linux 1.3.x and FreeBSD-Current has 
+                 * this. Use /dev/urandom if you can
+                 * as /dev/random will block if it runs out
+                 * of random entries.
+                 */
+                if ((fh = fopen(DEVRANDOM, "r")) != NULL)
+                        {
+                        unsigned char tmpbuf[32];
+                        fread((unsigned char *)tmpbuf,1,32,fh);
+                        /* we don't care how many bytes we read,
+                         * we will just copy the 'stack' if there is
+                         * nothing else :-) */
+                        fclose(fh);
+                        RAND_seed(tmpbuf,32);
+                        memset(tmpbuf,0,32);
+                        }
+/* #endif */
+#ifdef PURIFY
+                memset(state,0,STATE_SIZE);
+                memset(md,0,MD_DIGEST_LENGTH);
+#endif
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+                }
+        st_idx=state_index;
+        st_num=state_num;
+        state_index+=num;
+        if (state_index > state_num)
+                state_index=(state_index%state_num);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        while (num > 0)
+                {
+                j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
+                num-=j;
+                MD_Init(&m);
+                MD_Update(&m,&(md[MD_DIGEST_LENGTH/2]),MD_DIGEST_LENGTH/2);
+#ifndef PURIFY
+                MD_Update(&m,buf,j); /* purify complains */
+#endif
+                k=(st_idx+j)-st_num;
+                if (k > 0)
+                        {
+                        MD_Update(&m,&(state[st_idx]),j-k);
+                        MD_Update(&m,&(state[0]),k);
+                        }
+                else
+                        MD_Update(&m,&(state[st_idx]),j);
+                MD_Final(md,&m);
+                for (i=0; i<j; i++)
+                        {
+                        if (st_idx >= st_num)
+                                st_idx=0;
+                        state[st_idx++]^=md[i];
+                        *(buf++)=md[i+MD_DIGEST_LENGTH/2];
+                        }
+                }
+        MD_Init(&m);
+        MD_Update(&m,(unsigned char *)&md_count,sizeof(md_count)); md_count++;
+        MD_Update(&m,md,MD_DIGEST_LENGTH);
+        MD_Final(md,&m);
+        memset(&m,0,sizeof(m));
+        }
+#ifdef WINDOWS
+#include <windows.h>
+#include <rand.h>
+/*****************************************************************************
+ * Initialisation function for the SSL random generator.  Takes the contents
+ * of the screen as random seed.
+ *
+ * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
+ *
+ * Code adapted from
+ * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>;
+ * the original copyright message is:
+ *
+//   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
+//
+//   You have a royalty-free right to use, modify, reproduce and
+//   distribute the Sample Files (and/or any modified version) in
+//   any way you find useful, provided that you agree that
+//   Microsoft has no warranty obligations or liability for any
+//   Sample Application Files which are modified.
+ */
+/*
+ * I have modified the loading of bytes via RAND_seed() mechanism since
+ * the origional would have been very very CPU intensive since RAND_seed()
+ * does an MD5 per 16 bytes of input.  The cost to digest 16 bytes is the same
+ * as that to digest 56 bytes.  So under the old system, a screen of
+ * 1024*768*256 would have been CPU cost of approximatly 49,000 56 byte MD5
+ * digests or digesting 2.7 mbytes.  What I have put in place would
+ * be 48 16k MD5 digests, or efectivly 48*16+48 MD5 bytes or 816 kbytes
+ * or about 3.5 times as much.
+ * - eric 
+ */
+void RAND_screen(void)
+{
+  HDC           hScrDC;         /* screen DC */
+  HDC           hMemDC;         /* memory DC */
+  HBITMAP       hBitmap;        /* handle for our bitmap */
+  HBITMAP       hOldBitmap;     /* handle for previous bitmap */
+  BITMAP        bm;             /* bitmap properties */
+  unsigned int  size;           /* size of bitmap */
+  char          *bmbits;        /* contents of bitmap */
+  int           w;              /* screen width */
+  int           h;              /* screen height */
+  int           y;              /* y-coordinate of screen lines to grab */
+  int           n = 16;         /* number of screen lines to grab at a time */
+  /* Create a screen DC and a memory DC compatible to screen DC */
+  hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL);
+  hMemDC = CreateCompatibleDC(hScrDC);
+  /* Get screen resolution */
+  w = GetDeviceCaps(hScrDC, HORZRES);
+  h = GetDeviceCaps(hScrDC, VERTRES);
+  /* Create a bitmap compatible with the screen DC */
+  hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
+  /* Select new bitmap into memory DC */
+  hOldBitmap = SelectObject(hMemDC, hBitmap);
+  /* Get bitmap properties */
+  GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);
+  size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
+  bmbits = Malloc(size);
+  if (bmbits) {
+    /* Now go through the whole screen, repeatedly grabbing n lines */
+    for (y = 0; y < h-n; y += n)
+        {
+        unsigned char md[MD_DIGEST_LENGTH];
+        /* Bitblt screen DC to memory DC */
+        BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
+        /* Copy bitmap bits from memory DC to bmbits */
+        GetBitmapBits(hBitmap, size, bmbits);
+        /* Get the MD5 of the bitmap */
+        MD5(bmbits,size,md);
+        /* Seed the random generator with the MD5 digest */
+        RAND_seed(md, MD_DIGEST_LENGTH);
+        }
+    Free(bmbits);
+  }
+  /* Select old bitmap back into memory DC */
+  hBitmap = SelectObject(hMemDC, hOldBitmap);
+  /* Clean up */
+  DeleteObject(hBitmap);
+  DeleteDC(hMemDC);
+  DeleteDC(hScrDC);
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/rand/rand.h b/src/lib/libssl/src/crypto/rand/rand.h
new file mode 100644
index 0000000000..477d7a150a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rand/rand.h
@@ -0,0 +1,92 @@
+/* crypto/rand/rand.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_RAND_H
+#define HEADER_RAND_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#ifndef NOPROTO
+void RAND_cleanup(void );
+void RAND_bytes( unsigned char *buf,int num);
+void RAND_seed( unsigned char *buf,int num);
+int  RAND_load_file(char *file,long max_bytes);
+int  RAND_write_file(char *file);
+char *RAND_file_name(char *file,int num);
+#ifdef WINDOWS
+void RAND_screen(void);
+#endif
+#else
+void RAND_cleanup();
+void RAND_bytes();
+void RAND_seed();
+int  RAND_load_file();
+int  RAND_write_file();
+char *RAND_file_name();
+#ifdef WINDOWS
+void RAND_screen();
+#endif
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c
new file mode 100644
index 0000000000..f2b3746363
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rand/randfile.c
@@ -0,0 +1,166 @@
+/* crypto/rand/randfile.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <sys/stat.h>
+#include <sys/types.h>
+#include "rand.h"
+#undef BUFSIZE
+#define BUFSIZE 1024
+#define RAND_DATA 1024
+/* #define RFILE ".rand" - defined in ../../e_os.h */
+int RAND_load_file(file,bytes)
+char *file;
+long bytes;
+        {
+        MS_STATIC unsigned char buf[BUFSIZE];
+        struct stat sb;
+        int i,ret=0,n;
+        FILE *in;
+        if (file == NULL) return(0);
+        i=stat(file,&sb);
+        /* If the state fails, put some crap in anyway */
+        RAND_seed((unsigned char *)&sb,sizeof(sb));
+        ret+=sizeof(sb);
+        if (i < 0) return(0);
+        if (bytes <= 0) return(ret);
+        in=fopen(file,"r");
+        if (in == NULL) goto err;
+        for (;;)
+                {
+                n=(bytes < BUFSIZE)?(int)bytes:BUFSIZE;
+                i=fread(buf,1,n,in);
+                if (i <= 0) break;
+                /* even if n != i, use the full array */
+                RAND_seed(buf,n);
+                ret+=i;
+                bytes-=n;
+                if (bytes <= 0) break;
+                }
+        fclose(in);
+        memset(buf,0,BUFSIZE);
+err:
+        return(ret);
+        }
+int RAND_write_file(file)
+char *file;
+        {
+        unsigned char buf[BUFSIZE];
+        int i,ret=0;
+        FILE *out;
+        int n;
+        out=fopen(file,"w");
+        if (out == NULL) goto err;
+        chmod(file,0600);
+        n=RAND_DATA;
+        for (;;)
+                {
+                i=(n > BUFSIZE)?BUFSIZE:n;
+                n-=BUFSIZE;
+                RAND_bytes(buf,i);
+                i=fwrite(buf,1,i,out);
+                if (i <= 0)
+                        {
+                        ret=0;
+                        break;
+                        }
+                ret+=i;
+                if (n <= 0) break;
+                }
+        fclose(out);
+        memset(buf,0,BUFSIZE);
+err:
+        return(ret);
+        }
+char *RAND_file_name(buf,size)
+char *buf;
+int size;
+        {
+        char *s;
+        char *ret=NULL;
+        s=getenv("RANDFILE");
+        if (s != NULL)
+                {
+                strncpy(buf,s,size-1);
+                buf[size-1]='\0';
+                ret=buf;
+                }
+        else
+                {
+                s=getenv("HOME");
+                if (s == NULL) return(RFILE);
+                if (((int)(strlen(s)+strlen(RFILE)+2)) > size)
+                        return(RFILE);
+                strcpy(buf,s);
+                strcat(buf,"/");
+                strcat(buf,RFILE);
+                ret=buf;
+                }
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/rand/randtest.c b/src/lib/libssl/src/crypto/rand/randtest.c
new file mode 100644
index 0000000000..e0ba61e123
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rand/randtest.c
@@ -0,0 +1,207 @@
+/* crypto/rand/randtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "rand.h"
+/* some FIPS 140-1 random number test */
+/* some simple tests */
+int main()
+        {
+        unsigned char buf[2500];
+        int i,j,k,s,sign,nsign,err=0;
+        unsigned long n1;
+        unsigned long n2[16];
+        unsigned long runs[2][34];
+        /*double d; */
+        long d;
+        RAND_bytes(buf,2500);
+        n1=0;
+        for (i=0; i<16; i++) n2[i]=0;
+        for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
+        /* test 1 and 2 */
+        sign=0;
+        nsign=0;
+        for (i=0; i<2500; i++)
+                {
+                j=buf[i];
+                n2[j&0x0f]++;
+                n2[(j>>4)&0x0f]++;
+                for (k=0; k<8; k++)
+                        {
+                        s=(j&0x01);
+                        if (s == sign)
+                                nsign++;
+                        else
+                                {
+                                if (nsign > 34) nsign=34;
+                                if (nsign != 0)
+                                        {
+                                        runs[sign][nsign-1]++;
+                                        if (nsign > 6)
+                                                runs[sign][5]++;
+                                        }
+                                sign=s;
+                                nsign=1;
+                                }
+                        if (s) n1++;
+                        j>>=1;
+                        }
+                }
+                if (nsign > 34) nsign=34;
+                if (nsign != 0) runs[sign][nsign-1]++;
+        /* test 1 */
+        if (!((9654 < n1) && (n1 < 10346)))
+                {
+                printf("test 1 failed, X=%ld\n",n1);
+                err++;
+                }
+        printf("test 1 done\n");
+        /* test 2 */
+#ifdef undef
+        d=0;
+        for (i=0; i<16; i++)
+                d+=n2[i]*n2[i];
+        d=d*16.0/5000.0-5000.0;
+        if (!((1.03 < d) && (d < 57.4)))
+                {
+                printf("test 2 failed, X=%.2f\n",d);
+                err++;
+                }
+#endif
+        d=0;
+        for (i=0; i<16; i++)
+                d+=n2[i]*n2[i];
+        d=(d*8)/25-500000;
+        if (!((103 < d) && (d < 5740)))
+                {
+                printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
+                err++;
+                }
+        printf("test 2 done\n");
+        /* test 3 */
+        for (i=0; i<2; i++)
+                {
+                if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%ld\n",
+                                i,1,runs[i][0]);
+                        err++;
+                        }
+                if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%ld\n",
+                                i,2,runs[i][1]);
+                        err++;
+                        }
+                if (!(( 502 < runs[i][2]) && (runs[i][2] <  748)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%ld\n",
+                                i,3,runs[i][2]);
+                        err++;
+                        }
+                if (!(( 223 < runs[i][3]) && (runs[i][3] <  402)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%ld\n",
+                                i,4,runs[i][3]);
+                        err++;
+                        }
+                if (!((  90 < runs[i][4]) && (runs[i][4] <  223)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%ld\n",
+                                i,5,runs[i][4]);
+                        err++;
+                        }
+                if (!((  90 < runs[i][5]) && (runs[i][5] <  223)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%ld\n",
+                                i,6,runs[i][5]);
+                        err++;
+                        }
+                }
+        printf("test 3 done\n");
+        
+        /* test 4 */
+        if (runs[0][33] != 0)
+                {
+                printf("test 4 failed, bit=%d run=%d num=%ld\n",
+                        0,34,runs[0][33]);
+                err++;
+                }
+        if (runs[1][33] != 0)
+                {
+                printf("test 4 failed, bit=%d run=%d num=%ld\n",
+                        1,34,runs[1][33]);
+                err++;
+                }
+        printf("test 4 done\n");
+        err=((err)?1:0);
+        exit(err);
+        return(err);
+        }
diff --git a/src/lib/libssl/src/crypto/rc2/rc2_cbc.c b/src/lib/libssl/src/crypto/rc2/rc2_cbc.c
new file mode 100644
index 0000000000..22e89f0441
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc2/rc2_cbc.c
@@ -0,0 +1,235 @@
+/* crypto/rc2/rc2_cbc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "rc2.h"
+#include "rc2_locl.h"
+void RC2_cbc_encrypt(in, out, length, ks, iv, encrypt)
+unsigned char *in;
+unsigned char *out;
+long length;
+RC2_KEY *ks;
+unsigned char *iv;
+int encrypt;
+        {
+        register unsigned long tin0,tin1;
+        register unsigned long tout0,tout1,xor0,xor1;
+        register long l=length;
+        unsigned long tin[2];
+        if (encrypt)
+                {
+                c2l(iv,tout0);
+                c2l(iv,tout1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        RC2_encrypt(tin,ks);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        c2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        RC2_encrypt(tin,ks);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                l2c(tout0,iv);
+                l2c(tout1,iv);
+                }
+        else
+                {
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        RC2_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        RC2_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2cn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                l2c(xor0,iv);
+                l2c(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
+void RC2_encrypt(d,key)
+unsigned long *d;
+RC2_KEY *key;
+        {
+        int i,n;
+        register RC2_INT *p0,*p1;
+        register RC2_INT x0,x1,x2,x3,t;
+        unsigned long l;
+        l=d[0];
+        x0=(RC2_INT)l&0xffff;
+        x1=(RC2_INT)(l>>16L);
+        l=d[1];
+        x2=(RC2_INT)l&0xffff;
+        x3=(RC2_INT)(l>>16L);
+        n=3;
+        i=5;
+        p0=p1= &(key->data[0]);
+        for (;;)
+                {
+                t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff;
+                x0=(t<<1)|(t>>15);
+                t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff;
+                x1=(t<<2)|(t>>14);
+                t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff;
+                x2=(t<<3)|(t>>13);
+                t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff;
+                x3=(t<<5)|(t>>11);
+                if (--i == 0)
+                        {
+                        if (--n == 0) break;
+                        i=(n == 2)?6:5;
+                        x0+=p1[x3&0x3f];
+                        x1+=p1[x0&0x3f];
+                        x2+=p1[x1&0x3f];
+                        x3+=p1[x2&0x3f];
+                        }
+                }
+        d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
+        d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
+        }
+void RC2_decrypt(d,key)
+unsigned long *d;
+RC2_KEY *key;
+        {
+        int i,n;
+        register RC2_INT *p0,*p1;
+        register RC2_INT x0,x1,x2,x3,t;
+        unsigned long l;
+        l=d[0];
+        x0=(RC2_INT)l&0xffff;
+        x1=(RC2_INT)(l>>16L);
+        l=d[1];
+        x2=(RC2_INT)l&0xffff;
+        x3=(RC2_INT)(l>>16L);
+        n=3;
+        i=5;
+        p0= &(key->data[63]);
+        p1= &(key->data[0]);
+        for (;;)
+                {
+                t=((x3<<11)|(x3>>5))&0xffff;
+                x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff;
+                t=((x2<<13)|(x2>>3))&0xffff;
+                x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff;
+                t=((x1<<14)|(x1>>2))&0xffff;
+                x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff;
+                t=((x0<<15)|(x0>>1))&0xffff;
+                x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff;
+                if (--i == 0)
+                        {
+                        if (--n == 0) break;
+                        i=(n == 2)?6:5;
+                        x3=(x3-p1[x2&0x3f])&0xffff;
+                        x2=(x2-p1[x1&0x3f])&0xffff;
+                        x1=(x1-p1[x0&0x3f])&0xffff;
+                        x0=(x0-p1[x3&0x3f])&0xffff;
+                        }
+                }
+        d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
+        d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
+        }
diff --git a/src/lib/libssl/src/crypto/rc2/rc2_ecb.c b/src/lib/libssl/src/crypto/rc2/rc2_ecb.c
new file mode 100644
index 0000000000..96239cd4e0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc2/rc2_ecb.c
@@ -0,0 +1,90 @@
+/* crypto/rc2/rc2_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "rc2.h"
+#include "rc2_locl.h"
+char *RC2_version="RC2 part of SSLeay 0.9.0b 29-Jun-1998";
+/* RC2 as implemented frm a posting from
+ * Newsgroups: sci.crypt
+ * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
+ * Subject: Specification for Ron Rivests Cipher No.2
+ * Message-ID: <4fk39f$f70@net.auckland.ac.nz>
+ * Date: 11 Feb 1996 06:45:03 GMT
+ */
+void RC2_ecb_encrypt(in, out, ks, encrypt)
+unsigned char *in;
+unsigned char *out;
+RC2_KEY *ks;
+int encrypt;
+        {
+        unsigned long l,d[2];
+        c2l(in,l); d[0]=l;
+        c2l(in,l); d[1]=l;
+        if (encrypt)
+                RC2_encrypt(d,ks);
+        else
+                RC2_decrypt(d,ks);
+        l=d[0]; l2c(l,out);
+        l=d[1]; l2c(l,out);
+        l=d[0]=d[1]=0;
+        }
diff --git a/src/lib/libssl/src/crypto/rc2/rc2_locl.h b/src/lib/libssl/src/crypto/rc2/rc2_locl.h
new file mode 100644
index 0000000000..565cd17619
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc2/rc2_locl.h
@@ -0,0 +1,156 @@
+/* crypto/rc2/rc2_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+#define C_RC2(n) \
+        t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \
+        x0=(t<<1)|(t>>15); \
+        t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \
+        x1=(t<<2)|(t>>14); \
+        t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \
+        x2=(t<<3)|(t>>13); \
+        t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \
+        x3=(t<<5)|(t>>11);
diff --git a/src/lib/libssl/src/crypto/rc2/rc2_skey.c b/src/lib/libssl/src/crypto/rc2/rc2_skey.c
new file mode 100644
index 0000000000..0f1f253395
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc2/rc2_skey.c
@@ -0,0 +1,142 @@
+/* crypto/rc2/rc2_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "rc2.h"
+#include "rc2_locl.h"
+static unsigned char key_table[256]={
+        0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79,
+        0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e,
+        0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5,
+        0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32,
+        0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22,
+        0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c,
+        0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f,
+        0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26,
+        0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b,
+        0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7,
+        0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde,
+        0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a,
+        0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e,
+        0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc,
+        0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85,
+        0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31,
+        0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10,
+        0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c,
+        0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b,
+        0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e,
+        0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68,
+        0xfe,0x7f,0xc1,0xad,
+        };
+/* It has come to my attention that there are 2 versions of the RC2
+ * key schedule.  One which is normal, and anther which has a hook to
+ * use a reduced key length.
+ * BSAFE uses the 'retarded' version.  What I previously shipped is
+ * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
+ * a version where the bits parameter is the same as len*8 */
+void RC2_set_key(key,len,data,bits)
+RC2_KEY *key;
+int len;
+unsigned char *data;
+int bits;
+        {
+        int i,j;
+        unsigned char *k;
+        RC2_INT *ki;
+        unsigned int c,d;
+        k= (unsigned char *)&(key->data[0]);
+        *k=0; /* for if there is a zero length key */
+        if (len > 128) len=128;
+        if (bits <= 0) bits=1024;
+        if (bits > 1024) bits=1024;
+        for (i=0; i<len; i++)
+                k[i]=data[i];
+        /* expand table */
+        d=k[len-1];
+        j=0;
+        for (i=len; i < 128; i++,j++)
+                {
+                d=key_table[(k[j]+d)&0xff];
+                k[i]=d;
+                }
+        /* hmm.... key reduction to 'bits' bits */
+        j=(bits+7)>>3;
+        i=128-j;
+        c= (0xff>>(-bits & 0x07));
+        d=key_table[k[i]&c];
+        k[i]=d;
+        while (i--)
+                {
+                d=key_table[k[i+j]^d];
+                k[i]=d;
+                }
+        /* copy from bytes into RC2_INT's */
+        ki= &(key->data[63]);
+        for (i=127; i>=0; i-=2)
+                *(ki--)=((k[i]<<8)|k[i-1])&0xffff;
+        }
diff --git a/src/lib/libssl/src/crypto/rc2/rc2cfb64.c b/src/lib/libssl/src/crypto/rc2/rc2cfb64.c
new file mode 100644
index 0000000000..d409fb77e9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc2/rc2cfb64.c
@@ -0,0 +1,127 @@
+/* crypto/rc2/rc2cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "rc2.h"
+#include "rc2_locl.h"
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void RC2_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
+unsigned char *in;
+unsigned char *out;
+long length;
+RC2_KEY *schedule;
+unsigned char *ivec;
+int *num;
+int encrypt;
+        {
+        register unsigned long v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned long ti[2];
+        unsigned char *iv,c,cc;
+        iv=(unsigned char *)ivec;
+        if (encrypt)
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                RC2_encrypt((unsigned long *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2c(t,iv);
+                                t=ti[1]; l2c(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
+                }
+        else
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                RC2_encrypt((unsigned long *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2c(t,iv);
+                                t=ti[1]; l2c(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
+                }
+        v0=v1=ti[0]=ti[1]=t=c=cc=0;
+        *num=n;
+        }
diff --git a/src/lib/libssl/src/crypto/rc2/rc2ofb64.c b/src/lib/libssl/src/crypto/rc2/rc2ofb64.c
new file mode 100644
index 0000000000..4f09167447
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc2/rc2ofb64.c
@@ -0,0 +1,115 @@
+/* crypto/rc2/rc2ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "rc2.h"
+#include "rc2_locl.h"
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void RC2_ofb64_encrypt(in, out, length, schedule, ivec, num)
+unsigned char *in;
+unsigned char *out;
+long length;
+RC2_KEY *schedule;
+unsigned char *ivec;
+int *num;
+        {
+        register unsigned long v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned char d[8];
+        register char *dp;
+        unsigned long ti[2];
+        unsigned char *iv;
+        int save=0;
+        iv=(unsigned char *)ivec;
+        c2l(iv,v0);
+        c2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        dp=(char *)d;
+        l2c(v0,dp);
+        l2c(v1,dp);
+        while (l--)
+                {
+                if (n == 0)
+                        {
+                        RC2_encrypt((unsigned long *)ti,schedule);
+                        dp=(char *)d;
+                        t=ti[0]; l2c(t,dp);
+                        t=ti[1]; l2c(t,dp);
+                        save++;
+                        }
+                *(out++)= *(in++)^d[n];
+                n=(n+1)&0x07;
+                }
+        if (save)
+                {
+                v0=ti[0];
+                v1=ti[1];
+                iv=(unsigned char *)ivec;
+                l2c(v0,iv);
+                l2c(v1,iv);
+                }
+        t=v0=v1=ti[0]=ti[1]=0;
+        *num=n;
+        }
diff --git a/src/lib/libssl/src/crypto/rc2/rc2speed.c b/src/lib/libssl/src/crypto/rc2/rc2speed.c
new file mode 100644
index 0000000000..6cd8ea8f27
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc2/rc2speed.c
@@ -0,0 +1,293 @@
+/* crypto/rc2/rc2speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern int exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "rc2.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#ifndef VMS
+#define HZ      100.0
+#else /* VMS */
+#define HZ      100.0
+#endif
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        RC2_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+#ifndef TIMES
+        printf("To get the most acurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        RC2_set_key(&sch,16,key,128);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        RC2_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing RC2_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing RC2_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                RC2_set_key(&sch,16,key,128);
+                RC2_set_key(&sch,16,key,128);
+                RC2_set_key(&sch,16,key,128);
+                RC2_set_key(&sch,16,key,128);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC2_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing RC2_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing RC2_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                unsigned long data[2];
+                RC2_encrypt(data,&sch);
+                RC2_encrypt(data,&sch);
+                RC2_encrypt(data,&sch);
+                RC2_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC2_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+#ifdef SIGALRM
+        printf("Doing RC2_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing RC2_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                RC2_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),RC2_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld RC2_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+        printf("RC2 set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("RC2 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("RC2 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/rc2/rc2test.c b/src/lib/libssl/src/crypto/rc2/rc2test.c
new file mode 100644
index 0000000000..9d0f8016ec
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc2/rc2test.c
@@ -0,0 +1,270 @@
+/* crypto/rc2/rc2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "rc2.h"
+unsigned char RC2key[4][16]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+         0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F},
+        };
+unsigned char RC2plain[4][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        };
+unsigned char RC2cipher[4][8]={
+        {0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7},
+        {0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74},
+        {0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E},
+        {0x50,0xDC,0x01,0x62,0xBD,0x75,0x7F,0x31},
+        };
+/************/
+#ifdef undef
+unsigned char k[16]={
+        0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
+        0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
+unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
+unsigned char  c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
+unsigned char out[80];
+char *text="Hello to all people out there";
+static unsigned char cfb_key[16]={
+        0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+        0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+        };
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+        0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+        0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+        0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+/*      0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+        0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+        0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+        }; 
+#ifndef NOPROTO
+/*static int cfb64_test(unsigned char *cfb_cipher);*/
+static char *pt(unsigned char *p);
+#else
+/*static int cfb64_test(); */
+static char *pt();
+#endif
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,n,err=0;
+        RC2_KEY key; 
+        unsigned char buf[8],buf2[8];
+        for (n=0; n<4; n++)
+                {
+                RC2_set_key(&key,16,&(RC2key[n][0]),0 /* or 1024 */);
+                RC2_ecb_encrypt(&(RC2plain[n][0]),buf,&key,RC2_ENCRYPT);
+                if (memcmp(&(RC2cipher[n][0]),buf,8) != 0)
+                        {
+                        printf("ecb rc2 error encrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",RC2cipher[n][i]);
+                        err=20;
+                        printf("\n");
+                        }
+                RC2_ecb_encrypt(buf,buf2,&key,RC2_DECRYPT);
+                if (memcmp(&(RC2plain[n][0]),buf2,8) != 0)
+                        {
+                        printf("ecb RC2 error decrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",RC2plain[n][i]);
+                        printf("\n");
+                        err=3;
+                        }
+                }
+        if (err == 0) printf("ecb RC2 ok\n");
+#ifdef undef
+        memcpy(iv,k,8);
+        idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
+        memcpy(iv,k,8);
+        idea_cbc_encrypt(out,out,8,&dkey,iv,0);
+        idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
+        if (memcmp(text,out,strlen(text)+1) != 0)
+                {
+                printf("cbc idea bad\n");
+                err=4;
+                }
+        else
+                printf("cbc idea ok\n");
+        printf("cfb64 idea ");
+        if (cfb64_test(cfb_cipher64))
+                {
+                printf("bad\n");
+                err=5;
+                }
+        else
+                printf("ok\n");
+#endif
+        exit(err);
+        return(err);
+        }
+#ifdef undef
+static int cfb64_test(cfb_cipher)
+unsigned char *cfb_cipher;
+        {
+        IDEA_KEY_SCHEDULE eks,dks;
+        int err=0,i,n;
+        idea_set_encrypt_key(cfb_key,&eks);
+        idea_set_decrypt_key(&eks,&dks);
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)CFB_TEST_SIZE-12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb64_encrypt encrypt error\n");
+                for (i=0; i<CFB_TEST_SIZE; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                (long)CFB_TEST_SIZE-17,&dks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+static char *pt(p)
+unsigned char *p;
+        {
+        static char bufs[10][20];
+        static int bnum=0;
+        char *ret;
+        int i;
+        static char *f="0123456789ABCDEF";
+        ret= &(bufs[bnum++][0]);
+        bnum%=10;
+        for (i=0; i<8; i++)
+                {
+                ret[i*2]=f[(p[i]>>4)&0xf];
+                ret[i*2+1]=f[p[i]&0xf];
+                }
+        ret[16]='\0';
+        return(ret);
+        }
+        
+#endif
diff --git a/src/lib/libssl/src/crypto/rc2/rrc2.doc b/src/lib/libssl/src/crypto/rc2/rrc2.doc
new file mode 100644
index 0000000000..f93ee003d2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc2/rrc2.doc
@@ -0,0 +1,219 @@
+>From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996
+Article 23601 of sci.crypt:
+Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news
+>From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
+Newsgroups: sci.crypt
+Subject: Specification for Ron Rivests Cipher No.2
+Date: 11 Feb 1996 06:45:03 GMT
+Organization: University of Auckland
+Lines: 203
+Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
+Message-ID: <4fk39f$f70@net.auckland.ac.nz>
+NNTP-Posting-Host: cs26.cs.auckland.ac.nz
+X-Newsreader: NN version 6.5.0 #3 (NOV)
+                           Ron Rivest's Cipher No.2
+                           ------------------------
+ 
+Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may
+refer to it by other names) is word oriented, operating on a block of 64 bits
+divided into four 16-bit words, with a key table of 64 words.  All data units
+are little-endian.  This functional description of the algorithm is based in
+the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using
+the same general layout, terminology, and pseudocode style.
+ 
+ 
+Notation and RRC.2 Primitive Operations
+ 
+RRC.2 uses the following primitive operations:
+ 
+1. Two's-complement addition of words, denoted by "+".  The inverse operation,
+   subtraction, is denoted by "-".
+2. Bitwise exclusive OR, denoted by "^".
+3. Bitwise AND, denoted by "&".
+4. Bitwise NOT, denoted by "~".
+5. A left-rotation of words; the rotation of word x left by y is denoted
+   x <<< y.  The inverse operation, right-rotation, is denoted x >>> y.
+ 
+These operations are directly and efficiently supported by most processors.
+ 
+ 
+The RRC.2 Algorithm
+ 
+RRC.2 consists of three components, a *key expansion* algorithm, an
+*encryption* algorithm, and a *decryption* algorithm.
+ 
+ 
+Key Expansion
+ 
+The purpose of the key-expansion routine is to expand the user's key K to fill
+the expanded key array S, so S resembles an array of random binary words
+determined by the user's secret key K.
+ 
+Initialising the S-box
+ 
+RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of
+Beale Cipher No.1 XOR'd with a one-time pad.  The Beale Ciphers predate modern
+cryptography by enough time that there should be no concerns about trapdoors
+hidden in the data.  They have been published widely, and the S-box can be
+easily recreated from the one-time pad values and the Beale Cipher data taken
+from a standard source.  To initialise the S-box:
+ 
+  for i = 0 to 255 do
+    sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ]
+ 
+The contents of Beale Cipher No.1 and the necessary one-time pad are given as
+an appendix at the end of this document.  For efficiency, implementors may wish
+to skip the Beale Cipher expansion and store the sBox table directly.
+ 
+Expanding the Secret Key to 128 Bytes
+ 
+The secret key is first expanded to fill 128 bytes (64 words).  The expansion
+consists of taking the sum of the first and last bytes in the user key, looking
+up the sum (modulo 256) in the S-box, and appending the result to the key.  The
+operation is repeated with the second byte and new last byte of the key until
+all 128 bytes have been generated.  Note that the following pseudocode treats
+the S array as an array of 128 bytes rather than 64 words.
+ 
+  for j = 0 to length-1 do
+    S[ j ] = K[ j ]
+  for j = length to 127 do
+    s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ];
+ 
+At this point it is possible to perform a truncation of the effective key
+length to ease the creation of espionage-enabled software products.  However
+since the author cannot conceive why anyone would want to do this, it will not
+be considered further.
+ 
+The final phase of the key expansion involves replacing the first byte of S
+with the entry selected from the S-box:
+ 
+  S[ 0 ] = sBox[ S[ 0 ] ]
+ 
+ 
+Encryption
+ 
+The cipher has 16 full rounds, each divided into 4 subrounds.  Two of the full
+rounds perform an additional transformation on the data.  Note that the
+following pseudocode treats the S array as an array of 64 words rather than 128
+bytes.
+ 
+  for i = 0 to 15 do
+    j = i * 4;
+    word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1
+    word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2
+    word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3
+    word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5
+ 
+In addition the fifth and eleventh rounds add the contents of the S-box indexed
+by one of the data words to another of the data words following the four
+subrounds as follows:
+ 
+    word0 = word0 + S[ word3 & 63 ];
+    word1 = word1 + S[ word0 & 63 ];
+    word2 = word2 + S[ word1 & 63 ];
+    word3 = word3 + S[ word2 & 63 ];
+ 
+ 
+Decryption
+ 
+The decryption operation is simply the inverse of the encryption operation.
+Note that the following pseudocode treats the S array as an array of 64 words
+rather than 128 bytes.
+ 
+  for i = 15 downto 0 do
+    j = i * 4;
+    word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ]
+    word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ]
+    word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ]
+    word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ]
+ 
+In addition the fifth and eleventh rounds subtract the contents of the S-box
+indexed by one of the data words from another one of the data words following
+the four subrounds as follows:
+ 
+    word3 = word3 - S[ word2 & 63 ]
+    word2 = word2 - S[ word1 & 63 ]
+    word1 = word1 - S[ word0 & 63 ]
+    word0 = word0 - S[ word3 & 63 ]
+ 
+ 
+Test Vectors
+ 
+The following test vectors may be used to test the correctness of an RRC.2
+implementation:
+ 
+  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Cipher:   0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7
+ 
+  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Cipher:   0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74
+ 
+  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Plain:    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+  Cipher:   0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E
+ 
+  Key:      0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Cipher:   0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31
+ 
+ 
+Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for
+          Creating the S-Box
+ 
+Beale Cipher No.1.
+ 
+  71, 194,  38,1701,  89,  76,  11,  83,1629,  48,  94,  63, 132,  16, 111,  95,
+  84, 341, 975,  14,  40,  64,  27,  81, 139, 213,  63,  90,1120,   8,  15,   3,
+ 126,2018,  40,  74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231,
+ 124, 211, 486, 225, 401, 370,  11, 101, 305, 139, 189,  17,  33,  88, 208, 193,
+ 145,   1,  94,  73, 416, 918, 263,  28, 500, 538, 356, 117, 136, 219,  27, 176,
+ 130,  10, 460,  25, 485,  18, 436,  65,  84, 200, 283, 118, 320, 138,  36, 416,
+ 280,  15,  71, 224, 961,  44,  16, 401,  39,  88,  61, 304,  12,  21,  24, 283,
+ 134,  92,  63, 246, 486, 682,   7, 219, 184, 360, 780,  18,  64, 463, 474, 131,
+ 160,  79,  73, 440,  95,  18,  64, 581,  34,  69, 128, 367, 460,  17,  81,  12,
+ 103, 820,  62, 110,  97, 103, 862,  70,  60,1317, 471, 540, 208, 121, 890, 346,
+  36, 150,  59, 568, 614,  13, 120,  63, 219, 812,2160,1780,  99,  35,  18,  21,
+ 136, 872,  15,  28, 170,  88,   4,  30,  44, 112,  18, 147, 436, 195, 320,  37,
+ 122, 113,   6, 140,   8, 120, 305,  42,  58, 461,  44, 106, 301,  13, 408, 680,
+  93,  86, 116, 530,  82, 568,   9, 102,  38, 416,  89,  71, 216, 728, 965, 818,
+   2,  38, 121, 195,  14, 326, 148, 234,  18,  55, 131, 234, 361, 824,   5,  81,
+ 623,  48, 961,  19,  26,  33,  10,1101, 365,  92,  88, 181, 275, 346, 201, 206
+ 
+One-time Pad.
+ 
+ 158, 186, 223,  97,  64, 145, 190, 190, 117, 217, 163,  70, 206, 176, 183, 194,
+ 146,  43, 248, 141,   3,  54,  72, 223, 233, 153,  91, 210,  36, 131, 244, 161,
+ 105, 120, 113, 191, 113,  86,  19, 245, 213, 221,  43,  27, 242, 157,  73, 213,
+ 193,  92, 166,  10,  23, 197, 112, 110, 193,  30, 156,  51, 125,  51, 158,  67,
+ 197, 215,  59, 218, 110, 246, 181,   0, 135,  76, 164,  97,  47,  87, 234, 108,
+ 144, 127,   6,   6, 222, 172,  80, 144,  22, 245, 207,  70, 227, 182, 146, 134,
+ 119, 176,  73,  58, 135,  69,  23, 198,   0, 170,  32, 171, 176, 129,  91,  24,
+ 126,  77, 248,   0, 118,  69,  57,  60, 190, 171, 217,  61, 136, 169, 196,  84,
+ 168, 167, 163, 102, 223,  64, 174, 178, 166, 239, 242, 195, 249,  92,  59,  38,
+ 241,  46, 236,  31,  59, 114,  23,  50, 119, 186,   7,  66, 212,  97, 222, 182,
+ 230, 118, 122,  86, 105,  92, 179, 243, 255, 189, 223, 164, 194, 215,  98,  44,
+  17,  20,  53, 153, 137, 224, 176, 100, 208, 114,  36, 200, 145, 150, 215,  20,
+  87,  44, 252,  20, 235, 242, 163, 132,  63,  18,   5, 122,  74,  97,  34,  97,
+ 142,  86, 146, 221, 179, 166, 161,  74,  69, 182,  88, 120, 128,  58,  76, 155,
+  15,  30,  77, 216, 165, 117, 107,  90, 169, 127, 143, 181, 208, 137, 200, 127,
+ 170, 195,  26,  84, 255, 132, 150,  58, 103, 250, 120, 221, 237,  37,   8,  99
+ 
+ 
+Implementation
+ 
+A non-US based programmer who has never seen any encryption code before will
+shortly be implementing RRC.2 based solely on this specification and not on
+knowledge of any other encryption algorithms.  Stand by.
diff --git a/src/lib/libssl/src/crypto/rc2/version b/src/lib/libssl/src/crypto/rc2/version
new file mode 100644
index 0000000000..6f89d595f1
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc2/version
@@ -0,0 +1,22 @@
+1.1 23/08/96 - eay
+        Changed RC2_set_key() so it now takes another argument.  Many
+        thanks to Peter Gutmann <pgut01@cs.auckland.ac.nz> for the
+        clarification and origional specification of RC2.  BSAFE uses
+        this last parameter, 'bits'.  It the key is 128 bits, BSAFE
+        also sets this parameter to 128.  The old behaviour can be
+        duplicated by setting this parameter to 1024.
+1.0 08/04/96 - eay
+        First version of SSLeay with rc2.  This has been written from the spec
+        posted sci.crypt.  It is in this directory under rrc2.doc
+        I have no test values for any mode other than ecb, my wrappers for the
+        other modes should be ok since they are basically the same as
+        the ones taken from idea and des :-).  I have implemented them as
+        little-endian operators.
+        While rc2 is included because it is used with SSL, I don't know how
+        far I trust it.  It is about the same speed as IDEA and DES.
+        So if you are paranoid, used Tripple DES, else IDEA.  If RC2
+        does get used more, perhaps more people will look for weaknesses in
+        it.
+        
diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl
new file mode 100644
index 0000000000..0dd8eb1ba9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl
@@ -0,0 +1,173 @@
+#!/usr/bin/perl
+# define for pentium pro friendly version
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+&asm_init($ARGV[0],"rc4-586.pl");
+$tx="eax";
+$ty="ebx";
+$x="ecx";
+$y="edx";
+$in="esi";
+$out="edi";
+$d="ebp";
+&RC4("RC4");
+&asm_finish();
+sub RC4_loop
+        {
+        local($n,$p,$char)=@_;
+        &comment("Round $n");
+        if ($char)
+                {
+                if ($p >= 0)
+                        {
+                         &mov($ty,      &swtmp(2));
+                        &cmp($ty,       $in);
+                         &jle(&label("finished"));
+                        &inc($in);
+                        }
+                else
+                        {
+                        &add($ty,       8);
+                         &inc($in);
+                        &cmp($ty,       $in);
+                         &jl(&label("finished"));
+                        &mov(&swtmp(2), $ty);
+                        }
+                }
+        # Moved out
+        # &mov( $tx,            &DWP(0,$d,$x,4)) if $p < 0;
+         &add(  $y,             $tx);
+        &and(   $y,             0xff);
+         &inc(  $x);                    # NEXT ROUND 
+        &mov(   $ty,            &DWP(0,$d,$y,4));
+         # XXX
+        &mov(   &DWP(-4,$d,$x,4),$ty);                  # AGI
+         &add(  $ty,            $tx);
+        &and(   $x,             0xff);  # NEXT ROUND
+         &and(  $ty,            0xff);
+        &mov(   &DWP(0,$d,$y,4),$tx);
+         &nop();
+        &mov(   $ty,            &DWP(0,$d,$ty,4));
+         &mov(  $tx,            &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND
+         # XXX
+        if (!$char)
+                {
+                #moved up into last round
+                if ($p >= 1)
+                        {
+                        &add(   $out,   8)
+                        }
+                &movb(  &BP($n,"esp","",0),     &LB($ty));
+                }
+        else
+                {
+                # Note in+=8 has occured
+                &movb(  &HB($ty),       &BP(-1,$in,"",0));
+                 # XXX
+                &xorb(&LB($ty),         &HB($ty));
+                 # XXX
+                &movb(&BP($n,$out,"",0),&LB($ty));
+                }
+        }
+sub RC4
+        {
+        local($name)=@_;
+        &function_begin_B($name,"");
+        &comment("");
+        &push("ebp");
+         &push("ebx");
+        &mov(   $d,     &wparam(0));    # key
+         &mov(  $ty,    &wparam(1));    # num
+        &push("esi");
+         &push("edi");
+        &mov(   $x,     &DWP(0,$d,"",1));
+         &mov(  $y,     &DWP(4,$d,"",1));
+        &mov(   $in,    &wparam(2));
+         &inc(  $x);
+        &stack_push(3); # 3 temp variables
+         &add(  $d,     8);
+        &and(   $x,             0xff);
+         &lea(  $ty,    &DWP(-8,$ty,$in));
+        # check for 0 length input
+        &mov(   $out,   &wparam(3));
+         &mov(  &swtmp(2),      $ty);   # this is now address to exit at
+        &mov(   $tx,    &DWP(0,$d,$x,4));
+         &cmp(  $ty,    $in);
+        &jl(    &label("end")); # less than 8 bytes
+        &set_label("start");
+        # filling DELAY SLOT
+        &add(   $in,    8);
+        &RC4_loop(0,-1,0);
+        &RC4_loop(1,0,0);
+        &RC4_loop(2,0,0);
+        &RC4_loop(3,0,0);
+        &RC4_loop(4,0,0);
+        &RC4_loop(5,0,0);
+        &RC4_loop(6,0,0);
+        &RC4_loop(7,1,0);
+        
+        &comment("apply the cipher text");
+        # xor the cipher data with input
+        #&add(  $out,   8); #moved up into last round
+        &mov(   $tx,    &swtmp(0));
+         &mov(  $ty,    &DWP(-8,$in,"",0));
+        &xor(   $tx,    $ty);
+         &mov(  $ty,    &DWP(-4,$in,"",0)); 
+        &mov(   &DWP(-8,$out,"",0),     $tx);
+         &mov(  $tx,    &swtmp(1));
+        &xor(   $tx,    $ty);
+         &mov(  $ty,    &swtmp(2));     # load end ptr;
+        &mov(   &DWP(-4,$out,"",0),     $tx);
+         &mov(  $tx,            &DWP(0,$d,$x,4));
+        &cmp($in,       $ty);
+         &jle(&label("start"));
+        &set_label("end");
+        # There is quite a bit of extra crap in RC4_loop() for this
+        # first round
+        &RC4_loop(0,-1,1);
+        &RC4_loop(1,0,1);
+        &RC4_loop(2,0,1);
+        &RC4_loop(3,0,1);
+        &RC4_loop(4,0,1);
+        &RC4_loop(5,0,1);
+        &RC4_loop(6,1,1);
+        &set_label("finished");
+        &dec(   $x);
+         &stack_pop(3);
+        &mov(   &DWP(-4,$d,"",0),$y);
+         &movb( &BP(-8,$d,"",0),&LB($x));
+        &function_end($name);
+        }
diff --git a/src/lib/libssl/src/crypto/rc4/rc4.c b/src/lib/libssl/src/crypto/rc4/rc4.c
new file mode 100644
index 0000000000..127e8a5093
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc4/rc4.c
@@ -0,0 +1,194 @@
+/* crypto/rc4/rc4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "rc4.h"
+char *usage[]={
+"usage: rc4 args\n",
+"\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -key key        - password\n",
+NULL
+};
+int main(argc, argv)
+int argc;
+char *argv[];
+        {
+        FILE *in=NULL,*out=NULL;
+        char *infile=NULL,*outfile=NULL,*keystr=NULL;
+        RC4_KEY key;
+        char buf[BUFSIZ];
+        int badops=0,i;
+        char **pp;
+        unsigned char md[MD5_DIGEST_LENGTH];
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-key") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        keystr= *(++argv);
+                        }
+                else
+                        {
+                        fprintf(stderr,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+bad:
+                for (pp=usage; (*pp != NULL); pp++)
+                        fprintf(stderr,*pp);
+                exit(1);
+                }
+        if (infile == NULL)
+                in=stdin;
+        else
+                {
+                in=fopen(infile,"r");
+                if (in == NULL)
+                        {
+                        perror("open");
+                        exit(1);
+                        }
+                }
+        if (outfile == NULL)
+                out=stdout;
+        else
+                {
+                out=fopen(outfile,"w");
+                if (out == NULL)
+                        {
+                        perror("open");
+                        exit(1);
+                        }
+                }
+                
+#ifdef MSDOS
+        /* This should set the file to binary mode. */
+        {
+#include <fcntl.h>
+        setmode(fileno(in),O_BINARY);
+        setmode(fileno(out),O_BINARY);
+        }
+#endif
+        if (keystr == NULL)
+                { /* get key */
+                i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
+                if (i != 0)
+                        {
+                        memset(buf,0,BUFSIZ);
+                        fprintf(stderr,"bad password read\n");
+                        exit(1);
+                        }
+                keystr=buf;
+                }
+        MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+        memset(keystr,0,strlen(keystr));
+        RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
+        
+        for(;;)
+                {
+                i=fread(buf,1,BUFSIZ,in);
+                if (i == 0) break;
+                if (i < 0)
+                        {
+                        perror("read");
+                        exit(1);
+                        }
+                RC4(&key,(unsigned int)i,(unsigned char *)buf,
+                        (unsigned char *)buf);
+                i=fwrite(buf,(unsigned int)i,1,out);
+                if (i != 1)
+                        {
+                        perror("write");
+                        exit(1);
+                        }
+                }
+        fclose(out);
+        fclose(in);
+        exit(0);
+        return(1);
+        }
diff --git a/src/lib/libssl/src/crypto/rc4/rc4_enc.c b/src/lib/libssl/src/crypto/rc4/rc4_enc.c
new file mode 100644
index 0000000000..ab8a111b52
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc4/rc4_enc.c
@@ -0,0 +1,135 @@
+/* crypto/rc4/rc4_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "rc4.h"
+#include "rc4_locl.h"
+/* RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * From: sterndark@netcom.com (David Sterndark)
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: <sternCvKL4B.Hyy@netcom.com>
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+void RC4(key, len, indata, outdata)
+RC4_KEY *key;
+unsigned long len;
+unsigned char *indata;
+unsigned char *outdata;
+        {
+        register RC4_INT *d;
+        register RC4_INT x,y,tx,ty;
+        int i;
+        
+        x=key->x;     
+        y=key->y;     
+        d=key->data; 
+#define LOOP(in,out) \
+                x=((x+1)&0xff); \
+                tx=d[x]; \
+                y=(tx+y)&0xff; \
+                d[x]=ty=d[y]; \
+                d[y]=tx; \
+                (out) = d[(tx+ty)&0xff]^ (in);
+#ifndef RC4_INDEX
+#define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++))
+#else
+#define RC4_LOOP(a,b,i) LOOP(a[i],b[i])
+#endif
+        i= -(int)len;
+        i=(int)(len>>3L);
+        if (i)
+                {
+                for (;;)
+                        {
+                        RC4_LOOP(indata,outdata,0);
+                        RC4_LOOP(indata,outdata,1);
+                        RC4_LOOP(indata,outdata,2);
+                        RC4_LOOP(indata,outdata,3);
+                        RC4_LOOP(indata,outdata,4);
+                        RC4_LOOP(indata,outdata,5);
+                        RC4_LOOP(indata,outdata,6);
+                        RC4_LOOP(indata,outdata,7);
+#ifdef RC4_INDEX
+                        indata+=8;
+                        outdata+=8;
+#endif
+                        if (--i == 0) break;
+                        }
+                }
+        i=(int)len&0x07;
+        if (i)
+                {
+                for (;;)
+                        {
+                        RC4_LOOP(indata,outdata,0); if (--i == 0) break;
+                        RC4_LOOP(indata,outdata,1); if (--i == 0) break;
+                        RC4_LOOP(indata,outdata,2); if (--i == 0) break;
+                        RC4_LOOP(indata,outdata,3); if (--i == 0) break;
+                        RC4_LOOP(indata,outdata,4); if (--i == 0) break;
+                        RC4_LOOP(indata,outdata,5); if (--i == 0) break;
+                        RC4_LOOP(indata,outdata,6); if (--i == 0) break;
+                        }
+                }               
+        key->x=x;     
+        key->y=y;
+        }
diff --git a/src/lib/libssl/src/crypto/rc4/rc4_skey.c b/src/lib/libssl/src/crypto/rc4/rc4_skey.c
new file mode 100644
index 0000000000..0be5fde67b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc4/rc4_skey.c
@@ -0,0 +1,119 @@
+/* crypto/rc4/rc4_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "rc4.h"
+#include "rc4_locl.h"
+char *RC4_version="RC4 part of SSLeay 0.9.0b 29-Jun-1998";
+char *RC4_options()
+        {
+#ifdef RC4_INDEX
+        if (sizeof(RC4_INT) == 1)
+                return("rc4(idx,char)");
+        else
+                return("rc4(idx,int)");
+#else
+        if (sizeof(RC4_INT) == 1)
+                return("rc4(ptr,char)");
+        else
+                return("rc4(ptr,int)");
+#endif
+        }
+/* RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * From: sterndark@netcom.com (David Sterndark)
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: <sternCvKL4B.Hyy@netcom.com>
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+void RC4_set_key(key, len, data)
+RC4_KEY *key;
+int len;
+register unsigned char *data;
+        {
+        register RC4_INT tmp;
+        register int id1,id2;
+        register RC4_INT *d;
+        unsigned int i;
+        
+        d= &(key->data[0]);
+        for (i=0; i<256; i++)
+                d[i]=i;
+        key->x = 0;     
+        key->y = 0;     
+        id1=id2=0;     
+#define SK_LOOP(n) { \
+                tmp=d[(n)]; \
+                id2 = (data[id1] + tmp + id2) & 0xff; \
+                if (++id1 == len) id1=0; \
+                d[(n)]=d[id2]; \
+                d[id2]=tmp; }
+        for (i=0; i < 256; i+=4)
+                {
+                SK_LOOP(i+0);
+                SK_LOOP(i+1);
+                SK_LOOP(i+2);
+                SK_LOOP(i+3);
+                }
+        }
+    
diff --git a/src/lib/libssl/src/crypto/rc4/rc4s.cpp b/src/lib/libssl/src/crypto/rc4/rc4s.cpp
new file mode 100644
index 0000000000..39f1727dd3
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc4/rc4s.cpp
@@ -0,0 +1,73 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "rc4.h"
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[1024];
+        RC4_KEY ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=64,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=256;
+        if (num > 1024-16) num=1024-16;
+        numm=num+8;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        RC4(&ctx,numm,buffer,buffer);
+                        GetTSC(s1);
+                        RC4(&ctx,numm,buffer,buffer);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        RC4(&ctx,num,buffer,buffer);
+                        GetTSC(e2);
+                        RC4(&ctx,num,buffer,buffer);
+                        }
+                printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num,
+                        e1-s1,e2-s2,(e1-s1)-(e2-s2));
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/rc4/rc4speed.c b/src/lib/libssl/src/crypto/rc4/rc4speed.c
new file mode 100644
index 0000000000..5298dad6d0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc4/rc4speed.c
@@ -0,0 +1,269 @@
+/* crypto/rc4/rc4speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#ifndef MSDOS
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef MSDOS
+#include <unistd.h>
+#else
+#include <io.h>
+extern int exit();
+#endif
+#include <signal.h>
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+        time_t tms_utime;
+        time_t tms_stime;
+        time_t tms_uchild;      /* I dunno...  */
+        time_t tms_uchildsys;   /* so these names are a guess :-) */
+        }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include "rc4.h"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#ifndef VMS
+#define HZ      100.0
+#else /* VMS */
+#define HZ      100.0
+#endif
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+SIGRETTYPE sig_done(sig)
+int sig;
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(s)
+int s;
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        RC4_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+#ifndef TIMES
+        printf("To get the most acurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        RC4_set_key(&sch,16,key);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        RC4(&sch,8,buf,buf);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing RC4_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing RC4_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                RC4_set_key(&sch,16,key);
+                RC4_set_key(&sch,16,key);
+                RC4_set_key(&sch,16,key);
+                RC4_set_key(&sch,16,key);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC4_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing RC4 on %ld byte blocks for 10 seconds\n",BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing RC4 %ld times on %ld byte blocks\n",cc,BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                RC4(&sch,BUFSIZE,buf,buf);
+        d=Time_F(STOP);
+        printf("%ld RC4's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+        printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("RC4   bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/rc4/rc4test.c b/src/lib/libssl/src/crypto/rc4/rc4test.c
new file mode 100644
index 0000000000..041e1aff95
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc4/rc4test.c
@@ -0,0 +1,195 @@
+/* crypto/rc4/rc4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "rc4.h"
+unsigned char keys[7][30]={
+        {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+        {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+        {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {4,0xef,0x01,0x23,0x45},
+        {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+        {4,0xef,0x01,0x23,0x45},
+        };
+unsigned char data_len[7]={8,8,8,20,28,10};
+unsigned char data[7][30]={
+        {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+           0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+           0x00,0x00,0x00,0x00,0xff},
+        {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+           0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+           0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+           0x12,0x34,0x56,0x78,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+        {0},
+        };
+unsigned char output[7][30]={
+        {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
+        {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
+        {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
+        {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
+         0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
+         0x36,0xb6,0x78,0x58,0x00},
+        {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
+         0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
+         0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
+         0x40,0x01,0x1e,0xcf,0x00},
+        {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
+        {0},
+        };
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        int j;
+        unsigned char *p;
+        RC4_KEY key;
+        unsigned char buf[512],obuf[512];
+        for (i=0; i<512; i++) buf[i]=0x01;
+        for (i=0; i<6; i++)
+                {
+                RC4_set_key(&key,keys[i][0],&(keys[i][1]));
+                memset(obuf,0x00,sizeof(obuf));
+                RC4(&key,data_len[i],&(data[i][0]),obuf);
+                if (memcmp(obuf,output[i],data_len[i]+1) != 0)
+                        {
+                        printf("error calculating RC4\n");
+                        printf("output:");
+                        for (j=0; j<data_len[i]+1; j++)
+                                printf(" %02x",obuf[j]);
+                        printf("\n");
+                        printf("expect:");
+                        p= &(output[i][0]);
+                        for (j=0; j<data_len[i]+1; j++)
+                                printf(" %02x",*(p++));
+                        printf("\n");
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                }
+        printf("test end processing ");
+        for (i=0; i<data_len[3]; i++)
+                {
+                RC4_set_key(&key,keys[3][0],&(keys[3][1]));
+                memset(obuf,0x00,sizeof(obuf));
+                RC4(&key,i,&(data[3][0]),obuf);
+                if ((memcmp(obuf,output[3],i) != 0) || (obuf[i] != 0))
+                        {
+                        printf("error in RC4 length processing\n");
+                        printf("output:");
+                        for (j=0; j<i+1; j++)
+                                printf(" %02x",obuf[j]);
+                        printf("\n");
+                        printf("expect:");
+                        p= &(output[3][0]);
+                        for (j=0; j<i; j++)
+                                printf(" %02x",*(p++));
+                        printf(" 00\n");
+                        err++;
+                        }
+                else
+                        {
+                        printf(".");
+                        fflush(stdout);
+                        }
+                }
+        printf("done\n");
+        printf("test multi-call ");
+        for (i=0; i<data_len[3]; i++)
+                {
+                RC4_set_key(&key,keys[3][0],&(keys[3][1]));
+                memset(obuf,0x00,sizeof(obuf));
+                RC4(&key,i,&(data[3][0]),obuf);
+                RC4(&key,data_len[3]-i,&(data[3][i]),&(obuf[i]));
+                if (memcmp(obuf,output[3],data_len[3]+1) != 0)
+                        {
+                        printf("error in RC4 multi-call processing\n");
+                        printf("output:");
+                        for (j=0; j<data_len[3]+1; j++)
+                                printf(" %02x",obuf[j]);
+                        printf("\n");
+                        printf("expect:");
+                        p= &(output[3][0]);
+                        for (j=0; j<data_len[3]+1; j++)
+                                printf(" %02x",*(p++));
+                        err++;
+                        }
+                else
+                        {
+                        printf(".");
+                        fflush(stdout);
+                        }
+                }
+        printf("done\n");
+        exit(err);
+        return(0);
+        }
diff --git a/src/lib/libssl/src/crypto/rc4/rrc4.doc b/src/lib/libssl/src/crypto/rc4/rrc4.doc
new file mode 100644
index 0000000000..2f9a953c12
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc4/rrc4.doc
@@ -0,0 +1,278 @@
+Newsgroups: sci.crypt,alt.security,comp.security.misc,alt.privacy
+Path: ghost.dsi.unimi.it!univ-lyon1.fr!jussieu.fr!zaphod.crihan.fr!warwick!clyde.open.ac.uk!strath-cs!bnr.co.uk!bt!pipex!howland.reston.ans.net!europa.eng.gtefsd.com!MathWorks.Com!yeshua.marcam.com!charnel.ecst.csuchico.edu!csusac!csus.edu!netcom.com!sterndark
+From: sterndark@netcom.com (David Sterndark)
+Subject: RC4 Algorithm revealed.
+Message-ID: <sternCvKL4B.Hyy@netcom.com>
+Sender: sterndark@netcom.com 
+Organization: NETCOM On-line Communication Services (408 261-4700 guest)
+X-Newsreader: TIN [version 1.2 PL1]
+Date: Wed, 14 Sep 1994 06:35:31 GMT
+Lines: 263
+Xref: ghost.dsi.unimi.it sci.crypt:27332 alt.security:14732 comp.security.misc:11701 alt.privacy:16026
+I am shocked,  shocked, I tell you,  shocked, to discover
+that the cypherpunks have illegaly and criminally revealed
+a crucial RSA trade secret and harmed the security of
+America by reverse engineering the RC4 algorithm and
+publishing it to the world.
+ 
+On Saturday morning an anonymous cypherpunk wrote:
+ 
+ 
+   SUBJECT:  RC4 Source Code
+ 
+ 
+   I've tested this.  It is compatible with the RC4 object module
+   that comes in the various RSA toolkits.  
+ 
+   /* rc4.h */
+   typedef struct rc4_key
+   {      
+        unsigned char state[256];       
+        unsigned char x;        
+        unsigned char y;
+   } rc4_key;
+   void prepare_key(unsigned char *key_data_ptr,int key_data_len,
+   rc4_key *key);
+   void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key);
+   
+   
+   /*rc4.c */
+   #include "rc4.h"
+   static void swap_byte(unsigned char *a, unsigned char *b);
+   void prepare_key(unsigned char *key_data_ptr, int key_data_len,
+   rc4_key *key)
+   {
+        unsigned char swapByte;
+        unsigned char index1;
+        unsigned char index2;
+        unsigned char* state;
+        short counter;     
+        
+        state = &key->state[0];         
+        for(counter = 0; counter < 256; counter++)              
+        state[counter] = counter;               
+        key->x = 0;     
+        key->y = 0;     
+        index1 = 0;     
+        index2 = 0;             
+        for(counter = 0; counter < 256; counter++)      
+        {               
+             index2 = (key_data_ptr[index1] + state[counter] +
+                index2) % 256;                
+             swap_byte(&state[counter], &state[index2]);            
+   
+             index1 = (index1 + 1) % key_data_len;  
+        }       
+    }
+    
+    void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key)
+    { 
+        unsigned char x;
+        unsigned char y;
+        unsigned char* state;
+        unsigned char xorIndex;
+        short counter;              
+        
+        x = key->x;     
+        y = key->y;     
+        
+        state = &key->state[0];         
+        for(counter = 0; counter < buffer_len; counter ++)      
+        {               
+             x = (x + 1) % 256;                      
+             y = (state[x] + y) % 256;               
+             swap_byte(&state[x], &state[y]);                        
+                  
+             xorIndex = (state[x] + state[y]) % 256;                 
+                  
+             buffer_ptr[counter] ^= state[xorIndex];         
+         }               
+         key->x = x;     
+         key->y = y;
+    }
+    
+    static void swap_byte(unsigned char *a, unsigned char *b)
+    {
+        unsigned char swapByte; 
+        
+        swapByte = *a; 
+        *a = *b;      
+        *b = swapByte;
+    }
+ 
+ 
+ 
+Another cypherpunk, this one not anonymous, tested the
+output from this algorithm against the output from
+official RC4 object code
+ 
+ 
+   Date: Tue, 13 Sep 94 18:37:56 PDT
+   From: ekr@eit.COM (Eric Rescorla)
+   Message-Id: <9409140137.AA17743@eitech.eit.com>
+   Subject: RC4 compatibility testing
+   Cc: cypherpunks@toad.com
+   
+   One data point:
+   
+   I can't say anything about the internals of RC4 versus the
+   algorithm that Bill Sommerfeld is rightly calling 'Alleged RC4',
+   since I don't know anything about RC4's internals. 
+   
+   However, I do have a (legitimately acquired) copy of BSAFE2 and
+   so I'm able to compare the output of this algorithm to the output
+   of genuine RC4 as found in BSAFE. I chose a set of test vectors
+   and ran them through both algorithms. The algorithms appear to
+   give identical results, at least with these key/plaintext pairs.
+   
+   I note that this is the algorithm _without_ Hal Finney's
+   proposed modification
+   
+   (see <199409130605.XAA24133@jobe.shell.portal.com>).
+   
+   The vectors I used (together with the ciphertext they produce)
+   follow at the end of this message.
+   
+   -Ekr
+   
+   Disclaimer: This posting does not reflect the opinions of EIT.
+   
+   --------------------results follow--------------
+   Test vector 0
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   0 Output: 0x75 0xb7 0x87 0x80 0x99 0xe0 0xc5 0x96 
+   
+   Test vector 1
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0x74 0x94 0xc2 0xe7 0x10 0x4b 0x08 0x79 
+   
+   Test vector 2
+   Key: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0xde 0x18 0x89 0x41 0xa3 0x37 0x5d 0x3a 
+   
+   Test vector 3
+   Key: 0xef 0x01 0x23 0x45 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0xd6 0xa1 0x41 0xa7 0xec 0x3c 0x38 0xdf 0xbd 0x61 
+   
+   Test vector 4
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 
+   0 Output: 0x75 0x95 0xc3 0xe6 0x11 0x4a 0x09 0x78 0x0c 0x4a 0xd4 
+   0x52 0x33 0x8e 0x1f 0xfd 0x9a 0x1b 0xe9 0x49 0x8f 
+   0x81 0x3d 0x76 0x53 0x34 0x49 0xb6 0x77 0x8d 0xca 
+   0xd8 0xc7 0x8a 0x8d 0x2b 0xa9 0xac 0x66 0x08 0x5d 
+   0x0e 0x53 0xd5 0x9c 0x26 0xc2 0xd1 0xc4 0x90 0xc1 
+   0xeb 0xbe 0x0c 0xe6 0x6d 0x1b 0x6b 0x1b 0x13 0xb6 
+   0xb9 0x19 0xb8 0x47 0xc2 0x5a 0x91 0x44 0x7a 0x95 
+   0xe7 0x5e 0x4e 0xf1 0x67 0x79 0xcd 0xe8 0xbf 0x0a 
+   0x95 0x85 0x0e 0x32 0xaf 0x96 0x89 0x44 0x4f 0xd3 
+   0x77 0x10 0x8f 0x98 0xfd 0xcb 0xd4 0xe7 0x26 0x56 
+   0x75 0x00 0x99 0x0b 0xcc 0x7e 0x0c 0xa3 0xc4 0xaa 
+   0xa3 0x04 0xa3 0x87 0xd2 0x0f 0x3b 0x8f 0xbb 0xcd 
+   0x42 0xa1 0xbd 0x31 0x1d 0x7a 0x43 0x03 0xdd 0xa5 
+   0xab 0x07 0x88 0x96 0xae 0x80 0xc1 0x8b 0x0a 0xf6 
+   0x6d 0xff 0x31 0x96 0x16 0xeb 0x78 0x4e 0x49 0x5a 
+   0xd2 0xce 0x90 0xd7 0xf7 0x72 0xa8 0x17 0x47 0xb6 
+   0x5f 0x62 0x09 0x3b 0x1e 0x0d 0xb9 0xe5 0xba 0x53 
+   0x2f 0xaf 0xec 0x47 0x50 0x83 0x23 0xe6 0x71 0x32 
+   0x7d 0xf9 0x44 0x44 0x32 0xcb 0x73 0x67 0xce 0xc8 
+   0x2f 0x5d 0x44 0xc0 0xd0 0x0b 0x67 0xd6 0x50 0xa0 
+   0x75 0xcd 0x4b 0x70 0xde 0xdd 0x77 0xeb 0x9b 0x10 
+   0x23 0x1b 0x6b 0x5b 0x74 0x13 0x47 0x39 0x6d 0x62 
+   0x89 0x74 0x21 0xd4 0x3d 0xf9 0xb4 0x2e 0x44 0x6e 
+   0x35 0x8e 0x9c 0x11 0xa9 0xb2 0x18 0x4e 0xcb 0xef 
+   0x0c 0xd8 0xe7 0xa8 0x77 0xef 0x96 0x8f 0x13 0x90 
+   0xec 0x9b 0x3d 0x35 0xa5 0x58 0x5c 0xb0 0x09 0x29 
+   0x0e 0x2f 0xcd 0xe7 0xb5 0xec 0x66 0xd9 0x08 0x4b 
+   0xe4 0x40 0x55 0xa6 0x19 0xd9 0xdd 0x7f 0xc3 0x16 
+   0x6f 0x94 0x87 0xf7 0xcb 0x27 0x29 0x12 0x42 0x64 
+   0x45 0x99 0x85 0x14 0xc1 0x5d 0x53 0xa1 0x8c 0x86 
+   0x4c 0xe3 0xa2 0xb7 0x55 0x57 0x93 0x98 0x81 0x26 
+   0x52 0x0e 0xac 0xf2 0xe3 0x06 0x6e 0x23 0x0c 0x91 
+   0xbe 0xe4 0xdd 0x53 0x04 0xf5 0xfd 0x04 0x05 0xb3 
+   0x5b 0xd9 0x9c 0x73 0x13 0x5d 0x3d 0x9b 0xc3 0x35 
+   0xee 0x04 0x9e 0xf6 0x9b 0x38 0x67 0xbf 0x2d 0x7b 
+   0xd1 0xea 0xa5 0x95 0xd8 0xbf 0xc0 0x06 0x6f 0xf8 
+   0xd3 0x15 0x09 0xeb 0x0c 0x6c 0xaa 0x00 0x6c 0x80 
+   0x7a 0x62 0x3e 0xf8 0x4c 0x3d 0x33 0xc1 0x95 0xd2 
+   0x3e 0xe3 0x20 0xc4 0x0d 0xe0 0x55 0x81 0x57 0xc8 
+   0x22 0xd4 0xb8 0xc5 0x69 0xd8 0x49 0xae 0xd5 0x9d 
+   0x4e 0x0f 0xd7 0xf3 0x79 0x58 0x6b 0x4b 0x7f 0xf6 
+   0x84 0xed 0x6a 0x18 0x9f 0x74 0x86 0xd4 0x9b 0x9c 
+   0x4b 0xad 0x9b 0xa2 0x4b 0x96 0xab 0xf9 0x24 0x37 
+   0x2c 0x8a 0x8f 0xff 0xb1 0x0d 0x55 0x35 0x49 0x00 
+   0xa7 0x7a 0x3d 0xb5 0xf2 0x05 0xe1 0xb9 0x9f 0xcd 
+   0x86 0x60 0x86 0x3a 0x15 0x9a 0xd4 0xab 0xe4 0x0f 
+   0xa4 0x89 0x34 0x16 0x3d 0xdd 0xe5 0x42 0xa6 0x58 
+   0x55 0x40 0xfd 0x68 0x3c 0xbf 0xd8 0xc0 0x0f 0x12 
+   0x12 0x9a 0x28 0x4d 0xea 0xcc 0x4c 0xde 0xfe 0x58 
+   0xbe 0x71 0x37 0x54 0x1c 0x04 0x71 0x26 0xc8 0xd4 
+   0x9e 0x27 0x55 0xab 0x18 0x1a 0xb7 0xe9 0x40 0xb0 
+   0xc0 
+   
+-- 
+ ---------------------------------------------------------------------
+We have the right to defend ourselves and our
+property, because of the kind of animals that we              James A. Donald
+are.  True law derives from this right, not from
+the arbitrary power of the omnipotent state.                jamesd@netcom.com
diff --git a/src/lib/libssl/src/crypto/rc5/rc5.h b/src/lib/libssl/src/crypto/rc5/rc5.h
new file mode 100644
index 0000000000..5fd64e3f10
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc5/rc5.h
@@ -0,0 +1,122 @@
+/* crypto/rc5/rc5.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_RC5_H
+#define HEADER_RC5_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#define RC5_ENCRYPT     1
+#define RC5_DECRYPT     0
+/* 32 bit.  For Alpha, things may get weird */
+#define RC5_32_INT unsigned long
+#define RC5_32_BLOCK            8
+#define RC5_32_KEY_LENGTH       16 /* This is a default, max is 255 */
+/* This are the only values supported.  Tweak the code if you want more
+ * The most supported modes will be
+ * RC5-32/12/16
+ * RC5-32/16/8
+ */
+#define RC5_8_ROUNDS    8
+#define RC5_12_ROUNDS   12
+#define RC5_16_ROUNDS   16
+typedef struct rc5_key_st
+        {
+        /* Number of rounds */
+        int rounds;
+        RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
+        } RC5_32_KEY;
+#ifndef NOPROTO
+ 
+void RC5_32_set_key(RC5_32_KEY *key, int len, unsigned char *data,
+        int rounds);
+void RC5_32_ecb_encrypt(unsigned char *in,unsigned char *out,RC5_32_KEY *key,
+        int enc);
+void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key);
+void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key);
+void RC5_32_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+        RC5_32_KEY *ks, unsigned char *iv, int enc);
+void RC5_32_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        RC5_32_KEY *schedule, unsigned char *ivec, int *num, int enc);
+void RC5_32_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        RC5_32_KEY *schedule, unsigned char *ivec, int *num);
+#else
+void RC5_32_set_key();
+void RC5_32_ecb_encrypt();
+void RC5_32_encrypt();
+void RC5_32_decrypt();
+void RC5_32_cbc_encrypt();
+void RC5_32_cfb64_encrypt();
+void RC5_32_ofb64_encrypt();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/ripemd/README b/src/lib/libssl/src/crypto/ripemd/README
new file mode 100644
index 0000000000..7097707264
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ripemd/README
@@ -0,0 +1,15 @@
+RIPEMD-160
+http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
+This is my implementation of RIPEMD-160.  The pentium assember is a little
+off the pace since I only get 1050 cycles, while the best is 1013.
+I have a few ideas for how to get another 20 or so cycles, but at
+this point I will not bother right now.  I belive the trick will be
+to remove my 'copy X array onto stack' until inside the RIP1() finctions the
+first time round.  To do this I need another register and will only have one
+temporary one.  A bit tricky....  I can also cleanup the saving of the 5 words
+after the first half of the calculation.  I should read the origional
+value, add then write.  Currently I just save the new and read the origioal.
+I then read both at the end.  Bad.
+eric (20-Jan-1998)
diff --git a/src/lib/libssl/src/crypto/ripemd/asm/rips.cpp b/src/lib/libssl/src/crypto/ripemd/asm/rips.cpp
new file mode 100644
index 0000000000..78a933c448
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ripemd/asm/rips.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "ripemd.h"
+extern "C" {
+void ripemd160_block_x86(RIPEMD160_CTX *ctx, unsigned char *buffer,int num);
+}
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        RIPEMD160_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        ripemd160_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        ripemd160_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        ripemd160_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        ripemd160_block_x86(&ctx,buffer,num);
+                        }
+                printf("ripemd160 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl b/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl
new file mode 100644
index 0000000000..dc3f6c792e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl
@@ -0,0 +1,582 @@
+#!/usr/bin/perl
+# Normal is the
+# ripemd160_block_x86(MD5_CTX *c, ULONG *X);
+# version, non-normal is the
+# ripemd160_block_x86(MD5_CTX *c, ULONG *X,int blocks);
+$normal=0;
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+&asm_init($ARGV[0],$0);
+$A="eax";
+$B="ebx";
+$C="ecx";
+$D="edx";
+$E="ebp";
+$tmp1="esi";
+$tmp2="edi";
+$KL1=0x5A827999;
+$KL2=0x6ED9EBA1;
+$KL3=0x8F1BBCDC;
+$KL4=0xA953FD4E;
+$KR0=0x50A28BE6;
+$KR1=0x5C4DD124; 
+$KR2=0x6D703EF3;
+$KR3=0x7A6D76E9;
+@wl=(    0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,
+         7, 4,13, 1,10, 6,15, 3,12, 0, 9, 5, 2,14,11, 8,
+         3,10,14, 4, 9,15, 8, 1, 2, 7, 0, 6,13,11, 5,12,
+         1, 9,11,10, 0, 8,12, 4,13, 3, 7,15,14, 5, 6, 2,
+         4, 0, 5, 9, 7,12, 2,10,14, 1, 3, 8,11, 6,15,13,
+         );
+@wr=(    5,14, 7, 0, 9, 2,11, 4,13, 6,15, 8, 1,10, 3,12,
+         6,11, 3, 7, 0,13, 5,10,14,15, 8,12, 4, 9, 1, 2,
+        15, 5, 1, 3, 7,14, 6, 9,11, 8,12, 2,10, 0, 4,13,
+         8, 6, 4, 1, 3,11,15, 0, 5,12, 2,13, 9, 7,10,14,
+        12,15,10, 4, 1, 5, 8, 7, 6, 2,13,14, 0, 3, 9,11,
+        );
+@sl=(   11,14,15,12, 5, 8, 7, 9,11,13,14,15, 6, 7, 9, 8,
+         7, 6, 8,13,11, 9, 7,15, 7,12,15, 9,11, 7,13,12,
+        11,13, 6, 7,14, 9,13,15,14, 8,13, 6, 5,12, 7, 5,
+        11,12,14,15,14,15, 9, 8, 9,14, 5, 6, 8, 6, 5,12,
+         9,15, 5,11, 6, 8,13,12, 5,12,13,14,11, 8, 5, 6,
+         );
+@sr=(    8, 9, 9,11,13,15,15, 5, 7, 7, 8,11,14,14,12, 6,
+         9,13,15, 7,12, 8, 9,11, 7, 7,12, 7, 6,15,13,11,
+         9, 7,15,11, 8, 6, 6,14,12,13, 5,14,13,13, 7, 5,
+        15, 5, 8,11,14,14, 6,14, 6, 9,12, 9,12, 5,15, 8,
+         8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11,
+        );
+&ripemd160_block("ripemd160_block_x86");
+&asm_finish();
+sub Xv
+        {
+        local($n)=@_;
+        return(&swtmp($n+1));
+        # tmp on stack
+        }
+sub Np
+        {
+        local($p)=@_;
+        local(%n)=($A,$E,$B,$A,$C,$B,$D,$C,$E,$D);
+        return($n{$p});
+        }
+sub RIP1
+        {
+        local($a,$b,$c,$d,$e,$pos,$s,$o,$pos2)=@_;
+        &comment($p++);
+        if ($p & 1)
+                {
+         &mov($tmp1,    $c) if $o == -1;
+        &xor($tmp1,     $d) if $o == -1;
+         &mov($tmp2,    &Xv($pos));
+        &xor($tmp1,     $b);
+         &add($a,       $tmp2);
+        &rotl($c,       10);
+        &add($a,        $tmp1);
+         &mov($tmp1,    &Np($c));       # NEXT
+         # XXX
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        else
+                {
+         &xor($tmp1,    $d);
+        &mov($tmp2,     &Xv($pos));
+         &xor($tmp1,    $b);
+        &add($a,        $tmp1);
+         &mov($tmp1,    &Np($c)) if $o <= 0;
+         &mov($tmp1,    -1) if $o == 1;
+         # XXX if $o == 2;
+        &rotl($c,       10);
+        &add($a,        $tmp2);
+         &xor($tmp1,    &Np($d)) if $o <= 0;
+         &mov($tmp2,    &Xv($pos2)) if $o == 1;
+         &mov($tmp2,    &wparam(0)) if $o == 2;
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        }
+sub RIP2
+        {
+        local($a,$b,$c,$d,$e,$pos,$pos2,$s,$K,$o)=@_;
+# XXXXXX
+        &comment($p++);
+        if ($p & 1)
+                {
+#        &mov($tmp2,    &Xv($pos)) if $o < -1;
+#       &mov($tmp1,     -1) if $o < -1;
+         &add($a,       $tmp2);
+        &mov($tmp2,     $c);
+         &sub($tmp1,    $b);
+        &and($tmp2,     $b);
+         &and($tmp1,    $d);
+        &or($tmp2,      $tmp1);
+         &mov($tmp1,    &Xv($pos2)) if $o <= 0; # XXXXXXXXXXXXXX
+         # XXX
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp2,1));
+         &mov($tmp2,    -1) if $o <= 0;
+         # XXX
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        else
+                {
+         # XXX
+         &add($a,       $tmp1);
+        &mov($tmp1,     $c);
+         &sub($tmp2,    $b);
+        &and($tmp1,     $b);
+         &and($tmp2,    $d);
+        if ($o != 2)
+                {
+        &or($tmp1,      $tmp2);
+         &mov($tmp2,    &Xv($pos2)) if $o <= 0;
+         &mov($tmp2,    -1) if $o == 1;
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp1,1));
+         &mov($tmp1,    -1) if $o <= 0;
+         &sub($tmp2,    &Np($c)) if $o == 1;
+                } else {
+        &or($tmp2,      $tmp1);
+         &mov($tmp1,    &Np($c));
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp2,1));
+         &xor($tmp1,    &Np($d));
+                }
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        }
+sub RIP3
+        {
+        local($a,$b,$c,$d,$e,$pos,$s,$K,$o,$pos2)=@_;
+        &comment($p++);
+        if ($p & 1)
+                {
+#        &mov($tmp2,    -1) if $o < -1;
+#       &sub($tmp2,     $c) if $o < -1;
+         &mov($tmp1,    &Xv($pos));
+        &or($tmp2,      $b);
+         &add($a,       $tmp1);
+        &xor($tmp2,     $d);
+         &mov($tmp1,    -1) if $o <= 0;         # NEXT
+         # XXX
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp2,1));
+         &sub($tmp1,    &Np($c)) if $o <= 0;    # NEXT
+         # XXX
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        else
+                {
+         &mov($tmp2,    &Xv($pos));
+        &or($tmp1,      $b);
+         &add($a,       $tmp2);
+        &xor($tmp1,     $d);
+         &mov($tmp2,    -1) if $o <= 0;         # NEXT
+         &mov($tmp2,    -1) if $o == 1;
+         &mov($tmp2,    &Xv($pos2)) if $o == 2;
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp1,1));
+         &sub($tmp2,    &Np($c)) if $o <= 0;    # NEXT
+         &mov($tmp1,    &Np($d)) if $o == 1;
+         &mov($tmp1,    -1) if $o == 2;
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        }
+sub RIP4
+        {
+        local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
+        &comment($p++);
+        if ($p & 1)
+                {
+#        &mov($tmp2,    -1) if $o == -2;
+#       &mov($tmp1,     $d) if $o == -2;
+         &sub($tmp2,    $d);
+        &and($tmp1,     $b);
+         &and($tmp2,    $c);
+        &or($tmp2,      $tmp1);
+         &mov($tmp1,    &Xv($pos));
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp2));
+         &mov($tmp2,    -1) unless $o > 0;      # NEXT
+         # XXX
+        &add($a,        $tmp1);
+         &mov($tmp1,    &Np($d)) unless $o > 0; # NEXT
+         # XXX
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        else
+                {
+         &sub($tmp2,    $d);
+        &and($tmp1,     $b);
+         &and($tmp2,    $c);
+        &or($tmp2,      $tmp1);
+         &mov($tmp1,    &Xv($pos));
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp2));
+         &mov($tmp2,    -1) if $o == 0; # NEXT
+         &mov($tmp2,    -1) if $o == 1;
+         &mov($tmp2,    -1) if $o == 2;
+         # XXX
+        &add($a,        $tmp1);
+         &mov($tmp1,    &Np($d)) if $o == 0;    # NEXT
+         &sub($tmp2,    &Np($d)) if $o == 1;
+         &sub($tmp2,    &Np($c)) if $o == 2;
+         # XXX
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        }
+sub RIP5
+        {
+        local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
+        &comment($p++);
+        if ($p & 1)
+                {
+         &mov($tmp2,    -1) if $o == -2;
+        &sub($tmp2,     $d) if $o == -2;
+         &mov($tmp1,    &Xv($pos));
+        &or($tmp2,      $c);
+         &add($a,       $tmp1);
+        &xor($tmp2,     $b);
+         &mov($tmp1,    -1) if $o <= 0;
+         # XXX
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp2,1));
+         &sub($tmp1,    &Np($d)) if $o <= 0;
+         # XXX
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        else
+                {
+         &mov($tmp2,    &Xv($pos));
+        &or($tmp1,      $c);
+         &add($a,       $tmp2);
+        &xor($tmp1,     $b);
+         &mov($tmp2,    -1) if $o <= 0;
+         &mov($tmp2,    &wparam(0)) if $o == 1; # Middle code
+         &mov($tmp2,    -1) if $o == 2;
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp1,1));
+         &sub($tmp2,    &Np($d)) if $o <= 0;
+         &mov(&swtmp(1+16),     $A) if $o == 1;
+         &mov($tmp1,    &Np($d)) if $o == 2;
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        }
+sub ripemd160_block
+        {
+        local($name)=@_;
+        &function_begin_B($name,"",3);
+        # parameter 1 is the RIPEMD160_CTX structure.
+        # A     0
+        # B     4
+        # C     8
+        # D     12
+        # E     16
+        &push("esi");
+         &mov($C,       &wparam(2));
+        &push("edi");
+         &mov($tmp1,    &wparam(1)); # edi
+        &push("ebp");
+         &add($C,       $tmp1); # offset we end at
+        &push("ebx");
+         &sub($C,       64);
+        &stack_push(16+5+1);
+         # XXX
+        &mov(&swtmp(0), $C);
+         &mov($tmp2,    &wparam(0)); # Done at end of loop
+        &set_label("start") unless $normal;
+        &comment("");
+        # &mov($tmp1,   &wparam(1)); # Done at end of loop
+        # &mov($tmp2,   &wparam(0)); # Done at end of loop
+        for ($z=0; $z<16; $z+=2)
+                {
+                &mov($A,                &DWP( $z*4,$tmp1,"",0));
+                 &mov($B,               &DWP( ($z+1)*4,$tmp1,"",0));
+                &mov(&swtmp(1+$z),      $A);
+                 &mov(&swtmp(1+$z+1),   $B);
+                }
+        &add($tmp1,     64);
+         &mov($A,       &DWP( 0,$tmp2,"",0));
+        &mov(&wparam(1),$tmp1);
+         &mov($B,       &DWP( 4,$tmp2,"",0));
+        &mov($C,        &DWP( 8,$tmp2,"",0));
+         &mov($D,       &DWP(12,$tmp2,"",0));
+        &mov($E,        &DWP(16,$tmp2,"",0));
+        &RIP1($A,$B,$C,$D,$E,$wl[ 0],$sl[ 0],-1);
+        &RIP1($E,$A,$B,$C,$D,$wl[ 1],$sl[ 1],0);
+        &RIP1($D,$E,$A,$B,$C,$wl[ 2],$sl[ 2],0);
+        &RIP1($C,$D,$E,$A,$B,$wl[ 3],$sl[ 3],0);
+        &RIP1($B,$C,$D,$E,$A,$wl[ 4],$sl[ 4],0);
+        &RIP1($A,$B,$C,$D,$E,$wl[ 5],$sl[ 5],0);
+        &RIP1($E,$A,$B,$C,$D,$wl[ 6],$sl[ 6],0);
+        &RIP1($D,$E,$A,$B,$C,$wl[ 7],$sl[ 7],0);
+        &RIP1($C,$D,$E,$A,$B,$wl[ 8],$sl[ 8],0);
+        &RIP1($B,$C,$D,$E,$A,$wl[ 9],$sl[ 9],0);
+        &RIP1($A,$B,$C,$D,$E,$wl[10],$sl[10],0);
+        &RIP1($E,$A,$B,$C,$D,$wl[11],$sl[11],0);
+        &RIP1($D,$E,$A,$B,$C,$wl[12],$sl[12],0);
+        &RIP1($C,$D,$E,$A,$B,$wl[13],$sl[13],0);
+        &RIP1($B,$C,$D,$E,$A,$wl[14],$sl[14],0);
+        &RIP1($A,$B,$C,$D,$E,$wl[15],$sl[15],1,$wl[16]);
+        &RIP2($E,$A,$B,$C,$D,$wl[16],$wl[17],$sl[16],$KL1,-1);
+        &RIP2($D,$E,$A,$B,$C,$wl[17],$wl[18],$sl[17],$KL1,0);
+        &RIP2($C,$D,$E,$A,$B,$wl[18],$wl[19],$sl[18],$KL1,0);
+        &RIP2($B,$C,$D,$E,$A,$wl[19],$wl[20],$sl[19],$KL1,0);
+        &RIP2($A,$B,$C,$D,$E,$wl[20],$wl[21],$sl[20],$KL1,0);
+        &RIP2($E,$A,$B,$C,$D,$wl[21],$wl[22],$sl[21],$KL1,0);
+        &RIP2($D,$E,$A,$B,$C,$wl[22],$wl[23],$sl[22],$KL1,0);
+        &RIP2($C,$D,$E,$A,$B,$wl[23],$wl[24],$sl[23],$KL1,0);
+        &RIP2($B,$C,$D,$E,$A,$wl[24],$wl[25],$sl[24],$KL1,0);
+        &RIP2($A,$B,$C,$D,$E,$wl[25],$wl[26],$sl[25],$KL1,0);
+        &RIP2($E,$A,$B,$C,$D,$wl[26],$wl[27],$sl[26],$KL1,0);
+        &RIP2($D,$E,$A,$B,$C,$wl[27],$wl[28],$sl[27],$KL1,0);
+        &RIP2($C,$D,$E,$A,$B,$wl[28],$wl[29],$sl[28],$KL1,0);
+        &RIP2($B,$C,$D,$E,$A,$wl[29],$wl[30],$sl[29],$KL1,0);
+        &RIP2($A,$B,$C,$D,$E,$wl[30],$wl[31],$sl[30],$KL1,0);
+        &RIP2($E,$A,$B,$C,$D,$wl[31],$wl[32],$sl[31],$KL1,1);
+        &RIP3($D,$E,$A,$B,$C,$wl[32],$sl[32],$KL2,-1);
+        &RIP3($C,$D,$E,$A,$B,$wl[33],$sl[33],$KL2,0);
+        &RIP3($B,$C,$D,$E,$A,$wl[34],$sl[34],$KL2,0);
+        &RIP3($A,$B,$C,$D,$E,$wl[35],$sl[35],$KL2,0);
+        &RIP3($E,$A,$B,$C,$D,$wl[36],$sl[36],$KL2,0);
+        &RIP3($D,$E,$A,$B,$C,$wl[37],$sl[37],$KL2,0);
+        &RIP3($C,$D,$E,$A,$B,$wl[38],$sl[38],$KL2,0);
+        &RIP3($B,$C,$D,$E,$A,$wl[39],$sl[39],$KL2,0);
+        &RIP3($A,$B,$C,$D,$E,$wl[40],$sl[40],$KL2,0);
+        &RIP3($E,$A,$B,$C,$D,$wl[41],$sl[41],$KL2,0);
+        &RIP3($D,$E,$A,$B,$C,$wl[42],$sl[42],$KL2,0);
+        &RIP3($C,$D,$E,$A,$B,$wl[43],$sl[43],$KL2,0);
+        &RIP3($B,$C,$D,$E,$A,$wl[44],$sl[44],$KL2,0);
+        &RIP3($A,$B,$C,$D,$E,$wl[45],$sl[45],$KL2,0);
+        &RIP3($E,$A,$B,$C,$D,$wl[46],$sl[46],$KL2,0);
+        &RIP3($D,$E,$A,$B,$C,$wl[47],$sl[47],$KL2,1);
+        &RIP4($C,$D,$E,$A,$B,$wl[48],$sl[48],$KL3,-1);
+        &RIP4($B,$C,$D,$E,$A,$wl[49],$sl[49],$KL3,0);
+        &RIP4($A,$B,$C,$D,$E,$wl[50],$sl[50],$KL3,0);
+        &RIP4($E,$A,$B,$C,$D,$wl[51],$sl[51],$KL3,0);
+        &RIP4($D,$E,$A,$B,$C,$wl[52],$sl[52],$KL3,0);
+        &RIP4($C,$D,$E,$A,$B,$wl[53],$sl[53],$KL3,0);
+        &RIP4($B,$C,$D,$E,$A,$wl[54],$sl[54],$KL3,0);
+        &RIP4($A,$B,$C,$D,$E,$wl[55],$sl[55],$KL3,0);
+        &RIP4($E,$A,$B,$C,$D,$wl[56],$sl[56],$KL3,0);
+        &RIP4($D,$E,$A,$B,$C,$wl[57],$sl[57],$KL3,0);
+        &RIP4($C,$D,$E,$A,$B,$wl[58],$sl[58],$KL3,0);
+        &RIP4($B,$C,$D,$E,$A,$wl[59],$sl[59],$KL3,0);
+        &RIP4($A,$B,$C,$D,$E,$wl[60],$sl[60],$KL3,0);
+        &RIP4($E,$A,$B,$C,$D,$wl[61],$sl[61],$KL3,0);
+        &RIP4($D,$E,$A,$B,$C,$wl[62],$sl[62],$KL3,0);
+        &RIP4($C,$D,$E,$A,$B,$wl[63],$sl[63],$KL3,1);
+        &RIP5($B,$C,$D,$E,$A,$wl[64],$sl[64],$KL4,-1);
+        &RIP5($A,$B,$C,$D,$E,$wl[65],$sl[65],$KL4,0);
+        &RIP5($E,$A,$B,$C,$D,$wl[66],$sl[66],$KL4,0);
+        &RIP5($D,$E,$A,$B,$C,$wl[67],$sl[67],$KL4,0);
+        &RIP5($C,$D,$E,$A,$B,$wl[68],$sl[68],$KL4,0);
+        &RIP5($B,$C,$D,$E,$A,$wl[69],$sl[69],$KL4,0);
+        &RIP5($A,$B,$C,$D,$E,$wl[70],$sl[70],$KL4,0);
+        &RIP5($E,$A,$B,$C,$D,$wl[71],$sl[71],$KL4,0);
+        &RIP5($D,$E,$A,$B,$C,$wl[72],$sl[72],$KL4,0);
+        &RIP5($C,$D,$E,$A,$B,$wl[73],$sl[73],$KL4,0);
+        &RIP5($B,$C,$D,$E,$A,$wl[74],$sl[74],$KL4,0);
+        &RIP5($A,$B,$C,$D,$E,$wl[75],$sl[75],$KL4,0);
+        &RIP5($E,$A,$B,$C,$D,$wl[76],$sl[76],$KL4,0);
+        &RIP5($D,$E,$A,$B,$C,$wl[77],$sl[77],$KL4,0);
+        &RIP5($C,$D,$E,$A,$B,$wl[78],$sl[78],$KL4,0);
+        &RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1);
+        # &mov($tmp2,   &wparam(0)); # moved into last RIP5
+        # &mov(&swtmp(1+16),    $A);
+         &mov($A,       &DWP( 0,$tmp2,"",0));
+        &mov(&swtmp(1+17),      $B);
+         &mov(&swtmp(1+18),     $C);
+        &mov($B,        &DWP( 4,$tmp2,"",0));
+         &mov(&swtmp(1+19),     $D);
+        &mov($C,        &DWP( 8,$tmp2,"",0));
+         &mov(&swtmp(1+20),     $E);
+        &mov($D,        &DWP(12,$tmp2,"",0));
+         &mov($E,       &DWP(16,$tmp2,"",0));
+        &RIP5($A,$B,$C,$D,$E,$wr[ 0],$sr[ 0],$KR0,-2);
+        &RIP5($E,$A,$B,$C,$D,$wr[ 1],$sr[ 1],$KR0,0);
+        &RIP5($D,$E,$A,$B,$C,$wr[ 2],$sr[ 2],$KR0,0);
+        &RIP5($C,$D,$E,$A,$B,$wr[ 3],$sr[ 3],$KR0,0);
+        &RIP5($B,$C,$D,$E,$A,$wr[ 4],$sr[ 4],$KR0,0);
+        &RIP5($A,$B,$C,$D,$E,$wr[ 5],$sr[ 5],$KR0,0);
+        &RIP5($E,$A,$B,$C,$D,$wr[ 6],$sr[ 6],$KR0,0);
+        &RIP5($D,$E,$A,$B,$C,$wr[ 7],$sr[ 7],$KR0,0);
+        &RIP5($C,$D,$E,$A,$B,$wr[ 8],$sr[ 8],$KR0,0);
+        &RIP5($B,$C,$D,$E,$A,$wr[ 9],$sr[ 9],$KR0,0);
+        &RIP5($A,$B,$C,$D,$E,$wr[10],$sr[10],$KR0,0);
+        &RIP5($E,$A,$B,$C,$D,$wr[11],$sr[11],$KR0,0);
+        &RIP5($D,$E,$A,$B,$C,$wr[12],$sr[12],$KR0,0);
+        &RIP5($C,$D,$E,$A,$B,$wr[13],$sr[13],$KR0,0);
+        &RIP5($B,$C,$D,$E,$A,$wr[14],$sr[14],$KR0,0);
+        &RIP5($A,$B,$C,$D,$E,$wr[15],$sr[15],$KR0,2);
+        &RIP4($E,$A,$B,$C,$D,$wr[16],$sr[16],$KR1,-2);
+        &RIP4($D,$E,$A,$B,$C,$wr[17],$sr[17],$KR1,0);
+        &RIP4($C,$D,$E,$A,$B,$wr[18],$sr[18],$KR1,0);
+        &RIP4($B,$C,$D,$E,$A,$wr[19],$sr[19],$KR1,0);
+        &RIP4($A,$B,$C,$D,$E,$wr[20],$sr[20],$KR1,0);
+        &RIP4($E,$A,$B,$C,$D,$wr[21],$sr[21],$KR1,0);
+        &RIP4($D,$E,$A,$B,$C,$wr[22],$sr[22],$KR1,0);
+        &RIP4($C,$D,$E,$A,$B,$wr[23],$sr[23],$KR1,0);
+        &RIP4($B,$C,$D,$E,$A,$wr[24],$sr[24],$KR1,0);
+        &RIP4($A,$B,$C,$D,$E,$wr[25],$sr[25],$KR1,0);
+        &RIP4($E,$A,$B,$C,$D,$wr[26],$sr[26],$KR1,0);
+        &RIP4($D,$E,$A,$B,$C,$wr[27],$sr[27],$KR1,0);
+        &RIP4($C,$D,$E,$A,$B,$wr[28],$sr[28],$KR1,0);
+        &RIP4($B,$C,$D,$E,$A,$wr[29],$sr[29],$KR1,0);
+        &RIP4($A,$B,$C,$D,$E,$wr[30],$sr[30],$KR1,0);
+        &RIP4($E,$A,$B,$C,$D,$wr[31],$sr[31],$KR1,2);
+        &RIP3($D,$E,$A,$B,$C,$wr[32],$sr[32],$KR2,-2);
+        &RIP3($C,$D,$E,$A,$B,$wr[33],$sr[33],$KR2,0);
+        &RIP3($B,$C,$D,$E,$A,$wr[34],$sr[34],$KR2,0);
+        &RIP3($A,$B,$C,$D,$E,$wr[35],$sr[35],$KR2,0);
+        &RIP3($E,$A,$B,$C,$D,$wr[36],$sr[36],$KR2,0);
+        &RIP3($D,$E,$A,$B,$C,$wr[37],$sr[37],$KR2,0);
+        &RIP3($C,$D,$E,$A,$B,$wr[38],$sr[38],$KR2,0);
+        &RIP3($B,$C,$D,$E,$A,$wr[39],$sr[39],$KR2,0);
+        &RIP3($A,$B,$C,$D,$E,$wr[40],$sr[40],$KR2,0);
+        &RIP3($E,$A,$B,$C,$D,$wr[41],$sr[41],$KR2,0);
+        &RIP3($D,$E,$A,$B,$C,$wr[42],$sr[42],$KR2,0);
+        &RIP3($C,$D,$E,$A,$B,$wr[43],$sr[43],$KR2,0);
+        &RIP3($B,$C,$D,$E,$A,$wr[44],$sr[44],$KR2,0);
+        &RIP3($A,$B,$C,$D,$E,$wr[45],$sr[45],$KR2,0);
+        &RIP3($E,$A,$B,$C,$D,$wr[46],$sr[46],$KR2,0);
+        &RIP3($D,$E,$A,$B,$C,$wr[47],$sr[47],$KR2,2,$wr[48]);
+        &RIP2($C,$D,$E,$A,$B,$wr[48],$wr[49],$sr[48],$KR3,-2);
+        &RIP2($B,$C,$D,$E,$A,$wr[49],$wr[50],$sr[49],$KR3,0);
+        &RIP2($A,$B,$C,$D,$E,$wr[50],$wr[51],$sr[50],$KR3,0);
+        &RIP2($E,$A,$B,$C,$D,$wr[51],$wr[52],$sr[51],$KR3,0);
+        &RIP2($D,$E,$A,$B,$C,$wr[52],$wr[53],$sr[52],$KR3,0);
+        &RIP2($C,$D,$E,$A,$B,$wr[53],$wr[54],$sr[53],$KR3,0);
+        &RIP2($B,$C,$D,$E,$A,$wr[54],$wr[55],$sr[54],$KR3,0);
+        &RIP2($A,$B,$C,$D,$E,$wr[55],$wr[56],$sr[55],$KR3,0);
+        &RIP2($E,$A,$B,$C,$D,$wr[56],$wr[57],$sr[56],$KR3,0);
+        &RIP2($D,$E,$A,$B,$C,$wr[57],$wr[58],$sr[57],$KR3,0);
+        &RIP2($C,$D,$E,$A,$B,$wr[58],$wr[59],$sr[58],$KR3,0);
+        &RIP2($B,$C,$D,$E,$A,$wr[59],$wr[60],$sr[59],$KR3,0);
+        &RIP2($A,$B,$C,$D,$E,$wr[60],$wr[61],$sr[60],$KR3,0);
+        &RIP2($E,$A,$B,$C,$D,$wr[61],$wr[62],$sr[61],$KR3,0);
+        &RIP2($D,$E,$A,$B,$C,$wr[62],$wr[63],$sr[62],$KR3,0);
+        &RIP2($C,$D,$E,$A,$B,$wr[63],$wr[64],$sr[63],$KR3,2);
+        &RIP1($B,$C,$D,$E,$A,$wr[64],$sr[64],-2);
+        &RIP1($A,$B,$C,$D,$E,$wr[65],$sr[65],0);
+        &RIP1($E,$A,$B,$C,$D,$wr[66],$sr[66],0);
+        &RIP1($D,$E,$A,$B,$C,$wr[67],$sr[67],0);
+        &RIP1($C,$D,$E,$A,$B,$wr[68],$sr[68],0);
+        &RIP1($B,$C,$D,$E,$A,$wr[69],$sr[69],0);
+        &RIP1($A,$B,$C,$D,$E,$wr[70],$sr[70],0);
+        &RIP1($E,$A,$B,$C,$D,$wr[71],$sr[71],0);
+        &RIP1($D,$E,$A,$B,$C,$wr[72],$sr[72],0);
+        &RIP1($C,$D,$E,$A,$B,$wr[73],$sr[73],0);
+        &RIP1($B,$C,$D,$E,$A,$wr[74],$sr[74],0);
+        &RIP1($A,$B,$C,$D,$E,$wr[75],$sr[75],0);
+        &RIP1($E,$A,$B,$C,$D,$wr[76],$sr[76],0);
+        &RIP1($D,$E,$A,$B,$C,$wr[77],$sr[77],0);
+        &RIP1($C,$D,$E,$A,$B,$wr[78],$sr[78],0);
+        &RIP1($B,$C,$D,$E,$A,$wr[79],$sr[79],2);
+        # &mov($tmp2,   &wparam(0)); # Moved into last round
+         &mov($tmp1,    &DWP( 4,$tmp2,"",0));   # ctx->B
+        &add($D,        $tmp1); 
+         &mov($tmp1,    &swtmp(1+18));          # $c
+        &add($D,        $tmp1);
+         &mov($tmp1,    &DWP( 8,$tmp2,"",0));   # ctx->C
+        &add($E,        $tmp1); 
+         &mov($tmp1,    &swtmp(1+19));          # $d
+        &add($E,        $tmp1);
+         &mov($tmp1,    &DWP(12,$tmp2,"",0));   # ctx->D
+        &add($A,        $tmp1); 
+         &mov($tmp1,    &swtmp(1+20));          # $e
+        &add($A,        $tmp1);
+         &mov($tmp1,    &DWP(16,$tmp2,"",0));   # ctx->E
+        &add($B,        $tmp1); 
+         &mov($tmp1,    &swtmp(1+16));          # $a
+        &add($B,        $tmp1);
+         &mov($tmp1,    &DWP( 0,$tmp2,"",0));   # ctx->A
+        &add($C,        $tmp1); 
+         &mov($tmp1,    &swtmp(1+17));          # $b
+        &add($C,        $tmp1);
+        &mov(&DWP( 0,$tmp2,"",0),       $D);
+         &mov(&DWP( 4,$tmp2,"",0),      $E);
+        &mov(&DWP( 8,$tmp2,"",0),       $A);
+         &mov(&DWP(12,$tmp2,"",0),      $B);
+        &mov(&DWP(16,$tmp2,"",0),       $C);
+        &mov($tmp2,             &swtmp(0));
+         &mov($tmp1,            &wparam(1));
+        &cmp($tmp2,$tmp1);
+         &mov($tmp2,    &wparam(0));
+        # XXX
+         &jge(&label("start"));
+        &stack_pop(16+5+1);
+        &pop("ebx");
+        &pop("ebp");
+        &pop("edi");
+        &pop("esi");
+        &ret();
+        &function_end_B($name);
+        }
diff --git a/src/lib/libssl/src/crypto/ripemd/ripemd.h b/src/lib/libssl/src/crypto/ripemd/ripemd.h
new file mode 100644
index 0000000000..a3bc6e3ab2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ripemd/ripemd.h
@@ -0,0 +1,99 @@
+/* crypto/ripemd/ripemd.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_RIPEMD_H
+#define HEADER_RIPEMD_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#define RIPEMD160_CBLOCK        64
+#define RIPEMD160_LBLOCK        16
+#define RIPEMD160_BLOCK         16
+#define RIPEMD160_LAST_BLOCK    56
+#define RIPEMD160_LENGTH_BLOCK  8
+#define RIPEMD160_DIGEST_LENGTH 20
+typedef struct RIPEMD160state_st
+        {
+        unsigned long A,B,C,D,E;
+        unsigned long Nl,Nh;
+        unsigned long data[RIPEMD160_LBLOCK];
+        int num;
+        } RIPEMD160_CTX;
+#ifndef NOPROTO
+void RIPEMD160_Init(RIPEMD160_CTX *c);
+void RIPEMD160_Update(RIPEMD160_CTX *c, unsigned char *data, unsigned long len);
+void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+unsigned char *RIPEMD160(unsigned char *d, unsigned long n, unsigned char *md);
+void RIPEMD160_Transform(RIPEMD160_CTX *c, unsigned char *b);
+#else
+void RIPEMD160_Init();
+void RIPEMD160_Update();
+void RIPEMD160_Final();
+unsigned char *RIPEMD160();
+void RIPEMD160_Transform();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/ripemd/rmd160.c b/src/lib/libssl/src/crypto/ripemd/rmd160.c
new file mode 100644
index 0000000000..3fa1b8096e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ripemd/rmd160.c
@@ -0,0 +1,135 @@
+/* crypto/ripemd/rmd160.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "ripemd.h"
+#define BUFSIZE 1024*16
+#ifndef NOPROTO
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+#else
+void do_fp();
+void pt();
+int read();
+#endif
+int main(argc, argv)
+int argc;
+char **argv;
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("RIPEMD160(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+void do_fp(f)
+FILE *f;
+        {
+        RIPEMD160_CTX c;
+        unsigned char md[RIPEMD160_DIGEST_LENGTH];
+        int fd;
+        int i;
+        static unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        RIPEMD160_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                RIPEMD160_Update(&c,buf,(unsigned long)i);
+                }
+        RIPEMD160_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(md)
+unsigned char *md;
+        {
+        int i;
+        for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c b/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c
new file mode 100644
index 0000000000..210de1977d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c
@@ -0,0 +1,535 @@
+/* crypto/ripemd/rmd_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "rmd_locl.h"
+char *RMD160_version="RIPEMD160 part of SSLeay 0.9.0b 29-Jun-1998";
+#ifndef NOPROTO
+#  ifdef RMD160_ASM
+     void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,int num);
+#    define ripemd160_block ripemd160_block_x86
+#  else
+     void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num);
+#  endif
+#else
+#  ifdef RMD160_ASM
+     void ripemd160_block_x86();
+#    define ripemd160_block ripemd160_block_x86
+#  else
+     static void ripemd160_block();
+#  endif
+#endif
+void RIPEMD160_Init(c)
+RIPEMD160_CTX *c;
+        {
+        c->A=RIPEMD160_A;
+        c->B=RIPEMD160_B;
+        c->C=RIPEMD160_C;
+        c->D=RIPEMD160_D;
+        c->E=RIPEMD160_E;
+        c->Nl=0;
+        c->Nh=0;
+        c->num=0;
+        }
+void RIPEMD160_Update(c, data, len)
+RIPEMD160_CTX *c;
+register unsigned char *data;
+unsigned long len;
+        {
+        register ULONG *p;
+        int sw,sc;
+        ULONG l;
+        if (len == 0) return;
+        l=(c->Nl+(len<<3))&0xffffffffL;
+        if (l < c->Nl) /* overflow */
+                c->Nh++;
+        c->Nh+=(len>>29);
+        c->Nl=l;
+        if (c->num != 0)
+                {
+                p=c->data;
+                sw=c->num>>2;
+                sc=c->num&0x03;
+                if ((c->num+len) >= RIPEMD160_CBLOCK)
+                        {
+                        l= p[sw];
+                        p_c2l(data,l,sc);
+                        p[sw++]=l;
+                        for (; sw<RIPEMD160_LBLOCK; sw++)
+                                {
+                                c2l(data,l);
+                                p[sw]=l;
+                                }
+                        len-=(RIPEMD160_CBLOCK-c->num);
+                        ripemd160_block(c,p,64);
+                        c->num=0;
+                        /* drop through and do the rest */
+                        }
+                else
+                        {
+                        int ew,ec;
+                        c->num+=(int)len;
+                        if ((sc+len) < 4) /* ugly, add char's to a word */
+                                {
+                                l= p[sw];
+                                p_c2l_p(data,l,sc,len);
+                                p[sw]=l;
+                                }
+                        else
+                                {
+                                ew=(c->num>>2);
+                                ec=(c->num&0x03);
+                                l= p[sw];
+                                p_c2l(data,l,sc);
+                                p[sw++]=l;
+                                for (; sw < ew; sw++)
+                                        { c2l(data,l); p[sw]=l; }
+                                if (ec)
+                                        {
+                                        c2l_p(data,l,ec);
+                                        p[sw]=l;
+                                        }
+                                }
+                        return;
+                        }
+                }
+        /* we now can process the input data in blocks of RIPEMD160_CBLOCK
+         * chars and save the leftovers to c->data. */
+#ifdef L_ENDIAN
+        if ((((unsigned long)data)%sizeof(ULONG)) == 0)
+                {
+                sw=(int)len/RIPEMD160_CBLOCK;
+                if (sw > 0)
+                        {
+                        sw*=RIPEMD160_CBLOCK;
+                        ripemd160_block(c,(ULONG *)data,sw);
+                        data+=sw;
+                        len-=sw;
+                        }
+                }
+#endif
+        p=c->data;
+        while (len >= RIPEMD160_CBLOCK)
+                {
+#if defined(L_ENDIAN) || defined(B_ENDIAN)
+                if (p != (unsigned long *)data)
+                        memcpy(p,data,RIPEMD160_CBLOCK);
+                data+=RIPEMD160_CBLOCK;
+#ifdef B_ENDIAN
+                for (sw=(RIPEMD160_LBLOCK/4); sw; sw--)
+                        {
+                        Endian_Reverse32(p[0]);
+                        Endian_Reverse32(p[1]);
+                        Endian_Reverse32(p[2]);
+                        Endian_Reverse32(p[3]);
+                        p+=4;
+                        }
+#endif
+#else
+                for (sw=(RIPEMD160_LBLOCK/4); sw; sw--)
+                        {
+                        c2l(data,l); *(p++)=l;
+                        c2l(data,l); *(p++)=l;
+                        c2l(data,l); *(p++)=l;
+                        c2l(data,l); *(p++)=l; 
+                        } 
+#endif
+                p=c->data;
+                ripemd160_block(c,p,64);
+                len-=RIPEMD160_CBLOCK;
+                }
+        sc=(int)len;
+        c->num=sc;
+        if (sc)
+                {
+                sw=sc>>2;       /* words to copy */
+#ifdef L_ENDIAN
+                p[sw]=0;
+                memcpy(p,data,sc);
+#else
+                sc&=0x03;
+                for ( ; sw; sw--)
+                        { c2l(data,l); *(p++)=l; }
+                c2l_p(data,l,sc);
+                *p=l;
+#endif
+                }
+        }
+void RIPEMD160_Transform(c,b)
+RIPEMD160_CTX *c;
+unsigned char *b;
+        {
+        ULONG p[16];
+#if !defined(L_ENDIAN)
+        ULONG *q;
+        int i;
+#endif
+#if defined(B_ENDIAN) || defined(L_ENDIAN)
+        memcpy(p,b,64);
+#ifdef B_ENDIAN
+        q=p;
+        for (i=(RIPEMD160_LBLOCK/4); i; i--)
+                {
+                Endian_Reverse32(q[0]);
+                Endian_Reverse32(q[1]);
+                Endian_Reverse32(q[2]);
+                Endian_Reverse32(q[3]);
+                q+=4;
+                }
+#endif
+#else
+        q=p;
+        for (i=(RIPEMD160_LBLOCK/4); i; i--)
+                {
+                ULONG l;
+                c2l(b,l); *(q++)=l;
+                c2l(b,l); *(q++)=l;
+                c2l(b,l); *(q++)=l;
+                c2l(b,l); *(q++)=l; 
+                } 
+#endif
+        ripemd160_block(c,p,64);
+        }
+#ifndef RMD160_ASM
+void ripemd160_block(ctx, X, num)
+RIPEMD160_CTX *ctx;
+register ULONG *X;
+int num;
+        {
+        register ULONG A,B,C,D,E;
+        ULONG a,b,c,d,e;
+        for (;;)
+                {
+                A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+        RIP1(A,B,C,D,E,WL00,SL00);
+        RIP1(E,A,B,C,D,WL01,SL01);
+        RIP1(D,E,A,B,C,WL02,SL02);
+        RIP1(C,D,E,A,B,WL03,SL03);
+        RIP1(B,C,D,E,A,WL04,SL04);
+        RIP1(A,B,C,D,E,WL05,SL05);
+        RIP1(E,A,B,C,D,WL06,SL06);
+        RIP1(D,E,A,B,C,WL07,SL07);
+        RIP1(C,D,E,A,B,WL08,SL08);
+        RIP1(B,C,D,E,A,WL09,SL09);
+        RIP1(A,B,C,D,E,WL10,SL10);
+        RIP1(E,A,B,C,D,WL11,SL11);
+        RIP1(D,E,A,B,C,WL12,SL12);
+        RIP1(C,D,E,A,B,WL13,SL13);
+        RIP1(B,C,D,E,A,WL14,SL14);
+        RIP1(A,B,C,D,E,WL15,SL15);
+        RIP2(E,A,B,C,D,WL16,SL16,KL1);
+        RIP2(D,E,A,B,C,WL17,SL17,KL1);
+        RIP2(C,D,E,A,B,WL18,SL18,KL1);
+        RIP2(B,C,D,E,A,WL19,SL19,KL1);
+        RIP2(A,B,C,D,E,WL20,SL20,KL1);
+        RIP2(E,A,B,C,D,WL21,SL21,KL1);
+        RIP2(D,E,A,B,C,WL22,SL22,KL1);
+        RIP2(C,D,E,A,B,WL23,SL23,KL1);
+        RIP2(B,C,D,E,A,WL24,SL24,KL1);
+        RIP2(A,B,C,D,E,WL25,SL25,KL1);
+        RIP2(E,A,B,C,D,WL26,SL26,KL1);
+        RIP2(D,E,A,B,C,WL27,SL27,KL1);
+        RIP2(C,D,E,A,B,WL28,SL28,KL1);
+        RIP2(B,C,D,E,A,WL29,SL29,KL1);
+        RIP2(A,B,C,D,E,WL30,SL30,KL1);
+        RIP2(E,A,B,C,D,WL31,SL31,KL1);
+        RIP3(D,E,A,B,C,WL32,SL32,KL2);
+        RIP3(C,D,E,A,B,WL33,SL33,KL2);
+        RIP3(B,C,D,E,A,WL34,SL34,KL2);
+        RIP3(A,B,C,D,E,WL35,SL35,KL2);
+        RIP3(E,A,B,C,D,WL36,SL36,KL2);
+        RIP3(D,E,A,B,C,WL37,SL37,KL2);
+        RIP3(C,D,E,A,B,WL38,SL38,KL2);
+        RIP3(B,C,D,E,A,WL39,SL39,KL2);
+        RIP3(A,B,C,D,E,WL40,SL40,KL2);
+        RIP3(E,A,B,C,D,WL41,SL41,KL2);
+        RIP3(D,E,A,B,C,WL42,SL42,KL2);
+        RIP3(C,D,E,A,B,WL43,SL43,KL2);
+        RIP3(B,C,D,E,A,WL44,SL44,KL2);
+        RIP3(A,B,C,D,E,WL45,SL45,KL2);
+        RIP3(E,A,B,C,D,WL46,SL46,KL2);
+        RIP3(D,E,A,B,C,WL47,SL47,KL2);
+        RIP4(C,D,E,A,B,WL48,SL48,KL3);
+        RIP4(B,C,D,E,A,WL49,SL49,KL3);
+        RIP4(A,B,C,D,E,WL50,SL50,KL3);
+        RIP4(E,A,B,C,D,WL51,SL51,KL3);
+        RIP4(D,E,A,B,C,WL52,SL52,KL3);
+        RIP4(C,D,E,A,B,WL53,SL53,KL3);
+        RIP4(B,C,D,E,A,WL54,SL54,KL3);
+        RIP4(A,B,C,D,E,WL55,SL55,KL3);
+        RIP4(E,A,B,C,D,WL56,SL56,KL3);
+        RIP4(D,E,A,B,C,WL57,SL57,KL3);
+        RIP4(C,D,E,A,B,WL58,SL58,KL3);
+        RIP4(B,C,D,E,A,WL59,SL59,KL3);
+        RIP4(A,B,C,D,E,WL60,SL60,KL3);
+        RIP4(E,A,B,C,D,WL61,SL61,KL3);
+        RIP4(D,E,A,B,C,WL62,SL62,KL3);
+        RIP4(C,D,E,A,B,WL63,SL63,KL3);
+        RIP5(B,C,D,E,A,WL64,SL64,KL4);
+        RIP5(A,B,C,D,E,WL65,SL65,KL4);
+        RIP5(E,A,B,C,D,WL66,SL66,KL4);
+        RIP5(D,E,A,B,C,WL67,SL67,KL4);
+        RIP5(C,D,E,A,B,WL68,SL68,KL4);
+        RIP5(B,C,D,E,A,WL69,SL69,KL4);
+        RIP5(A,B,C,D,E,WL70,SL70,KL4);
+        RIP5(E,A,B,C,D,WL71,SL71,KL4);
+        RIP5(D,E,A,B,C,WL72,SL72,KL4);
+        RIP5(C,D,E,A,B,WL73,SL73,KL4);
+        RIP5(B,C,D,E,A,WL74,SL74,KL4);
+        RIP5(A,B,C,D,E,WL75,SL75,KL4);
+        RIP5(E,A,B,C,D,WL76,SL76,KL4);
+        RIP5(D,E,A,B,C,WL77,SL77,KL4);
+        RIP5(C,D,E,A,B,WL78,SL78,KL4);
+        RIP5(B,C,D,E,A,WL79,SL79,KL4);
+        a=A; b=B; c=C; d=D; e=E;
+        /* Do other half */
+        A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+        RIP5(A,B,C,D,E,WR00,SR00,KR0);
+        RIP5(E,A,B,C,D,WR01,SR01,KR0);
+        RIP5(D,E,A,B,C,WR02,SR02,KR0);
+        RIP5(C,D,E,A,B,WR03,SR03,KR0);
+        RIP5(B,C,D,E,A,WR04,SR04,KR0);
+        RIP5(A,B,C,D,E,WR05,SR05,KR0);
+        RIP5(E,A,B,C,D,WR06,SR06,KR0);
+        RIP5(D,E,A,B,C,WR07,SR07,KR0);
+        RIP5(C,D,E,A,B,WR08,SR08,KR0);
+        RIP5(B,C,D,E,A,WR09,SR09,KR0);
+        RIP5(A,B,C,D,E,WR10,SR10,KR0);
+        RIP5(E,A,B,C,D,WR11,SR11,KR0);
+        RIP5(D,E,A,B,C,WR12,SR12,KR0);
+        RIP5(C,D,E,A,B,WR13,SR13,KR0);
+        RIP5(B,C,D,E,A,WR14,SR14,KR0);
+        RIP5(A,B,C,D,E,WR15,SR15,KR0);
+        RIP4(E,A,B,C,D,WR16,SR16,KR1);
+        RIP4(D,E,A,B,C,WR17,SR17,KR1);
+        RIP4(C,D,E,A,B,WR18,SR18,KR1);
+        RIP4(B,C,D,E,A,WR19,SR19,KR1);
+        RIP4(A,B,C,D,E,WR20,SR20,KR1);
+        RIP4(E,A,B,C,D,WR21,SR21,KR1);
+        RIP4(D,E,A,B,C,WR22,SR22,KR1);
+        RIP4(C,D,E,A,B,WR23,SR23,KR1);
+        RIP4(B,C,D,E,A,WR24,SR24,KR1);
+        RIP4(A,B,C,D,E,WR25,SR25,KR1);
+        RIP4(E,A,B,C,D,WR26,SR26,KR1);
+        RIP4(D,E,A,B,C,WR27,SR27,KR1);
+        RIP4(C,D,E,A,B,WR28,SR28,KR1);
+        RIP4(B,C,D,E,A,WR29,SR29,KR1);
+        RIP4(A,B,C,D,E,WR30,SR30,KR1);
+        RIP4(E,A,B,C,D,WR31,SR31,KR1);
+        RIP3(D,E,A,B,C,WR32,SR32,KR2);
+        RIP3(C,D,E,A,B,WR33,SR33,KR2);
+        RIP3(B,C,D,E,A,WR34,SR34,KR2);
+        RIP3(A,B,C,D,E,WR35,SR35,KR2);
+        RIP3(E,A,B,C,D,WR36,SR36,KR2);
+        RIP3(D,E,A,B,C,WR37,SR37,KR2);
+        RIP3(C,D,E,A,B,WR38,SR38,KR2);
+        RIP3(B,C,D,E,A,WR39,SR39,KR2);
+        RIP3(A,B,C,D,E,WR40,SR40,KR2);
+        RIP3(E,A,B,C,D,WR41,SR41,KR2);
+        RIP3(D,E,A,B,C,WR42,SR42,KR2);
+        RIP3(C,D,E,A,B,WR43,SR43,KR2);
+        RIP3(B,C,D,E,A,WR44,SR44,KR2);
+        RIP3(A,B,C,D,E,WR45,SR45,KR2);
+        RIP3(E,A,B,C,D,WR46,SR46,KR2);
+        RIP3(D,E,A,B,C,WR47,SR47,KR2);
+        RIP2(C,D,E,A,B,WR48,SR48,KR3);
+        RIP2(B,C,D,E,A,WR49,SR49,KR3);
+        RIP2(A,B,C,D,E,WR50,SR50,KR3);
+        RIP2(E,A,B,C,D,WR51,SR51,KR3);
+        RIP2(D,E,A,B,C,WR52,SR52,KR3);
+        RIP2(C,D,E,A,B,WR53,SR53,KR3);
+        RIP2(B,C,D,E,A,WR54,SR54,KR3);
+        RIP2(A,B,C,D,E,WR55,SR55,KR3);
+        RIP2(E,A,B,C,D,WR56,SR56,KR3);
+        RIP2(D,E,A,B,C,WR57,SR57,KR3);
+        RIP2(C,D,E,A,B,WR58,SR58,KR3);
+        RIP2(B,C,D,E,A,WR59,SR59,KR3);
+        RIP2(A,B,C,D,E,WR60,SR60,KR3);
+        RIP2(E,A,B,C,D,WR61,SR61,KR3);
+        RIP2(D,E,A,B,C,WR62,SR62,KR3);
+        RIP2(C,D,E,A,B,WR63,SR63,KR3);
+        RIP1(B,C,D,E,A,WR64,SR64);
+        RIP1(A,B,C,D,E,WR65,SR65);
+        RIP1(E,A,B,C,D,WR66,SR66);
+        RIP1(D,E,A,B,C,WR67,SR67);
+        RIP1(C,D,E,A,B,WR68,SR68);
+        RIP1(B,C,D,E,A,WR69,SR69);
+        RIP1(A,B,C,D,E,WR70,SR70);
+        RIP1(E,A,B,C,D,WR71,SR71);
+        RIP1(D,E,A,B,C,WR72,SR72);
+        RIP1(C,D,E,A,B,WR73,SR73);
+        RIP1(B,C,D,E,A,WR74,SR74);
+        RIP1(A,B,C,D,E,WR75,SR75);
+        RIP1(E,A,B,C,D,WR76,SR76);
+        RIP1(D,E,A,B,C,WR77,SR77);
+        RIP1(C,D,E,A,B,WR78,SR78);
+        RIP1(B,C,D,E,A,WR79,SR79);
+        D     =ctx->B+c+D;
+        ctx->B=ctx->C+d+E;
+        ctx->C=ctx->D+e+A;
+        ctx->D=ctx->E+a+B;
+        ctx->E=ctx->A+b+C;
+        ctx->A=D;
+        X+=16;
+        num-=64;
+        if (num <= 0) break;
+                }
+        }
+#endif
+void RIPEMD160_Final(md, c)
+unsigned char *md;
+RIPEMD160_CTX *c;
+        {
+        register int i,j;
+        register ULONG l;
+        register ULONG *p;
+        static unsigned char end[4]={0x80,0x00,0x00,0x00};
+        unsigned char *cp=end;
+        /* c->num should definitly have room for at least one more byte. */
+        p=c->data;
+        j=c->num;
+        i=j>>2;
+        /* purify often complains about the following line as an
+         * Uninitialized Memory Read.  While this can be true, the
+         * following p_c2l macro will reset l when that case is true.
+         * This is because j&0x03 contains the number of 'valid' bytes
+         * already in p[i].  If and only if j&0x03 == 0, the UMR will
+         * occur but this is also the only time p_c2l will do
+         * l= *(cp++) instead of l|= *(cp++)
+         * Many thanks to Alex Tang <altitude@cic.net> for pickup this
+         * 'potential bug' */
+#ifdef PURIFY
+        if ((j&0x03) == 0) p[i]=0;
+#endif
+        l=p[i];
+        p_c2l(cp,l,j&0x03);
+        p[i]=l;
+        i++;
+        /* i is the next 'undefined word' */
+        if (c->num >= RIPEMD160_LAST_BLOCK)
+                {
+                for (; i<RIPEMD160_LBLOCK; i++)
+                        p[i]=0;
+                ripemd160_block(c,p,64);
+                i=0;
+                }
+        for (; i<(RIPEMD160_LBLOCK-2); i++)
+                p[i]=0;
+        p[RIPEMD160_LBLOCK-2]=c->Nl;
+        p[RIPEMD160_LBLOCK-1]=c->Nh;
+        ripemd160_block(c,p,64);
+        cp=md;
+        l=c->A; l2c(l,cp);
+        l=c->B; l2c(l,cp);
+        l=c->C; l2c(l,cp);
+        l=c->D; l2c(l,cp);
+        l=c->E; l2c(l,cp);
+        /* clear stuff, ripemd160_block may be leaving some stuff on the stack
+         * but I'm not worried :-) */
+        c->num=0;
+/*      memset((char *)&c,0,sizeof(c));*/
+        }
+#ifdef undef
+int printit(l)
+unsigned long *l;
+        {
+        int i,ii;
+        for (i=0; i<2; i++)
+                {
+                for (ii=0; ii<8; ii++)
+                        {
+                        fprintf(stderr,"%08lx ",l[i*8+ii]);
+                        }
+                fprintf(stderr,"\n");
+                }
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_locl.h b/src/lib/libssl/src/crypto/ripemd/rmd_locl.h
new file mode 100644
index 0000000000..a1feccf7c1
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ripemd/rmd_locl.h
@@ -0,0 +1,226 @@
+/* crypto/ripemd/rmd_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdlib.h>
+#include <string.h>
+#include "ripemd.h"
+#define ULONG   unsigned long
+#define UCHAR   unsigned char
+#define UINT    unsigned int
+#ifdef NOCONST
+#define const
+#endif
+#undef c2nl
+#define c2nl(c,l)       (l =(((unsigned long)(*((c)++)))<<24), \
+                         l|=(((unsigned long)(*((c)++)))<<16), \
+                         l|=(((unsigned long)(*((c)++)))<< 8), \
+                         l|=(((unsigned long)(*((c)++)))    ))
+#undef p_c2nl
+#define p_c2nl(c,l,n)   { \
+                        switch (n) { \
+                        case 0: l =((unsigned long)(*((c)++)))<<24; \
+                        case 1: l|=((unsigned long)(*((c)++)))<<16; \
+                        case 2: l|=((unsigned long)(*((c)++)))<< 8; \
+                        case 3: l|=((unsigned long)(*((c)++))); \
+                                } \
+                        }
+#undef c2nl_p
+/* NOTE the pointer is not incremented at the end of this */
+#define c2nl_p(c,l,n)   { \
+                        l=0; \
+                        (c)+=n; \
+                        switch (n) { \
+                        case 3: l =((unsigned long)(*(--(c))))<< 8; \
+                        case 2: l|=((unsigned long)(*(--(c))))<<16; \
+                        case 1: l|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+#undef p_c2nl_p
+#define p_c2nl_p(c,l,sc,len) { \
+                        switch (sc) \
+                                { \
+                        case 0: l =((unsigned long)(*((c)++)))<<24; \
+                                if (--len == 0) break; \
+                        case 1: l|=((unsigned long)(*((c)++)))<<16; \
+                                if (--len == 0) break; \
+                        case 2: l|=((unsigned long)(*((c)++)))<< 8; \
+                                } \
+                        }
+#undef nl2c
+#define nl2c(l,c)       (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+#undef c2l
+#define c2l(c,l)        (l =(((unsigned long)(*((c)++)))    ), \
+                         l|=(((unsigned long)(*((c)++)))<< 8), \
+                         l|=(((unsigned long)(*((c)++)))<<16), \
+                         l|=(((unsigned long)(*((c)++)))<<24))
+#undef p_c2l
+#define p_c2l(c,l,n)    { \
+                        switch (n) { \
+                        case 0: l =((unsigned long)(*((c)++))); \
+                        case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+                        case 2: l|=((unsigned long)(*((c)++)))<<16; \
+                        case 3: l|=((unsigned long)(*((c)++)))<<24; \
+                                } \
+                        }
+#undef c2l_p
+/* NOTE the pointer is not incremented at the end of this */
+#define c2l_p(c,l,n)    { \
+                        l=0; \
+                        (c)+=n; \
+                        switch (n) { \
+                        case 3: l =((unsigned long)(*(--(c))))<<16; \
+                        case 2: l|=((unsigned long)(*(--(c))))<< 8; \
+                        case 1: l|=((unsigned long)(*(--(c)))); \
+                                } \
+                        }
+#undef p_c2l_p
+#define p_c2l_p(c,l,sc,len) { \
+                        switch (sc) \
+                                { \
+                        case 0: l =((unsigned long)(*((c)++))); \
+                                if (--len == 0) break; \
+                        case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+                                if (--len == 0) break; \
+                        case 2: l|=((unsigned long)(*((c)++)))<<16; \
+                                } \
+                        }
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)    )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff))
+#undef ROTATE
+#if defined(WIN32)
+#define ROTATE(a,n)     _lrotl(a,n)
+#else
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
+#if defined(WIN32)
+/* 5 instructions with rotate instruction, else 9 */
+#define Endian_Reverse32(a) \
+        { \
+        unsigned long l=(a); \
+        (a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
+        }
+#else
+/* 6 instructions with rotate instruction, else 8 */
+#define Endian_Reverse32(a) \
+        { \
+        unsigned long l=(a); \
+        l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
+        (a)=ROTATE(l,16L); \
+        }
+#endif
+#define F1(x,y,z)        ((x)^(y)^(z))
+#define F2(x,y,z)       (((x)&(y))|((~x)&z))
+#define F3(x,y,z)       (((x)|(~y))^(z))
+#define F4(x,y,z)       (((x)&(z))|((y)&(~(z))))
+#define F5(x,y,z)        ((x)^((y)|(~(z))))
+#define RIPEMD160_A     0x67452301L
+#define RIPEMD160_B     0xEFCDAB89L
+#define RIPEMD160_C     0x98BADCFEL
+#define RIPEMD160_D     0x10325476L
+#define RIPEMD160_E     0xC3D2E1F0L
+#include "rmdconst.h"
+#define RIP1(a,b,c,d,e,w,s) { \
+        a+=F1(b,c,d)+X[w]; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+#define RIP2(a,b,c,d,e,w,s,K) { \
+        a+=F2(b,c,d)+X[w]+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+#define RIP3(a,b,c,d,e,w,s,K) { \
+        a+=F3(b,c,d)+X[w]+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+#define RIP4(a,b,c,d,e,w,s,K) { \
+        a+=F4(b,c,d)+X[w]+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+#define RIP5(a,b,c,d,e,w,s,K) { \
+        a+=F5(b,c,d)+X[w]+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_one.c b/src/lib/libssl/src/crypto/ripemd/rmd_one.c
new file mode 100644
index 0000000000..a7626dbcda
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ripemd/rmd_one.c
@@ -0,0 +1,77 @@
+/* crypto/ripemd/rmd_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "rmd_locl.h"
+unsigned char *RIPEMD160(d, n, md)
+unsigned char *d;
+unsigned long n;
+unsigned char *md;
+        {
+        RIPEMD160_CTX c;
+        static unsigned char m[RIPEMD160_DIGEST_LENGTH];
+        if (md == NULL) md=m;
+        RIPEMD160_Init(&c);
+        RIPEMD160_Update(&c,d,n);
+        RIPEMD160_Final(md,&c);
+        memset(&c,0,sizeof(c)); /* security consideration */
+        return(md);
+        }
diff --git a/src/lib/libssl/src/crypto/ripemd/rmdconst.h b/src/lib/libssl/src/crypto/ripemd/rmdconst.h
new file mode 100644
index 0000000000..59c48dead1
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ripemd/rmdconst.h
@@ -0,0 +1,399 @@
+/* crypto/ripemd/rmdconst.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#define KL0 0x00000000L
+#define KL1 0x5A827999L
+#define KL2 0x6ED9EBA1L
+#define KL3 0x8F1BBCDCL
+#define KL4 0xA953FD4EL
+#define KR0 0x50A28BE6L
+#define KR1 0x5C4DD124L
+#define KR2 0x6D703EF3L
+#define KR3 0x7A6D76E9L
+#define KR4 0x00000000L
+#define WL00  0
+#define SL00 11
+#define WL01  1
+#define SL01 14
+#define WL02  2
+#define SL02 15
+#define WL03  3
+#define SL03 12
+#define WL04  4
+#define SL04  5
+#define WL05  5
+#define SL05  8
+#define WL06  6
+#define SL06  7
+#define WL07  7
+#define SL07  9
+#define WL08  8
+#define SL08 11
+#define WL09  9
+#define SL09 13
+#define WL10 10
+#define SL10 14
+#define WL11 11
+#define SL11 15
+#define WL12 12
+#define SL12  6
+#define WL13 13
+#define SL13  7
+#define WL14 14
+#define SL14  9
+#define WL15 15
+#define SL15  8
+#define WL16  7
+#define SL16  7
+#define WL17  4
+#define SL17  6
+#define WL18 13
+#define SL18  8
+#define WL19  1
+#define SL19 13
+#define WL20 10
+#define SL20 11
+#define WL21  6
+#define SL21  9
+#define WL22 15
+#define SL22  7
+#define WL23  3
+#define SL23 15
+#define WL24 12
+#define SL24  7
+#define WL25  0
+#define SL25 12
+#define WL26  9
+#define SL26 15
+#define WL27  5
+#define SL27  9
+#define WL28  2
+#define SL28 11
+#define WL29 14
+#define SL29  7
+#define WL30 11
+#define SL30 13
+#define WL31  8
+#define SL31 12
+#define WL32  3
+#define SL32 11
+#define WL33 10
+#define SL33 13
+#define WL34 14
+#define SL34  6
+#define WL35  4
+#define SL35  7
+#define WL36  9
+#define SL36 14
+#define WL37 15
+#define SL37  9
+#define WL38  8
+#define SL38 13
+#define WL39  1
+#define SL39 15
+#define WL40  2
+#define SL40 14
+#define WL41  7
+#define SL41  8
+#define WL42  0
+#define SL42 13
+#define WL43  6
+#define SL43  6
+#define WL44 13
+#define SL44  5
+#define WL45 11
+#define SL45 12
+#define WL46  5
+#define SL46  7
+#define WL47 12
+#define SL47  5
+#define WL48  1
+#define SL48 11
+#define WL49  9
+#define SL49 12
+#define WL50 11
+#define SL50 14
+#define WL51 10
+#define SL51 15
+#define WL52  0
+#define SL52 14
+#define WL53  8
+#define SL53 15
+#define WL54 12
+#define SL54  9
+#define WL55  4
+#define SL55  8
+#define WL56 13
+#define SL56  9
+#define WL57  3
+#define SL57 14
+#define WL58  7
+#define SL58  5
+#define WL59 15
+#define SL59  6
+#define WL60 14
+#define SL60  8
+#define WL61  5
+#define SL61  6
+#define WL62  6
+#define SL62  5
+#define WL63  2
+#define SL63 12
+#define WL64  4
+#define SL64  9
+#define WL65  0
+#define SL65 15
+#define WL66  5
+#define SL66  5
+#define WL67  9
+#define SL67 11
+#define WL68  7
+#define SL68  6
+#define WL69 12
+#define SL69  8
+#define WL70  2
+#define SL70 13
+#define WL71 10
+#define SL71 12
+#define WL72 14
+#define SL72  5
+#define WL73  1
+#define SL73 12
+#define WL74  3
+#define SL74 13
+#define WL75  8
+#define SL75 14
+#define WL76 11
+#define SL76 11
+#define WL77  6
+#define SL77  8
+#define WL78 15
+#define SL78  5
+#define WL79 13
+#define SL79  6
+#define WR00  5
+#define SR00  8
+#define WR01 14
+#define SR01  9
+#define WR02  7
+#define SR02  9
+#define WR03  0
+#define SR03 11
+#define WR04  9
+#define SR04 13
+#define WR05  2
+#define SR05 15
+#define WR06 11
+#define SR06 15
+#define WR07  4
+#define SR07  5
+#define WR08 13
+#define SR08  7
+#define WR09  6
+#define SR09  7
+#define WR10 15
+#define SR10  8
+#define WR11  8
+#define SR11 11
+#define WR12  1
+#define SR12 14
+#define WR13 10
+#define SR13 14
+#define WR14  3
+#define SR14 12
+#define WR15 12
+#define SR15  6
+#define WR16  6
+#define SR16  9
+#define WR17 11
+#define SR17 13
+#define WR18  3
+#define SR18 15
+#define WR19  7
+#define SR19  7
+#define WR20  0
+#define SR20 12
+#define WR21 13
+#define SR21  8
+#define WR22  5
+#define SR22  9
+#define WR23 10
+#define SR23 11
+#define WR24 14
+#define SR24  7
+#define WR25 15
+#define SR25  7
+#define WR26  8
+#define SR26 12
+#define WR27 12
+#define SR27  7
+#define WR28  4
+#define SR28  6
+#define WR29  9
+#define SR29 15
+#define WR30  1
+#define SR30 13
+#define WR31  2
+#define SR31 11
+#define WR32 15
+#define SR32  9
+#define WR33  5
+#define SR33  7
+#define WR34  1
+#define SR34 15
+#define WR35  3
+#define SR35 11
+#define WR36  7
+#define SR36  8
+#define WR37 14
+#define SR37  6
+#define WR38  6
+#define SR38  6
+#define WR39  9
+#define SR39 14
+#define WR40 11
+#define SR40 12
+#define WR41  8
+#define SR41 13
+#define WR42 12
+#define SR42  5
+#define WR43  2
+#define SR43 14
+#define WR44 10
+#define SR44 13
+#define WR45  0
+#define SR45 13
+#define WR46  4
+#define SR46  7
+#define WR47 13
+#define SR47  5
+#define WR48  8
+#define SR48 15
+#define WR49  6
+#define SR49  5
+#define WR50  4
+#define SR50  8
+#define WR51  1
+#define SR51 11
+#define WR52  3
+#define SR52 14
+#define WR53 11
+#define SR53 14
+#define WR54 15
+#define SR54  6
+#define WR55  0
+#define SR55 14
+#define WR56  5
+#define SR56  6
+#define WR57 12
+#define SR57  9
+#define WR58  2
+#define SR58 12
+#define WR59 13
+#define SR59  9
+#define WR60  9
+#define SR60 12
+#define WR61  7
+#define SR61  5
+#define WR62 10
+#define SR62 15
+#define WR63 14
+#define SR63  8
+#define WR64 12
+#define SR64  8
+#define WR65 15
+#define SR65  5
+#define WR66 10
+#define SR66 12
+#define WR67  4
+#define SR67  9
+#define WR68  1
+#define SR68 12
+#define WR69  5
+#define SR69  5
+#define WR70  8
+#define SR70 14
+#define WR71  7
+#define SR71  6
+#define WR72  6
+#define SR72  8
+#define WR73  2
+#define SR73 13
+#define WR74 13
+#define SR74  6
+#define WR75 14
+#define SR75  5
+#define WR76  0
+#define SR76 15
+#define WR77  3
+#define SR77 13
+#define WR78  9
+#define SR78 11
+#define WR79 11
+#define SR79 11
diff --git a/src/lib/libssl/src/crypto/ripemd/rmdtest.c b/src/lib/libssl/src/crypto/ripemd/rmdtest.c
new file mode 100644
index 0000000000..6a0297f975
--- /dev/null
+++ b/src/lib/libssl/src/crypto/ripemd/rmdtest.c
@@ -0,0 +1,133 @@
+/* crypto/ripemd/rmdtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "ripemd.h"
+char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+char *ret[]={
+        "9c1185a5c5e9fc54612808977ee8f548b2258d31",
+        "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
+        "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
+        "5d0689ef49d2fae572b881b123a85ffa21595f36",
+        "f71c27109c692c1b56bbdceb5b9d2865b3708dbc",
+        "12a053384a9c0c88e405a06c27dcf49ada62eb2b",
+        "b0e20b6e3116640286ed3a87a5713079b21f5189",
+        "9b752e45573d4b39f4dbd3323cab82bf63326bfb",
+        };
+#ifndef NOPROTO
+static char *pt(unsigned char *md);
+#else
+static char *pt();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        char *p;
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                p=pt(RIPEMD160(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating RIPEMD160 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        exit(err);
+        return(0);
+        }
+static char *pt(md)
+unsigned char *md;
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h
new file mode 100644
index 0000000000..aeb78ffcd3
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa.h
@@ -0,0 +1,324 @@
+/* crypto/rsa/rsa.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_RSA_H
+#define HEADER_RSA_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "bn.h"
+#include "crypto.h"
+typedef struct rsa_meth_st
+        {
+        char *name;
+        int (*rsa_pub_enc)();
+        int (*rsa_pub_dec)();
+        int (*rsa_priv_enc)();
+        int (*rsa_priv_dec)();
+        int (*rsa_mod_exp)();           /* Can be null */
+        int (*bn_mod_exp)();            /* Can be null */
+        int (*init)(/* RSA * */);       /* called at new */
+        int (*finish)(/* RSA * */);     /* called at free */
+        int flags;                      /* RSA_METHOD_FLAG_* things */
+        char *app_data;                 /* may be needed! */
+        } RSA_METHOD;
+typedef struct rsa_st
+        {
+        /* The first parameter is used to pickup errors where
+         * this is passed instead of aEVP_PKEY, it is set to 0 */
+        int pad;
+        int version;
+        RSA_METHOD *meth;
+        BIGNUM *n;
+        BIGNUM *e;
+        BIGNUM *d;
+        BIGNUM *p;
+        BIGNUM *q;
+        BIGNUM *dmp1;
+        BIGNUM *dmq1;
+        BIGNUM *iqmp;
+        /* be carefull using this if the RSA structure is shared */
+        CRYPTO_EX_DATA ex_data;
+        int references;
+        int flags;
+        /* Normally used to cached montgomery values */
+        char *method_mod_n;
+        char *method_mod_p;
+        char *method_mod_q;
+        BN_BLINDING *blinding;
+        } RSA;
+#define RSA_3   0x3L
+#define RSA_F4  0x10001L
+#define RSA_METHOD_FLAG_NO_CHECK        0x01 /* don't check pub/private match */
+#define RSA_FLAG_CACHE_PUBLIC           0x02
+#define RSA_FLAG_CACHE_PRIVATE          0x04
+#define RSA_FLAG_BLINDING               0x08
+#define RSA_FLAG_THREAD_SAFE            0x10
+#define RSA_PKCS1_PADDING       1
+#define RSA_SSLV23_PADDING      2
+#define RSA_NO_PADDING          3
+#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,(char *)arg)
+#define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
+#ifndef NOPROTO
+RSA *   RSA_new(void);
+RSA *   RSA_new_method(RSA_METHOD *method);
+int     RSA_size(RSA *);
+RSA *   RSA_generate_key(int bits, unsigned long e,void
+                (*callback)(int,int,char *),char *cb_arg);
+        /* next 4 return -1 on error */
+int     RSA_public_encrypt(int flen, unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+int     RSA_private_encrypt(int flen, unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+int     RSA_public_decrypt(int flen, unsigned char *from, 
+                unsigned char *to, RSA *rsa,int padding);
+int     RSA_private_decrypt(int flen, unsigned char *from, 
+                unsigned char *to, RSA *rsa,int padding);
+void    RSA_free (RSA *r);
+int     RSA_flags(RSA *r);
+void RSA_set_default_method(RSA_METHOD *meth);
+/* If you have RSAref compiled in. */
+RSA_METHOD *RSA_PKCS1_RSAref(void);
+/* these are the actual SSLeay RSA functions */
+RSA_METHOD *RSA_PKCS1_SSLeay(void);
+void    ERR_load_RSA_strings(void );
+RSA *   d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
+int     i2d_RSAPublicKey(RSA *a, unsigned char **pp);
+RSA *   d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
+int     i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
+#ifndef NO_FP_API
+int     RSA_print_fp(FILE *fp, RSA *r,int offset);
+#endif
+#ifdef HEADER_BIO_H
+int     RSA_print(BIO *bp, RSA *r,int offset);
+#endif
+int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
+RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+/* Naughty internal function required elsewhere, to handle a MS structure
+ * that is the same as the netscape one :-) */
+RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length, int (*cb)());
+/* The following 2 functions sign and verify a X509_SIG ASN1 object
+ * inside PKCS#1 padded RSA encryption */
+int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+        unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+        unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+/* The following 2 function sign and verify a ASN1_OCTET_STRING
+ * object inside PKCS#1 padded RSA encryption */
+int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
+        unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
+        unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+void RSA_blinding_off(RSA *rsa);
+int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
+        unsigned char *f,int fl);
+int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
+        unsigned char *f,int fl);
+int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
+        unsigned char *f,int fl);
+int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
+        unsigned char *f,int fl);
+int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
+        unsigned char *f,int fl);
+int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
+        unsigned char *f,int fl);
+int RSA_padding_add_none(unsigned char *to,int tlen,
+        unsigned char *f,int fl);
+int RSA_padding_check_none(unsigned char *to,int tlen,
+        unsigned char *f,int fl);
+int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+        int (*dup_func)(), void (*free_func)());
+int RSA_set_ex_data(RSA *r,int idx,char *arg);
+char *RSA_get_ex_data(RSA *r, int idx);
+#else
+RSA *   RSA_new();
+RSA *   RSA_new_method();
+int     RSA_size();
+RSA *   RSA_generate_key();
+int     RSA_public_encrypt();
+int     RSA_private_encrypt();
+int     RSA_public_decrypt();
+int     RSA_private_decrypt();
+void    RSA_free ();
+int     RSA_flags();
+void RSA_set_default_method();
+/* RSA_METHOD *RSA_PKCS1_RSAref(); */
+RSA_METHOD *RSA_PKCS1_SSLeay();
+void    ERR_load_RSA_strings();
+RSA *   d2i_RSAPublicKey();
+int     i2d_RSAPublicKey();
+RSA *   d2i_RSAPrivateKey();
+int     i2d_RSAPrivateKey();
+#ifndef NO_FP_API
+int     RSA_print_fp();
+#endif
+int     RSA_print();
+int i2d_Netscape_RSA();
+RSA *d2i_Netscape_RSA();
+RSA *d2i_Netscape_RSA_2();
+int RSA_sign();
+int RSA_verify();
+int RSA_sign_ASN1_OCTET_STRING();
+int RSA_verify_ASN1_OCTET_STRING();
+int RSA_blinding_on();
+void RSA_blinding_off();
+int RSA_padding_add_PKCS1_type_1();
+int RSA_padding_check_PKCS1_type_1();
+int RSA_padding_add_PKCS1_type_2();
+int RSA_padding_check_PKCS1_type_2();
+int RSA_padding_add_SSLv23();
+int RSA_padding_check_SSLv23();
+int RSA_padding_add_none();
+int RSA_padding_check_none();
+int RSA_get_ex_new_index();
+int RSA_set_ex_data();
+char *RSA_get_ex_data();
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the RSA functions. */
+/* Function codes. */
+#define RSA_F_RSA_EAY_PRIVATE_DECRYPT                    100
+#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT                    101
+#define RSA_F_RSA_EAY_PUBLIC_DECRYPT                     102
+#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT                     103
+#define RSA_F_RSA_GENERATE_KEY                           104
+#define RSA_F_RSA_NEW_METHOD                             105
+#define RSA_F_RSA_PADDING_ADD_NONE                       106
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1               107
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2               108
+#define RSA_F_RSA_PADDING_ADD_SSLV23                     109
+#define RSA_F_RSA_PADDING_CHECK_NONE                     110
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1             111
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2             112
+#define RSA_F_RSA_PADDING_CHECK_SSLV23                   113
+#define RSA_F_RSA_PRINT                                  114
+#define RSA_F_RSA_PRINT_FP                               115
+#define RSA_F_RSA_SIGN                                   116
+#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 117
+#define RSA_F_RSA_VERIFY                                 118
+#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING               119
+/* Reason codes. */
+#define RSA_R_ALGORITHM_MISMATCH                         100
+#define RSA_R_BAD_E_VALUE                                101
+#define RSA_R_BAD_FIXED_HEADER_DECRYPT                   102
+#define RSA_R_BAD_PAD_BYTE_COUNT                         103
+#define RSA_R_BAD_SIGNATURE                              104
+#define RSA_R_BAD_ZERO_BYTE                              105
+#define RSA_R_BLOCK_TYPE_IS_NOT_01                       106
+#define RSA_R_BLOCK_TYPE_IS_NOT_02                       107
+#define RSA_R_DATA_GREATER_THAN_MOD_LEN                  108
+#define RSA_R_DATA_TOO_LARGE                             109
+#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                110
+#define RSA_R_DATA_TOO_SMALL                             111
+#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY                 112
+#define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
+#define RSA_R_PADDING_CHECK_FAILED                       114
+#define RSA_R_SSLV3_ROLLBACK_ATTACK                      115
+#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
+#define RSA_R_UNKNOWN_ALGORITHM_TYPE                     117
+#define RSA_R_UNKNOWN_PADDING_TYPE                       118
+#define RSA_R_WRONG_SIGNATURE_LENGTH                     119
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
new file mode 100644
index 0000000000..42a77f11cd
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -0,0 +1,274 @@
+/* This file has been explicitly broken by ryker for OpenBSD, July
+ * 1, 1998. In spite of the title, there is no implementation of the
+ * RSA algorithm left in this file. All these routines will return an
+ * error and fail when called. They exist as stubs and can be
+ * ressurected from the bit bucket by someone in the free world once
+ * the RSA algorithm is no longer subject to patent problems. Eric
+ * Young's original copyright is below. 
+ */
+/* crypto/rsa/rsa_eay.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "rand.h"
+#ifndef NOPROTO
+static int RSA_eay_public_encrypt(int flen, unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_private_encrypt(int flen, unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_public_decrypt(int flen, unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_private_decrypt(int flen, unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
+static int RSA_eay_init(RSA *rsa);
+static int RSA_eay_finish(RSA *rsa);
+#else
+static int RSA_eay_public_encrypt();
+static int RSA_eay_private_encrypt();
+static int RSA_eay_public_decrypt();
+static int RSA_eay_private_decrypt();
+static int RSA_eay_mod_exp();
+static int RSA_eay_init();
+static int RSA_eay_finish();
+#endif
+static RSA_METHOD rsa_pkcs1_eay_meth={
+        "Eric Young's PKCS#1 RSA",
+        RSA_eay_public_encrypt,
+        RSA_eay_public_decrypt,
+        RSA_eay_private_encrypt,
+        RSA_eay_private_decrypt,
+        RSA_eay_mod_exp,
+        BN_mod_exp_mont,
+        RSA_eay_init,
+        RSA_eay_finish,
+        0,
+        NULL,
+        };
+RSA_METHOD *RSA_PKCS1_SSLeay()
+        {
+        return(&rsa_pkcs1_eay_meth);
+        }
+static int RSA_eay_public_encrypt(flen, from, to, rsa, padding)
+int flen;
+unsigned char *from;
+unsigned char *to;
+RSA *rsa;
+int padding;
+        {
+        BIGNUM *f=NULL,*ret=NULL;
+        int i,j,k,num=0,r= -1;
+        unsigned char *buf=NULL;
+        BN_CTX *ctx=NULL;
+        /* Body of this routine removed for OpenBSD - will return
+         * when the RSA patent expires
+         */
+err:
+        if (ctx != NULL) BN_CTX_free(ctx);
+        if (f != NULL) BN_free(f);
+        if (ret != NULL) BN_free(ret);
+        if (buf != NULL) 
+                {
+                memset(buf,0,num);
+                Free(buf);
+                }
+        return(r);
+        }
+static int RSA_eay_private_encrypt(flen, from, to, rsa, padding)
+int flen;
+unsigned char *from;
+unsigned char *to;
+RSA *rsa;
+int padding;
+        {
+        BIGNUM *f=NULL,*ret=NULL;
+        int i,j,k,num=0,r= -1;
+        unsigned char *buf=NULL;
+        BN_CTX *ctx=NULL;
+        /* Body of this routine removed for OpenBSD - will return
+         * when the RSA patent expires
+         */
+err:
+        if (ctx != NULL) BN_CTX_free(ctx);
+        if (ret != NULL) BN_free(ret);
+        if (f != NULL) BN_free(f);
+        if (buf != NULL)
+                {
+                memset(buf,0,num);
+                Free(buf);
+                }
+        return(r);
+        }
+static int RSA_eay_private_decrypt(flen, from, to, rsa,padding)
+int flen;
+unsigned char *from;
+unsigned char *to;
+RSA *rsa;
+int padding;
+        {
+        BIGNUM *f=NULL,*ret=NULL;
+        int j,num=0,r= -1;
+        unsigned char *p;
+        unsigned char *buf=NULL;
+        BN_CTX *ctx=NULL;
+        /* Body of this routine removed for OpenBSD - will return
+         * when the RSA patent expires
+         */
+err:
+        if (ctx != NULL) BN_CTX_free(ctx);
+        if (f != NULL) BN_free(f);
+        if (ret != NULL) BN_free(ret);
+        if (buf != NULL)
+                {
+                memset(buf,0,num);
+                Free(buf);
+                }
+        return(r);
+        }
+static int RSA_eay_public_decrypt(flen, from, to, rsa, padding)
+int flen;
+unsigned char *from;
+unsigned char *to;
+RSA *rsa;
+int padding;
+        {
+        BIGNUM *f=NULL,*ret=NULL;
+        int i,num=0,r= -1;
+        unsigned char *p;
+        unsigned char *buf=NULL;
+        BN_CTX *ctx=NULL;
+        /* Body of this routine removed for OpenBSD - will return
+         * when the RSA patent expires
+         */
+err:
+        if (ctx != NULL) BN_CTX_free(ctx);
+        if (f != NULL) BN_free(f);
+        if (ret != NULL) BN_free(ret);
+        if (buf != NULL)
+                {
+                memset(buf,0,num);
+                Free(buf);
+                }
+        return(r);
+        }
+static int RSA_eay_mod_exp(r0, I, rsa)
+BIGNUM *r0;
+BIGNUM *I;
+RSA *rsa;
+        {
+        BIGNUM *r1=NULL,*m1=NULL;
+        int ret=0;
+        BN_CTX *ctx;
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+        m1=BN_new();
+        r1=BN_new();
+        if ((m1 == NULL) || (r1 == NULL)) goto err;
+        /* Body of this routine removed for OpenBSD - will return
+         * when the RSA patent expires
+         */
+err:
+        if (m1 != NULL) BN_free(m1);
+        if (r1 != NULL) BN_free(r1);
+        BN_CTX_free(ctx);
+        return(ret);
+        }
+static int RSA_eay_init(rsa)
+RSA *rsa;
+        {
+        rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
+        return(1);
+        }
+static int RSA_eay_finish(rsa)
+RSA *rsa;
+        {
+        if (rsa->method_mod_n != NULL)
+                BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_n);
+        if (rsa->method_mod_p != NULL)
+                BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_p);
+        if (rsa->method_mod_q != NULL)
+                BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_q);
+        return(1);
+        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_err.c b/src/lib/libssl/src/crypto/rsa/rsa_err.c
new file mode 100644
index 0000000000..796b3afd47
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa_err.c
@@ -0,0 +1,129 @@
+/* lib/rsa/rsa_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "rsa.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA RSA_str_functs[]=
+        {
+{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0),   "RSA_EAY_PRIVATE_DECRYPT"},
+{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0),   "RSA_EAY_PRIVATE_ENCRYPT"},
+{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0),    "RSA_EAY_PUBLIC_DECRYPT"},
+{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0),    "RSA_EAY_PUBLIC_ENCRYPT"},
+{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0),  "RSA_generate_key"},
+{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0),    "RSA_new_method"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0),      "RSA_padding_add_none"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0),      "RSA_padding_add_PKCS1_type_1"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0),      "RSA_padding_add_PKCS1_type_2"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0),    "RSA_padding_add_SSLv23"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0),    "RSA_padding_check_none"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0),    "RSA_padding_check_PKCS1_type_1"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0),    "RSA_padding_check_PKCS1_type_2"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0),  "RSA_padding_check_SSLv23"},
+{ERR_PACK(0,RSA_F_RSA_PRINT,0), "RSA_print"},
+{ERR_PACK(0,RSA_F_RSA_PRINT_FP,0),      "RSA_print_fp"},
+{ERR_PACK(0,RSA_F_RSA_SIGN,0),  "RSA_sign"},
+{ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0),        "RSA_sign_ASN1_OCTET_STRING"},
+{ERR_PACK(0,RSA_F_RSA_VERIFY,0),        "RSA_verify"},
+{ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0),      "RSA_verify_ASN1_OCTET_STRING"},
+{0,NULL},
+        };
+static ERR_STRING_DATA RSA_str_reasons[]=
+        {
+{RSA_R_ALGORITHM_MISMATCH                ,"algorithm mismatch"},
+{RSA_R_BAD_E_VALUE                       ,"bad e value"},
+{RSA_R_BAD_FIXED_HEADER_DECRYPT          ,"bad fixed header decrypt"},
+{RSA_R_BAD_PAD_BYTE_COUNT                ,"bad pad byte count"},
+{RSA_R_BAD_SIGNATURE                     ,"bad signature"},
+{RSA_R_BAD_ZERO_BYTE                     ,"bad zero byte"},
+{RSA_R_BLOCK_TYPE_IS_NOT_01              ,"block type is not 01"},
+{RSA_R_BLOCK_TYPE_IS_NOT_02              ,"block type is not 02"},
+{RSA_R_DATA_GREATER_THAN_MOD_LEN         ,"data greater than mod len"},
+{RSA_R_DATA_TOO_LARGE                    ,"data too large"},
+{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
+{RSA_R_DATA_TOO_SMALL                    ,"data too small"},
+{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY        ,"digest too big for rsa key"},
+{RSA_R_NULL_BEFORE_BLOCK_MISSING         ,"null before block missing"},
+{RSA_R_PADDING_CHECK_FAILED              ,"padding check failed"},
+{RSA_R_SSLV3_ROLLBACK_ATTACK             ,"sslv3 rollback attack"},
+{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
+{RSA_R_UNKNOWN_ALGORITHM_TYPE            ,"unknown algorithm type"},
+{RSA_R_UNKNOWN_PADDING_TYPE              ,"unknown padding type"},
+{RSA_R_WRONG_SIGNATURE_LENGTH            ,"wrong signature length"},
+{0,NULL},
+        };
+#endif
+void ERR_load_RSA_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_RSA,RSA_str_functs);
+                ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_gen.c b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
new file mode 100644
index 0000000000..4cbd373829
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
@@ -0,0 +1,101 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+RSA *RSA_generate_key(bits, e_value, callback,cb_arg)
+int bits;
+unsigned long e_value;
+void (*callback)(P_I_I_P);
+char *cb_arg;
+        {
+        RSA *rsa=NULL;
+        BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
+        int bitsp,bitsq,ok= -1,n=0;
+        BN_CTX *ctx=NULL,*ctx2=NULL;
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        ctx2=BN_CTX_new();
+        if (ctx2 == NULL) goto err;
+        /* Body of this routine removed for OpenBSD - will return
+         * when the RSA patent expires
+         */
+err:
+        if (ok == -1)
+                {
+                RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
+                ok=0;
+                }
+        BN_CTX_free(ctx);
+        BN_CTX_free(ctx2);
+        
+        if (!ok)
+                {
+                if (rsa != NULL) RSA_free(rsa);
+                return(NULL);
+                }
+        else
+                return(rsa);
+        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
new file mode 100644
index 0000000000..95a56f8a28
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -0,0 +1,294 @@
+/* crypto/rsa/rsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "crypto.h"
+#include "cryptlib.h"
+#include "lhash.h"
+#include "bn.h"
+#include "rsa.h"
+char *RSA_version="RSA part of SSLeay 0.9.0b 29-Jun-1998";
+static RSA_METHOD *default_RSA_meth=NULL;
+static int rsa_meth_num=0;
+static STACK *rsa_meth=NULL;
+RSA *RSA_new()
+        {
+        return(RSA_new_method(NULL));
+        }
+void RSA_set_default_method(meth)
+RSA_METHOD *meth;
+        {
+        default_RSA_meth=meth;
+        }
+RSA *RSA_new_method(meth)
+RSA_METHOD *meth;
+        {
+        RSA *ret;
+        if (default_RSA_meth == NULL)
+                {
+#ifdef RSAref
+                default_RSA_meth=RSA_PKCS1_RSAref();
+#else
+                default_RSA_meth=RSA_PKCS1_SSLeay();
+#endif
+                }
+        ret=(RSA *)Malloc(sizeof(RSA));
+        if (ret == NULL)
+                {
+                RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        if (meth == NULL)
+                ret->meth=default_RSA_meth;
+        else
+                ret->meth=meth;
+        ret->pad=0;
+        ret->version=0;
+        ret->n=NULL;
+        ret->e=NULL;
+        ret->d=NULL;
+        ret->p=NULL;
+        ret->q=NULL;
+        ret->dmp1=NULL;
+        ret->dmq1=NULL;
+        ret->iqmp=NULL;
+        ret->references=1;
+        ret->method_mod_n=NULL;
+        ret->method_mod_p=NULL;
+        ret->method_mod_q=NULL;
+        ret->blinding=NULL;
+        ret->flags=ret->meth->flags;
+        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+                {
+                Free(ret);
+                ret=NULL;
+                }
+        CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
+        return(ret);
+        }
+void RSA_free(r)
+RSA *r;
+        {
+        int i;
+        if (r == NULL) return;
+        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+        REF_PRINT("RSA",r);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"RSA_free, bad reference count\n");
+                abort();
+                }
+#endif
+        CRYPTO_free_ex_data(rsa_meth,(char *)r,&r->ex_data);
+        if (r->meth->finish != NULL)
+                r->meth->finish(r);
+        if (r->n != NULL) BN_clear_free(r->n);
+        if (r->e != NULL) BN_clear_free(r->e);
+        if (r->d != NULL) BN_clear_free(r->d);
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
+        if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
+        if (r->iqmp != NULL) BN_clear_free(r->iqmp);
+        if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
+        Free(r);
+        }
+int RSA_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+        rsa_meth_num++;
+        return(CRYPTO_get_ex_new_index(rsa_meth_num-1,
+                &rsa_meth,argl,argp,new_func,dup_func,free_func));
+        }
+int RSA_set_ex_data(r,idx,arg)
+RSA *r;
+int idx;
+char *arg;
+        {
+        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        }
+char *RSA_get_ex_data(r,idx)
+RSA *r;
+int idx;
+        {
+        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        }
+int RSA_size(r)
+RSA *r;
+        {
+        return(BN_num_bytes(r->n));
+        }
+int RSA_public_encrypt(flen, from, to, rsa, padding)
+int flen;
+unsigned char *from;
+unsigned char *to;
+RSA *rsa;
+int padding;
+        {
+        return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
+        }
+int RSA_private_encrypt(flen, from, to, rsa, padding)
+int flen;
+unsigned char *from;
+unsigned char *to;
+RSA *rsa;
+int padding;
+        {
+        return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
+        }
+int RSA_private_decrypt(flen, from, to, rsa, padding)
+int flen;
+unsigned char *from;
+unsigned char *to;
+RSA *rsa;
+int padding;
+        {
+        return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
+        }
+int RSA_public_decrypt(flen, from, to, rsa, padding)
+int flen;
+unsigned char *from;
+unsigned char *to;
+RSA *rsa;
+int padding;
+        {
+        return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
+        }
+int RSA_flags(r)
+RSA *r;
+        {
+        return((r == NULL)?0:r->meth->flags);
+        }
+void RSA_blinding_off(rsa)
+RSA *rsa;
+        {
+        if (rsa->blinding != NULL)
+                {
+                BN_BLINDING_free(rsa->blinding);
+                rsa->blinding=NULL;
+                }
+        rsa->flags&= ~RSA_FLAG_BLINDING;
+        }
+int RSA_blinding_on(rsa,p_ctx)
+RSA *rsa;
+BN_CTX *p_ctx;
+        {
+        BIGNUM *A,*Ai;
+        BN_CTX *ctx;
+        int ret=0;
+        if (p_ctx == NULL)
+                {
+                if ((ctx=BN_CTX_new()) == NULL) goto err;
+                }
+        else
+                ctx=p_ctx;
+        if (rsa->blinding != NULL)
+                BN_BLINDING_free(rsa->blinding);
+        A=ctx->bn[0];
+        ctx->tos++;
+        if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
+        if ((Ai=BN_mod_inverse(A,rsa->n,ctx)) == NULL) goto err;
+        if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,
+                (char *)rsa->method_mod_n)) goto err;
+        rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
+        ctx->tos--;
+        rsa->flags|=RSA_FLAG_BLINDING;
+        BN_free(Ai);
+        ret=1;
+err:
+        if (ctx != p_ctx) BN_CTX_free(ctx);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_none.c b/src/lib/libssl/src/crypto/rsa/rsa_none.c
new file mode 100644
index 0000000000..f0dd943657
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa_none.c
@@ -0,0 +1,109 @@
+/* crypto/rsa/rsa_none.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "rand.h"
+int RSA_padding_add_none(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+        {
+        if (flen >= tlen)
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                return(0);
+                }
+        
+        *(to++)=0;
+        memcpy(to,from,(unsigned int)flen);
+        return(1);
+        }
+int RSA_padding_check_none(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+        {
+        int j;
+        from++;
+        if (flen+1 > tlen)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE);
+                return(-1);
+                }
+        if (*(from++) != 0)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_BAD_ZERO_BYTE);
+                return(-1);
+                }
+        /* scan over padding data */
+        j=flen-1; /* one for type and one for the prepended 0. */
+        memset(to,0,tlen-j);
+        to+=(tlen-j);
+        memcpy(to,from,j);
+        return(j);
+        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pk1.c b/src/lib/libssl/src/crypto/rsa/rsa_pk1.c
new file mode 100644
index 0000000000..2791291b94
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pk1.c
@@ -0,0 +1,233 @@
+/* crypto/rsa/rsa_pk1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "rand.h"
+#ifndef NOPROTO
+int RSA_padding_add_PKCS1_type_1();
+int RSA_padding_check_PKCS1_type_1();
+int RSA_padding_add_PKCS1_type_2();
+int RSA_padding_check_PKCS1_type_2();
+int RSA_padding_add_SSLv23();
+int RSA_padding_check_SSLv23();
+int RSA_padding_add_none();
+int RSA_padding_check_none();
+#endif
+int RSA_padding_add_PKCS1_type_1(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+        {
+        int j;
+        unsigned char *p;
+        if (flen > (tlen-11))
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                return(0);
+                }
+        
+        p=(unsigned char *)to;
+        *(p++)=0;
+        *(p++)=1; /* Private Key BT (Block Type) */
+        /* padd out with 0xff data */
+        j=tlen-3-flen;
+        memset(p,0xff,j);
+        p+=j;
+        *(p++)='\0';
+        memcpy(p,from,(unsigned int)flen);
+        return(1);
+        }
+int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+        {
+        int i,j;
+        unsigned char *p;
+        p=from;
+        if (*(p++) != 01)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
+                return(-1);
+                }
+        /* scan over padding data */
+        j=flen-1; /* one for type. */
+        for (i=0; i<j; i++)
+                {
+                if (*p != 0xff) /* should decrypt to 0xff */
+                        {
+                        if (*p == 0)
+                                { p++; break; }
+                        else    {
+                                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_FIXED_HEADER_DECRYPT);
+                                return(-1);
+                                }
+                        }
+                p++;
+                }
+        if (i == j)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_NULL_BEFORE_BLOCK_MISSING);
+                return(-1);
+                }
+        if (i < 8)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_PAD_BYTE_COUNT);
+                return(-1);
+                }
+        i++; /* Skip over the '\0' */
+        j-=i;
+        memcpy(to,p,(unsigned int)j);
+        return(j);
+        }
+int RSA_padding_add_PKCS1_type_2(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+        {
+        int i,j;
+        unsigned char *p;
+        
+        if (flen > (tlen-11))
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                return(0);
+                }
+        
+        p=(unsigned char *)to;
+        *(p++)=0;
+        *(p++)=2; /* Public Key BT (Block Type) */
+        /* pad out with non-zero random data */
+        j=tlen-3-flen;
+        RAND_bytes(p,j);
+        for (i=0; i<j; i++)
+                {
+                if (*p == '\0')
+                        do      {
+                                RAND_bytes(p,1);
+                                } while (*p == '\0');
+                p++;
+                }
+        *(p++)='\0';
+        memcpy(p,from,(unsigned int)flen);
+        return(1);
+        }
+int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+        {
+        int i,j;
+        unsigned char *p;
+        p=from;
+        if (*(p++) != 02)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
+                return(-1);
+                }
+        /* scan over padding data */
+        j=flen-1; /* one for type. */
+        for (i=0; i<j; i++)
+                if (*(p++) == 0) break;
+        if (i == j)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING);
+                return(-1);
+                }
+        if (i < 8)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT);
+                return(-1);
+                }
+        i++; /* Skip over the '\0' */
+        j-=i;
+        memcpy(to,p,(unsigned int)j);
+        return(j);
+        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_saos.c b/src/lib/libssl/src/crypto/rsa/rsa_saos.c
new file mode 100644
index 0000000000..fb0fae5a43
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa_saos.c
@@ -0,0 +1,153 @@
+/* crypto/rsa/rsa_saos.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "objects.h"
+#include "x509.h"
+int RSA_sign_ASN1_OCTET_STRING(type,m,m_len,sigret,siglen,rsa)
+int type;
+unsigned char *m;
+unsigned int m_len;
+unsigned char *sigret;
+unsigned int *siglen;
+RSA *rsa;
+        {
+        ASN1_OCTET_STRING sig;
+        int i,j,ret=1;
+        unsigned char *p,*s;
+        sig.type=V_ASN1_OCTET_STRING;
+        sig.length=m_len;
+        sig.data=m;
+        i=i2d_ASN1_OCTET_STRING(&sig,NULL);
+        j=RSA_size(rsa);
+        if ((i-RSA_PKCS1_PADDING) > j)
+                {
+                RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+                return(0);
+                }
+        s=(unsigned char *)Malloc((unsigned int)j+1);
+        if (s == NULL)
+                {
+                RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        p=s;
+        i2d_ASN1_OCTET_STRING(&sig,&p);
+        i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
+        if (i <= 0)
+                ret=0;
+        else
+                *siglen=i;
+        memset(s,0,(unsigned int)j+1);
+        Free(s);
+        return(ret);
+        }
+int RSA_verify_ASN1_OCTET_STRING(dtype, m, m_len, sigbuf, siglen, rsa)
+int dtype;
+unsigned char *m;
+unsigned int m_len;
+unsigned char *sigbuf;
+unsigned int siglen;
+RSA *rsa;
+        {
+        int i,ret=0;
+        unsigned char *p,*s;
+        ASN1_OCTET_STRING *sig=NULL;
+        if (siglen != (unsigned int)RSA_size(rsa))
+                {
+                RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH);
+                return(0);
+                }
+        s=(unsigned char *)Malloc((unsigned int)siglen);
+        if (s == NULL)
+                {
+                RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
+        if (i <= 0) goto err;
+        p=s;
+        sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i);
+        if (sig == NULL) goto err;
+        if (    ((unsigned int)sig->length != m_len) ||
+                (memcmp(m,sig->data,m_len) != 0))
+                {
+                RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE);
+                }
+        else
+                ret=1;
+err:
+        if (sig != NULL) ASN1_OCTET_STRING_free(sig);
+        memset(s,0,(unsigned int)siglen);
+        Free(s);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
new file mode 100644
index 0000000000..28c5571e74
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -0,0 +1,196 @@
+/* crypto/rsa/rsa_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "objects.h"
+#include "x509.h"
+int RSA_sign(type,m,m_len,sigret,siglen,rsa)
+int type;
+unsigned char *m;
+unsigned int m_len;
+unsigned char *sigret;
+unsigned int *siglen;
+RSA *rsa;
+        {
+        X509_SIG sig;
+        ASN1_TYPE parameter;
+        int i,j,ret=1;
+        unsigned char *p,*s;
+        X509_ALGOR algor;
+        ASN1_OCTET_STRING digest;
+        sig.algor= &algor;
+        sig.algor->algorithm=OBJ_nid2obj(type);
+        if (sig.algor->algorithm == NULL)
+                {
+                RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+                return(0);
+                }
+        if (sig.algor->algorithm->length == 0)
+                {
+                RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                return(0);
+                }
+        parameter.type=V_ASN1_NULL;
+        parameter.value.ptr=NULL;
+        sig.algor->parameter= &parameter;
+        sig.digest= &digest;
+        sig.digest->data=m;
+        sig.digest->length=m_len;
+        i=i2d_X509_SIG(&sig,NULL);
+        j=RSA_size(rsa);
+        if ((i-RSA_PKCS1_PADDING) > j)
+                {
+                RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+                return(0);
+                }
+        s=(unsigned char *)Malloc((unsigned int)j+1);
+        if (s == NULL)
+                {
+                RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        p=s;
+        i2d_X509_SIG(&sig,&p);
+        i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
+        if (i <= 0)
+                ret=0;
+        else
+                *siglen=i;
+        memset(s,0,(unsigned int)j+1);
+        Free(s);
+        return(ret);
+        }
+int RSA_verify(dtype, m, m_len, sigbuf, siglen, rsa)
+int dtype;
+unsigned char *m;
+unsigned int m_len;
+unsigned char *sigbuf;
+unsigned int siglen;
+RSA *rsa;
+        {
+        int i,ret=0,sigtype;
+        unsigned char *p,*s;
+        X509_SIG *sig=NULL;
+        if (siglen != (unsigned int)RSA_size(rsa))
+                {
+                RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
+                return(0);
+                }
+        s=(unsigned char *)Malloc((unsigned int)siglen);
+        if (s == NULL)
+                {
+                RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
+        if (i <= 0) goto err;
+        p=s;
+        sig=d2i_X509_SIG(NULL,&p,(long)i);
+        if (sig == NULL) goto err;
+        sigtype=OBJ_obj2nid(sig->algor->algorithm);
+#ifdef RSA_DEBUG
+        /* put a backward compatability flag in EAY */
+        fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
+                OBJ_nid2ln(dtype));
+#endif
+        if (sigtype != dtype)
+                {
+                if (((dtype == NID_md5) &&
+                        (sigtype == NID_md5WithRSAEncryption)) ||
+                        ((dtype == NID_md2) &&
+                        (sigtype == NID_md2WithRSAEncryption)))
+                        {
+                        /* ok, we will let it through */
+#if !defined(NO_STDIO) && !defined(WIN16)
+                        fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
+#endif
+                        }
+                else
+                        {
+                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_ALGORITHM_MISMATCH);
+                        goto err;
+                        }
+                }
+        if (    ((unsigned int)sig->digest->length != m_len) ||
+                (memcmp(m,sig->digest->data,m_len) != 0))
+                {
+                RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                }
+        else
+                ret=1;
+err:
+        if (sig != NULL) X509_SIG_free(sig);
+        memset(s,0,(unsigned int)siglen);
+        Free(s);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_ssl.c b/src/lib/libssl/src/crypto/rsa/rsa_ssl.c
new file mode 100644
index 0000000000..9bcd4b2c03
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa_ssl.c
@@ -0,0 +1,153 @@
+/* crypto/rsa/rsa_ssl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "rand.h"
+int RSA_padding_add_SSLv23(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+        {
+        int i,j;
+        unsigned char *p;
+        
+        if (flen > (tlen-11))
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                return(0);
+                }
+        
+        p=(unsigned char *)to;
+        *(p++)=0;
+        *(p++)=2; /* Public Key BT (Block Type) */
+        /* pad out with non-zero random data */
+        j=tlen-3-8-flen;
+        RAND_bytes(p,j);
+        for (i=0; i<j; i++)
+                {
+                if (*p == '\0')
+                        do      {
+                                RAND_bytes(p,1);
+                                } while (*p == '\0');
+                p++;
+                }
+        memset(p,3,8);
+        p+=8;
+        *(p++)='\0';
+        memcpy(p,from,(unsigned int)flen);
+        return(1);
+        }
+int RSA_padding_check_SSLv23(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+        {
+        int i,j,k;
+        unsigned char *p;
+        p=from;
+        if (flen < 10)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL);
+                return(-1);
+                }
+        if (*(p++) != 02)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02);
+                return(-1);
+                }
+        /* scan over padding data */
+        j=flen-1; /* one for type */
+        for (i=0; i<j; i++)
+                if (*(p++) == 0) break;
+        if ((i == j) || (i < 8))
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);
+                return(-1);
+                }
+        for (k= -8; k<0; k++)
+                {
+                if (p[k] !=  0x03) break;
+                }
+        if (k == 0)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
+                return(-1);
+                }
+        i++; /* Skip over the '\0' */
+        j-=i;
+        memcpy(to,p,(unsigned int)j);
+        return(j);
+        }
diff --git a/src/lib/libssl/src/crypto/sha/asm/README b/src/lib/libssl/src/crypto/sha/asm/README
new file mode 100644
index 0000000000..b7e755765f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/asm/README
@@ -0,0 +1 @@
+C2.pl works
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
new file mode 100644
index 0000000000..d6d998f8ee
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
@@ -0,0 +1,491 @@
+#!/usr/bin/perl
+$normal=0;
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+&asm_init($ARGV[0],"sha1-586.pl");
+$A="eax";
+$B="ebx";
+$C="ecx";
+$D="edx";
+$E="edi";
+$T="esi";
+$tmp1="ebp";
+$off=9*4;
+@K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6);
+&sha1_block("sha1_block_x86");
+&asm_finish();
+sub Nn
+        {
+        local($p)=@_;
+        local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);
+        return($n{$p});
+        }
+sub Np
+        {
+        local($p)=@_;
+        local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);
+        local(%n)=($A,$B,$B,$C,$C,$D,$D,$E,$E,$T,$T,$A);
+        return($n{$p});
+        }
+sub Na
+        {
+        local($n)=@_;
+        return( (($n   )&0x0f),
+                (($n+ 2)&0x0f),
+                (($n+ 8)&0x0f),
+                (($n+13)&0x0f),
+                (($n+ 1)&0x0f));
+        }
+sub X_expand
+        {
+        local($in)=@_;
+        &comment("First, load the words onto the stack in network byte order");
+        for ($i=0; $i<16; $i++)
+                {
+                &mov("eax",&DWP(($i+0)*4,$in,"",0)) unless $i == 0;
+                &bswap("eax");
+                &mov(&swtmp($i+0),"eax");
+                }
+        &comment("We now have the X array on the stack");
+        &comment("starting at sp-4");
+        }
+# Rules of engagement
+# F is always trashable at the start, the running total.
+# E becomes the next F so it can be trashed after it has been 'accumulated'
+# F becomes A in the next round.  We don't need to access it much.
+# During the X update part, the result ends up in $X[$n0].
+sub BODY_00_15
+        {
+        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+return if $n & 1;
+        &comment("00_15 $n");
+         &mov($f,$c);
+        &mov($tmp1,$a);
+         &xor($f,$d);                   # F2
+        &rotl($tmp1,5);                 # A2
+        &and($f,$b);                    # F3
+         &add($tmp1,$e);
+        &rotr($b,1);                    # B1    <- F
+         &mov($e,&swtmp($n));           # G1
+        &rotr($b,1);                    # B1    <- F
+         &xor($f,$d);                   # F4
+        &lea($tmp1,&DWP($K,$tmp1,$e,1));
+############################
+#       &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
+#       &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
+$n++;
+        local($n0,$n1,$n2,$n3,$np)=&Na($n);
+        ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
+         &mov($f,$c);
+        &add($a,$tmp1);         # MOVED DOWN
+         &xor($f,$d);                   # F2
+        &mov($tmp1,$a);
+         &and($f,$b);                   # F3
+        &rotl($tmp1,5);                 # A2
+        &add($tmp1,$e);
+         &mov($e,&swtmp($n));           # G1
+        &rotr($b,1);                    # B1    <- F
+         &xor($f,$d);                   # F4
+        &rotr($b,1);                    # B1    <- F
+         &lea($tmp1,&DWP($K,$tmp1,$e,1));
+        &add($f,$tmp1);
+        }
+sub BODY_16_19
+        {
+        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+        local($n0,$n1,$n2,$n3,$np)=&Na($n);
+return if $n & 1;
+        &comment("16_19 $n");
+ &nop() if ($pos < 0);
+&mov($tmp1,&swtmp($n0));                        # X1
+ &mov($f,&swtmp($n1));                  # X2
+&xor($f,$tmp1);                         # X3
+ &mov($tmp1,&swtmp($n2));               # X4
+&xor($f,$tmp1);                         # X5
+ &mov($tmp1,&swtmp($n3));               # X6
+&xor($f,$tmp1);                         # X7 - slot
+ &mov($tmp1,$c);                        # F1
+&rotl($f,1);                            # X8 - slot
+ &xor($tmp1,$d);                        # F2
+&mov(&swtmp($n0),$f);                   # X9 - anytime
+ &and($tmp1,$b);                        # F3
+&lea($f,&DWP($K,$f,$e,1));              # tot=X+K+e
+ &xor($tmp1,$d);                                # F4
+&mov($e,$a);                            # A1
+ &add($f,$tmp1);                        # tot+=F();
+&rotl($e,5);                            # A2
+&rotr($b,1);                            # B1    <- F
+ &add($f,$e);                           # tot+=a
+############################
+#       &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
+#       &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
+$n++;
+        local($n0,$n1,$n2,$n3,$np)=&Na($n);
+        ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
+&mov($f,&swtmp($n0));                   # X1
+ &mov($tmp1,&swtmp($n1));               # X2
+&xor($f,$tmp1);                         # X3
+ &mov($tmp1,&swtmp($n2));               # X4
+&xor($f,$tmp1);                         # X5
+ &mov($tmp1,&swtmp($n3));               # X6
+&rotr($c,1); #&rotr($b,1);              # B1    <- F # MOVED DOWN
+ &xor($f,$tmp1);                                # X7 - slot
+&rotl($f,1);                            # X8 - slot
+ &mov($tmp1,$c);                        # F1
+&xor($tmp1,$d);                 # F2
+ &mov(&swtmp($n0),$f);                  # X9 - anytime
+&and($tmp1,$b);                 # F3
+ &lea($f,&DWP($K,$f,$e,1));             # tot=X+K+e
+&xor($tmp1,$d);                         # F4
+ &mov($e,$a);                           # A1
+&rotl($e,5);                            # A2
+&rotr($b,1);                            # B1    <- F
+ &add($f,$e);                           # tot+=a
+&rotr($b,1);                            # B1    <- F
+ &add($f,$tmp1);                        # tot+=F();
+        }
+sub BODY_20_39
+        {
+        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+        &comment("20_39 $n");
+        local($n0,$n1,$n2,$n3,$np)=&Na($n);
+&mov($f,&swtmp($n0));                   # X1
+ &mov($tmp1,&swtmp($n1));               # X2
+&xor($f,$tmp1);                         # X3
+ &mov($tmp1,&swtmp($n2));               # X4
+&xor($f,$tmp1);                         # X5
+ &mov($tmp1,&swtmp($n3));               # X6
+&xor($f,$tmp1);                         # X7 - slot
+ &mov($tmp1,$b);                        # F1
+&rotl($f,1);                            # X8 - slot
+ &xor($tmp1,$c);                        # F2
+&mov(&swtmp($n0),$f);                   # X9 - anytime
+ &xor($tmp1,$d);                        # F3
+&lea($f,&DWP($K,$f,$e,1));              # tot=X+K+e
+ &mov($e,$a);                           # A1
+&rotl($e,5);                            # A2
+if ($n != 79) # last loop       
+        {
+        &rotr($b,1);                            # B1    <- F
+         &add($e,$tmp1);                        # tmp1=F()+a
+        &rotr($b,1);                            # B2    <- F
+         &add($f,$e);                           # tot+=tmp1;
+        }
+else
+        {
+        &add($e,$tmp1);                         # tmp1=F()+a
+         &mov($tmp1,&wparam(0));
+        &rotr($b,1);                            # B1    <- F
+         &add($f,$e);                           # tot+=tmp1;
+        &rotr($b,1);                            # B2    <- F
+        }
+        }
+sub BODY_40_59
+        {
+        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+        &comment("40_59 $n");
+        return if $n & 1;
+        local($n0,$n1,$n2,$n3,$np)=&Na($n);
+&mov($f,&swtmp($n0));                   # X1
+ &mov($tmp1,&swtmp($n1));               # X2
+&xor($f,$tmp1);                         # X3
+ &mov($tmp1,&swtmp($n2));               # X4
+&xor($f,$tmp1);                         # X5
+ &mov($tmp1,&swtmp($n3));               # X6
+&xor($f,$tmp1);                         # X7 - slot
+ &mov($tmp1,$b);                        # F1
+&rotl($f,1);                            # X8 - slot
+ &or($tmp1,$c);                         # F2
+&mov(&swtmp($n0),$f);                   # X9 - anytime
+ &and($tmp1,$d);                        # F3
+&lea($f,&DWP($K,$f,$e,1));              # tot=X+K+e
+ &mov($e,$b);                           # F4
+&rotr($b,1);                            # B1    <- F
+ &and($e,$c);                           # F5
+&or($tmp1,$e);                          # F6
+ &mov($e,$a);                           # A1
+&rotl($e,5);                            # A2
+&add($tmp1,$e);                 # tmp1=F()+a
+############################
+#       &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
+#       &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
+$n++;
+        local($n0,$n1,$n2,$n3,$np)=&Na($n);
+        ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
+ &mov($f,&swtmp($n0));                  # X1
+&add($a,$tmp1);                         # tot+=tmp1; # moved was add f,tmp1
+ &mov($tmp1,&swtmp($n1));               # X2
+&xor($f,$tmp1);                         # X3
+ &mov($tmp1,&swtmp($n2));               # X4
+&xor($f,$tmp1);                         # X5
+ &mov($tmp1,&swtmp($n3));               # X6
+&rotr($c,1);                            # B2    <- F # moved was rotr b,1
+ &xor($f,$tmp1);                        # X7 - slot
+&rotl($f,1);                            # X8 - slot
+ &mov($tmp1,$b);                        # F1
+&mov(&swtmp($n0),$f);                   # X9 - anytime
+ &or($tmp1,$c);                         # F2
+&lea($f,&DWP($K,$f,$e,1));              # tot=X+K+e
+ &mov($e,$b);                           # F4
+&and($tmp1,$d);                         # F3
+ &and($e,$c);                           # F5
+&or($tmp1,$e);                          # F6
+ &mov($e,$a);                           # A1
+&rotl($e,5);                            # A2
+&rotr($b,1);                            # B1    <- F
+ &add($tmp1,$e);                        # tmp1=F()+a
+&rotr($b,1);                            # B2    <- F
+ &add($f,$tmp1);                        # tot+=tmp1;
+        }
+sub BODY_60_79
+        {
+        &BODY_20_39(@_);
+        }
+sub sha1_block
+        {
+        local($name)=@_;
+        &function_begin_B($name,"");
+        # parameter 1 is the MD5_CTX structure.
+        # A     0
+        # B     4
+        # C     8
+        # D     12
+        # E     16
+        &push("esi");
+         &push("ebp");
+        &mov("eax",     &wparam(2));
+         &mov("esi",    &wparam(1));
+        &add("eax",     "esi"); # offset to leave on
+         &mov("ebp",    &wparam(0));
+        &push("ebx");
+         &sub("eax",    64);
+        &push("edi");
+         &mov($B,       &DWP( 4,"ebp","",0));
+        &stack_push(18);
+         &mov($D,       &DWP(12,"ebp","",0));
+        &mov($E,        &DWP(16,"ebp","",0));
+         &mov($C,       &DWP( 8,"ebp","",0));
+        &mov(&swtmp(17),"eax");
+        &comment("First we need to setup the X array");
+         &mov("eax",&DWP(0,"esi","",0)); # pulled out of X_expand
+        &set_label("start") unless $normal;
+        &X_expand("esi");
+         &mov(&swtmp(16),"esi");
+        &comment("");
+        &comment("Start processing");
+        # odd start
+        &mov($A,        &DWP( 0,"ebp","",0));
+        $X="esp";
+        &BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T);
+        &BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E);
+        &BODY_00_15( 0,$K[0],$X, 2,$E,$T,$A,$B,$C,$D);
+        &BODY_00_15( 0,$K[0],$X, 3,$D,$E,$T,$A,$B,$C);
+        &BODY_00_15( 0,$K[0],$X, 4,$C,$D,$E,$T,$A,$B);
+        &BODY_00_15( 0,$K[0],$X, 5,$B,$C,$D,$E,$T,$A);
+        &BODY_00_15( 0,$K[0],$X, 6,$A,$B,$C,$D,$E,$T);
+        &BODY_00_15( 0,$K[0],$X, 7,$T,$A,$B,$C,$D,$E);
+        &BODY_00_15( 0,$K[0],$X, 8,$E,$T,$A,$B,$C,$D);
+        &BODY_00_15( 0,$K[0],$X, 9,$D,$E,$T,$A,$B,$C);
+        &BODY_00_15( 0,$K[0],$X,10,$C,$D,$E,$T,$A,$B);
+        &BODY_00_15( 0,$K[0],$X,11,$B,$C,$D,$E,$T,$A);
+        &BODY_00_15( 0,$K[0],$X,12,$A,$B,$C,$D,$E,$T);
+        &BODY_00_15( 0,$K[0],$X,13,$T,$A,$B,$C,$D,$E);
+        &BODY_00_15( 0,$K[0],$X,14,$E,$T,$A,$B,$C,$D);
+        &BODY_00_15( 1,$K[0],$X,15,$D,$E,$T,$A,$B,$C);
+        &BODY_16_19(-1,$K[0],$X,16,$C,$D,$E,$T,$A,$B);
+        &BODY_16_19( 0,$K[0],$X,17,$B,$C,$D,$E,$T,$A);
+        &BODY_16_19( 0,$K[0],$X,18,$A,$B,$C,$D,$E,$T);
+        &BODY_16_19( 1,$K[0],$X,19,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39(-1,$K[1],$X,20,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39( 0,$K[1],$X,21,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39( 0,$K[1],$X,22,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39( 0,$K[1],$X,23,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39( 0,$K[1],$X,24,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39( 0,$K[1],$X,25,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39( 0,$K[1],$X,26,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39( 0,$K[1],$X,27,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39( 0,$K[1],$X,28,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39( 0,$K[1],$X,29,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39( 0,$K[1],$X,30,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39( 0,$K[1],$X,31,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39( 0,$K[1],$X,32,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39( 0,$K[1],$X,33,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39( 0,$K[1],$X,34,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39( 0,$K[1],$X,35,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39( 0,$K[1],$X,36,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39( 0,$K[1],$X,37,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39( 0,$K[1],$X,38,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39( 1,$K[1],$X,39,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59(-1,$K[2],$X,40,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59( 0,$K[2],$X,41,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59( 0,$K[2],$X,44,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59( 0,$K[2],$X,45,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59( 0,$K[2],$X,46,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59( 0,$K[2],$X,47,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59( 0,$K[2],$X,48,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59( 0,$K[2],$X,49,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59( 0,$K[2],$X,50,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59( 0,$K[2],$X,51,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59( 0,$K[2],$X,52,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59( 0,$K[2],$X,53,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59( 0,$K[2],$X,54,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59( 0,$K[2],$X,55,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59( 0,$K[2],$X,56,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59( 0,$K[2],$X,57,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59( 0,$K[2],$X,58,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59( 1,$K[2],$X,59,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79(-1,$K[3],$X,60,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79( 0,$K[3],$X,61,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79( 0,$K[3],$X,62,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79( 0,$K[3],$X,63,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79( 0,$K[3],$X,64,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79( 0,$K[3],$X,65,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79( 0,$K[3],$X,66,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79( 0,$K[3],$X,67,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79( 0,$K[3],$X,68,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79( 0,$K[3],$X,69,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79( 0,$K[3],$X,70,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79( 0,$K[3],$X,71,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79( 0,$K[3],$X,72,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79( 0,$K[3],$X,73,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79( 0,$K[3],$X,74,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79( 0,$K[3],$X,75,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79( 0,$K[3],$X,76,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79( 0,$K[3],$X,77,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79( 0,$K[3],$X,78,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79( 2,$K[3],$X,79,$T,$A,$B,$C,$D,$E);
+        &comment("End processing");
+        &comment("");
+        # D is the tmp value
+        # E -> A
+        # T -> B
+        # A -> C
+        # B -> D
+        # C -> E
+        # D -> T
+        # The last 2 have been moved into the last loop
+        # &mov($tmp1,&wparam(0));
+         &mov($D,       &DWP(12,$tmp1,"",0));
+        &add($D,$B);
+         &mov($B,       &DWP( 4,$tmp1,"",0));
+        &add($B,$T);
+         &mov($T,       $A);
+        &mov($A,        &DWP( 0,$tmp1,"",0));
+         &mov(&DWP(12,$tmp1,"",0),$D);
+        &add($A,$E);
+         &mov($E,       &DWP(16,$tmp1,"",0));
+        &add($E,$C);
+         &mov($C,       &DWP( 8,$tmp1,"",0));
+        &add($C,$T);
+         &mov(&DWP( 0,$tmp1,"",0),$A);
+        &mov("esi",&swtmp(16));
+         &mov(&DWP( 8,$tmp1,"",0),$C);  # This is for looping
+        &add("esi",64);
+         &mov("eax",&swtmp(17));
+        &mov(&DWP(16,$tmp1,"",0),$E);
+         &cmp("eax","esi");
+        &mov(&DWP( 4,$tmp1,"",0),$B);   # This is for looping
+         &jl(&label("end"));
+        &mov("eax",&DWP(0,"esi","",0)); # Pulled down from 
+         &jmp(&label("start"));
+        &set_label("end");
+        &stack_pop(18);
+         &pop("edi");
+        &pop("ebx");
+         &pop("ebp");
+        &pop("esi");
+         &ret();
+        &function_end_B($name);
+        }
diff --git a/src/lib/libssl/src/crypto/sha/sha.c b/src/lib/libssl/src/crypto/sha/sha.c
new file mode 100644
index 0000000000..713fec3610
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/sha.c
@@ -0,0 +1,135 @@
+/* crypto/sha/sha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "sha.h"
+#define BUFSIZE 1024*16
+#ifndef NOPROTO
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+#else
+void do_fp();
+void pt();
+int read();
+#endif
+int main(argc, argv)
+int argc;
+char **argv;
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("SHA(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+void do_fp(f)
+FILE *f;
+        {
+        SHA_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+        int fd;
+        int i;
+        unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        SHA_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                SHA_Update(&c,buf,(unsigned long)i);
+                }
+        SHA_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(md)
+unsigned char *md;
+        {
+        int i;
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libssl/src/crypto/sha/sha.h b/src/lib/libssl/src/crypto/sha/sha.h
new file mode 100644
index 0000000000..4cf0ea0225
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/sha.h
@@ -0,0 +1,109 @@
+/* crypto/sha/sha.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_SHA_H
+#define HEADER_SHA_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#define SHA_CBLOCK      64
+#define SHA_LBLOCK      16
+#define SHA_BLOCK       16
+#define SHA_LAST_BLOCK  56
+#define SHA_LENGTH_BLOCK 8
+#define SHA_DIGEST_LENGTH 20
+typedef struct SHAstate_st
+        {
+        unsigned long h0,h1,h2,h3,h4;
+        unsigned long Nl,Nh;
+        unsigned long data[SHA_LBLOCK];
+        int num;
+        } SHA_CTX;
+#ifndef NOPROTO
+void SHA_Init(SHA_CTX *c);
+void SHA_Update(SHA_CTX *c, unsigned char *data, unsigned long len);
+void SHA_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA(unsigned char *d, unsigned long n,unsigned char *md);
+void SHA_Transform(SHA_CTX *c, unsigned char *data);
+void SHA1_Init(SHA_CTX *c);
+void SHA1_Update(SHA_CTX *c, unsigned char *data, unsigned long len);
+void SHA1_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA1(unsigned char *d, unsigned long n,unsigned char *md);
+void SHA1_Transform(SHA_CTX *c, unsigned char *data);
+#else
+void SHA_Init();
+void SHA_Update();
+void SHA_Final();
+unsigned char *SHA();
+void SHA_Transform();
+void SHA1_Init();
+void SHA1_Update();
+void SHA1_Final();
+unsigned char *SHA1();
+void SHA1_Transform();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/sha/sha1.c b/src/lib/libssl/src/crypto/sha/sha1.c
new file mode 100644
index 0000000000..a4739ac9fd
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/sha1.c
@@ -0,0 +1,135 @@
+/* crypto/sha/sha1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "sha.h"
+#define BUFSIZE 1024*16
+#ifndef NOPROTO
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+#else
+void do_fp();
+void pt();
+int read();
+#endif
+int main(argc, argv)
+int argc;
+char **argv;
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("SHA1(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+void do_fp(f)
+FILE *f;
+        {
+        SHA_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+        int fd;
+        int i;
+        unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        SHA1_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                SHA1_Update(&c,buf,(unsigned long)i);
+                }
+        SHA1_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(md)
+unsigned char *md;
+        {
+        int i;
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libssl/src/crypto/sha/sha1_one.c b/src/lib/libssl/src/crypto/sha/sha1_one.c
new file mode 100644
index 0000000000..fe5770d601
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/sha1_one.c
@@ -0,0 +1,77 @@
+/* crypto/sha/sha1_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include "sha.h"
+unsigned char *SHA1(d, n, md)
+unsigned char *d;
+unsigned long n;
+unsigned char *md;
+        {
+        SHA_CTX c;
+        static unsigned char m[SHA_DIGEST_LENGTH];
+        if (md == NULL) md=m;
+        SHA1_Init(&c);
+        SHA1_Update(&c,d,n);
+        SHA1_Final(md,&c);
+        memset(&c,0,sizeof(c));
+        return(md);
+        }
diff --git a/src/lib/libssl/src/crypto/sha/sha1dgst.c b/src/lib/libssl/src/crypto/sha/sha1dgst.c
new file mode 100644
index 0000000000..2b0ae1f0d4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/sha1dgst.c
@@ -0,0 +1,468 @@
+/* crypto/sha/sha1dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#undef  SHA_0
+#define SHA_1
+#include "sha.h"
+#include "sha_locl.h"
+char *SHA1_version="SHA1 part of SSLeay 0.9.0b 29-Jun-1998";
+/* Implemented from SHA-1 document - The Secure Hash Algorithm
+ */
+#define INIT_DATA_h0 (unsigned long)0x67452301L
+#define INIT_DATA_h1 (unsigned long)0xefcdab89L
+#define INIT_DATA_h2 (unsigned long)0x98badcfeL
+#define INIT_DATA_h3 (unsigned long)0x10325476L
+#define INIT_DATA_h4 (unsigned long)0xc3d2e1f0L
+#define K_00_19 0x5a827999L
+#define K_20_39 0x6ed9eba1L
+#define K_40_59 0x8f1bbcdcL
+#define K_60_79 0xca62c1d6L
+#ifndef NOPROTO
+#  ifdef SHA1_ASM
+     void sha1_block_x86(SHA_CTX *c, register unsigned long *p, int num);
+#    define sha1_block sha1_block_x86
+#  else
+     void sha1_block(SHA_CTX *c, register unsigned long *p, int num);
+#  endif
+#else
+#  ifdef SHA1_ASM
+     void sha1_block_x86();
+#    define sha1_block sha1_block_x86
+#  else
+     void sha1_block();
+#  endif
+#endif
+#if defined(L_ENDIAN) && defined(SHA1_ASM)
+#  define       M_c2nl          c2l
+#  define       M_p_c2nl        p_c2l
+#  define       M_c2nl_p        c2l_p
+#  define       M_p_c2nl_p      p_c2l_p
+#  define       M_nl2c          l2c
+#else
+#  define       M_c2nl          c2nl
+#  define       M_p_c2nl        p_c2nl
+#  define       M_c2nl_p        c2nl_p
+#  define       M_p_c2nl_p      p_c2nl_p
+#  define       M_nl2c          nl2c
+#endif
+void SHA1_Init(c)
+SHA_CTX *c;
+        {
+        c->h0=INIT_DATA_h0;
+        c->h1=INIT_DATA_h1;
+        c->h2=INIT_DATA_h2;
+        c->h3=INIT_DATA_h3;
+        c->h4=INIT_DATA_h4;
+        c->Nl=0;
+        c->Nh=0;
+        c->num=0;
+        }
+void SHA1_Update(c, data, len)
+SHA_CTX *c;
+register unsigned char *data;
+unsigned long len;
+        {
+        register ULONG *p;
+        int ew,ec,sw,sc;
+        ULONG l;
+        if (len == 0) return;
+        l=(c->Nl+(len<<3))&0xffffffffL;
+        if (l < c->Nl) /* overflow */
+                c->Nh++;
+        c->Nh+=(len>>29);
+        c->Nl=l;
+        if (c->num != 0)
+                {
+                p=c->data;
+                sw=c->num>>2;
+                sc=c->num&0x03;
+                if ((c->num+len) >= SHA_CBLOCK)
+                        {
+                        l= p[sw];
+                        M_p_c2nl(data,l,sc);
+                        p[sw++]=l;
+                        for (; sw<SHA_LBLOCK; sw++)
+                                {
+                                M_c2nl(data,l);
+                                p[sw]=l;
+                                }
+                        len-=(SHA_CBLOCK-c->num);
+                        sha1_block(c,p,64);
+                        c->num=0;
+                        /* drop through and do the rest */
+                        }
+                else
+                        {
+                        c->num+=(int)len;
+                        if ((sc+len) < 4) /* ugly, add char's to a word */
+                                {
+                                l= p[sw];
+                                M_p_c2nl_p(data,l,sc,len);
+                                p[sw]=l;
+                                }
+                        else
+                                {
+                                ew=(c->num>>2);
+                                ec=(c->num&0x03);
+                                l= p[sw];
+                                M_p_c2nl(data,l,sc);
+                                p[sw++]=l;
+                                for (; sw < ew; sw++)
+                                        { M_c2nl(data,l); p[sw]=l; }
+                                if (ec)
+                                        {
+                                        M_c2nl_p(data,l,ec);
+                                        p[sw]=l;
+                                        }
+                                }
+                        return;
+                        }
+                }
+        /* We can only do the following code for assember, the reason
+         * being that the sha1_block 'C' version changes the values
+         * in the 'data' array.  The assember code avoids this and
+         * copies it to a local array.  I should be able to do this for
+         * the C version as well....
+         */
+#if 1
+#if defined(B_ENDIAN) || defined(SHA1_ASM)
+        if ((((unsigned int)data)%sizeof(ULONG)) == 0)
+                {
+                sw=len/SHA_CBLOCK;
+                if (sw)
+                        {
+                        sw*=SHA_CBLOCK;
+                        sha1_block(c,(ULONG *)data,sw);
+                        data+=sw;
+                        len-=sw;
+                        }
+                }
+#endif
+#endif
+        /* we now can process the input data in blocks of SHA_CBLOCK
+         * chars and save the leftovers to c->data. */
+        p=c->data;
+        while (len >= SHA_CBLOCK)
+                {
+#if defined(B_ENDIAN) || defined(L_ENDIAN)
+                if (p != (unsigned long *)data)
+                        memcpy(p,data,SHA_CBLOCK);
+                data+=SHA_CBLOCK;
+#  ifdef L_ENDIAN
+#    ifndef SHA1_ASM /* Will not happen */
+                for (sw=(SHA_LBLOCK/4); sw; sw--)
+                        {
+                        Endian_Reverse32(p[0]);
+                        Endian_Reverse32(p[1]);
+                        Endian_Reverse32(p[2]);
+                        Endian_Reverse32(p[3]);
+                        p+=4;
+                        }
+                p=c->data;
+#    endif
+#  endif
+#else
+                for (sw=(SHA_BLOCK/4); sw; sw--)
+                        {
+                        M_c2nl(data,l); *(p++)=l;
+                        M_c2nl(data,l); *(p++)=l;
+                        M_c2nl(data,l); *(p++)=l;
+                        M_c2nl(data,l); *(p++)=l;
+                        }
+                p=c->data;
+#endif
+                sha1_block(c,p,64);
+                len-=SHA_CBLOCK;
+                }
+        ec=(int)len;
+        c->num=ec;
+        ew=(ec>>2);
+        ec&=0x03;
+        for (sw=0; sw < ew; sw++)
+                { M_c2nl(data,l); p[sw]=l; }
+        M_c2nl_p(data,l,ec);
+        p[sw]=l;
+        }
+void SHA1_Transform(c,b)
+SHA_CTX *c;
+unsigned char *b;
+        {
+        ULONG p[16];
+#ifndef B_ENDIAN
+        ULONG *q;
+        int i;
+#endif
+#if defined(B_ENDIAN) || defined(L_ENDIAN)
+        memcpy(p,b,64);
+#ifdef L_ENDIAN
+        q=p;
+        for (i=(SHA_LBLOCK/4); i; i--)
+                {
+                Endian_Reverse32(q[0]);
+                Endian_Reverse32(q[1]);
+                Endian_Reverse32(q[2]);
+                Endian_Reverse32(q[3]);
+                q+=4;
+                }
+#endif
+#else
+        q=p;
+        for (i=(SHA_LBLOCK/4); i; i--)
+                {
+                ULONG l;
+                c2nl(b,l); *(q++)=l;
+                c2nl(b,l); *(q++)=l;
+                c2nl(b,l); *(q++)=l;
+                c2nl(b,l); *(q++)=l; 
+                } 
+#endif
+        sha1_block(c,p,64);
+        }
+#ifndef SHA1_ASM
+void sha1_block(c, W, num)
+SHA_CTX *c;
+register unsigned long *W;
+int num;
+        {
+        register ULONG A,B,C,D,E,T;
+        ULONG X[16];
+        A=c->h0;
+        B=c->h1;
+        C=c->h2;
+        D=c->h3;
+        E=c->h4;
+        for (;;)
+                {
+        BODY_00_15( 0,A,B,C,D,E,T,W);
+        BODY_00_15( 1,T,A,B,C,D,E,W);
+        BODY_00_15( 2,E,T,A,B,C,D,W);
+        BODY_00_15( 3,D,E,T,A,B,C,W);
+        BODY_00_15( 4,C,D,E,T,A,B,W);
+        BODY_00_15( 5,B,C,D,E,T,A,W);
+        BODY_00_15( 6,A,B,C,D,E,T,W);
+        BODY_00_15( 7,T,A,B,C,D,E,W);
+        BODY_00_15( 8,E,T,A,B,C,D,W);
+        BODY_00_15( 9,D,E,T,A,B,C,W);
+        BODY_00_15(10,C,D,E,T,A,B,W);
+        BODY_00_15(11,B,C,D,E,T,A,W);
+        BODY_00_15(12,A,B,C,D,E,T,W);
+        BODY_00_15(13,T,A,B,C,D,E,W);
+        BODY_00_15(14,E,T,A,B,C,D,W);
+        BODY_00_15(15,D,E,T,A,B,C,W);
+        BODY_16_19(16,C,D,E,T,A,B,W,W,W,W);
+        BODY_16_19(17,B,C,D,E,T,A,W,W,W,W);
+        BODY_16_19(18,A,B,C,D,E,T,W,W,W,W);
+        BODY_16_19(19,T,A,B,C,D,E,W,W,W,X);
+        BODY_20_31(20,E,T,A,B,C,D,W,W,W,X);
+        BODY_20_31(21,D,E,T,A,B,C,W,W,W,X);
+        BODY_20_31(22,C,D,E,T,A,B,W,W,W,X);
+        BODY_20_31(23,B,C,D,E,T,A,W,W,W,X);
+        BODY_20_31(24,A,B,C,D,E,T,W,W,X,X);
+        BODY_20_31(25,T,A,B,C,D,E,W,W,X,X);
+        BODY_20_31(26,E,T,A,B,C,D,W,W,X,X);
+        BODY_20_31(27,D,E,T,A,B,C,W,W,X,X);
+        BODY_20_31(28,C,D,E,T,A,B,W,W,X,X);
+        BODY_20_31(29,B,C,D,E,T,A,W,W,X,X);
+        BODY_20_31(30,A,B,C,D,E,T,W,X,X,X);
+        BODY_20_31(31,T,A,B,C,D,E,W,X,X,X);
+        BODY_32_39(32,E,T,A,B,C,D,X);
+        BODY_32_39(33,D,E,T,A,B,C,X);
+        BODY_32_39(34,C,D,E,T,A,B,X);
+        BODY_32_39(35,B,C,D,E,T,A,X);
+        BODY_32_39(36,A,B,C,D,E,T,X);
+        BODY_32_39(37,T,A,B,C,D,E,X);
+        BODY_32_39(38,E,T,A,B,C,D,X);
+        BODY_32_39(39,D,E,T,A,B,C,X);
+        BODY_40_59(40,C,D,E,T,A,B,X);
+        BODY_40_59(41,B,C,D,E,T,A,X);
+        BODY_40_59(42,A,B,C,D,E,T,X);
+        BODY_40_59(43,T,A,B,C,D,E,X);
+        BODY_40_59(44,E,T,A,B,C,D,X);
+        BODY_40_59(45,D,E,T,A,B,C,X);
+        BODY_40_59(46,C,D,E,T,A,B,X);
+        BODY_40_59(47,B,C,D,E,T,A,X);
+        BODY_40_59(48,A,B,C,D,E,T,X);
+        BODY_40_59(49,T,A,B,C,D,E,X);
+        BODY_40_59(50,E,T,A,B,C,D,X);
+        BODY_40_59(51,D,E,T,A,B,C,X);
+        BODY_40_59(52,C,D,E,T,A,B,X);
+        BODY_40_59(53,B,C,D,E,T,A,X);
+        BODY_40_59(54,A,B,C,D,E,T,X);
+        BODY_40_59(55,T,A,B,C,D,E,X);
+        BODY_40_59(56,E,T,A,B,C,D,X);
+        BODY_40_59(57,D,E,T,A,B,C,X);
+        BODY_40_59(58,C,D,E,T,A,B,X);
+        BODY_40_59(59,B,C,D,E,T,A,X);
+        BODY_60_79(60,A,B,C,D,E,T,X);
+        BODY_60_79(61,T,A,B,C,D,E,X);
+        BODY_60_79(62,E,T,A,B,C,D,X);
+        BODY_60_79(63,D,E,T,A,B,C,X);
+        BODY_60_79(64,C,D,E,T,A,B,X);
+        BODY_60_79(65,B,C,D,E,T,A,X);
+        BODY_60_79(66,A,B,C,D,E,T,X);
+        BODY_60_79(67,T,A,B,C,D,E,X);
+        BODY_60_79(68,E,T,A,B,C,D,X);
+        BODY_60_79(69,D,E,T,A,B,C,X);
+        BODY_60_79(70,C,D,E,T,A,B,X);
+        BODY_60_79(71,B,C,D,E,T,A,X);
+        BODY_60_79(72,A,B,C,D,E,T,X);
+        BODY_60_79(73,T,A,B,C,D,E,X);
+        BODY_60_79(74,E,T,A,B,C,D,X);
+        BODY_60_79(75,D,E,T,A,B,C,X);
+        BODY_60_79(76,C,D,E,T,A,B,X);
+        BODY_60_79(77,B,C,D,E,T,A,X);
+        BODY_60_79(78,A,B,C,D,E,T,X);
+        BODY_60_79(79,T,A,B,C,D,E,X);
+        
+        c->h0=(c->h0+E)&0xffffffffL; 
+        c->h1=(c->h1+T)&0xffffffffL;
+        c->h2=(c->h2+A)&0xffffffffL;
+        c->h3=(c->h3+B)&0xffffffffL;
+        c->h4=(c->h4+C)&0xffffffffL;
+        num-=64;
+        if (num <= 0) break;
+        A=c->h0;
+        B=c->h1;
+        C=c->h2;
+        D=c->h3;
+        E=c->h4;
+        W+=16;
+                }
+        }
+#endif
+void SHA1_Final(md, c)
+unsigned char *md;
+SHA_CTX *c;
+        {
+        register int i,j;
+        register ULONG l;
+        register ULONG *p;
+        static unsigned char end[4]={0x80,0x00,0x00,0x00};
+        unsigned char *cp=end;
+        /* c->num should definitly have room for at least one more byte. */
+        p=c->data;
+        j=c->num;
+        i=j>>2;
+#ifdef PURIFY
+        if ((j&0x03) == 0) p[i]=0;
+#endif
+        l=p[i];
+        M_p_c2nl(cp,l,j&0x03);
+        p[i]=l;
+        i++;
+        /* i is the next 'undefined word' */
+        if (c->num >= SHA_LAST_BLOCK)
+                {
+                for (; i<SHA_LBLOCK; i++)
+                        p[i]=0;
+                sha1_block(c,p,64);
+                i=0;
+                }
+        for (; i<(SHA_LBLOCK-2); i++)
+                p[i]=0;
+        p[SHA_LBLOCK-2]=c->Nh;
+        p[SHA_LBLOCK-1]=c->Nl;
+#if defined(L_ENDIAN) && defined(SHA1_ASM)
+        Endian_Reverse32(p[SHA_LBLOCK-2]);
+        Endian_Reverse32(p[SHA_LBLOCK-1]);
+#endif
+        sha1_block(c,p,64);
+        cp=md;
+        l=c->h0; nl2c(l,cp);
+        l=c->h1; nl2c(l,cp);
+        l=c->h2; nl2c(l,cp);
+        l=c->h3; nl2c(l,cp);
+        l=c->h4; nl2c(l,cp);
+        /* clear stuff, sha1_block may be leaving some stuff on the stack
+         * but I'm not worried :-) */
+        c->num=0;
+/*      memset((char *)&c,0,sizeof(c));*/
+        }
diff --git a/src/lib/libssl/src/crypto/sha/sha1s.cpp b/src/lib/libssl/src/crypto/sha/sha1s.cpp
new file mode 100644
index 0000000000..0163377de6
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/sha1s.cpp
@@ -0,0 +1,79 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "sha.h"
+extern "C" {
+void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num);
+}
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        SHA_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        sha1_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        sha1_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        sha1_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        sha1_block_x86(&ctx,buffer,num);
+                        }
+                printf("sha1 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/sha/sha1test.c b/src/lib/libssl/src/crypto/sha/sha1test.c
new file mode 100644
index 0000000000..3c62a218b4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/sha1test.c
@@ -0,0 +1,155 @@
+/* crypto/sha/sha1test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "sha.h"
+#undef SHA_0 /* FIPS 180 */
+#define  SHA_1 /* FIPS 180-1 */
+char *test[]={
+        "abc",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        NULL,
+        };
+#ifdef SHA_0
+char *ret[]={
+        "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+        "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+        };
+char *bigret=
+        "3232affa48628a26653b5aaa44541fd90d690603";
+#endif
+#ifdef SHA_1
+char *ret[]={
+        "a9993e364706816aba3e25717850c26c9cd0d89d",
+        "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+        };
+char *bigret=
+        "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+#endif
+#ifndef NOPROTO
+static char *pt(unsigned char *md);
+#else
+static char *pt();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        static unsigned char buf[1000];
+        char *p,*r;
+        SHA_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                p=pt(SHA1(*P,(unsigned long)strlen((char *)*P),NULL));
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating SHA1 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        memset(buf,'a',1000);
+        SHA1_Init(&c);
+        for (i=0; i<1000; i++)
+                SHA1_Update(&c,buf,1000);
+        SHA1_Final(md,&c);
+        p=pt(md);
+        r=bigret;
+        if (strcmp(p,r) != 0)
+                {
+                printf("error calculating SHA1 on 'a' * 1000\n");
+                printf("got %s instead of %s\n",p,r);
+                err++;
+                }
+        else
+                printf("test 3 ok\n");
+        exit(err);
+        return(0);
+        }
+static char *pt(md)
+unsigned char *md;
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
diff --git a/src/lib/libssl/src/crypto/sha/sha_dgst.c b/src/lib/libssl/src/crypto/sha/sha_dgst.c
new file mode 100644
index 0000000000..8ed533ea26
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/sha_dgst.c
@@ -0,0 +1,442 @@
+/* crypto/sha/sha_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#define  SHA_0
+#undef SHA_1
+#include "sha.h"
+#include "sha_locl.h"
+char *SHA_version="SHA part of SSLeay 0.9.0b 29-Jun-1998";
+/* Implemented from SHA-0 document - The Secure Hash Algorithm
+ */
+#define INIT_DATA_h0 (unsigned long)0x67452301L
+#define INIT_DATA_h1 (unsigned long)0xefcdab89L
+#define INIT_DATA_h2 (unsigned long)0x98badcfeL
+#define INIT_DATA_h3 (unsigned long)0x10325476L
+#define INIT_DATA_h4 (unsigned long)0xc3d2e1f0L
+#define K_00_19 0x5a827999L
+#define K_20_39 0x6ed9eba1L
+#define K_40_59 0x8f1bbcdcL
+#define K_60_79 0xca62c1d6L
+#ifndef NOPROTO
+   void sha_block(SHA_CTX *c, register unsigned long *p, int num);
+#else
+   void sha_block();
+#endif
+#define M_c2nl          c2nl
+#define M_p_c2nl        p_c2nl
+#define M_c2nl_p        c2nl_p
+#define M_p_c2nl_p      p_c2nl_p
+#define M_nl2c          nl2c
+void SHA_Init(c)
+SHA_CTX *c;
+        {
+        c->h0=INIT_DATA_h0;
+        c->h1=INIT_DATA_h1;
+        c->h2=INIT_DATA_h2;
+        c->h3=INIT_DATA_h3;
+        c->h4=INIT_DATA_h4;
+        c->Nl=0;
+        c->Nh=0;
+        c->num=0;
+        }
+void SHA_Update(c, data, len)
+SHA_CTX *c;
+register unsigned char *data;
+unsigned long len;
+        {
+        register ULONG *p;
+        int ew,ec,sw,sc;
+        ULONG l;
+        if (len == 0) return;
+        l=(c->Nl+(len<<3))&0xffffffffL;
+        if (l < c->Nl) /* overflow */
+                c->Nh++;
+        c->Nh+=(len>>29);
+        c->Nl=l;
+        if (c->num != 0)
+                {
+                p=c->data;
+                sw=c->num>>2;
+                sc=c->num&0x03;
+                if ((c->num+len) >= SHA_CBLOCK)
+                        {
+                        l= p[sw];
+                        M_p_c2nl(data,l,sc);
+                        p[sw++]=l;
+                        for (; sw<SHA_LBLOCK; sw++)
+                                {
+                                M_c2nl(data,l);
+                                p[sw]=l;
+                                }
+                        len-=(SHA_CBLOCK-c->num);
+                        sha_block(c,p,64);
+                        c->num=0;
+                        /* drop through and do the rest */
+                        }
+                else
+                        {
+                        c->num+=(int)len;
+                        if ((sc+len) < 4) /* ugly, add char's to a word */
+                                {
+                                l= p[sw];
+                                M_p_c2nl_p(data,l,sc,len);
+                                p[sw]=l;
+                                }
+                        else
+                                {
+                                ew=(c->num>>2);
+                                ec=(c->num&0x03);
+                                l= p[sw];
+                                M_p_c2nl(data,l,sc);
+                                p[sw++]=l;
+                                for (; sw < ew; sw++)
+                                        { M_c2nl(data,l); p[sw]=l; }
+                                if (ec)
+                                        {
+                                        M_c2nl_p(data,l,ec);
+                                        p[sw]=l;
+                                        }
+                                }
+                        return;
+                        }
+                }
+        /* We can only do the following code for assember, the reason
+         * being that the sha_block 'C' version changes the values
+         * in the 'data' array.  The assember code avoids this and
+         * copies it to a local array.  I should be able to do this for
+         * the C version as well....
+         */
+#if 1
+#if defined(B_ENDIAN) || defined(SHA_ASM)
+        if ((((unsigned int)data)%sizeof(ULONG)) == 0)
+                {
+                sw=len/SHA_CBLOCK;
+                if (sw)
+                        {
+                        sw*=SHA_CBLOCK;
+                        sha_block(c,(ULONG *)data,sw);
+                        data+=sw;
+                        len-=sw;
+                        }
+                }
+#endif
+#endif
+        /* we now can process the input data in blocks of SHA_CBLOCK
+         * chars and save the leftovers to c->data. */
+        p=c->data;
+        while (len >= SHA_CBLOCK)
+                {
+#if defined(B_ENDIAN) || defined(L_ENDIAN)
+                if (p != (unsigned long *)data)
+                        memcpy(p,data,SHA_CBLOCK);
+                data+=SHA_CBLOCK;
+#  ifdef L_ENDIAN
+#    ifndef SHA_ASM /* Will not happen */
+                for (sw=(SHA_LBLOCK/4); sw; sw--)
+                        {
+                        Endian_Reverse32(p[0]);
+                        Endian_Reverse32(p[1]);
+                        Endian_Reverse32(p[2]);
+                        Endian_Reverse32(p[3]);
+                        p+=4;
+                        }
+                p=c->data;
+#    endif
+#  endif
+#else
+                for (sw=(SHA_BLOCK/4); sw; sw--)
+                        {
+                        M_c2nl(data,l); *(p++)=l;
+                        M_c2nl(data,l); *(p++)=l;
+                        M_c2nl(data,l); *(p++)=l;
+                        M_c2nl(data,l); *(p++)=l;
+                        }
+                p=c->data;
+#endif
+                sha_block(c,p,64);
+                len-=SHA_CBLOCK;
+                }
+        ec=(int)len;
+        c->num=ec;
+        ew=(ec>>2);
+        ec&=0x03;
+        for (sw=0; sw < ew; sw++)
+                { M_c2nl(data,l); p[sw]=l; }
+        M_c2nl_p(data,l,ec);
+        p[sw]=l;
+        }
+void SHA_Transform(c,b)
+SHA_CTX *c;
+unsigned char *b;
+        {
+        ULONG p[16];
+#if !defined(B_ENDIAN)
+        ULONG *q;
+        int i;
+#endif
+#if defined(B_ENDIAN) || defined(L_ENDIAN)
+        memcpy(p,b,64);
+#ifdef L_ENDIAN
+        q=p;
+        for (i=(SHA_LBLOCK/4); i; i--)
+                {
+                Endian_Reverse32(q[0]);
+                Endian_Reverse32(q[1]);
+                Endian_Reverse32(q[2]);
+                Endian_Reverse32(q[3]);
+                q+=4;
+                }
+#endif
+#else
+        q=p;
+        for (i=(SHA_LBLOCK/4); i; i--)
+                {
+                ULONG l;
+                c2nl(b,l); *(q++)=l;
+                c2nl(b,l); *(q++)=l;
+                c2nl(b,l); *(q++)=l;
+                c2nl(b,l); *(q++)=l; 
+                } 
+#endif
+        sha_block(c,p,64);
+        }
+void sha_block(c, W, num)
+SHA_CTX *c;
+register unsigned long *W;
+int num;
+        {
+        register ULONG A,B,C,D,E,T;
+        ULONG X[16];
+        A=c->h0;
+        B=c->h1;
+        C=c->h2;
+        D=c->h3;
+        E=c->h4;
+        for (;;)
+                {
+        BODY_00_15( 0,A,B,C,D,E,T,W);
+        BODY_00_15( 1,T,A,B,C,D,E,W);
+        BODY_00_15( 2,E,T,A,B,C,D,W);
+        BODY_00_15( 3,D,E,T,A,B,C,W);
+        BODY_00_15( 4,C,D,E,T,A,B,W);
+        BODY_00_15( 5,B,C,D,E,T,A,W);
+        BODY_00_15( 6,A,B,C,D,E,T,W);
+        BODY_00_15( 7,T,A,B,C,D,E,W);
+        BODY_00_15( 8,E,T,A,B,C,D,W);
+        BODY_00_15( 9,D,E,T,A,B,C,W);
+        BODY_00_15(10,C,D,E,T,A,B,W);
+        BODY_00_15(11,B,C,D,E,T,A,W);
+        BODY_00_15(12,A,B,C,D,E,T,W);
+        BODY_00_15(13,T,A,B,C,D,E,W);
+        BODY_00_15(14,E,T,A,B,C,D,W);
+        BODY_00_15(15,D,E,T,A,B,C,W);
+        BODY_16_19(16,C,D,E,T,A,B,W,W,W,W);
+        BODY_16_19(17,B,C,D,E,T,A,W,W,W,W);
+        BODY_16_19(18,A,B,C,D,E,T,W,W,W,W);
+        BODY_16_19(19,T,A,B,C,D,E,W,W,W,X);
+        BODY_20_31(20,E,T,A,B,C,D,W,W,W,X);
+        BODY_20_31(21,D,E,T,A,B,C,W,W,W,X);
+        BODY_20_31(22,C,D,E,T,A,B,W,W,W,X);
+        BODY_20_31(23,B,C,D,E,T,A,W,W,W,X);
+        BODY_20_31(24,A,B,C,D,E,T,W,W,X,X);
+        BODY_20_31(25,T,A,B,C,D,E,W,W,X,X);
+        BODY_20_31(26,E,T,A,B,C,D,W,W,X,X);
+        BODY_20_31(27,D,E,T,A,B,C,W,W,X,X);
+        BODY_20_31(28,C,D,E,T,A,B,W,W,X,X);
+        BODY_20_31(29,B,C,D,E,T,A,W,W,X,X);
+        BODY_20_31(30,A,B,C,D,E,T,W,X,X,X);
+        BODY_20_31(31,T,A,B,C,D,E,W,X,X,X);
+        BODY_32_39(32,E,T,A,B,C,D,X);
+        BODY_32_39(33,D,E,T,A,B,C,X);
+        BODY_32_39(34,C,D,E,T,A,B,X);
+        BODY_32_39(35,B,C,D,E,T,A,X);
+        BODY_32_39(36,A,B,C,D,E,T,X);
+        BODY_32_39(37,T,A,B,C,D,E,X);
+        BODY_32_39(38,E,T,A,B,C,D,X);
+        BODY_32_39(39,D,E,T,A,B,C,X);
+        BODY_40_59(40,C,D,E,T,A,B,X);
+        BODY_40_59(41,B,C,D,E,T,A,X);
+        BODY_40_59(42,A,B,C,D,E,T,X);
+        BODY_40_59(43,T,A,B,C,D,E,X);
+        BODY_40_59(44,E,T,A,B,C,D,X);
+        BODY_40_59(45,D,E,T,A,B,C,X);
+        BODY_40_59(46,C,D,E,T,A,B,X);
+        BODY_40_59(47,B,C,D,E,T,A,X);
+        BODY_40_59(48,A,B,C,D,E,T,X);
+        BODY_40_59(49,T,A,B,C,D,E,X);
+        BODY_40_59(50,E,T,A,B,C,D,X);
+        BODY_40_59(51,D,E,T,A,B,C,X);
+        BODY_40_59(52,C,D,E,T,A,B,X);
+        BODY_40_59(53,B,C,D,E,T,A,X);
+        BODY_40_59(54,A,B,C,D,E,T,X);
+        BODY_40_59(55,T,A,B,C,D,E,X);
+        BODY_40_59(56,E,T,A,B,C,D,X);
+        BODY_40_59(57,D,E,T,A,B,C,X);
+        BODY_40_59(58,C,D,E,T,A,B,X);
+        BODY_40_59(59,B,C,D,E,T,A,X);
+        BODY_60_79(60,A,B,C,D,E,T,X);
+        BODY_60_79(61,T,A,B,C,D,E,X);
+        BODY_60_79(62,E,T,A,B,C,D,X);
+        BODY_60_79(63,D,E,T,A,B,C,X);
+        BODY_60_79(64,C,D,E,T,A,B,X);
+        BODY_60_79(65,B,C,D,E,T,A,X);
+        BODY_60_79(66,A,B,C,D,E,T,X);
+        BODY_60_79(67,T,A,B,C,D,E,X);
+        BODY_60_79(68,E,T,A,B,C,D,X);
+        BODY_60_79(69,D,E,T,A,B,C,X);
+        BODY_60_79(70,C,D,E,T,A,B,X);
+        BODY_60_79(71,B,C,D,E,T,A,X);
+        BODY_60_79(72,A,B,C,D,E,T,X);
+        BODY_60_79(73,T,A,B,C,D,E,X);
+        BODY_60_79(74,E,T,A,B,C,D,X);
+        BODY_60_79(75,D,E,T,A,B,C,X);
+        BODY_60_79(76,C,D,E,T,A,B,X);
+        BODY_60_79(77,B,C,D,E,T,A,X);
+        BODY_60_79(78,A,B,C,D,E,T,X);
+        BODY_60_79(79,T,A,B,C,D,E,X);
+        
+        c->h0=(c->h0+E)&0xffffffffL; 
+        c->h1=(c->h1+T)&0xffffffffL;
+        c->h2=(c->h2+A)&0xffffffffL;
+        c->h3=(c->h3+B)&0xffffffffL;
+        c->h4=(c->h4+C)&0xffffffffL;
+        num-=64;
+        if (num <= 0) break;
+        A=c->h0;
+        B=c->h1;
+        C=c->h2;
+        D=c->h3;
+        E=c->h4;
+        W+=16;
+                }
+        }
+void SHA_Final(md, c)
+unsigned char *md;
+SHA_CTX *c;
+        {
+        register int i,j;
+        register ULONG l;
+        register ULONG *p;
+        static unsigned char end[4]={0x80,0x00,0x00,0x00};
+        unsigned char *cp=end;
+        /* c->num should definitly have room for at least one more byte. */
+        p=c->data;
+        j=c->num;
+        i=j>>2;
+#ifdef PURIFY
+        if ((j&0x03) == 0) p[i]=0;
+#endif
+        l=p[i];
+        M_p_c2nl(cp,l,j&0x03);
+        p[i]=l;
+        i++;
+        /* i is the next 'undefined word' */
+        if (c->num >= SHA_LAST_BLOCK)
+                {
+                for (; i<SHA_LBLOCK; i++)
+                        p[i]=0;
+                sha_block(c,p,64);
+                i=0;
+                }
+        for (; i<(SHA_LBLOCK-2); i++)
+                p[i]=0;
+        p[SHA_LBLOCK-2]=c->Nh;
+        p[SHA_LBLOCK-1]=c->Nl;
+        sha_block(c,p,64);
+        cp=md;
+        l=c->h0; nl2c(l,cp);
+        l=c->h1; nl2c(l,cp);
+        l=c->h2; nl2c(l,cp);
+        l=c->h3; nl2c(l,cp);
+        l=c->h4; nl2c(l,cp);
+        /* clear stuff, sha_block may be leaving some stuff on the stack
+         * but I'm not worried :-) */
+        c->num=0;
+/*      memset((char *)&c,0,sizeof(c));*/
+        }
diff --git a/src/lib/libssl/src/crypto/sha/sha_locl.h b/src/lib/libssl/src/crypto/sha/sha_locl.h
new file mode 100644
index 0000000000..2814ad15fa
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/sha_locl.h
@@ -0,0 +1,246 @@
+/* crypto/sha/sha_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdlib.h>
+#include <string.h>
+#ifdef undef
+/* one or the other needs to be defined */
+#ifndef SHA_1 /* FIPE 180-1 */
+#define SHA_0 /* FIPS 180   */
+#endif
+#endif
+#define ULONG   unsigned long
+#define UCHAR   unsigned char
+#define UINT    unsigned int
+#ifdef NOCONST
+#define const
+#endif
+#undef c2nl
+#define c2nl(c,l)       (l =(((unsigned long)(*((c)++)))<<24), \
+                         l|=(((unsigned long)(*((c)++)))<<16), \
+                         l|=(((unsigned long)(*((c)++)))<< 8), \
+                         l|=(((unsigned long)(*((c)++)))    ))
+#undef p_c2nl
+#define p_c2nl(c,l,n)   { \
+                        switch (n) { \
+                        case 0: l =((unsigned long)(*((c)++)))<<24; \
+                        case 1: l|=((unsigned long)(*((c)++)))<<16; \
+                        case 2: l|=((unsigned long)(*((c)++)))<< 8; \
+                        case 3: l|=((unsigned long)(*((c)++))); \
+                                } \
+                        }
+#undef c2nl_p
+/* NOTE the pointer is not incremented at the end of this */
+#define c2nl_p(c,l,n)   { \
+                        l=0; \
+                        (c)+=n; \
+                        switch (n) { \
+                        case 3: l =((unsigned long)(*(--(c))))<< 8; \
+                        case 2: l|=((unsigned long)(*(--(c))))<<16; \
+                        case 1: l|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+#undef p_c2nl_p
+#define p_c2nl_p(c,l,sc,len) { \
+                        switch (sc) \
+                                { \
+                        case 0: l =((unsigned long)(*((c)++)))<<24; \
+                                if (--len == 0) break; \
+                        case 1: l|=((unsigned long)(*((c)++)))<<16; \
+                                if (--len == 0) break; \
+                        case 2: l|=((unsigned long)(*((c)++)))<< 8; \
+                                } \
+                        }
+#undef nl2c
+#define nl2c(l,c)       (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+#undef c2l
+#define c2l(c,l)        (l =(((unsigned long)(*((c)++)))    ), \
+                         l|=(((unsigned long)(*((c)++)))<< 8), \
+                         l|=(((unsigned long)(*((c)++)))<<16), \
+                         l|=(((unsigned long)(*((c)++)))<<24))
+#undef p_c2l
+#define p_c2l(c,l,n)    { \
+                        switch (n) { \
+                        case 0: l =((unsigned long)(*((c)++))); \
+                        case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+                        case 2: l|=((unsigned long)(*((c)++)))<<16; \
+                        case 3: l|=((unsigned long)(*((c)++)))<<24; \
+                                } \
+                        }
+#undef c2l_p
+/* NOTE the pointer is not incremented at the end of this */
+#define c2l_p(c,l,n)    { \
+                        l=0; \
+                        (c)+=n; \
+                        switch (n) { \
+                        case 3: l =((unsigned long)(*(--(c))))<<16; \
+                        case 2: l|=((unsigned long)(*(--(c))))<< 8; \
+                        case 1: l|=((unsigned long)(*(--(c)))); \
+                                } \
+                        }
+#undef p_c2l_p
+#define p_c2l_p(c,l,sc,len) { \
+                        switch (sc) \
+                                { \
+                        case 0: l =((unsigned long)(*((c)++))); \
+                                if (--len == 0) break; \
+                        case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+                                if (--len == 0) break; \
+                        case 2: l|=((unsigned long)(*((c)++)))<<16; \
+                                } \
+                        }
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)    )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff))
+#undef ROTATE
+#if defined(WIN32)
+#define ROTATE(a,n)     _lrotl(a,n)
+#else
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
+#if defined(WIN32)
+/* 5 instructions with rotate instruction, else 9 */
+#define Endian_Reverse32(a) \
+        { \
+        unsigned long l=(a); \
+        (a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
+        }
+#else
+/* 6 instructions with rotate instruction, else 8 */
+#define Endian_Reverse32(a) \
+        { \
+        unsigned long l=(a); \
+        l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
+        (a)=ROTATE(l,16L); \
+        }
+#endif
+/* As  pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
+ * simplified to the code in F_00_19.  Wei attributes these optimisations
+ * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
+ * #define F(x,y,z) (((x) & (y))  |  ((~(x)) & (z)))
+ * I've just become aware of another tweak to be made, again from Wei Dai,
+ * in F_40_59, (x&a)|(y&a) -> (x|y)&a
+ */
+#define F_00_19(b,c,d)  ((((c) ^ (d)) & (b)) ^ (d)) 
+#define F_20_39(b,c,d)  ((b) ^ (c) ^ (d))
+#define F_40_59(b,c,d)  (((b) & (c)) | (((b)|(c)) & (d))) 
+#define F_60_79(b,c,d)  F_20_39(b,c,d)
+#ifdef SHA_0
+#undef Xupdate
+#define Xupdate(a,i,ia,ib,ic,id) X[(i)&0x0f]=(a)=\
+        (ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);
+#endif
+#ifdef SHA_1
+#undef Xupdate
+#define Xupdate(a,i,ia,ib,ic,id) (a)=\
+        (ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);\
+        X[(i)&0x0f]=(a)=ROTATE((a),1);
+#endif
+#define BODY_00_15(i,a,b,c,d,e,f,xa) \
+        (f)=xa[i]+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+#define BODY_16_19(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,i,xa,xb,xc,xd); \
+        (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+#define BODY_20_31(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,i,xa,xb,xc,xd); \
+        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+#define BODY_32_39(i,a,b,c,d,e,f,xa) \
+        Xupdate(f,i,xa,xa,xa,xa); \
+        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+#define BODY_40_59(i,a,b,c,d,e,f,xa) \
+        Xupdate(f,i,xa,xa,xa,xa); \
+        (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+#define BODY_60_79(i,a,b,c,d,e,f,xa) \
+        Xupdate(f,i,xa,xa,xa,xa); \
+        (f)=X[(i)&0x0f]+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
+        (b)=ROTATE((b),30);
diff --git a/src/lib/libssl/src/crypto/sha/sha_one.c b/src/lib/libssl/src/crypto/sha/sha_one.c
new file mode 100644
index 0000000000..18ab7f61bc
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/sha_one.c
@@ -0,0 +1,77 @@
+/* crypto/sha/sha_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include "sha.h"
+unsigned char *SHA(d, n, md)
+unsigned char *d;
+unsigned long n;
+unsigned char *md;
+        {
+        SHA_CTX c;
+        static unsigned char m[SHA_DIGEST_LENGTH];
+        if (md == NULL) md=m;
+        SHA_Init(&c);
+        SHA_Update(&c,d,n);
+        SHA_Final(md,&c);
+        memset(&c,0,sizeof(c));
+        return(md);
+        }
diff --git a/src/lib/libssl/src/crypto/sha/shatest.c b/src/lib/libssl/src/crypto/sha/shatest.c
new file mode 100644
index 0000000000..03816e9b39
--- /dev/null
+++ b/src/lib/libssl/src/crypto/sha/shatest.c
@@ -0,0 +1,155 @@
+/* crypto/sha/shatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "sha.h"
+#define SHA_0 /* FIPS 180 */
+#undef  SHA_1 /* FIPS 180-1 */
+char *test[]={
+        "abc",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        NULL,
+        };
+#ifdef SHA_0
+char *ret[]={
+        "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+        "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+        };
+char *bigret=
+        "3232affa48628a26653b5aaa44541fd90d690603";
+#endif
+#ifdef SHA_1
+char *ret[]={
+        "a9993e364706816aba3e25717850c26c9cd0d89d",
+        "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+        };
+char *bigret=
+        "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+#endif
+#ifndef NOPROTO
+static char *pt(unsigned char *md);
+#else
+static char *pt();
+#endif
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        static unsigned char buf[1000];
+        char *p,*r;
+        SHA_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                p=pt(SHA(*P,(unsigned long)strlen((char *)*P),NULL));
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating SHA on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        memset(buf,'a',1000);
+        SHA_Init(&c);
+        for (i=0; i<1000; i++)
+                SHA_Update(&c,buf,1000);
+        SHA_Final(md,&c);
+        p=pt(md);
+        r=bigret;
+        if (strcmp(p,r) != 0)
+                {
+                printf("error calculating SHA on '%s'\n",p);
+                printf("got %s instead of %s\n",p,r);
+                err++;
+                }
+        else
+                printf("test 3 ok\n");
+        exit(err);
+        return(0);
+        }
+static char *pt(md)
+unsigned char *md;
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
diff --git a/src/lib/libssl/src/crypto/stack/stack.c b/src/lib/libssl/src/crypto/stack/stack.c
new file mode 100644
index 0000000000..610ccbb756
--- /dev/null
+++ b/src/lib/libssl/src/crypto/stack/stack.c
@@ -0,0 +1,307 @@
+/* crypto/stack/stack.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* Code for stacks
+ * Author - Eric Young v 1.0
+ * 1.2 eay 12-Mar-97 -  Modified sk_find so that it _DOES_ return the
+ *                      lowest index for the seached item.
+ *
+ * 1.1 eay - Take from netdb and added to SSLeay
+ *
+ * 1.0 eay - First version 29/07/92
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "stack.h"
+#undef MIN_NODES
+#define MIN_NODES       4
+char *STACK_version="STACK part of SSLeay 0.9.0b 29-Jun-1998";
+#ifndef NOPROTO
+#define FP_ICC  (int (*)(const void *,const void *))
+#else
+#define FP_ICC
+#endif
+#include <errno.h>
+void sk_set_cmp_func(sk,c)
+STACK *sk;
+int (*c)();
+        {
+        if (sk->comp != c)
+                sk->sorted=0;
+        sk->comp=c;
+        }
+STACK *sk_dup(sk)
+STACK *sk;
+        {
+        STACK *ret;
+        char **s;
+        if ((ret=sk_new(sk->comp)) == NULL) goto err;
+        s=(char **)Realloc((char *)ret->data,
+                (unsigned int)sizeof(char *)*sk->num_alloc);
+        if (s == NULL) goto err;
+        ret->data=s;
+        ret->num=sk->num;
+        memcpy(ret->data,sk->data,sizeof(char *)*sk->num);
+        ret->sorted=sk->sorted;
+        ret->num_alloc=sk->num_alloc;
+        ret->comp=sk->comp;
+        return(ret);
+err:
+        return(NULL);
+        }
+STACK *sk_new(c)
+int (*c)();
+        {
+        STACK *ret;
+        int i;
+        if ((ret=(STACK *)Malloc(sizeof(STACK))) == NULL)
+                goto err0;
+        if ((ret->data=(char **)Malloc(sizeof(char *)*MIN_NODES)) == NULL)
+                goto err1;
+        for (i=0; i<MIN_NODES; i++)
+                ret->data[i]=NULL;
+        ret->comp=c;
+        ret->num_alloc=MIN_NODES;
+        ret->num=0;
+        ret->sorted=0;
+        return(ret);
+err1:
+        Free((char *)ret);
+err0:
+        return(NULL);
+        }
+int sk_insert(st,data,loc)
+STACK *st;
+char *data;
+int loc;
+        {
+        char **s;
+        if (st->num_alloc <= st->num+1)
+                {
+                s=(char **)Realloc((char *)st->data,
+                        (unsigned int)sizeof(char *)*st->num_alloc*2);
+                if (s == NULL)
+                        return(0);
+                st->data=s;
+                st->num_alloc*=2;
+                }
+        if ((loc >= (int)st->num) || (loc < 0))
+                st->data[st->num]=data;
+        else
+                {
+                int i;
+                char **f,**t;
+                f=(char **)st->data;
+                t=(char **)&(st->data[1]);
+                for (i=st->num; i>loc; i--)
+                        t[i]=f[i];
+                        
+#ifdef undef /* no memmove on sunos :-( */
+                memmove( (char *)&(st->data[loc+1]),
+                        (char *)&(st->data[loc]),
+                        sizeof(char *)*(st->num-loc));
+#endif
+                st->data[loc]=data;
+                }
+        st->num++;
+        st->sorted=0;
+        return(st->num);
+        }
+char *sk_delete_ptr(st,p)
+STACK *st;
+char *p;
+        {
+        int i;
+        for (i=0; i<st->num; i++)
+                if (st->data[i] == p)
+                        return(sk_delete(st,i));
+        return(NULL);
+        }
+char *sk_delete(st,loc)
+STACK *st;
+int loc;
+        {
+        char *ret;
+        int i,j;
+        if ((st->num == 0) || (loc < 0) || (loc >= st->num)) return(NULL);
+        ret=st->data[loc];
+        if (loc != st->num-1)
+                {
+                j=st->num-1;
+                for (i=loc; i<j; i++)
+                        st->data[i]=st->data[i+1];
+                /* In theory memcpy is not safe for this
+                 * memcpy( &(st->data[loc]),
+                 *      &(st->data[loc+1]),
+                 *      sizeof(char *)*(st->num-loc-1));
+                 */
+                }
+        st->num--;
+        return(ret);
+        }
+int sk_find(st,data)
+STACK *st;
+char *data;
+        {
+        char **r;
+        int i;
+        int (*comp_func)();
+        if (st->comp == NULL)
+                {
+                for (i=0; i<st->num; i++)
+                        if (st->data[i] == data)
+                                return(i);
+                return(-1);
+                }
+        comp_func=(int (*)())st->comp;
+        if (!st->sorted)
+                {
+                qsort((char *)st->data,st->num,sizeof(char *),FP_ICC comp_func);
+                st->sorted=1;
+                }
+        if (data == NULL) return(-1);
+        r=(char **)bsearch(&data,(char *)st->data,
+                st->num,sizeof(char *),FP_ICC comp_func);
+        if (r == NULL) return(-1);
+        i=(int)(r-st->data);
+        for ( ; i>0; i--)
+                if ((*st->comp)(&(st->data[i-1]),&data) < 0)
+                        break;
+        return(i);
+        }
+int sk_push(st,data)
+STACK *st;
+char *data;
+        {
+        return(sk_insert(st,data,st->num));
+        }
+int sk_unshift(st,data)
+STACK *st;
+char *data;
+        {
+        return(sk_insert(st,data,0));
+        }
+char *sk_shift(st)
+STACK *st;
+        {
+        if (st == NULL) return(NULL);
+        if (st->num <= 0) return(NULL);
+        return(sk_delete(st,0));
+        }
+char *sk_pop(st)
+STACK *st;
+        {
+        if (st == NULL) return(NULL);
+        if (st->num <= 0) return(NULL);
+        return(sk_delete(st,st->num-1));
+        }
+void sk_zero(st)
+STACK *st;
+        {
+        if (st == NULL) return;
+        if (st->num <= 0) return;
+        memset((char *)st->data,0,sizeof(st->data)*st->num);
+        st->num=0;
+        }
+void sk_pop_free(st,func)
+STACK *st;
+void (*func)();
+        {
+        int i;
+        if (st == NULL) return;
+        for (i=0; i<st->num; i++)
+                if (st->data[i] != NULL)
+                        func(st->data[i]);
+        sk_free(st);
+        }
+void sk_free(st)
+STACK *st;
+        {
+        if (st == NULL) return;
+        if (st->data != NULL) Free((char *)st->data);
+        Free((char *)st);
+        }
diff --git a/src/lib/libssl/src/crypto/stack/stack.h b/src/lib/libssl/src/crypto/stack/stack.h
new file mode 100644
index 0000000000..615eb6ff94
--- /dev/null
+++ b/src/lib/libssl/src/crypto/stack/stack.h
@@ -0,0 +1,120 @@
+/* crypto/stack/stack.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_STACK_H
+#define HEADER_STACK_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+typedef struct stack_st
+        {
+        int num;
+        char **data;
+        int sorted;
+        int num_alloc;
+        int (*comp)();
+        } STACK;
+#define sk_num(sk)              ((sk)->num)
+#define sk_value(sk,n)          ((sk)->data[n])
+#define sk_new_null()   sk_new(NULL)
+#ifndef NOPROTO
+STACK *sk_new(int (*cmp)());
+void sk_free(STACK *);
+void sk_pop_free(STACK *st, void (*func)());
+int sk_insert(STACK *sk,char *data,int where);
+char *sk_delete(STACK *st,int loc);
+char *sk_delete_ptr(STACK *st, char *p);
+int sk_find(STACK *st,char *data);
+int sk_push(STACK *st,char *data);
+int sk_unshift(STACK *st,char *data);
+char *sk_shift(STACK *st);
+char *sk_pop(STACK *st);
+void sk_zero(STACK *st);
+void sk_set_cmp_func(STACK *sk, int (*c)());
+STACK *sk_dup(STACK *st);
+#else
+STACK *sk_new();
+void sk_free();
+void sk_pop_free();
+int sk_insert();
+char *sk_delete();
+char *sk_delete_ptr();
+int sk_find();
+int sk_push();
+int sk_unshift();
+char *sk_shift();
+char *sk_pop();
+void sk_zero();
+void sk_set_cmp_func();
+STACK *sk_dup();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/threads/mttest.c b/src/lib/libssl/src/crypto/threads/mttest.c
new file mode 100644
index 0000000000..be395f2bc4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/threads/mttest.c
@@ -0,0 +1,1115 @@
+/* crypto/threads/mttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#ifdef LINUX
+#include <typedefs.h>
+#endif
+#ifdef WIN32
+#include <windows.h>
+#endif
+#ifdef SOLARIS
+#include <synch.h>
+#include <thread.h>
+#endif
+#ifdef IRIX
+#include <ulocks.h>
+#include <sys/prctl.h>
+#endif
+#include "lhash.h"
+#include "crypto.h"
+#include "buffer.h"
+#include "../e_os.h"
+#include "x509.h"
+#include "ssl.h"
+#include "err.h"
+#ifdef NO_FP_API
+#define APPS_WIN16
+#include "../crypto/buffer/bss_file.c"
+#endif
+#define TEST_SERVER_CERT "../apps/server.pem"
+#define TEST_CLIENT_CERT "../apps/client.pem"
+#define MAX_THREAD_NUMBER       100
+#ifndef NOPROTO
+int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
+        int error,char *arg);
+void thread_setup(void);
+void thread_cleanup(void);
+void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
+void irix_locking_callback(int mode,int type,char *file,int line);
+void solaris_locking_callback(int mode,int type,char *file,int line);
+void win32_locking_callback(int mode,int type,char *file,int line);
+void pthreads_locking_callback(int mode,int type,char *file,int line);
+unsigned long irix_thread_id(void );
+unsigned long solaris_thread_id(void );
+unsigned long pthreads_thread_id(void );
+#else
+int MS_CALLBACK verify_callback();
+void thread_setup();
+void thread_cleanup();
+void do_threads();
+void irix_locking_callback();
+void solaris_locking_callback();
+void win32_locking_callback();
+void pthreads_locking_callback();
+unsigned long irix_thread_id();
+unsigned long solaris_thread_id();
+unsigned long pthreads_thread_id();
+#endif
+BIO *bio_err=NULL;
+BIO *bio_stdout=NULL;
+static char *cipher=NULL;
+int verbose=0;
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+int thread_number=10;
+int number_of_loops=10;
+int reconnect=0;
+int cache_stats=0;
+#ifndef  NOPROTO
+int doit(char *ctx[4]);
+#else
+int doit();
+#endif
+static void print_stats(fp,ctx)
+FILE *fp;
+SSL_CTX *ctx;
+{
+        fprintf(fp,"%4ld items in the session cache\n",
+                SSL_CTX_sess_number(ctx));
+        fprintf(fp,"%4d client connects (SSL_connect())\n",
+                SSL_CTX_sess_connect(ctx));
+        fprintf(fp,"%4d client connects that finished\n",
+                SSL_CTX_sess_connect_good(ctx));
+        fprintf(fp,"%4d server connects (SSL_accept())\n",
+                SSL_CTX_sess_accept(ctx));
+        fprintf(fp,"%4d server connects that finished\n",
+                SSL_CTX_sess_accept_good(ctx));
+        fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx));
+        fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx));
+        fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
+        }
+static void sv_usage()
+        {
+        fprintf(stderr,"usage: ssltest [args ...]\n");
+        fprintf(stderr,"\n");
+        fprintf(stderr," -server_auth  - check server certificate\n");
+        fprintf(stderr," -client_auth  - do client authentication\n");
+        fprintf(stderr," -v            - more output\n");
+        fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
+        fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
+        fprintf(stderr," -threads arg  - number of threads\n");
+        fprintf(stderr," -loops arg    - number of 'connections', per thread\n");
+        fprintf(stderr," -reconnect    - reuse session-id's\n");
+        fprintf(stderr," -stats        - server session-id cache stats\n");
+        fprintf(stderr," -cert arg     - server certificate/key\n");
+        fprintf(stderr," -ccert arg    - client certificate/key\n");
+        fprintf(stderr," -ssl3         - just SSLv3n\n");
+        }
+int main(argc, argv)
+int argc;
+char *argv[];
+        {
+        char *CApath=NULL,*CAfile=NULL;
+        int badop=0;
+        int ret=1;
+        int client_auth=0;
+        int server_auth=0;
+        SSL_CTX *s_ctx=NULL;
+        SSL_CTX *c_ctx=NULL;
+        char *scert=TEST_SERVER_CERT;
+        char *ccert=TEST_CLIENT_CERT;
+        SSL_METHOD *ssl_method=SSLv23_method();
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        if (bio_stdout == NULL)
+                bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-server_auth") == 0)
+                        server_auth=1;
+                else if (strcmp(*argv,"-client_auth") == 0)
+                        client_auth=1;
+                else if (strcmp(*argv,"-reconnect") == 0)
+                        reconnect=1;
+                else if (strcmp(*argv,"-stats") == 0)
+                        cache_stats=1;
+                else if (strcmp(*argv,"-ssl3") == 0)
+                        ssl_method=SSLv3_method();
+                else if (strcmp(*argv,"-ssl2") == 0)
+                        ssl_method=SSLv2_method();
+                else if (strcmp(*argv,"-CApath") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CApath= *(++argv);
+                        }
+                else if (strcmp(*argv,"-CAfile") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CAfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        scert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-ccert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        ccert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-threads") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        thread_number= atoi(*(++argv));
+                        if (thread_number == 0) thread_number=1;
+                        if (thread_number > MAX_THREAD_NUMBER)
+                                thread_number=MAX_THREAD_NUMBER;
+                        }
+                else if (strcmp(*argv,"-loops") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        number_of_loops= atoi(*(++argv));
+                        if (number_of_loops == 0) number_of_loops=1;
+                        }
+                else
+                        {
+                        fprintf(stderr,"unknown option %s\n",*argv);
+                        badop=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badop)
+                {
+bad:
+                sv_usage();
+                goto end;
+                }
+        if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+        SSL_load_error_strings();
+        SSLeay_add_ssl_algorithms();
+        c_ctx=SSL_CTX_new(ssl_method);
+        s_ctx=SSL_CTX_new(ssl_method);
+        if ((c_ctx == NULL) || (s_ctx == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        SSL_CTX_set_session_cache_mode(s_ctx,
+                SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+        SSL_CTX_set_session_cache_mode(c_ctx,
+                SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+        SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM);
+        SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM);
+        if (client_auth)
+                {
+                SSL_CTX_use_certificate_file(c_ctx,ccert,
+                        SSL_FILETYPE_PEM);
+                SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert,
+                        SSL_FILETYPE_PEM);
+                }
+        if (    (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+                (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(c_ctx)))
+                {
+                fprintf(stderr,"SSL_load_verify_locations\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (client_auth)
+                {
+                fprintf(stderr,"client authentication\n");
+                SSL_CTX_set_verify(s_ctx,
+                        SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+                        verify_callback);
+                }
+        if (server_auth)
+                {
+                fprintf(stderr,"server authentication\n");
+                SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
+                        verify_callback);
+                }
+        thread_setup();
+        do_threads(s_ctx,c_ctx);
+        thread_cleanup();
+end:
+        
+        if (c_ctx != NULL) 
+                {
+                fprintf(stderr,"Client SSL_CTX stats then free it\n");
+                print_stats(stderr,c_ctx);
+                SSL_CTX_free(c_ctx);
+                }
+        if (s_ctx != NULL)
+                {
+                fprintf(stderr,"Server SSL_CTX stats then free it\n");
+                print_stats(stderr,s_ctx);
+                if (cache_stats)
+                        {
+                        fprintf(stderr,"-----\n");
+                        lh_stats(SSL_CTX_sessions(s_ctx),stderr);
+                        fprintf(stderr,"-----\n");
+                /*      lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+                        fprintf(stderr,"-----\n"); */
+                        lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
+                        fprintf(stderr,"-----\n");
+                        }
+                SSL_CTX_free(s_ctx);
+                fprintf(stderr,"done free\n");
+                }
+        exit(ret);
+        return(0);
+        }
+#define W_READ  1
+#define W_WRITE 2
+#define C_DONE  1
+#define S_DONE  2
+int ndoit(ssl_ctx)
+SSL_CTX *ssl_ctx[2];
+        {
+        int i;
+        int ret;
+        char *ctx[4];
+        ctx[0]=(char *)ssl_ctx[0];
+        ctx[1]=(char *)ssl_ctx[1];
+        if (reconnect)
+                {
+                ctx[2]=(char *)SSL_new(ssl_ctx[0]);
+                ctx[3]=(char *)SSL_new(ssl_ctx[1]);
+                }
+        else
+                {
+                ctx[2]=NULL;
+                ctx[3]=NULL;
+                }
+        fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
+        for (i=0; i<number_of_loops; i++)
+                {
+/*              fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
+                        CRYPTO_thread_id(),i,
+                        ssl_ctx[0]->references,
+                        ssl_ctx[1]->references); */
+        /*      pthread_delay_np(&tm);*/
+                ret=doit(ctx);
+                if (ret != 0)
+                        {
+                        fprintf(stdout,"error[%d] %lu - %d\n",
+                                i,CRYPTO_thread_id(),ret);
+                        return(ret);
+                        }
+                }
+        fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id());
+        if (reconnect)
+                {
+                SSL_free((SSL *)ctx[2]);
+                SSL_free((SSL *)ctx[3]);
+                }
+        return(0);
+        }
+int doit(ctx)
+char *ctx[4];
+        {
+        SSL_CTX *s_ctx,*c_ctx;
+        static char cbuf[200],sbuf[200];
+        SSL *c_ssl=NULL;
+        SSL *s_ssl=NULL;
+        BIO *c_to_s=NULL;
+        BIO *s_to_c=NULL;
+        BIO *c_bio=NULL;
+        BIO *s_bio=NULL;
+        int c_r,c_w,s_r,s_w;
+        int c_want,s_want;
+        int i;
+        int done=0;
+        int c_write,s_write;
+        int do_server=0,do_client=0;
+        s_ctx=(SSL_CTX *)ctx[0];
+        c_ctx=(SSL_CTX *)ctx[1];
+        if (ctx[2] != NULL)
+                s_ssl=(SSL *)ctx[2];
+        else
+                s_ssl=SSL_new(s_ctx);
+        if (ctx[3] != NULL)
+                c_ssl=(SSL *)ctx[3];
+        else
+                c_ssl=SSL_new(c_ctx);
+        if ((s_ssl == NULL) || (c_ssl == NULL)) goto err;
+        c_to_s=BIO_new(BIO_s_mem());
+        s_to_c=BIO_new(BIO_s_mem());
+        if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
+        c_bio=BIO_new(BIO_f_ssl());
+        s_bio=BIO_new(BIO_f_ssl());
+        if ((c_bio == NULL) || (s_bio == NULL)) goto err;
+        SSL_set_connect_state(c_ssl);
+        SSL_set_bio(c_ssl,s_to_c,c_to_s);
+        BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+        SSL_set_accept_state(s_ssl);
+        SSL_set_bio(s_ssl,c_to_s,s_to_c);
+        BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+        c_r=0; s_r=1;
+        c_w=1; s_w=0;
+        c_want=W_WRITE;
+        s_want=0;
+        c_write=1,s_write=0;
+        /* We can always do writes */
+        for (;;)
+                {
+                do_server=0;
+                do_client=0;
+                i=(int)BIO_pending(s_bio);
+                if ((i && s_r) || s_w) do_server=1;
+                i=(int)BIO_pending(c_bio);
+                if ((i && c_r) || c_w) do_client=1;
+                if (do_server && verbose)
+                        {
+                        if (SSL_in_init(s_ssl))
+                                printf("server waiting in SSL_accept - %s\n",
+                                        SSL_state_string_long(s_ssl));
+                        else if (s_write)
+                                printf("server:SSL_write()\n");
+                        else 
+                                printf("server:SSL_read()\n");
+                        }
+                if (do_client && verbose)
+                        {
+                        if (SSL_in_init(c_ssl))
+                                printf("client waiting in SSL_connect - %s\n",
+                                        SSL_state_string_long(c_ssl));
+                        else if (c_write)
+                                printf("client:SSL_write()\n");
+                        else
+                                printf("client:SSL_read()\n");
+                        }
+                if (!do_client && !do_server)
+                        {
+                        fprintf(stdout,"ERROR IN STARTUP\n");
+                        break;
+                        }
+                if (do_client && !(done & C_DONE))
+                        {
+                        if (c_write)
+                                {
+                                i=BIO_write(c_bio,"hello from client\n",18);
+                                if (i < 0)
+                                        {
+                                        c_r=0;
+                                        c_w=0;
+                                        if (BIO_should_retry(c_bio))
+                                                {
+                                                if (BIO_should_read(c_bio))
+                                                        c_r=1;
+                                                if (BIO_should_write(c_bio))
+                                                        c_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in CLIENT\n");
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        /* ok */
+                                        c_write=0;
+                                        }
+                                }
+                        else
+                                {
+                                i=BIO_read(c_bio,cbuf,100);
+                                if (i < 0)
+                                        {
+                                        c_r=0;
+                                        c_w=0;
+                                        if (BIO_should_retry(c_bio))
+                                                {
+                                                if (BIO_should_read(c_bio))
+                                                        c_r=1;
+                                                if (BIO_should_write(c_bio))
+                                                        c_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in CLIENT\n");
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        done|=C_DONE;
+#ifdef undef
+                                        fprintf(stdout,"CLIENT:from server:");
+                                        fwrite(cbuf,1,i,stdout);
+                                        fflush(stdout);
+#endif
+                                        }
+                                }
+                        }
+                if (do_server && !(done & S_DONE))
+                        {
+                        if (!s_write)
+                                {
+                                i=BIO_read(s_bio,sbuf,100);
+                                if (i < 0)
+                                        {
+                                        s_r=0;
+                                        s_w=0;
+                                        if (BIO_should_retry(s_bio))
+                                                {
+                                                if (BIO_should_read(s_bio))
+                                                        s_r=1;
+                                                if (BIO_should_write(s_bio))
+                                                        s_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in SERVER\n");
+                                                ERR_print_errors_fp(stderr);
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        s_write=1;
+                                        s_w=1;
+#ifdef undef
+                                        fprintf(stdout,"SERVER:from client:");
+                                        fwrite(sbuf,1,i,stdout);
+                                        fflush(stdout);
+#endif
+                                        }
+                                }
+                        else
+                                {
+                                i=BIO_write(s_bio,"hello from server\n",18);
+                                if (i < 0)
+                                        {
+                                        s_r=0;
+                                        s_w=0;
+                                        if (BIO_should_retry(s_bio))
+                                                {
+                                                if (BIO_should_read(s_bio))
+                                                        s_r=1;
+                                                if (BIO_should_write(s_bio))
+                                                        s_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in SERVER\n");
+                                                ERR_print_errors_fp(stderr);
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        s_write=0;
+                                        s_r=1;
+                                        done|=S_DONE;
+                                        }
+                                }
+                        }
+                if ((done & S_DONE) && (done & C_DONE)) break;
+                }
+        SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+        SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#ifdef undef
+        fprintf(stdout,"DONE\n");
+#endif
+err:
+        /* We have to set the BIO's to NULL otherwise they will be
+         * free()ed twice.  Once when th s_ssl is SSL_free()ed and
+         * again when c_ssl is SSL_free()ed.
+         * This is a hack required because s_ssl and c_ssl are sharing the same
+         * BIO structure and SSL_set_bio() and SSL_free() automatically
+         * BIO_free non NULL entries.
+         * You should not normally do this or be required to do this */
+        if (s_ssl != NULL)
+                {
+                s_ssl->rbio=NULL;
+                s_ssl->wbio=NULL;
+                }
+        if (c_ssl != NULL)
+                {
+                c_ssl->rbio=NULL;
+                c_ssl->wbio=NULL;
+                }
+        /* The SSL's are optionally freed in the following calls */
+        if (c_to_s != NULL) BIO_free(c_to_s);
+        if (s_to_c != NULL) BIO_free(s_to_c);
+        if (c_bio != NULL) BIO_free(c_bio);
+        if (s_bio != NULL) BIO_free(s_bio);
+        return(0);
+        }
+int MS_CALLBACK verify_callback(ok, xs, xi, depth, error, arg)
+int ok;
+X509 *xs;
+X509 *xi;
+int depth;
+int error;
+char *arg;
+        {
+        char buf[256];
+        if (verbose)
+                {
+                X509_NAME_oneline(X509_get_subject_name(xs),buf,256);
+                if (ok)
+                        fprintf(stderr,"depth=%d %s\n",depth,buf);
+                else
+                        fprintf(stderr,"depth=%d error=%d %s\n",depth,error,buf);
+                }
+        return(ok);
+        }
+#define THREAD_STACK_SIZE (16*1024)
+#ifdef WIN32
+static HANDLE lock_cs[CRYPTO_NUM_LOCKS];
+void thread_setup()
+        {
+        int i;
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
+                }
+        CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
+        /* id callback defined */
+        }
+void thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                CloseHandle(lock_cs[i]);
+        }
+void win32_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                WaitForSingleObject(lock_cs[type],INFINITE);
+                }
+        else
+                {
+                ReleaseMutex(lock_cs[type]);
+                }
+        }
+void do_threads(s_ctx,c_ctx)
+SSL_CTX *s_ctx,*c_ctx;
+        {
+        double ret;
+        SSL_CTX *ssl_ctx[2];
+        DWORD thread_id[MAX_THREAD_NUMBER];
+        HANDLE thread_handle[MAX_THREAD_NUMBER];
+        int i;
+        SYSTEMTIME start,end;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        GetSystemTime(&start);
+        for (i=0; i<thread_number; i++)
+                {
+                thread_handle[i]=CreateThread(NULL,
+                        THREAD_STACK_SIZE,
+                        (LPTHREAD_START_ROUTINE)ndoit,
+                        (void *)ssl_ctx,
+                        0L,
+                        &(thread_id[i]));
+                }
+        printf("reaping\n");
+        for (i=0; i<thread_number; i+=50)
+                {
+                int j;
+                j=(thread_number < (i+50))?(thread_number-i):50;
+                if (WaitForMultipleObjects(j,
+                        (CONST HANDLE *)&(thread_handle[i]),TRUE,INFINITE)
+                        == WAIT_FAILED)
+                        {
+                        fprintf(stderr,"WaitForMultipleObjects failed:%d\n",GetLastError());
+                        exit(1);
+                        }
+                }
+        GetSystemTime(&end);
+        if (start.wDayOfWeek > end.wDayOfWeek) end.wDayOfWeek+=7;
+        ret=(end.wDayOfWeek-start.wDayOfWeek)*24;
+        ret=(ret+end.wHour-start.wHour)*60;
+        ret=(ret+end.wMinute-start.wMinute)*60;
+        ret=(ret+end.wSecond-start.wSecond);
+        ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0;
+        printf("win32 threads done - %.3f seconds\n",ret);
+        }
+#endif /* WIN32 */
+#ifdef SOLARIS
+static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+/*static rwlock_t lock_cs[CRYPTO_NUM_LOCKS]; */
+static long lock_count[CRYPTO_NUM_LOCKS];
+void thread_setup()
+        {
+        int i;
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_count[i]=0;
+                /* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */
+                mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+        CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+        }
+void thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+fprintf(stderr,"cleanup\n");
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                /* rwlock_destroy(&(lock_cs[i])); */
+                mutex_destroy(&(lock_cs[i]));
+                fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
+                }
+fprintf(stderr,"done cleanup\n");
+        }
+void solaris_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+        {
+#ifdef undef
+fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+        CRYPTO_thread_id(),
+        (mode&CRYPTO_LOCK)?"l":"u",
+        (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+/*
+if (CRYPTO_LOCK_SSL_CERT == type)
+        fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                CRYPTO_thread_id(),
+                mode,file,line);
+*/
+        if (mode & CRYPTO_LOCK)
+                {
+        /*      if (mode & CRYPTO_READ)
+                        rw_rdlock(&(lock_cs[type]));
+                else
+                        rw_wrlock(&(lock_cs[type])); */
+                mutex_lock(&(lock_cs[type]));
+                lock_count[type]++;
+                }
+        else
+                {
+/*              rw_unlock(&(lock_cs[type]));  */
+                mutex_unlock(&(lock_cs[type]));
+                }
+        }
+void do_threads(s_ctx,c_ctx)
+SSL_CTX *s_ctx,*c_ctx;
+        {
+        SSL_CTX *ssl_ctx[2];
+        thread_t thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        thr_setconcurrency(thread_number);
+        for (i=0; i<thread_number; i++)
+                {
+                thr_create(NULL, THREAD_STACK_SIZE,
+                        (void *(*)())ndoit,
+                        (void *)ssl_ctx,
+                        0L,
+                        &(thread_ctx[i]));
+                }
+        printf("reaping\n");
+        for (i=0; i<thread_number; i++)
+                {
+                thr_join(thread_ctx[i],NULL,NULL);
+                }
+        printf("solaris threads done (%d,%d)\n",
+                s_ctx->references,c_ctx->references);
+        }
+unsigned long solaris_thread_id()
+        {
+        unsigned long ret;
+        ret=(unsigned long)thr_self();
+        return(ret);
+        }
+#endif /* SOLARIS */
+#ifdef IRIX
+static usptr_t *arena;
+static usema_t *lock_cs[CRYPTO_NUM_LOCKS];
+void thread_setup()
+        {
+        int i;
+        char filename[20];
+        strcpy(filename,"/tmp/mttest.XXXXXX");
+        mktemp(filename);
+        usconfig(CONF_STHREADIOOFF);
+        usconfig(CONF_STHREADMALLOCOFF);
+        usconfig(CONF_INITUSERS,100);
+        usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
+        arena=usinit(filename);
+        unlink(filename);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_cs[i]=usnewsema(arena,1);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
+        CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+        }
+void thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                char buf[10];
+                sprintf(buf,"%2d:",i);
+                usdumpsema(lock_cs[i],stdout,buf);
+                usfreesema(lock_cs[i],arena);
+                }
+        }
+void irix_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                printf("lock %d\n",type);
+                uspsema(lock_cs[type]);
+                }
+        else
+                {
+                printf("unlock %d\n",type);
+                usvsema(lock_cs[type]);
+                }
+        }
+void do_threads(s_ctx,c_ctx)
+SSL_CTX *s_ctx,*c_ctx;
+        {
+        SSL_CTX *ssl_ctx[2];
+        int thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        for (i=0; i<thread_number; i++)
+                {
+                thread_ctx[i]=sproc((void (*)())ndoit,
+                        PR_SADDR|PR_SFDS,(void *)ssl_ctx);
+                }
+        printf("reaping\n");
+        for (i=0; i<thread_number; i++)
+                {
+                wait(NULL);
+                }
+        printf("irix threads done (%d,%d)\n",
+                s_ctx->references,c_ctx->references);
+        }
+unsigned long irix_thread_id()
+        {
+        unsigned long ret;
+        ret=(unsigned long)getpid();
+        return(ret);
+        }
+#endif /* IRIX */
+#ifdef PTHREADS
+static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+static long lock_count[CRYPTO_NUM_LOCKS];
+void thread_setup()
+        {
+        int i;
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_count[i]=0;
+                pthread_mutex_init(&(lock_cs[i]),NULL);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+        CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+        }
+void thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        fprintf(stderr,"cleanup\n");
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                pthread_mutex_destroy(&(lock_cs[i]));
+                fprintf(stderr,"%8ld:%s\n",lock_count[i],
+                        CRYPTO_get_lock_name(i));
+                }
+        fprintf(stderr,"done cleanup\n");
+        }
+void pthreads_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+      {
+#ifdef undef
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+/*
+        if (CRYPTO_LOCK_SSL_CERT == type)
+                fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                CRYPTO_thread_id(),
+                mode,file,line);
+*/
+        if (mode & CRYPTO_LOCK)
+                {
+                pthread_mutex_lock(&(lock_cs[type]));
+                lock_count[type]++;
+                }
+        else
+                {
+                pthread_mutex_unlock(&(lock_cs[type]));
+                }
+        }
+void do_threads(s_ctx,c_ctx)
+SSL_CTX *s_ctx,*c_ctx;
+        {
+        SSL_CTX *ssl_ctx[2];
+        pthread_t thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        /*
+        thr_setconcurrency(thread_number);
+        */
+        for (i=0; i<thread_number; i++)
+                {
+                pthread_create(&(thread_ctx[i]), NULL,
+                        (void *(*)())ndoit, (void *)ssl_ctx);
+                }
+        printf("reaping\n");
+        for (i=0; i<thread_number; i++)
+                {
+                pthread_join(thread_ctx[i],NULL);
+                }
+        printf("pthreads threads done (%d,%d)\n",
+        s_ctx->references,c_ctx->references);
+        }
+unsigned long pthreads_thread_id()
+        {
+        unsigned long ret;
+        ret=(unsigned long)pthread_self();
+        return(ret);
+        }
+#endif /* PTHREADS */
diff --git a/src/lib/libssl/src/crypto/threads/th-lock.c b/src/lib/libssl/src/crypto/threads/th-lock.c
new file mode 100644
index 0000000000..039022446d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/threads/th-lock.c
@@ -0,0 +1,399 @@
+/* crypto/threads/th-lock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#ifdef LINUX
+#include <typedefs.h>
+#endif
+#ifdef WIN32
+#include <windows.h>
+#endif
+#ifdef SOLARIS
+#include <synch.h>
+#include <thread.h>
+#endif
+#ifdef IRIX
+#include <ulocks.h>
+#include <sys/prctl.h>
+#endif
+#include "lhash.h"
+#include "crypto.h"
+#include "buffer.h"
+#include "e_os.h"
+#include "x509.h"
+#include "ssl.h"
+#include "err.h"
+#ifndef NOPROTO
+int CRYPTO_thread_setup(void);
+void CRYPTO_thread_cleanup(void);
+static void irix_locking_callback(int mode,int type,char *file,int line);
+static void solaris_locking_callback(int mode,int type,char *file,int line);
+static void win32_locking_callback(int mode,int type,char *file,int line);
+static void pthreads_locking_callback(int mode,int type,char *file,int line);
+static unsigned long irix_thread_id(void );
+static unsigned long solaris_thread_id(void );
+static unsigned long pthreads_thread_id(void );
+#else
+int CRYPOTO_thread_setup();
+void CRYPTO_cleanup();
+static void irix_locking_callback();
+static void solaris_locking_callback();
+static void win32_locking_callback();
+static void pthreads_locking_callback();
+static unsigned long irix_thread_id();
+static unsigned long solaris_thread_id();
+static unsigned long pthreads_thread_id();
+#endif
+/* usage:
+ * CRYPTO_thread_setup();
+ * applicaion code
+ * CRYPTO_thread_cleanup();
+ */
+#define THREAD_STACK_SIZE (16*1024)
+#ifdef WIN32
+static HANDLE lock_cs[CRYPTO_NUM_LOCKS];
+int CRYPTO_thread_setup()
+        {
+        int i;
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
+                }
+        CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
+        /* id callback defined */
+        return(1);
+        }
+static void CRYPTO_thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                CloseHandle(lock_cs[i]);
+        }
+void win32_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                WaitForSingleObject(lock_cs[type],INFINITE);
+                }
+        else
+                {
+                ReleaseMutex(lock_cs[type]);
+                }
+        }
+#endif /* WIN32 */
+#ifdef SOLARIS
+#define USE_MUTEX
+static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+#ifdef USE_MUTEX
+static long lock_count[CRYPTO_NUM_LOCKS];
+#else
+static rwlock_t lock_cs[CRYPTO_NUM_LOCKS];
+#endif
+void CRYPTO_thread_setup()
+        {
+        int i;
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_count[i]=0;
+#ifdef USE_MUTEX
+                mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+#else
+                rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+#endif
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+        CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+        }
+void CRYPTO_thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+#ifdef USE_MUTEX
+                mutex_destroy(&(lock_cs[i]));
+#else
+                rwlock_destroy(&(lock_cs[i]));
+#endif
+                }
+        }
+void solaris_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+        {
+#if 0
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+#if 0
+        if (CRYPTO_LOCK_SSL_CERT == type)
+                fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                        CRYPTO_thread_id(),
+                        mode,file,line);
+#endif
+        if (mode & CRYPTO_LOCK)
+                {
+#ifdef USE_MUTEX
+                mutex_lock(&(lock_cs[type]));
+#else
+                if (mode & CRYPTO_READ)
+                        rw_rdlock(&(lock_cs[type]));
+                else
+                        rw_wrlock(&(lock_cs[type]));
+#endif
+                lock_count[type]++;
+                }
+        else
+                {
+#ifdef USE_MUTEX
+                mutex_unlock(&(lock_cs[type]));
+#else
+                rw_unlock(&(lock_cs[type]));
+#endif
+                }
+        }
+unsigned long solaris_thread_id()
+        {
+        unsigned long ret;
+        ret=(unsigned long)thr_self();
+        return(ret);
+        }
+#endif /* SOLARIS */
+#ifdef IRIX
+/* I don't think this works..... */
+static usptr_t *arena;
+static usema_t *lock_cs[CRYPTO_NUM_LOCKS];
+void CRYPTO_thread_setup()
+        {
+        int i;
+        char filename[20];
+        strcpy(filename,"/tmp/mttest.XXXXXX");
+        mktemp(filename);
+        usconfig(CONF_STHREADIOOFF);
+        usconfig(CONF_STHREADMALLOCOFF);
+        usconfig(CONF_INITUSERS,100);
+        usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
+        arena=usinit(filename);
+        unlink(filename);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_cs[i]=usnewsema(arena,1);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
+        CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+        }
+void CRYPTO_thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                char buf[10];
+                sprintf(buf,"%2d:",i);
+                usdumpsema(lock_cs[i],stdout,buf);
+                usfreesema(lock_cs[i],arena);
+                }
+        }
+void irix_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                uspsema(lock_cs[type]);
+                }
+        else
+                {
+                usvsema(lock_cs[type]);
+                }
+        }
+unsigned long irix_thread_id()
+        {
+        unsigned long ret;
+        ret=(unsigned long)getpid();
+        return(ret);
+        }
+#endif /* IRIX */
+/* Linux and a few others */
+#ifdef PTHREADS
+static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+static long lock_count[CRYPTO_NUM_LOCKS];
+void CRYPTO_thread_setup()
+        {
+        int i;
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                lock_count[i]=0;
+                pthread_mutex_init(&(lock_cs[i]),NULL);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+        CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+        }
+void thread_cleanup()
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+                {
+                pthread_mutex_destroy(&(lock_cs[i]));
+                }
+        }
+void pthreads_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+      {
+#if 0
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+#if 0
+        if (CRYPTO_LOCK_SSL_CERT == type)
+                fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                CRYPTO_thread_id(),
+                mode,file,line);
+#endif
+        if (mode & CRYPTO_LOCK)
+                {
+                pthread_mutex_lock(&(lock_cs[type]));
+                lock_count[type]++;
+                }
+        else
+                {
+                pthread_mutex_unlock(&(lock_cs[type]));
+                }
+        }
+unsigned long pthreads_thread_id()
+        {
+        unsigned long ret;
+        ret=(unsigned long)pthread_self();
+        return(ret);
+        }
+#endif /* PTHREADS */
diff --git a/src/lib/libssl/src/crypto/tmdiff.c b/src/lib/libssl/src/crypto/tmdiff.c
new file mode 100644
index 0000000000..b93799fc03
--- /dev/null
+++ b/src/lib/libssl/src/crypto/tmdiff.c
@@ -0,0 +1,217 @@
+/* crypto/tmdiff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#ifndef MSDOS
+#  ifndef WIN32
+#  define TIMES
+#  endif
+#endif
+#ifndef VMS
+#  ifndef _IRIX
+#   include <time.h>
+#  endif
+#  ifdef TIMES
+#    include <sys/types.h>
+#    include <sys/times.h>
+#  endif
+#else /* VMS */
+#  include <types.h>
+        struct tms {
+                time_t tms_utime;
+                time_t tms_stime;
+                time_t tms_uchild;      /* I dunno...  */
+                time_t tms_uchildsys;   /* so these names are a guess :-) */
+                }
+#endif /* VMS */
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#ifdef WIN32
+#include <windows.h>
+#endif
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   ifndef VMS
+#    define HZ  100.0
+#   else /* VMS */
+#    define HZ  100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+typedef struct ms_tm
+        {
+#ifdef TIMES
+        struct tms ms_tms;
+#else
+#  ifdef WIN32
+        HANDLE thread_id;
+        FILETIME ms_win32;
+#  else
+        struct timeb ms_timeb;
+#  endif
+#endif
+        } MS_TM;
+char *ms_time_init()
+        {
+        MS_TM *ret;
+        ret=malloc(sizeof(MS_TM));
+        if (ret == NULL)
+                return(NULL);
+        memset(ret,0,sizeof(MS_TM));
+#ifdef WIN32
+        ret->thread_id=GetCurrentThread();
+#endif
+        return((char *)ret);
+        }
+void ms_time_final(a)
+char *a;
+        {
+        if (a != NULL)
+                free(a);
+        }
+void ms_time_get(a)
+char *a;
+        {
+        MS_TM *tm=(MS_TM *)a;
+    FILETIME tmpa,tmpb,tmpc;
+#ifdef TIMES
+    printf("AAA\n");
+        times(&tm->ms_tms);
+#else
+#  ifdef WIN32
+        GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32));
+#  else
+    printf("CCC\n");
+        ftime(tm->ms_timeb);
+#  endif
+#endif
+        }
+double ms_time_diff(ap,bp)
+char *ap,*bp;
+        {
+        MS_TM *a=(MS_TM *)ap;
+        MS_TM *b=(MS_TM *)bp;
+        double ret;
+#ifdef TIMES
+        ret=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ;
+#else
+# ifdef WIN32
+        ret =(double)(b->ms_win32.dwHighDateTime&0x000fffff)*10+
+                b->ms_win32.dwLowDateTime/1e7;
+        ret-=(double)(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;
+# else
+        ret=     (double)(b->time-a->time)+
+                ((double)((unsigned long)b->mullitm-(unsigned long)))/1000.0;
+#  endif
+#endif
+        return((ret < 0.0000001)?0.0000001:ret);
+        }
+int ms_time_cmp(ap,bp)
+char *ap,*bp;
+        {
+        MS_TM *a=(MS_TM *)ap,*b=(MS_TM *)bp;
+        double d;
+        int ret;
+#ifdef TIMES
+        d=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ;
+#else
+# ifdef WIN32
+        d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7;
+        d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;
+# else
+        d=       (double)(b->time-a->time)+
+                ((double)((unsigned long)b->mullitm-(unsigned long)))/1000.0;
+#  endif
+#endif
+        if (d == 0.0)
+                ret=0;
+        else if (d < 0)
+                ret= -1;
+        else
+                ret=1;
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/txt_db/txt_db.c b/src/lib/libssl/src/crypto/txt_db/txt_db.c
new file mode 100644
index 0000000000..e34ce4efa9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/txt_db/txt_db.c
@@ -0,0 +1,394 @@
+/* crypto/txt_db/txt_db.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "cryptlib.h"
+#include "buffer.h"
+#include "txt_db.h"
+#undef BUFSIZE
+#define BUFSIZE 512
+char *TXT_DB_version="TXT_DB part of SSLeay 0.9.0b 29-Jun-1998";
+TXT_DB *TXT_DB_read(in,num)
+BIO *in;
+int num;
+        {
+        TXT_DB *ret=NULL;
+        int er=1;
+        int esc=0;
+        long ln=0;
+        int i,add,n;
+        int size=BUFSIZE;
+        int offset=0;
+        char *p,**pp,*f;
+        BUF_MEM *buf=NULL;
+        if ((buf=BUF_MEM_new()) == NULL) goto err;
+        if (!BUF_MEM_grow(buf,size)) goto err;
+        if ((ret=(TXT_DB *)Malloc(sizeof(TXT_DB))) == NULL)
+                goto err;
+        ret->num_fields=num;
+        ret->index=NULL;
+        ret->qual=NULL;
+        if ((ret->data=sk_new_null()) == NULL)
+                goto err;
+        if ((ret->index=(LHASH **)Malloc(sizeof(LHASH *)*num)) == NULL)
+                goto err;
+        if ((ret->qual=(int (**)())Malloc(sizeof(int (**)())*num)) == NULL)
+                goto err;
+        for (i=0; i<num; i++)
+                {
+                ret->index[i]=NULL;
+                ret->qual[i]=NULL;
+                }
+        add=(num+1)*sizeof(char *);
+        buf->data[size-1]='\0';
+        offset=0;
+        for (;;)
+                {
+                if (offset != 0)
+                        {
+                        size+=BUFSIZE;
+                        if (!BUF_MEM_grow(buf,size)) goto err;
+                        }
+                buf->data[offset]='\0';
+                BIO_gets(in,&(buf->data[offset]),size-offset);
+                ln++;
+                if (buf->data[offset] == '\0') break;
+                if ((offset == 0) && (buf->data[0] == '#')) continue;
+                i=strlen(&(buf->data[offset]));
+                offset+=i;
+                if (buf->data[offset-1] != '\n')
+                        continue;
+                else
+                        {
+                        buf->data[offset-1]='\0'; /* blat the '\n' */
+                        p=(char *)Malloc(add+offset);
+                        offset=0;
+                        }
+                pp=(char **)p;
+                p+=add;
+                n=0;
+                pp[n++]=p;
+                i=0;
+                f=buf->data;
+                esc=0;
+                for (;;)
+                        {
+                        if (*f == '\0') break;
+                        if (*f == '\t')
+                                {
+                                if (esc)
+                                        p--;
+                                else
+                                        {       
+                                        *(p++)='\0';
+                                        f++;
+                                        if (n >=  num) break;
+                                        pp[n++]=p;
+                                        continue;
+                                        }
+                                }
+                        esc=(*f == '\\');
+                        *(p++)= *(f++);
+                        }
+                *(p++)='\0';
+                if ((n != num) || (*f != '\0'))
+                        {
+#if !defined(NO_STDIO) && !defined(WIN16)       /* temporaty fix :-( */
+                        fprintf(stderr,"wrong number of fields on line %ld\n",ln);
+#endif
+                        er=2;
+                        goto err;
+                        }
+                pp[n]=p;
+                if (!sk_push(ret->data,(char *)pp))
+                        {
+#if !defined(NO_STDIO) && !defined(WIN16)       /* temporaty fix :-( */
+                        fprintf(stderr,"failure in sk_push\n");
+#endif
+                        er=2;
+                        goto err;
+                        }
+                }
+        er=0;
+err:
+        BUF_MEM_free(buf);
+        if (er)
+                {
+#if !defined(NO_STDIO) && !defined(WIN16)
+                if (er == 1) fprintf(stderr,"Malloc failure\n");
+#endif
+                if (ret->data != NULL) sk_free(ret->data);
+                if (ret->index != NULL) Free(ret->index);
+                if (ret->qual != NULL) Free((char *)ret->qual);
+                if (ret != NULL) Free(ret);
+                return(NULL);
+                }
+        else
+                return(ret);
+        }
+char **TXT_DB_get_by_index(db,idx,value)
+TXT_DB *db;
+int idx;
+char **value;
+        {
+        char **ret;
+        LHASH *lh;
+        if (idx >= db->num_fields)
+                {
+                db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
+                return(NULL);
+                }
+        lh=db->index[idx];
+        if (lh == NULL)
+                {
+                db->error=DB_ERROR_NO_INDEX;
+                return(NULL);
+                }
+        ret=(char **)lh_retrieve(lh,(char *)value);
+        db->error=DB_ERROR_OK;
+        return(ret);
+        }
+int TXT_DB_create_index(db,field,qual,hash,cmp)
+TXT_DB *db;
+int field;
+int (*qual)();
+unsigned long (*hash)();
+int (*cmp)();
+        {
+        LHASH *idx;
+        char *r;
+        int i,n;
+        if (field >= db->num_fields)
+                {
+                db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
+                return(0);
+                }
+        if ((idx=lh_new(hash,cmp)) == NULL)
+                {
+                db->error=DB_ERROR_MALLOC;
+                return(0);
+                }
+        n=sk_num(db->data);
+        for (i=0; i<n; i++)
+                {
+                r=(char *)sk_value(db->data,i);
+                if ((qual != NULL) && (qual(r) == 0)) continue;
+                if ((r=lh_insert(idx,r)) != NULL)
+                        {
+                        db->error=DB_ERROR_INDEX_CLASH;
+                        db->arg1=sk_find(db->data,r);
+                        db->arg2=i;
+                        lh_free(idx);
+                        return(0);
+                        }
+                }
+        if (db->index[field] != NULL) lh_free(db->index[field]);
+        db->index[field]=idx;
+        db->qual[field]=qual;
+        return(1);
+        }
+long TXT_DB_write(out,db)
+BIO *out;
+TXT_DB *db;
+        {
+        long i,j,n,nn,l,tot=0;
+        char *p,**pp,*f;
+        BUF_MEM *buf=NULL;
+        long ret= -1;
+        if ((buf=BUF_MEM_new()) == NULL)
+                goto err;
+        n=sk_num(db->data);
+        nn=db->num_fields;
+        for (i=0; i<n; i++)
+                {
+                pp=(char **)sk_value(db->data,i);
+                l=0;
+                for (j=0; j<nn; j++)
+                        {
+                        if (pp[j] != NULL)
+                                l+=strlen(pp[j]);
+                        }
+                if (!BUF_MEM_grow(buf,(int)(l*2+nn))) goto err;
+                p=buf->data;
+                for (j=0; j<nn; j++)
+                        {
+                        f=pp[j];
+                        if (f != NULL)
+                                for (;;) 
+                                        {
+                                        if (*f == '\0') break;
+                                        if (*f == '\t') *(p++)='\\';
+                                        *(p++)= *(f++);
+                                        }
+                        *(p++)='\t';
+                        }
+                p[-1]='\n';
+                j=p-buf->data;
+                if (BIO_write(out,buf->data,(int)j) != j)
+                        goto err;
+                tot+=j;
+                }
+        ret=tot;
+err:
+        if (buf != NULL) BUF_MEM_free(buf);
+        return(ret);
+        }
+int TXT_DB_insert(db,row)
+TXT_DB *db;
+char **row;
+        {
+        int i;
+        char **r;
+        for (i=0; i<db->num_fields; i++)
+                {
+                if (db->index[i] != NULL)
+                        {
+                        if ((db->qual[i] != NULL) &&
+                                (db->qual[i](row) == 0)) continue;
+                        r=(char **)lh_retrieve(db->index[i],(char *)row);
+                        if (r != NULL)
+                                {
+                                db->error=DB_ERROR_INDEX_CLASH;
+                                db->arg1=i;
+                                db->arg_row=r;
+                                goto err;
+                                }
+                        }
+                }
+        /* We have passed the index checks, now just append and insert */
+        if (!sk_push(db->data,(char *)row))
+                {
+                db->error=DB_ERROR_MALLOC;
+                goto err;
+                }
+        for (i=0; i<db->num_fields; i++)
+                {
+                if (db->index[i] != NULL)
+                        {
+                        if ((db->qual[i] != NULL) &&
+                                (db->qual[i](row) == 0)) continue;
+                        lh_insert(db->index[i],(char *)row);
+                        }
+                }
+        return(1);
+err:
+        return(0);
+        }
+void TXT_DB_free(db)
+TXT_DB *db;
+        {
+        int i,n;
+        char **p,*max;
+        if (db->index != NULL)
+                {
+                for (i=db->num_fields-1; i>=0; i--)
+                        if (db->index[i] != NULL) lh_free(db->index[i]);
+                Free(db->index);
+                }
+        if (db->qual != NULL)
+                Free(db->qual);
+        if (db->data != NULL)
+                {
+                for (i=sk_num(db->data)-1; i>=0; i--)
+                        {
+                        /* check if any 'fields' have been allocated
+                         * from outside of the initial block */
+                        p=(char **)sk_value(db->data,i);
+                        max=p[db->num_fields]; /* last address */
+                        if (max == NULL) /* new row */
+                                {
+                                for (n=0; n<db->num_fields; n++)
+                                        if (p[n] != NULL) Free(p[n]);
+                                }
+                        else
+                                {
+                                for (n=0; n<db->num_fields; n++)
+                                        {
+                                        if (((p[n] < (char *)p) || (p[n] > max))
+                                                && (p[n] != NULL))
+                                                Free(p[n]);
+                                        }
+                                }
+                        Free(sk_value(db->data,i));
+                        }
+                sk_free(db->data);
+                }
+        Free(db);
+        }
diff --git a/src/lib/libssl/src/crypto/txt_db/txt_db.h b/src/lib/libssl/src/crypto/txt_db/txt_db.h
new file mode 100644
index 0000000000..aca6dae393
--- /dev/null
+++ b/src/lib/libssl/src/crypto/txt_db/txt_db.h
@@ -0,0 +1,117 @@
+/* crypto/txt_db/txt_db.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_TXT_DB_H
+#define HEADER_TXT_DB_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "stack.h"
+#include "lhash.h"
+#define DB_ERROR_OK                     0
+#define DB_ERROR_MALLOC                 1
+#define DB_ERROR_INDEX_CLASH            2
+#define DB_ERROR_INDEX_OUT_OF_RANGE     3
+#define DB_ERROR_NO_INDEX               4
+#define DB_ERROR_INSERT_INDEX_CLASH     5
+typedef struct txt_db_st
+        {
+        int num_fields;
+        STACK /* char ** */ *data;
+        LHASH **index;
+        int (**qual)();
+        long error;
+        long arg1;
+        long arg2;
+        char **arg_row;
+        } TXT_DB;
+#ifndef NOPROTO
+#ifdef HEADER_BIO_H
+TXT_DB *TXT_DB_read(BIO *in, int num);
+long TXT_DB_write(BIO *out, TXT_DB *db);
+#else
+TXT_DB *TXT_DB_read(char *in, int num);
+long TXT_DB_write(char *out, TXT_DB *db);
+#endif
+int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(),
+         unsigned long (*hash)(),int (*cmp)());
+void TXT_DB_free(TXT_DB *db);
+char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
+int TXT_DB_insert(TXT_DB *db,char **value);
+#else
+TXT_DB *TXT_DB_read();
+long TXT_DB_write();
+int TXT_DB_create_index();
+void TXT_DB_free();
+char **TXT_DB_get_by_index();
+int TXT_DB_insert();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c
new file mode 100644
index 0000000000..11725ec94c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/by_dir.c
@@ -0,0 +1,359 @@
+/* crypto/x509/by_dir.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "cryptlib.h"
+#include "lhash.h"
+#include "x509.h"
+#include "pem.h"
+typedef struct lookup_dir_st
+        {
+        BUF_MEM *buffer;
+        int num_dirs;
+        char **dirs;
+        int *dirs_type;
+        int num_dirs_alloced;
+        } BY_DIR;
+#ifndef NOPROTO
+static int dir_ctrl(X509_LOOKUP *ctx,int cmd,char *argp,long argl,char **ret);
+static int new_dir(X509_LOOKUP *lu);
+static void free_dir(X509_LOOKUP *lu);
+static int add_cert_dir(BY_DIR *ctx,char *dir,int type);
+static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
+        X509_OBJECT *ret);
+#else
+static int dir_ctrl();
+static int new_dir();
+static void free_dir();
+static int add_cert_dir();
+static int get_cert_by_subject();
+#endif
+X509_LOOKUP_METHOD x509_dir_lookup=
+        {
+        "Load certs from files in a directory",
+        new_dir,                /* new */
+        free_dir,               /* free */
+        NULL,                   /* init */
+        NULL,                   /* shutdown */
+        dir_ctrl,               /* ctrl */
+        get_cert_by_subject,    /* get_by_subject */
+        NULL,                   /* get_by_issuer_serial */
+        NULL,                   /* get_by_fingerprint */
+        NULL,                   /* get_by_alias */
+        };
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir()
+        {
+        return(&x509_dir_lookup);
+        }
+static int dir_ctrl(ctx,cmd,argp,argl,retp)
+X509_LOOKUP *ctx;
+int cmd;
+long argl;
+char *argp;
+char **retp;
+        {
+        int ret=0;
+        BY_DIR *ld;
+        char *dir;
+        ld=(BY_DIR *)ctx->method_data;
+        switch (cmd)
+                {
+        case X509_L_ADD_DIR:
+                if (argl == X509_FILETYPE_DEFAULT)
+                        {
+                        ret=add_cert_dir(ld,X509_get_default_cert_dir(),
+                                X509_FILETYPE_PEM);
+                        if (!ret)
+                                {
+                                X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
+                                }
+                        else
+                                {
+                                dir=(char *)Getenv(X509_get_default_cert_dir_env());
+                                ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
+                                }
+                        }
+                else
+                        ret=add_cert_dir(ld,argp,(int)argl);
+                break;
+                }
+        return(ret);
+        }
+static int new_dir(lu)
+X509_LOOKUP *lu;
+        {
+        BY_DIR *a;
+        if ((a=(BY_DIR *)Malloc(sizeof(BY_DIR))) == NULL)
+                return(0);
+        if ((a->buffer=BUF_MEM_new()) == NULL)
+                {
+                Free(a);
+                return(0);
+                }
+        a->num_dirs=0;
+        a->dirs=NULL;
+        a->dirs_type=NULL;
+        a->num_dirs_alloced=0;
+        lu->method_data=(char *)a;
+        return(1);
+        }
+static void free_dir(lu)
+X509_LOOKUP *lu;
+        {
+        BY_DIR *a;
+        int i;
+        a=(BY_DIR *)lu->method_data;
+        for (i=0; i<a->num_dirs; i++)
+                if (a->dirs[i] != NULL) Free(a->dirs[i]);
+        if (a->dirs != NULL) Free(a->dirs);
+        if (a->dirs_type != NULL) Free(a->dirs_type);
+        if (a->buffer != NULL) BUF_MEM_free(a->buffer);
+        Free(a);
+        }
+static int add_cert_dir(ctx,dir, type)
+BY_DIR *ctx;
+char *dir;
+int type;
+        {
+        int j,len;
+        int *ip;
+        char *s,*ss,*p;
+        char **pp;
+        if (dir == NULL) return(0);
+        s=dir;
+        p=s;
+        for (;;)
+                {
+                if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
+                        {
+                        ss=s;
+                        s=p+1;
+                        len=(int)(p-ss);
+                        if (len == 0) continue;
+                        for (j=0; j<ctx->num_dirs; j++)
+                                if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
+                                        continue;
+                        if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
+                                {
+                                ctx->num_dirs_alloced+=10;
+                                pp=(char **)Malloc(ctx->num_dirs_alloced*
+                                        sizeof(char *));
+                                ip=(int *)Malloc(ctx->num_dirs_alloced*
+                                        sizeof(int));
+                                if ((pp == NULL) || (ip == NULL))
+                                        {
+                                        X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
+                                        return(0);
+                                        }
+                                memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
+                                        sizeof(char *));
+                                memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
+                                        sizeof(int));
+                                if (ctx->dirs != NULL)
+                                        Free((char *)ctx->dirs);
+                                if (ctx->dirs_type != NULL)
+                                        Free((char *)ctx->dirs_type);
+                                ctx->dirs=pp;
+                                ctx->dirs_type=ip;
+                                }
+                        ctx->dirs_type[ctx->num_dirs]=type;
+                        ctx->dirs[ctx->num_dirs]=(char *)Malloc((unsigned int)len+1);
+                        if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
+                        strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
+                        ctx->dirs[ctx->num_dirs][len]='\0';
+                        ctx->num_dirs++;
+                        }
+                if (*p == '\0') break;
+                p++;
+                }
+        return(1);
+        }
+static int get_cert_by_subject(xl,type,name,ret)
+X509_LOOKUP *xl;
+int type;
+X509_NAME *name;
+X509_OBJECT *ret;
+        {
+        BY_DIR *ctx;
+        union   {
+                struct  {
+                        X509 st_x509;
+                        X509_CINF st_x509_cinf;
+                        } x509;
+                struct  {
+                        X509_CRL st_crl;
+                        X509_CRL_INFO st_crl_info;
+                        } crl;
+                } data;
+        int ok=0;
+        int i,j,k;
+        unsigned long h;
+        BUF_MEM *b=NULL;
+        struct stat st;
+        X509_OBJECT stmp,*tmp;
+        char *postfix="";
+        if (name == NULL) return(0);
+        stmp.type=type;
+        if (type == X509_LU_X509)
+                {
+                data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
+                data.x509.st_x509_cinf.subject=name;
+                stmp.data.x509= &data.x509.st_x509;
+                postfix="";
+                }
+        else if (type == X509_LU_CRL)
+                {
+                data.crl.st_crl.crl= &data.crl.st_crl_info;
+                data.crl.st_crl_info.issuer=name;
+                stmp.data.crl= &data.crl.st_crl;
+                postfix="r";
+                }
+        else
+                {
+                X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
+                goto finish;
+                }
+        if ((b=BUF_MEM_new()) == NULL)
+                {
+                X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
+                goto finish;
+                }
+        
+        ctx=(BY_DIR *)xl->method_data;
+        h=X509_NAME_hash(name);
+        for (i=0; i<ctx->num_dirs; i++)
+                {
+                j=strlen(ctx->dirs[i])+1+8+6+1+1;
+                if (!BUF_MEM_grow(b,j))
+                        {
+                        X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
+                        goto finish;
+                        }
+                k=0;
+                for (;;)
+                        {
+                        sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h,
+                                postfix,k);
+                        k++;
+                        if (stat(b->data,&st) < 0)
+                                break;
+                        /* found one. */
+                        if (type == X509_LU_X509)
+                                {
+                                if ((X509_load_cert_file(xl,b->data,
+                                        ctx->dirs_type[i])) == 0)
+                                        break;
+                                }
+                        else if (type == X509_LU_CRL)
+                                {
+                                if ((X509_load_crl_file(xl,b->data,
+                                        ctx->dirs_type[i])) == 0)
+                                        break;
+                                }
+                        /* else case will caught higher up */
+                        }
+                /* we have added it to the cache so now pull
+                 * it out again */
+                CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
+                tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,
+                        (char *)&stmp);
+                CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
+                if (tmp != NULL)
+                        {
+                        ok=1;
+                        ret->type=tmp->type;
+                        memcpy(&ret->data,&tmp->data,sizeof(ret->data));
+                        /* If we were going to up the reference count,
+                         * we would need to do it on a perl 'type'
+                         * basis */
+        /*              CRYPTO_add(&tmp->data.x509->references,1,
+                                CRYPTO_LOCK_X509);*/
+                        goto finish;
+                        }
+                }
+finish:
+        if (b != NULL) BUF_MEM_free(b);
+        return(ok);
+        }
diff --git a/src/lib/libssl/src/crypto/x509/by_file.c b/src/lib/libssl/src/crypto/x509/by_file.c
new file mode 100644
index 0000000000..09ebb9bf08
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/by_file.c
@@ -0,0 +1,282 @@
+/* crypto/x509/by_file.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "cryptlib.h"
+#include "lhash.h"
+#include "buffer.h"
+#include "x509.h"
+#include "pem.h"
+#ifndef NO_STDIO
+#ifndef NOPROTO
+static int by_file_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,
+        long argl,char **ret);
+#else
+static int by_file_ctrl();
+#endif
+X509_LOOKUP_METHOD x509_file_lookup=
+        {
+        "Load file into cache",
+        NULL,           /* new */
+        NULL,           /* free */
+        NULL,           /* init */
+        NULL,           /* shutdown */
+        by_file_ctrl,   /* ctrl */
+        NULL,           /* get_by_subject */
+        NULL,           /* get_by_issuer_serial */
+        NULL,           /* get_by_fingerprint */
+        NULL,           /* get_by_alias */
+        };
+X509_LOOKUP_METHOD *X509_LOOKUP_file()
+        {
+        return(&x509_file_lookup);
+        }
+static int by_file_ctrl(ctx,cmd,argp,argl,ret)
+X509_LOOKUP *ctx;
+int cmd;
+char *argp;
+long argl;
+char **ret;
+        {
+        int ok=0,ok2=0;
+        char *file;
+        switch (cmd)
+                {
+        case X509_L_FILE_LOAD:
+                if (argl == X509_FILETYPE_DEFAULT)
+                        {
+                        ok=X509_load_cert_file(ctx,X509_get_default_cert_file(),
+                                X509_FILETYPE_PEM);
+                        ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(),
+                                X509_FILETYPE_PEM);
+                        if (!ok || !ok2)
+                                {
+                                X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
+                                }
+                        else
+                                {
+                                file=(char *)Getenv(X509_get_default_cert_file_env());
+                                ok=X509_load_cert_file(ctx,file,
+                                        X509_FILETYPE_PEM);
+                                ok2=X509_load_crl_file(ctx,file,
+                                        X509_FILETYPE_PEM);
+                                }
+                        }
+                else
+                        {
+                        ok=X509_load_cert_file(ctx,argp,(int)argl);
+                        ok2=X509_load_crl_file(ctx,argp,(int)argl);
+                        }
+                break;
+                }
+        return((ok && ok2)?ok:0);
+        }
+int X509_load_cert_file(ctx,file,type)
+X509_LOOKUP *ctx;
+char *file;
+int type;
+        {
+        int ret=0;
+        BIO *in=NULL;
+        int i,count=0;
+        X509 *x=NULL;
+        if (file == NULL) return(1);
+        in=BIO_new(BIO_s_file_internal());
+        if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
+                {
+                X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
+                goto err;
+                }
+        if (type == X509_FILETYPE_PEM)
+                {
+                for (;;)
+                        {
+                        x=PEM_read_bio_X509(in,NULL,NULL);
+                        if (x == NULL)
+                                {
+                                if ((ERR_GET_REASON(ERR_peek_error()) ==
+                                        PEM_R_NO_START_LINE) && (count > 0))
+                                        {
+                                        ERR_clear_error();
+                                        break;
+                                        }
+                                else
+                                        {
+                                        X509err(X509_F_X509_LOAD_CERT_FILE,
+                                                ERR_R_PEM_LIB);
+                                        goto err;
+                                        }
+                                }
+                        i=X509_STORE_add_cert(ctx->store_ctx,x);
+                        if (!i) goto err;
+                        count++;
+                        X509_free(x);
+                        x=NULL;
+                        }
+                ret=count;
+                }
+        else if (type == X509_FILETYPE_ASN1)
+                {
+                x=d2i_X509_bio(in,NULL);
+                if (x == NULL)
+                        {
+                        X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                i=X509_STORE_add_cert(ctx->store_ctx,x);
+                if (!i) goto err;
+                ret=i;
+                }
+        else
+                {
+                X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
+                goto err;
+                }
+err:
+        if (x != NULL) X509_free(x);
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+int X509_load_crl_file(ctx,file,type)
+X509_LOOKUP *ctx;
+char *file;
+int type;
+        {
+        int ret=0;
+        BIO *in=NULL;
+        int i,count=0;
+        X509_CRL *x=NULL;
+        if (file == NULL) return(1);
+        in=BIO_new(BIO_s_file_internal());
+        if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
+                {
+                X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
+                goto err;
+                }
+        if (type == X509_FILETYPE_PEM)
+                {
+                for (;;)
+                        {
+                        x=PEM_read_bio_X509_CRL(in,NULL,NULL);
+                        if (x == NULL)
+                                {
+                                if ((ERR_GET_REASON(ERR_peek_error()) ==
+                                        PEM_R_NO_START_LINE) && (count > 0))
+                                        {
+                                        ERR_clear_error();
+                                        break;
+                                        }
+                                else
+                                        {
+                                        X509err(X509_F_X509_LOAD_CRL_FILE,
+                                                ERR_R_PEM_LIB);
+                                        goto err;
+                                        }
+                                }
+                        i=X509_STORE_add_crl(ctx->store_ctx,x);
+                        if (!i) goto err;
+                        count++;
+                        X509_CRL_free(x);
+                        x=NULL;
+                        }
+                ret=count;
+                }
+        else if (type == X509_FILETYPE_ASN1)
+                {
+                x=d2i_X509_CRL_bio(in,NULL);
+                if (x == NULL)
+                        {
+                        X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                i=X509_STORE_add_crl(ctx->store_ctx,x);
+                if (!i) goto err;
+                ret=i;
+                }
+        else
+                {
+                X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
+                goto err;
+                }
+err:
+        if (x != NULL) X509_CRL_free(x);
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif /* NO_STDIO */
diff --git a/src/lib/libssl/src/crypto/x509/x509.h b/src/lib/libssl/src/crypto/x509/x509.h
new file mode 100644
index 0000000000..95114f7c43
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509.h
@@ -0,0 +1,1152 @@
+/* crypto/x509/x509.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_X509_H
+#define HEADER_X509_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "stack.h"
+#include "asn1.h"
+#ifndef NO_RSA
+#include "rsa.h"
+#else
+#define RSA     long
+#endif
+#ifndef NO_DSA
+#include "dsa.h"
+#else
+#define DSA     long
+#endif
+#ifndef NO_DH
+#include "dh.h"
+#else
+#define DH      long
+#endif
+#include "evp.h"
+#define X509_FILETYPE_PEM       1
+#define X509_FILETYPE_ASN1      2
+#define X509_FILETYPE_DEFAULT   3
+#define X509v3_KU_DIGITAL_SIGNATURE     0x0080
+#define X509v3_KU_NON_REPUDIATION       0x0040
+#define X509v3_KU_KEY_ENCIPHERMENT      0x0020
+#define X509v3_KU_DATA_ENCIPHERMENT     0x0010
+#define X509v3_KU_KEY_AGREEMENT         0x0008
+#define X509v3_KU_KEY_CERT_SIGN         0x0004
+#define X509v3_KU_CRL_SIGN              0x0002
+#define X509v3_KU_ENCIPHER_ONLY         0x0001
+#define X509v3_KU_DECIPHER_ONLY         0x8000
+#define X509v3_KU_UNDEF                 0xffff
+typedef struct X509_objects_st
+        {
+        int nid;
+        int (*a2i)();
+        int (*i2a)();
+        } X509_OBJECTS;
+typedef struct X509_algor_st
+        {
+        ASN1_OBJECT *algorithm;
+        ASN1_TYPE *parameter;
+        } X509_ALGOR;
+typedef struct X509_val_st
+        {
+        ASN1_UTCTIME *notBefore;
+        ASN1_UTCTIME *notAfter;
+        } X509_VAL;
+typedef struct X509_pubkey_st
+        {
+        X509_ALGOR *algor;
+        ASN1_BIT_STRING *public_key;
+        struct evp_pkey_st /* EVP_PKEY*/ *pkey;
+        } X509_PUBKEY;
+typedef struct X509_sig_st
+        {
+        X509_ALGOR *algor;
+        ASN1_OCTET_STRING *digest;
+        } X509_SIG;
+typedef struct X509_name_entry_st
+        {
+        ASN1_OBJECT *object;
+        ASN1_STRING *value;
+        int set;
+        int size;       /* temp variable */
+        } X509_NAME_ENTRY;
+/* we always keep X509_NAMEs in 2 forms. */
+typedef struct X509_name_st
+        {
+        STACK *entries; /* of X509_NAME_ENTRY */
+        int modified;   /* true if 'bytes' needs to be built */
+#ifdef HEADER_BUFFER_H
+        BUF_MEM *bytes;
+#else
+        char *bytes;
+#endif
+        unsigned long hash; /* Keep the hash around for lookups */
+        } X509_NAME;
+#define X509_EX_V_NETSCAPE_HACK         0x8000
+#define X509_EX_V_INIT                  0x0001
+typedef struct X509_extension_st
+        {
+        ASN1_OBJECT *object;
+        short critical;
+        short netscape_hack;
+        ASN1_OCTET_STRING *value;
+        long argl;                      /* used when decoding */
+        char *argp;                     /* used when decoding */
+        void (*ex_free)();              /* clear argp stuff */
+        } X509_EXTENSION;
+/* #if 1 */
+typedef struct x509_extension_method_st
+        {
+        int nid;
+        int data_type;
+        int pack_type;
+        void (*ex_clear)();
+        int (*ex_get_bool)();
+        int (*ex_set_bool)();
+        int (*ex_get_str)();
+        int (*ex_set_str)();
+        char *(*ex_get_struct)();
+        int (*ex_set_struct)();
+        int (*a2i)();
+        int (*i2a)();
+        } X509_EXTENSION_METHOD;
+/* #endif */
+typedef struct X509_req_info_st
+        {
+        ASN1_INTEGER *version;
+        X509_NAME *subject;
+        X509_PUBKEY *pubkey;
+        /*  d=2 hl=2 l=  0 cons: cont: 00 */
+        STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */
+        int req_kludge;
+        } X509_REQ_INFO;
+typedef struct X509_req_st
+        {
+        X509_REQ_INFO *req_info;
+        X509_ALGOR *sig_alg;
+        ASN1_BIT_STRING *signature;
+        int references;
+        } X509_REQ;
+typedef struct x509_cinf_st
+        {
+        ASN1_INTEGER *version;          /* [ 0 ] default of v1 */
+        ASN1_INTEGER *serialNumber;
+        X509_ALGOR *signature;
+        X509_NAME *issuer;
+        X509_VAL *validity;
+        X509_NAME *subject;
+        X509_PUBKEY *key;
+        ASN1_BIT_STRING *issuerUID;             /* [ 1 ] optional in v2 */
+        ASN1_BIT_STRING *subjectUID;            /* [ 2 ] optional in v2 */
+        STACK /* X509_EXTENSION */ *extensions; /* [ 3 ] optional in v3 */
+        } X509_CINF;
+typedef struct x509_st
+        {
+        X509_CINF *cert_info;
+        X509_ALGOR *sig_alg;
+        ASN1_BIT_STRING *signature;
+        int valid;
+        int references;
+        char *name;
+        } X509;
+typedef struct X509_revoked_st
+        {
+        ASN1_INTEGER *serialNumber;
+        ASN1_UTCTIME *revocationDate;
+        STACK /* optional X509_EXTENSION */ *extensions;
+        int sequence; /* load sequence */
+        } X509_REVOKED;
+typedef struct X509_crl_info_st
+        {
+        ASN1_INTEGER *version;
+        X509_ALGOR *sig_alg;
+        X509_NAME *issuer;
+        ASN1_UTCTIME *lastUpdate;
+        ASN1_UTCTIME *nextUpdate;
+        STACK /* X509_REVOKED */ *revoked;
+        STACK /* [0] X509_EXTENSION */ *extensions;
+        } X509_CRL_INFO;
+typedef struct X509_crl_st
+        {
+        /* actual signature */
+        X509_CRL_INFO *crl;
+        X509_ALGOR *sig_alg;
+        ASN1_BIT_STRING *signature;
+        int references;
+        } X509_CRL;
+/* a sequence of these are used */
+typedef struct x509_attributes_st
+        {
+        ASN1_OBJECT *object;
+        int set; /* 1 for a set, 0 for a single item (which is wrong) */
+        union   {
+                char            *ptr;
+/* 1 */         STACK /* ASN1_TYPE */ *set;
+/* 0 */         ASN1_TYPE       *single;
+                } value;
+        } X509_ATTRIBUTE;
+typedef struct private_key_st
+        {
+        int version;
+        /* The PKCS#8 data types */
+        X509_ALGOR *enc_algor;
+        ASN1_OCTET_STRING *enc_pkey;    /* encrypted pub key */
+        /* When decrypted, the following will not be NULL */
+        EVP_PKEY *dec_pkey;
+        /* used to encrypt and decrypt */
+        int key_length;
+        char *key_data;
+        int key_free;   /* true if we should auto free key_data */
+        /* expanded version of 'enc_algor' */
+        EVP_CIPHER_INFO cipher;
+        int references;
+        } X509_PKEY;
+#ifdef HEADER_ENVELOPE_H
+typedef struct X509_info_st
+        {
+        X509 *x509;
+        X509_CRL *crl;
+        X509_PKEY *x_pkey;
+        EVP_CIPHER_INFO enc_cipher;
+        int enc_len;
+        char *enc_data;
+        int references;
+        } X509_INFO;
+#endif
+/* The next 2 structures and their 8 routines were sent to me by
+ * Pat Richard <patr@x509.com> and are used to manipulate
+ * Netscapes spki strucutres - usefull if you are writing a CA web page
+ */
+typedef struct Netscape_spkac_st
+        {
+        X509_PUBKEY *pubkey;
+        ASN1_IA5STRING *challenge;      /* challenge sent in atlas >= PR2 */
+        } NETSCAPE_SPKAC;
+typedef struct Netscape_spki_st
+        {
+        NETSCAPE_SPKAC *spkac;  /* signed public key and challenge */
+        X509_ALGOR *sig_algor;
+        ASN1_BIT_STRING *signature;
+        } NETSCAPE_SPKI;
+#ifndef HEADER_BN_H
+#define BIGNUM          char
+#endif
+typedef struct CBCParameter_st
+        {
+        unsigned char iv[8];
+        } CBC_PARAM;
+#include "x509_vfy.h"
+#include "pkcs7.h"
+#ifdef SSLEAY_MACROS
+#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
+        a->signature,(char *)a->cert_info,r)
+#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
+        a->sig_alg,a->signature,(char *)a->req_info,r)
+#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
+        a->sig_alg, a->signature,(char *)a->crl,r)
+#define X509_sign(x,pkey,md) \
+        ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
+                x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
+#define X509_REQ_sign(x,pkey,md) \
+        ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
+                x->signature, (char *)x->req_info,pkey,md)
+#define X509_CRL_sign(x,pkey,md) \
+        ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
+                x->signature, (char *)x->crl,pkey,md)
+#define NETSCAPE_SPKI_sign(x,pkey,md) \
+        ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
+                x->signature, (char *)x->spkac,pkey,md)
+#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
+                (char *(*)())d2i_X509,(char *)x509)
+#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
+                (int (*)())i2d_X509_EXTENSION, \
+                (char *(*)())d2i_X509_EXTENSION,(char *)ex)
+#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
+                (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
+#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
+#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
+                (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
+#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
+#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
+                (char *(*)())d2i_X509_CRL,(char *)crl)
+#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
+                X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
+                (unsigned char **)(crl))
+#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
+                (unsigned char *)crl)
+#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
+                X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
+                (unsigned char **)(crl))
+#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
+                (unsigned char *)crl)
+#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
+                (char *(*)())d2i_PKCS7,(char *)p7)
+#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
+                PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
+                (unsigned char **)(p7))
+#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
+                (unsigned char *)p7)
+#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
+                PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
+                (unsigned char **)(p7))
+#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
+                (unsigned char *)p7)
+#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
+                (char *(*)())d2i_X509_REQ,(char *)req)
+#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
+                X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
+                (unsigned char **)(req))
+#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
+                (unsigned char *)req)
+#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
+                X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
+                (unsigned char **)(req))
+#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
+                (unsigned char *)req)
+#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
+                (char *(*)())d2i_RSAPublicKey,(char *)rsa)
+#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
+                (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
+#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
+                RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
+                (unsigned char **)(rsa))
+#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
+                (unsigned char *)rsa)
+#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
+                RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
+                (unsigned char **)(rsa))
+#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
+                (unsigned char *)rsa)
+#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
+                RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
+                (unsigned char **)(rsa))
+#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
+                (unsigned char *)rsa)
+#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
+                RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
+                (unsigned char **)(rsa))
+#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
+                (unsigned char *)rsa)
+#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
+                DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
+                (unsigned char **)(dsa))
+#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
+                (unsigned char *)dsa)
+#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
+                DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
+                (unsigned char **)(dsa))
+#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
+                (unsigned char *)dsa)
+#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
+                (char *(*)())d2i_X509_NAME,(char *)xn)
+#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
+                (int (*)())i2d_X509_NAME_ENTRY, \
+                (char *(*)())d2i_X509_NAME_ENTRY,\
+                (char *)ne)
+#define X509_digest(data,type,md,len) \
+        ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
+#define X509_NAME_digest(data,type,md,len) \
+        ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
+#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
+        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
+                (char *)data,md,len)
+#endif
+#define X509_EXT_PACK_UNKNOWN   1
+#define X509_EXT_PACK_STRING    2
+#define         X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
+/* #define      X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
+#define         X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
+#define         X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
+#define         X509_extract_key(x)     X509_get_pubkey(x) /*****/
+#define         X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
+#define         X509_REQ_get_subject_name(x) ((x)->req_info->subject)
+#define         X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
+#define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
+#define         X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
+/* This one is only used so that a binary form can output, as in
+ * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
+#define         X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
+#ifndef NOPROTO
+#ifndef SSLEAY_MACROS
+#ifdef HEADER_ENVELOPE_H
+int X509_verify(X509 *a, EVP_PKEY *r);
+char *X509_verify_cert_error_string(long n);
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
+int X509_sign(X509 *x, EVP_PKEY *pkey, EVP_MD *md);
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, EVP_MD *md);
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, EVP_MD *md);
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, EVP_MD *md);
+int X509_digest(X509 *data,EVP_MD *type,unsigned char *md,unsigned int *len);
+int X509_NAME_digest(X509_NAME *data,EVP_MD *type,
+        unsigned char *md,unsigned int *len);
+#endif
+#ifndef NO_FP_API
+X509 *d2i_X509_fp(FILE *fp, X509 *x509);
+int i2d_X509_fp(FILE *fp,X509 *x509);
+X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL *crl);
+int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ *req);
+int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
+RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
+int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
+RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA *rsa);
+int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
+#endif
+#ifdef HEADER_BIO_H
+X509 *d2i_X509_bio(BIO *bp,X509 *x509);
+int i2d_X509_bio(BIO *bp,X509 *x509);
+X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL *crl);
+int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ *req);
+int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
+RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
+int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
+RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA *rsa);
+int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
+#endif
+X509 *X509_dup(X509 *x509);
+X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
+X509_CRL *X509_CRL_dup(X509_CRL *crl);
+X509_REQ *X509_REQ_dup(X509_REQ *req);
+X509_NAME *X509_NAME_dup(X509_NAME *xn);
+X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
+RSA *RSAPublicKey_dup(RSA *rsa);
+RSA *RSAPrivateKey_dup(RSA *rsa);
+#endif /* !SSLEAY_MACROS */
+int             X509_cmp_current_time(ASN1_UTCTIME *s);
+ASN1_UTCTIME *  X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
+char *          X509_get_default_cert_area(void );
+char *          X509_get_default_cert_dir(void );
+char *          X509_get_default_cert_file(void );
+char *          X509_get_default_cert_dir_env(void );
+char *          X509_get_default_cert_file_env(void );
+char *          X509_get_default_private_dir(void );
+X509_REQ *      X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md);
+X509 *          X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
+void ERR_load_X509_strings(void );
+X509_ALGOR *    X509_ALGOR_new(void );
+void            X509_ALGOR_free(X509_ALGOR *a);
+int             i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp);
+X509_ALGOR *    d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp,
+                        long length);
+X509_VAL *      X509_VAL_new(void );
+void            X509_VAL_free(X509_VAL *a);
+int             i2d_X509_VAL(X509_VAL *a,unsigned char **pp);
+X509_VAL *      d2i_X509_VAL(X509_VAL **a,unsigned char **pp,
+                        long length);
+X509_PUBKEY *   X509_PUBKEY_new(void );
+void            X509_PUBKEY_free(X509_PUBKEY *a);
+int             i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp);
+X509_PUBKEY *   d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp,
+                        long length);
+int             X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+EVP_PKEY *      X509_PUBKEY_get(X509_PUBKEY *key);
+int             X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK *chain);
+X509_SIG *      X509_SIG_new(void );
+void            X509_SIG_free(X509_SIG *a);
+int             i2d_X509_SIG(X509_SIG *a,unsigned char **pp);
+X509_SIG *      d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length);
+X509_REQ_INFO *X509_REQ_INFO_new(void);
+void            X509_REQ_INFO_free(X509_REQ_INFO *a);
+int             i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp);
+X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp,
+                        long length);
+X509_REQ *      X509_REQ_new(void);
+void            X509_REQ_free(X509_REQ *a);
+int             i2d_X509_REQ(X509_REQ *a,unsigned char **pp);
+X509_REQ *      d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length);
+X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
+void            X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
+int             i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
+X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
+                        long length);
+X509_EXTENSION *X509_EXTENSION_new(void );
+void            X509_EXTENSION_free(X509_EXTENSION *a);
+int             i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp);
+X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp,
+                        long length);
+X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
+void            X509_NAME_ENTRY_free(X509_NAME_ENTRY *a);
+int             i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp);
+X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp,
+                        long length);
+X509_NAME *     X509_NAME_new(void);
+void            X509_NAME_free(X509_NAME *a);
+int             i2d_X509_NAME(X509_NAME *a,unsigned char **pp);
+X509_NAME *     d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length);
+int             X509_NAME_set(X509_NAME **xn, X509_NAME *name);
+X509_CINF *     X509_CINF_new(void);
+void            X509_CINF_free(X509_CINF *a);
+int             i2d_X509_CINF(X509_CINF *a,unsigned char **pp);
+X509_CINF *     d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length);
+X509 *          X509_new(void);
+void            X509_free(X509 *a);
+int             i2d_X509(X509 *a,unsigned char **pp);
+X509 *          d2i_X509(X509 **a,unsigned char **pp,long length);
+X509_REVOKED *  X509_REVOKED_new(void);
+void            X509_REVOKED_free(X509_REVOKED *a);
+int             i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp);
+X509_REVOKED *  d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length);
+X509_CRL_INFO *X509_CRL_INFO_new(void);
+void            X509_CRL_INFO_free(X509_CRL_INFO *a);
+int             i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp);
+X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp,
+                        long length);
+X509_CRL *      X509_CRL_new(void);
+void            X509_CRL_free(X509_CRL *a);
+int             i2d_X509_CRL(X509_CRL *a,unsigned char **pp);
+X509_CRL *      d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length);
+X509_PKEY *     X509_PKEY_new(void );
+void            X509_PKEY_free(X509_PKEY *a);
+int             i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
+X509_PKEY *     d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
+NETSCAPE_SPKI * NETSCAPE_SPKI_new(void );
+void            NETSCAPE_SPKI_free(NETSCAPE_SPKI *a);
+int             i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp);
+NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp,
+                        long length);
+NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void );
+void            NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a);
+int             i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp);
+NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp,
+                long length);
+#ifdef HEADER_ENVELOPE_H
+X509_INFO *     X509_INFO_new(void);
+void            X509_INFO_free(X509_INFO *a);
+char *          X509_NAME_oneline(X509_NAME *a,char *buf,int size);
+int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
+        ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
+int ASN1_digest(int (*i2d)(),EVP_MD *type,char *data,
+        unsigned char *md,unsigned int *len);
+int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
+        ASN1_BIT_STRING *signature,
+        char *data,EVP_PKEY *pkey, EVP_MD *type);
+#endif
+int             X509_set_version(X509 *x,long version);
+int             X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
+ASN1_INTEGER *  X509_get_serialNumber(X509 *x);
+int             X509_set_issuer_name(X509 *x, X509_NAME *name);
+X509_NAME *     X509_get_issuer_name(X509 *a);
+int             X509_set_subject_name(X509 *x, X509_NAME *name);
+X509_NAME *     X509_get_subject_name(X509 *a);
+int             X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
+int             X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
+int             X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+EVP_PKEY *      X509_get_pubkey(X509 *x);
+int             X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
+int             X509_REQ_set_version(X509_REQ *x,long version);
+int             X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
+int             X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+EVP_PKEY *      X509_REQ_get_pubkey(X509_REQ *req);
+int             X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
+int             X509_issuer_and_serial_cmp(X509 *a, X509 *b);
+unsigned long   X509_issuer_and_serial_hash(X509 *a);
+int             X509_issuer_name_cmp(X509 *a, X509 *b);
+unsigned long   X509_issuer_name_hash(X509 *a);
+int             X509_subject_name_cmp(X509 *a,X509 *b);
+unsigned long   X509_subject_name_hash(X509 *x);
+int             X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
+unsigned long   X509_NAME_hash(X509_NAME *x);
+int             X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
+#ifndef NO_FP_API
+int             X509_print_fp(FILE *bp,X509 *x);
+int             X509_REQ_print_fp(FILE *bp,X509_REQ *req);
+#endif
+#ifdef HEADER_BIO_H
+int             X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+int             X509_print(BIO *bp,X509 *x);
+int             X509_REQ_print(BIO *bp,X509_REQ *req);
+#endif
+int             X509_NAME_entry_count(X509_NAME *name);
+int             X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
+                        char *buf,int len);
+int             X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+                        char *buf,int len);
+/* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
+ * lastpos, seach after that position on. */
+int             X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
+int             X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
+                        int lastpos);
+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+int             X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
+                        int loc, int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+                        int type,unsigned char *bytes, int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+                        ASN1_OBJECT *obj, int type,unsigned char *bytes,
+                        int len);
+int             X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
+                        ASN1_OBJECT *obj);
+int             X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                        unsigned char *bytes, int len);
+ASN1_OBJECT *   X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ASN1_STRING *   X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+int             X509v3_get_ext_count(STACK *x);
+int             X509v3_get_ext_by_NID(STACK *x, int nid, int lastpos);
+int             X509v3_get_ext_by_OBJ(STACK *x,ASN1_OBJECT *obj,int lastpos);
+int             X509v3_get_ext_by_critical(STACK *x, int crit, int lastpos);
+X509_EXTENSION *X509v3_get_ext(STACK *x, int loc);
+X509_EXTENSION *X509v3_delete_ext(STACK *x, int loc);
+STACK *         X509v3_add_ext(STACK **x, X509_EXTENSION *ex, int loc);
+int             X509v3_data_type_by_OBJ(ASN1_OBJECT *obj);
+int             X509v3_data_type_by_NID(int nid);
+int             X509v3_pack_type_by_OBJ(ASN1_OBJECT *obj);
+int             X509v3_pack_type_by_NID(int nid);
+int             X509_get_ext_count(X509 *x);
+int             X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
+int             X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
+int             X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
+X509_EXTENSION *X509_get_ext(X509 *x, int loc);
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+int             X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+int             X509_CRL_get_ext_count(X509_CRL *x);
+int             X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
+int             X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
+int             X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
+X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+int             X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+int             X509_REVOKED_get_ext_count(X509_REVOKED *x);
+int             X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
+int             X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
+int             X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
+X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+int             X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+                        int nid, int crit, ASN1_OCTET_STRING *data);
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                        ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
+int             X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
+int             X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+int             X509_EXTENSION_set_data(X509_EXTENSION *ex,
+                        ASN1_OCTET_STRING *data);
+ASN1_OBJECT *   X509_EXTENSION_get_object(X509_EXTENSION *ex);
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+int             X509_EXTENSION_get_critical(X509_EXTENSION *ex);
+ASN1_OCTET_STRING *X509v3_pack_string(ASN1_OCTET_STRING **ex,int type,
+                        unsigned char *bytes, int len);
+ASN1_STRING *   X509v3_unpack_string(ASN1_STRING **ex,int type,
+                        ASN1_OCTET_STRING *os);
+int             X509_verify_cert(X509_STORE_CTX *ctx);
+/* lookup a cert from a X509 STACK */
+X509 *X509_find_by_issuer_and_serial(STACK *sk,X509_NAME *name,
+                ASN1_INTEGER *serial);
+X509 *X509_find_by_subject(STACK *sk,X509_NAME *name);
+#else
+#ifndef SSLEAY_MACROS
+#ifdef HEADER_ENVELOPE_H
+int X509_verify();
+int X509_REQ_verify();
+int X509_CRL_verify();
+int NETSCAPE_SPKI_verify();
+int X509_sign();
+int X509_REQ_sign();
+int X509_CRL_sign();
+int NETSCAPE_SPKI_sign();
+int X509_digest();
+int X509_NAME_digest();
+#endif
+#ifndef NO_FP_API
+X509 *d2i_X509_fp();
+int i2d_X509_fp();
+X509_CRL *d2i_X509_CRL_fp();
+int i2d_X509_CRL_fp();
+X509_REQ *d2i_X509_REQ_fp();
+int i2d_X509_REQ_fp();
+RSA *d2i_RSAPrivateKey_fp();
+int i2d_RSAPrivateKey_fp();
+DSA *d2i_DSAPrivateKey_fp();
+int i2d_DSAPrivateKey_fp();
+RSA *d2i_RSAPublicKey_fp();
+int i2d_RSAPublicKey_fp();
+#endif
+X509 *d2i_X509_bio();
+int i2d_X509_bio();
+X509_CRL *d2i_X509_CRL_bio();
+int i2d_X509_CRL_bio();
+X509_REQ *d2i_X509_REQ_bio();
+int i2d_X509_REQ_bio();
+RSA *d2i_RSAPrivateKey_bio();
+int i2d_RSAPrivateKey_bio();
+DSA *d2i_DSAPrivateKey_bio();
+int i2d_DSAPrivateKey_bio();
+RSA *d2i_RSAPublicKey_bio();
+int i2d_RSAPublicKey_bio();
+X509 *X509_dup();
+X509_EXTENSION *X509_EXTENSION_dup();
+X509_CRL *X509_CRL_dup();
+X509_REQ *X509_REQ_dup();
+X509_NAME *X509_NAME_dup();
+X509_NAME_ENTRY *X509_NAME_ENTRY_dup();
+RSA *RSAPublicKey_dup();
+RSA *RSAPrivateKey_dup();
+#endif /* !SSLEAY_MACROS */
+int             X509_cmp_current_time();
+ASN1_UTCTIME *  X509_gmtime_adj();
+char *          X509_get_default_cert_area();
+char *          X509_get_default_cert_dir();
+char *          X509_get_default_cert_file();
+char *          X509_get_default_cert_dir_env();
+char *          X509_get_default_cert_file_env();
+char *          X509_get_default_private_dir();
+X509_REQ *      X509_to_X509_REQ();
+X509 *          X509_REQ_to_X509();
+void ERR_load_X509_strings();
+X509_ALGOR *    X509_ALGOR_new();
+void            X509_ALGOR_free();
+int             i2d_X509_ALGOR();
+X509_ALGOR *    d2i_X509_ALGOR();
+X509_VAL *      X509_VAL_new();
+void            X509_VAL_free();
+int             i2d_X509_VAL();
+X509_VAL *      d2i_X509_VAL();
+X509_PUBKEY *   X509_PUBKEY_new();
+void            X509_PUBKEY_free();
+int             i2d_X509_PUBKEY();
+X509_PUBKEY *   d2i_X509_PUBKEY();
+int             X509_PUBKEY_set();
+EVP_PKEY *      X509_PUBKEY_get();
+int             X509_get_pubkey_parameters();
+X509_SIG *      X509_SIG_new();
+void            X509_SIG_free();
+int             i2d_X509_SIG();
+X509_SIG *      d2i_X509_SIG();
+X509_REQ_INFO *X509_REQ_INFO_new();
+void            X509_REQ_INFO_free();
+int             i2d_X509_REQ_INFO();
+X509_REQ_INFO *d2i_X509_REQ_INFO();
+X509_REQ *      X509_REQ_new();
+void            X509_REQ_free();
+int             i2d_X509_REQ();
+X509_REQ *      d2i_X509_REQ();
+X509_ATTRIBUTE *X509_ATTRIBUTE_new();
+void            X509_ATTRIBUTE_free();
+int             i2d_X509_ATTRIBUTE();
+X509_ATTRIBUTE *d2i_X509_ATTRIBUTE();
+X509_EXTENSION *X509_EXTENSION_new();
+void            X509_EXTENSION_free();
+int             i2d_X509_EXTENSION();
+X509_EXTENSION *d2i_X509_EXTENSION();
+X509_NAME_ENTRY *X509_NAME_ENTRY_new();
+void            X509_NAME_ENTRY_free();
+int             i2d_X509_NAME_ENTRY();
+X509_NAME_ENTRY *d2i_X509_NAME_ENTRY();
+X509_NAME *     X509_NAME_new();
+void            X509_NAME_free();
+int             i2d_X509_NAME();
+X509_NAME *     d2i_X509_NAME();
+int             X509_NAME_set();
+X509_CINF *     X509_CINF_new();
+void            X509_CINF_free();
+int             i2d_X509_CINF();
+X509_CINF *     d2i_X509_CINF();
+X509 *          X509_new();
+void            X509_free();
+int             i2d_X509();
+X509 *          d2i_X509();
+X509_REVOKED *  X509_REVOKED_new();
+void            X509_REVOKED_free();
+int             i2d_X509_REVOKED();
+X509_REVOKED *  d2i_X509_REVOKED();
+X509_CRL_INFO *X509_CRL_INFO_new();
+void            X509_CRL_INFO_free();
+int             i2d_X509_CRL_INFO();
+X509_CRL_INFO *d2i_X509_CRL_INFO();
+X509_CRL *      X509_CRL_new();
+void            X509_CRL_free();
+int             i2d_X509_CRL();
+X509_CRL *      d2i_X509_CRL();
+X509_PKEY *     X509_PKEY_new();
+void            X509_PKEY_free();
+int             i2d_X509_PKEY();
+X509_PKEY *     d2i_X509_PKEY();
+NETSCAPE_SPKI * NETSCAPE_SPKI_new();
+void            NETSCAPE_SPKI_free();
+int             i2d_NETSCAPE_SPKI();
+NETSCAPE_SPKI * d2i_NETSCAPE_SPKI();
+NETSCAPE_SPKAC *NETSCAPE_SPKAC_new();
+void            NETSCAPE_SPKAC_free();
+int             i2d_NETSCAPE_SPKAC();
+NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC();
+#ifdef HEADER_ENVELOPE_H
+X509_INFO *     X509_INFO_new();
+void            X509_INFO_free();
+#endif
+char *          X509_NAME_oneline();
+int ASN1_verify();
+int ASN1_digest();
+int ASN1_sign();
+int             X509_set_version();
+int             X509_set_serialNumber();
+ASN1_INTEGER *  X509_get_serialNumber();
+int             X509_set_issuer_name();
+X509_NAME *     X509_get_issuer_name();
+int             X509_set_subject_name();
+X509_NAME *     X509_get_subject_name();
+int             X509_set_notBefore();
+int             X509_set_notAfter();
+int             X509_set_pubkey();
+EVP_PKEY *      X509_get_pubkey();
+int             X509_certificate_type();
+int             X509_REQ_set_version();
+int             X509_REQ_set_subject_name();
+int             X509_REQ_set_pubkey();
+EVP_PKEY *      X509_REQ_get_pubkey();
+int             X509_check_private_key();
+int             X509_issuer_and_serial_cmp();
+unsigned long   X509_issuer_and_serial_hash();
+int             X509_issuer_name_cmp();
+unsigned long   X509_issuer_name_hash();
+int             X509_subject_name_cmp();
+unsigned long   X509_subject_name_hash();
+int             X509_NAME_cmp ();
+unsigned long   X509_NAME_hash();
+int             X509_CRL_cmp();
+#ifndef NO_FP_API
+int             X509_print_fp();
+int             X509_REQ_print_fp();
+#endif
+int             X509_NAME_print();
+int             X509_print();
+int             X509_REQ_print();
+int             X509_NAME_entry_count();
+int             X509_NAME_get_text_by_NID();
+int             X509_NAME_get_text_by_OBJ();
+int             X509_NAME_get_index_by_NID();
+int             X509_NAME_get_index_by_OBJ();
+X509_NAME_ENTRY *X509_NAME_get_entry();
+X509_NAME_ENTRY *X509_NAME_delete_entry();
+int             X509_NAME_add_entry();
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID();
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ();
+int             X509_NAME_ENTRY_set_object();
+int             X509_NAME_ENTRY_set_data();
+ASN1_OBJECT *   X509_NAME_ENTRY_get_object();
+ASN1_STRING *   X509_NAME_ENTRY_get_data();
+int             X509v3_get_ext_count();
+int             X509v3_get_ext_by_NID();
+int             X509v3_get_ext_by_OBJ();
+int             X509v3_get_ext_by_critical();
+X509_EXTENSION *X509v3_get_ext();
+X509_EXTENSION *X509v3_delete_ext();
+STACK *         X509v3_add_ext();
+int             X509v3_data_type_by_OBJ();
+int             X509v3_data_type_by_NID();
+int             X509v3_pack_type_by_OBJ();
+int             X509v3_pack_type_by_NID();
+int             X509_get_ext_count();
+int             X509_get_ext_by_NID();
+int             X509_get_ext_by_OBJ();
+int             X509_get_ext_by_critical();
+X509_EXTENSION *X509_get_ext();
+X509_EXTENSION *X509_delete_ext();
+int             X509_add_ext();
+int             X509_CRL_get_ext_count();
+int             X509_CRL_get_ext_by_NID();
+int             X509_CRL_get_ext_by_OBJ();
+int             X509_CRL_get_ext_by_critical();
+X509_EXTENSION *X509_CRL_get_ext();
+X509_EXTENSION *X509_CRL_delete_ext();
+int             X509_CRL_add_ext();
+int             X509_REVOKED_get_ext_count();
+int             X509_REVOKED_get_ext_by_NID();
+int             X509_REVOKED_get_ext_by_OBJ();
+int             X509_REVOKED_get_ext_by_critical();
+X509_EXTENSION *X509_REVOKED_get_ext();
+X509_EXTENSION *X509_REVOKED_delete_ext();
+int             X509_REVOKED_add_ext();
+X509_EXTENSION *X509_EXTENSION_create_by_NID();
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ();
+int             X509_EXTENSION_set_object();
+int             X509_EXTENSION_set_critical();
+int             X509_EXTENSION_set_data();
+ASN1_OBJECT *   X509_EXTENSION_get_object();
+ASN1_OCTET_STRING *X509_EXTENSION_get_data();
+int             X509_EXTENSION_get_critical();
+ASN1_OCTET_STRING *X509v3_pack_string();
+ASN1_STRING *   X509v3_unpack_string();
+int             X509_verify_cert();
+char *          X509_verify_cert_error_string();
+/* lookup a cert from a X509 STACK */
+X509 *X509_find_by_issuer_and_serial();
+X509 *X509_find_by_subject();
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the X509 functions. */
+/* Function codes. */
+#define X509_F_ADD_CERT_DIR                              100
+#define X509_F_BY_FILE_CTRL                              101
+#define X509_F_DIR_CTRL                                  102
+#define X509_F_GET_CERT_BY_SUBJECT                       103
+#define X509_F_X509V3_ADD_EXT                            104
+#define X509_F_X509V3_ADD_EXTENSION                      105
+#define X509_F_X509V3_PACK_STRING                        106
+#define X509_F_X509V3_UNPACK_STRING                      107
+#define X509_F_X509_EXTENSION_CREATE_BY_NID              108
+#define X509_F_X509_EXTENSION_CREATE_BY_OBJ              109
+#define X509_F_X509_GET_PUBKEY_PARAMETERS                110
+#define X509_F_X509_LOAD_CERT_FILE                       111
+#define X509_F_X509_LOAD_CRL_FILE                        112
+#define X509_F_X509_NAME_ADD_ENTRY                       113
+#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID             114
+#define X509_F_X509_NAME_ENTRY_SET_OBJECT                115
+#define X509_F_X509_NAME_ONELINE                         116
+#define X509_F_X509_NAME_PRINT                           117
+#define X509_F_X509_PRINT_FP                             118
+#define X509_F_X509_PUBKEY_GET                           119
+#define X509_F_X509_PUBKEY_SET                           120
+#define X509_F_X509_REQ_PRINT                            121
+#define X509_F_X509_REQ_PRINT_FP                         122
+#define X509_F_X509_REQ_TO_X509                          123
+#define X509_F_X509_STORE_ADD_CERT                       124
+#define X509_F_X509_STORE_ADD_CRL                        125
+#define X509_F_X509_TO_X509_REQ                          126
+#define X509_F_X509_VERIFY_CERT                          127
+/* Reason codes. */
+#define X509_R_BAD_X509_FILETYPE                         100
+#define X509_R_CERT_ALREADY_IN_HASH_TABLE                101
+#define X509_R_ERR_ASN1_LIB                              102
+#define X509_R_LOADING_CERT_DIR                          103
+#define X509_R_LOADING_DEFAULTS                          104
+#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
+#define X509_R_SHOULD_RETRY                              106
+#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
+#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
+#define X509_R_UNKNOWN_NID                               109
+#define X509_R_UNKNOWN_STRING_TYPE                       110
+#define X509_R_UNSUPPORTED_ALGORITHM                     111
+#define X509_R_WRONG_LOOKUP_TYPE                         112
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/x509/x509_cmp.c b/src/lib/libssl/src/crypto/x509/x509_cmp.c
new file mode 100644
index 0000000000..f9d9510ac5
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_cmp.c
@@ -0,0 +1,257 @@
+/* crypto/x509/x509_cmp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "cryptlib.h"
+#include "asn1.h"
+#include "objects.h"
+#include "x509.h"
+int X509_issuer_and_serial_cmp(a,b)
+X509 *a;
+X509 *b;
+        {
+        int i;
+        X509_CINF *ai,*bi;
+        ai=a->cert_info;
+        bi=b->cert_info;
+        i=ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
+        if (i) return(i);
+        return(X509_NAME_cmp(ai->issuer,bi->issuer));
+        }
+#ifndef NO_MD5
+unsigned long X509_issuer_and_serial_hash(a)
+X509 *a;
+        {
+        unsigned long ret=0;
+        MD5_CTX ctx;
+        unsigned char md[16];
+        char str[256];
+        X509_NAME_oneline(a->cert_info->issuer,str,256);
+        ret=strlen(str);
+        MD5_Init(&ctx);
+        MD5_Update(&ctx,(unsigned char *)str,ret);
+        MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
+                (unsigned long)a->cert_info->serialNumber->length);
+        MD5_Final(&(md[0]),&ctx);
+        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+                )&0xffffffffL;
+        return(ret);
+        }
+#endif
+        
+int X509_issuer_name_cmp(a, b)
+X509 *a;
+X509 *b;
+        {
+        return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
+        }
+int X509_subject_name_cmp(a, b)
+X509 *a;
+X509 *b;
+        {
+        return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
+        }
+int X509_CRL_cmp(a, b)
+X509_CRL *a;
+X509_CRL *b;
+        {
+        return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
+        }
+X509_NAME *X509_get_issuer_name(a)
+X509 *a;
+        {
+        return(a->cert_info->issuer);
+        }
+unsigned long X509_issuer_name_hash(x)
+X509 *x;
+        {
+        return(X509_NAME_hash(x->cert_info->issuer));
+        }
+X509_NAME *X509_get_subject_name(a)
+X509 *a;
+        {
+        return(a->cert_info->subject);
+        }
+ASN1_INTEGER *X509_get_serialNumber(a)
+X509 *a;
+        {
+        return(a->cert_info->serialNumber);
+        }
+unsigned long X509_subject_name_hash(x)
+X509 *x;
+        {
+        return(X509_NAME_hash(x->cert_info->subject));
+        }
+int X509_NAME_cmp(a, b)
+X509_NAME *a;
+X509_NAME *b;
+        {
+        int i,j;
+        X509_NAME_ENTRY *na,*nb;
+        if (sk_num(a->entries) != sk_num(b->entries))
+                return(sk_num(a->entries)-sk_num(b->entries));
+        for (i=sk_num(a->entries)-1; i>=0; i--)
+                {
+                na=(X509_NAME_ENTRY *)sk_value(a->entries,i);
+                nb=(X509_NAME_ENTRY *)sk_value(b->entries,i);
+                j=na->value->length-nb->value->length;
+                if (j) return(j);
+                j=memcmp(na->value->data,nb->value->data,
+                        na->value->length);
+                if (j) return(j);
+                j=na->set-nb->set;
+                if (j) return(j);
+                }
+        /* We will check the object types after checking the values
+         * since the values will more often be different than the object
+         * types. */
+        for (i=sk_num(a->entries)-1; i>=0; i--)
+                {
+                na=(X509_NAME_ENTRY *)sk_value(a->entries,i);
+                nb=(X509_NAME_ENTRY *)sk_value(b->entries,i);
+                j=OBJ_cmp(na->object,nb->object);
+                if (j) return(j);
+                }
+        return(0);
+        }
+#ifndef NO_MD5
+/* I now DER encode the name and hash it.  Since I cache the DER encoding,
+ * this is reasonably effiecent. */
+unsigned long X509_NAME_hash(x)
+X509_NAME *x;
+        {
+        unsigned long ret=0;
+        unsigned char md[16];
+        unsigned char str[256],*p,*pp;
+        int i;
+        i=i2d_X509_NAME(x,NULL);
+        if (i > sizeof(str))
+                p=Malloc(i);
+        else
+                p=str;
+        pp=p;
+        i2d_X509_NAME(x,&pp);
+        MD5((unsigned char *)p,i,&(md[0]));
+        if (p != str) Free(p);
+        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+                )&0xffffffffL;
+        return(ret);
+        }
+#endif
+/* Search a stack of X509 for a match */
+X509 *X509_find_by_issuer_and_serial(sk,name,serial)
+STACK *sk;
+X509_NAME *name;
+ASN1_INTEGER *serial;
+        {
+        int i;
+        X509_CINF cinf;
+        X509 x,*x509=NULL;
+        x.cert_info= &cinf;
+        cinf.serialNumber=serial;
+        cinf.issuer=name;
+        for (i=0; i<sk_num(sk); i++)
+                {
+                x509=(X509 *)sk_value(sk,i);
+                if (X509_issuer_and_serial_cmp(x509,&x) == 0)
+                        return(x509);
+                }
+        return(NULL);
+        }
+X509 *X509_find_by_subject(sk,name)
+STACK *sk;
+X509_NAME *name;
+        {
+        X509 *x509;
+        int i;
+        for (i=0; i<sk_num(sk); i++)
+                {
+                x509=(X509 *)sk_value(sk,i);
+                if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
+                        return(x509);
+                }
+        return(NULL);
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x509_d2.c b/src/lib/libssl/src/crypto/x509/x509_d2.c
new file mode 100644
index 0000000000..01e22f4cb4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_d2.c
@@ -0,0 +1,110 @@
+/* crypto/x509/x509_d2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "cryptlib.h"
+#include "crypto.h"
+#include "x509.h"
+#ifndef NO_STDIO
+int X509_STORE_set_default_paths(ctx)
+X509_STORE *ctx;
+        {
+        X509_LOOKUP *lookup;
+        lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
+        if (lookup == NULL) return(0);
+        X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+        lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
+        if (lookup == NULL) return(0);
+        X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+        
+        /* clear any errors */
+        ERR_clear_error();
+        return(1);
+        }
+int X509_STORE_load_locations(ctx,file,path)
+X509_STORE *ctx;
+char *file;
+char *path;
+        {
+        X509_LOOKUP *lookup;
+        if (file != NULL)
+                {
+                lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
+                if (lookup == NULL) return(0);
+                X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM);
+                }
+        if (path != NULL)
+                {
+                lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
+                if (lookup == NULL) return(0);
+                X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM);
+                }
+        if ((path == NULL) && (file == NULL))
+                return(0);
+        return(1);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/x509/x509_def.c b/src/lib/libssl/src/crypto/x509/x509_def.c
new file mode 100644
index 0000000000..d9ab39b15a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_def.c
@@ -0,0 +1,83 @@
+/* crypto/x509/x509_def.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "cryptlib.h"
+#include "crypto.h"
+#include "x509.h"
+char *X509_get_default_private_dir()
+        { return(X509_PRIVATE_DIR); }
+        
+char *X509_get_default_cert_area()
+        { return(X509_CERT_AREA); }
+char *X509_get_default_cert_dir()
+        { return(X509_CERT_DIR); }
+char *X509_get_default_cert_file()
+        { return(X509_CERT_FILE); }
+char *X509_get_default_cert_dir_env()
+        { return(X509_CERT_DIR_EVP); }
+char *X509_get_default_cert_file_env()
+        { return(X509_CERT_FILE_EVP); }
diff --git a/src/lib/libssl/src/crypto/x509/x509_err.c b/src/lib/libssl/src/crypto/x509/x509_err.c
new file mode 100644
index 0000000000..9304721612
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_err.c
@@ -0,0 +1,130 @@
+/* lib/x509/x509_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "x509.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA X509_str_functs[]=
+        {
+{ERR_PACK(0,X509_F_ADD_CERT_DIR,0),     "ADD_CERT_DIR"},
+{ERR_PACK(0,X509_F_BY_FILE_CTRL,0),     "BY_FILE_CTRL"},
+{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"},
+{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0),      "GET_CERT_BY_SUBJECT"},
+{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0),   "X509v3_add_ext"},
+{ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0),     "X509V3_ADD_EXTENSION"},
+{ERR_PACK(0,X509_F_X509V3_PACK_STRING,0),       "X509v3_pack_string"},
+{ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0),     "X509v3_unpack_string"},
+{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0),     "X509_EXTENSION_create_by_NID"},
+{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0),     "X509_EXTENSION_create_by_OBJ"},
+{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0),       "X509_get_pubkey_parameters"},
+{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0),      "X509_LOAD_CERT_FILE"},
+{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0),       "X509_LOAD_CRL_FILE"},
+{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0),      "X509_NAME_add_entry"},
+{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0),    "X509_NAME_ENTRY_create_by_NID"},
+{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0),       "X509_NAME_ENTRY_set_object"},
+{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0),        "X509_NAME_oneline"},
+{ERR_PACK(0,X509_F_X509_NAME_PRINT,0),  "X509_NAME_print"},
+{ERR_PACK(0,X509_F_X509_PRINT_FP,0),    "X509_print_fp"},
+{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0),  "X509_PUBKEY_get"},
+{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0),  "X509_PUBKEY_set"},
+{ERR_PACK(0,X509_F_X509_REQ_PRINT,0),   "X509_REQ_print"},
+{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0),        "X509_REQ_print_fp"},
+{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
+{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0),      "X509_STORE_ADD_CERT"},
+{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0),       "X509_STORE_ADD_CRL"},
+{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
+{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
+{0,NULL},
+        };
+static ERR_STRING_DATA X509_str_reasons[]=
+        {
+{X509_R_BAD_X509_FILETYPE                ,"bad x509 filetype"},
+{X509_R_CERT_ALREADY_IN_HASH_TABLE       ,"cert already in hash table"},
+{X509_R_ERR_ASN1_LIB                     ,"err asn1 lib"},
+{X509_R_LOADING_CERT_DIR                 ,"loading cert dir"},
+{X509_R_LOADING_DEFAULTS                 ,"loading defaults"},
+{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY     ,"no cert set for us to verify"},
+{X509_R_SHOULD_RETRY                     ,"should retry"},
+{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
+{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY   ,"unable to get certs public key"},
+{X509_R_UNKNOWN_NID                      ,"unknown nid"},
+{X509_R_UNKNOWN_STRING_TYPE              ,"unknown string type"},
+{X509_R_UNSUPPORTED_ALGORITHM            ,"unsupported algorithm"},
+{X509_R_WRONG_LOOKUP_TYPE                ,"wrong lookup type"},
+{0,NULL},
+        };
+#endif
+void ERR_load_X509_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_X509,X509_str_functs);
+                ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x509_ext.c b/src/lib/libssl/src/crypto/x509/x509_ext.c
new file mode 100644
index 0000000000..1d76ecfcfd
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_ext.c
@@ -0,0 +1,222 @@
+/* crypto/x509/x509_ext.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "stack.h"
+#include "cryptlib.h"
+#include "asn1.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+int X509_CRL_get_ext_count(x)
+X509_CRL *x;
+        {
+        return(X509v3_get_ext_count(x->crl->extensions));
+        }
+int X509_CRL_get_ext_by_NID(x,nid,lastpos)
+X509_CRL *x;
+int nid;
+int lastpos;
+        {
+        return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
+        }
+int X509_CRL_get_ext_by_OBJ(x,obj,lastpos)
+X509_CRL *x;
+ASN1_OBJECT *obj;
+int lastpos;
+        {
+        return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
+        }
+int X509_CRL_get_ext_by_critical(x,crit,lastpos)
+X509_CRL *x;
+int crit;
+int lastpos;
+        {
+        return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
+        }
+X509_EXTENSION *X509_CRL_get_ext(x,loc)
+X509_CRL *x;
+int loc;
+        {
+        return(X509v3_get_ext(x->crl->extensions,loc));
+        }
+X509_EXTENSION *X509_CRL_delete_ext(x,loc)
+X509_CRL *x;
+int loc;
+        {
+        return(X509v3_delete_ext(x->crl->extensions,loc));
+        }
+int X509_CRL_add_ext(x,ex,loc)
+X509_CRL *x;
+X509_EXTENSION *ex;
+int loc;
+        {
+        return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
+        }
+int X509_get_ext_count(x)
+X509 *x;
+        {
+        return(X509v3_get_ext_count(x->cert_info->extensions));
+        }
+int X509_get_ext_by_NID(x,nid,lastpos)
+X509 *x;
+int nid;
+int lastpos;
+        {
+        return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
+        }
+int X509_get_ext_by_OBJ(x,obj,lastpos)
+X509 *x;
+ASN1_OBJECT *obj;
+int lastpos;
+        {
+        return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
+        }
+int X509_get_ext_by_critical(x,crit,lastpos)
+X509 *x;
+int crit;
+int lastpos;
+        {
+        return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
+        }
+X509_EXTENSION *X509_get_ext(x,loc)
+X509 *x;
+int loc;
+        {
+        return(X509v3_get_ext(x->cert_info->extensions,loc));
+        }
+X509_EXTENSION *X509_delete_ext(x,loc)
+X509 *x;
+int loc;
+        {
+        return(X509v3_delete_ext(x->cert_info->extensions,loc));
+        }
+int X509_add_ext(x,ex,loc)
+X509 *x;
+X509_EXTENSION *ex;
+int loc;
+        {
+        return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
+        }
+int X509_REVOKED_get_ext_count(x)
+X509_REVOKED *x;
+        {
+        return(X509v3_get_ext_count(x->extensions));
+        }
+int X509_REVOKED_get_ext_by_NID(x,nid,lastpos)
+X509_REVOKED *x;
+int nid;
+int lastpos;
+        {
+        return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
+        }
+int X509_REVOKED_get_ext_by_OBJ(x,obj,lastpos)
+X509_REVOKED *x;
+ASN1_OBJECT *obj;
+int lastpos;
+        {
+        return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
+        }
+int X509_REVOKED_get_ext_by_critical(x,crit,lastpos)
+X509_REVOKED *x;
+int crit;
+int lastpos;
+        {
+        return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
+        }
+X509_EXTENSION *X509_REVOKED_get_ext(x,loc)
+X509_REVOKED *x;
+int loc;
+        {
+        return(X509v3_get_ext(x->extensions,loc));
+        }
+X509_EXTENSION *X509_REVOKED_delete_ext(x,loc)
+X509_REVOKED *x;
+int loc;
+        {
+        return(X509v3_delete_ext(x->extensions,loc));
+        }
+int X509_REVOKED_add_ext(x,ex,loc)
+X509_REVOKED *x;
+X509_EXTENSION *ex;
+int loc;
+        {
+        return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x509_lu.c b/src/lib/libssl/src/crypto/x509/x509_lu.c
new file mode 100644
index 0000000000..2c7e10a46e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_lu.c
@@ -0,0 +1,446 @@
+/* crypto/x509/x509_lu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "lhash.h"
+#include "x509.h"
+static STACK *x509_store_meth=NULL;
+static STACK *x509_store_ctx_meth=NULL;
+X509_LOOKUP *X509_LOOKUP_new(method)
+X509_LOOKUP_METHOD *method;
+        {
+        X509_LOOKUP *ret;
+        ret=(X509_LOOKUP *)Malloc(sizeof(X509_LOOKUP));
+        if (ret == NULL) return(NULL);
+        ret->init=0;
+        ret->skip=0;
+        ret->method=method;
+        ret->method_data=NULL;
+        ret->store_ctx=NULL;
+        if ((method->new_item != NULL) && !method->new_item(ret))
+                {
+                Free(ret);
+                return(NULL);
+                }
+        return(ret);
+        }
+void X509_LOOKUP_free(ctx)
+X509_LOOKUP *ctx;
+        {
+        if (ctx == NULL) return;
+        if (    (ctx->method != NULL) &&
+                (ctx->method->free != NULL))
+                ctx->method->free(ctx);
+        Free(ctx);
+        }
+int X509_LOOKUP_init(ctx)
+X509_LOOKUP *ctx;
+        {
+        if (ctx->method == NULL) return(0);
+        if (ctx->method->init != NULL)
+                return(ctx->method->init(ctx));
+        else
+                return(1);
+        }
+int X509_LOOKUP_shutdown(ctx)
+X509_LOOKUP *ctx;
+        {
+        if (ctx->method == NULL) return(0);
+        if (ctx->method->init != NULL)
+                return(ctx->method->shutdown(ctx));
+        else
+                return(1);
+        }
+int X509_LOOKUP_ctrl(ctx,cmd,argc,argl,ret)
+X509_LOOKUP *ctx;
+int cmd;
+char *argc;
+long argl;
+char **ret;
+        {
+        if (ctx->method == NULL) return(-1);
+        if (ctx->method->ctrl != NULL)
+                return(ctx->method->ctrl(ctx,cmd,argc,argl,ret));
+        else
+                return(1);
+        }
+int X509_LOOKUP_by_subject(ctx,type,name,ret)
+X509_LOOKUP *ctx;
+int type;
+X509_NAME *name;
+X509_OBJECT *ret;
+        {
+        if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
+                return(X509_LU_FAIL);
+        if (ctx->skip) return(0);
+        return(ctx->method->get_by_subject(ctx,type,name,ret));
+        }
+int X509_LOOKUP_by_issuer_serial(ctx,type,name,serial,ret)
+X509_LOOKUP *ctx;
+int type;
+X509_NAME *name;
+ASN1_INTEGER *serial;
+X509_OBJECT *ret;
+        {
+        if ((ctx->method == NULL) ||
+                (ctx->method->get_by_issuer_serial == NULL))
+                return(X509_LU_FAIL);
+        return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret));
+        }
+int X509_LOOKUP_by_fingerprint(ctx,type,bytes,len,ret)
+X509_LOOKUP *ctx;
+int type;
+unsigned char *bytes;
+int len;
+X509_OBJECT *ret;
+        {
+        if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
+                return(X509_LU_FAIL);
+        return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret));
+        }
+int X509_LOOKUP_by_alias(ctx,type,str,len,ret)
+X509_LOOKUP *ctx;
+int type;
+char *str;
+int len;
+X509_OBJECT *ret;
+        {
+        if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
+                return(X509_LU_FAIL);
+        return(ctx->method->get_by_alias(ctx,str,len,ret));
+        }
+static unsigned long x509_object_hash(a)
+X509_OBJECT *a;
+        {
+        unsigned long h;
+        switch (a->type)
+                {
+        case X509_LU_X509:
+                h=X509_NAME_hash(a->data.x509->cert_info->subject);
+                break;
+        case X509_LU_CRL:
+                h=X509_NAME_hash(a->data.crl->crl->issuer);
+                break;
+        default:
+                abort();
+                }
+        return(h);
+        }
+static int x509_object_cmp(a,b)
+X509_OBJECT *a,*b;
+        {
+        int ret;
+        ret=(a->type - b->type);
+        if (ret) return(ret);
+        switch (a->type)
+                {
+        case X509_LU_X509:
+                ret=X509_subject_name_cmp(a->data.x509,b->data.x509);
+                break;
+        case X509_LU_CRL:
+                ret=X509_CRL_cmp(a->data.crl,b->data.crl);
+                break;
+        default:
+                abort();
+                }
+        return(ret);
+        }
+X509_STORE *X509_STORE_new()
+        {
+        X509_STORE *ret;
+        if ((ret=(X509_STORE *)Malloc(sizeof(X509_STORE))) == NULL)
+                return(NULL);
+        ret->certs=lh_new(x509_object_hash,x509_object_cmp);
+        ret->cache=1;
+        ret->get_cert_methods=sk_new_null();
+        ret->verify=NULL;
+        ret->verify_cb=NULL;
+        memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
+        ret->references=1;
+        return(ret);
+        }
+static void cleanup(a)
+X509_OBJECT *a;
+        {
+        if (a->type == X509_LU_X509)
+                {
+                X509_free(a->data.x509);
+                }
+        else if (a->type == X509_LU_CRL)
+                {
+                X509_CRL_free(a->data.crl);
+                }
+        else
+                abort();
+        Free(a);
+        }
+void X509_STORE_free(vfy)
+X509_STORE *vfy;
+        {
+        int i;
+        STACK *sk;
+        X509_LOOKUP *lu;
+        sk=vfy->get_cert_methods;
+        for (i=0; i<sk_num(sk); i++)
+                {
+                lu=(X509_LOOKUP *)sk_value(sk,i);
+                X509_LOOKUP_shutdown(lu);
+                X509_LOOKUP_free(lu);
+                }
+        sk_free(sk);
+        CRYPTO_free_ex_data(x509_store_meth,(char *)vfy,&vfy->ex_data);
+        lh_doall(vfy->certs,cleanup);
+        lh_free(vfy->certs);
+        Free(vfy);
+        }
+X509_LOOKUP *X509_STORE_add_lookup(v,m)
+X509_STORE *v;
+X509_LOOKUP_METHOD *m;
+        {
+        int i;
+        STACK *sk;
+        X509_LOOKUP *lu;
+        sk=v->get_cert_methods;
+        for (i=0; i<sk_num(sk); i++)
+                {
+                lu=(X509_LOOKUP *)sk_value(sk,i);
+                if (m == lu->method)
+                        {
+                        return(lu);
+                        }
+                }
+        /* a new one */
+        lu=X509_LOOKUP_new(m);
+        if (lu == NULL)
+                return(NULL);
+        else
+                {
+                lu->store_ctx=v;
+                if (sk_push(v->get_cert_methods,(char *)lu))
+                        return(lu);
+                else
+                        {
+                        X509_LOOKUP_free(lu);
+                        return(NULL);
+                        }
+                }
+        }
+int X509_STORE_get_by_subject(vs,type,name,ret)
+X509_STORE_CTX *vs;
+int type;
+X509_NAME *name;
+X509_OBJECT *ret;
+        {
+        X509_STORE *ctx=vs->ctx;
+        X509_LOOKUP *lu;
+        X509_OBJECT stmp,*tmp;
+        int i,j;
+        tmp=X509_OBJECT_retrive_by_subject(ctx->certs,type,name);
+        if (tmp == NULL)
+                {
+                for (i=vs->current_method; i<sk_num(ctx->get_cert_methods); i++)
+                        {
+                        lu=(X509_LOOKUP *)sk_value(ctx->get_cert_methods,i);
+                        j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
+                        if (j < 0)
+                                {
+                                vs->current_method=j;
+                                return(j);
+                                }
+                        else if (j)
+                                {
+                                tmp= &stmp;
+                                break;
+                                }
+                        }
+                vs->current_method=0;
+                if (tmp == NULL)
+                        return(0);
+                }
+/*      if (ret->data.ptr != NULL)
+                X509_OBJECT_free_contents(ret); */
+        ret->type=tmp->type;
+        ret->data.ptr=tmp->data.ptr;
+        X509_OBJECT_up_ref_count(ret);
+        return(1);
+        }
+void X509_OBJECT_up_ref_count(a)
+X509_OBJECT *a;
+        {
+        switch (a->type)
+                {
+        case X509_LU_X509:
+                CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
+                break;
+        case X509_LU_CRL:
+                CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+                break;
+                }
+        }
+void X509_OBJECT_free_contents(a)
+X509_OBJECT *a;
+        {
+        switch (a->type)
+                {
+        case X509_LU_X509:
+                X509_free(a->data.x509);
+                break;
+        case X509_LU_CRL:
+                X509_CRL_free(a->data.crl);
+                break;
+                }
+        }
+X509_OBJECT *X509_OBJECT_retrive_by_subject(h,type,name)
+LHASH *h;
+int type;
+X509_NAME *name;
+        {
+        X509_OBJECT stmp,*tmp;
+        X509 x509_s;
+        X509_CINF cinf_s;
+        X509_CRL crl_s;
+        X509_CRL_INFO crl_info_s;
+        stmp.type=type;
+        switch (type)
+                {
+        case X509_LU_X509:
+                stmp.data.x509= &x509_s;
+                x509_s.cert_info= &cinf_s;
+                cinf_s.subject=name;
+                break;
+        case X509_LU_CRL:
+                stmp.data.crl= &crl_s;
+                crl_s.crl= &crl_info_s;
+                crl_info_s.issuer=name;
+                break;
+        default:
+                abort();
+                }
+        tmp=(X509_OBJECT *)lh_retrieve(h,(char *)&stmp);
+        return(tmp);
+        }
+void X509_STORE_CTX_init(ctx,store,x509,chain)
+X509_STORE_CTX *ctx;
+X509_STORE *store;
+X509 *x509;
+STACK *chain;
+        {
+        ctx->ctx=store;
+        ctx->current_method=0;
+        ctx->cert=x509;
+        ctx->untrusted=chain;
+        ctx->last_untrusted=0;
+        ctx->valid=0;
+        ctx->chain=NULL;
+        ctx->depth=10;
+        ctx->error=0;
+        ctx->current_cert=NULL;
+        memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
+        }
+void X509_STORE_CTX_cleanup(ctx)
+X509_STORE_CTX *ctx;
+        {
+        if (ctx->chain != NULL)
+                {
+                sk_pop_free(ctx->chain,X509_free);
+                ctx->chain=NULL;
+                }
+        CRYPTO_free_ex_data(x509_store_ctx_meth,(char *)ctx,&(ctx->ex_data));
+        memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x509_obj.c b/src/lib/libssl/src/crypto/x509/x509_obj.c
new file mode 100644
index 0000000000..c0576fd6f6
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_obj.c
@@ -0,0 +1,179 @@
+/* crypto/x509/x509_obj.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "lhash.h"
+#include "objects.h"
+#include "x509.h"
+#include "buffer.h"
+char *X509_NAME_oneline(a,buf,len)
+X509_NAME *a;
+char *buf;
+int len;
+        {
+        X509_NAME_ENTRY *ne;
+        unsigned int i;
+        int n,lold,l,l1,l2,num,j,type;
+        char *s,*p;
+        unsigned char *q;
+        BUF_MEM *b=NULL;
+        static char hex[17]="0123456789ABCDEF";
+        int gs_doit[4];
+        char tmp_buf[80];
+        if (a == NULL) return("NO X509_NAME");
+        if (buf == NULL)
+                {
+                if ((b=BUF_MEM_new()) == NULL) goto err;
+                if (!BUF_MEM_grow(b,200)) goto err;
+                b->data[0]='\0';
+                len=200;
+                }
+        len--; /* space for '\0' */
+        l=0;
+        for (i=0; (int)i<sk_num(a->entries); i++)
+                {
+                ne=(X509_NAME_ENTRY *)sk_value(a->entries,i);
+                n=OBJ_obj2nid(ne->object);
+                if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
+                        {
+                        i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
+                        s=tmp_buf;
+                        }
+                l1=strlen(s);
+                type=ne->value->type;
+                num=ne->value->length;
+                q=ne->value->data;
+                if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
+                        {
+                        gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
+                        for (j=0; j<num; j++)
+                                if (q[j] != 0) gs_doit[j&3]=1;
+                        if (gs_doit[0]|gs_doit[1]|gs_doit[2])
+                                gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
+                        else
+                                {
+                                gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
+                                gs_doit[3]=1;
+                                }
+                        }
+                else
+                        gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
+                for (l2=j=0; j<num; j++)
+                        {
+                        if (!gs_doit[j&3]) continue;
+                        l2++;
+                        if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
+                        }
+                lold=l;
+                l+=1+l1+1+l2;
+                if (b != NULL)
+                        {
+                        if (!BUF_MEM_grow(b,l+1)) goto err;
+                        p= &(b->data[lold]);
+                        }
+                else if (l > len)
+                        {
+                        break;
+                        }
+                else
+                        p= &(buf[lold]);
+                *(p++)='/';
+                memcpy(p,s,(unsigned int)l1); p+=l1;
+                *(p++)='=';
+                q=ne->value->data;
+                for (j=0; j<num; j++)
+                        {
+                        if (!gs_doit[j&3]) continue;
+                        n=q[j];
+                        if ((n < ' ') || (n > '~'))
+                                {
+                                *(p++)='\\';
+                                *(p++)='x';
+                                *(p++)=hex[(n>>4)&0x0f];
+                                *(p++)=hex[n&0x0f];
+                                }
+                        else
+                                *(p++)=n;
+                        }
+                *p='\0';
+                }
+        if (b != NULL)
+                {
+                p=b->data;
+                Free((char *)b);
+                }
+        else
+                p=buf;
+        return(p);
+err:
+        X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
+        if (b != NULL) BUF_MEM_free(b);
+        return(NULL);
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x509_r2x.c b/src/lib/libssl/src/crypto/x509/x509_r2x.c
new file mode 100644
index 0000000000..6aec2427f7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_r2x.c
@@ -0,0 +1,122 @@
+/* crypto/x509/x509_r2x.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "evp.h"
+#include "asn1.h"
+#include "x509.h"
+#include "objects.h"
+#include "buffer.h"
+#include "pem.h"
+X509 *X509_REQ_to_X509(r,days,pkey)
+X509_REQ *r;
+int days;
+EVP_PKEY *pkey;
+        {
+        X509 *ret=NULL;
+        int er=1;
+        X509_REQ_INFO *ri=NULL;
+        X509_CINF *xi=NULL;
+        X509_NAME *xn;
+        if ((ret=X509_new()) == NULL)
+                {
+                X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        /* duplicate the request */
+        ri=(X509_REQ_INFO *)ASN1_dup(i2d_X509_REQ_INFO,
+                (char *(*)())d2i_X509_REQ_INFO,(char *)r->req_info);
+        if (ri == NULL) goto err;
+        xi=ret->cert_info;
+        if (sk_num(ri->attributes) != 0)
+                {
+                if ((xi->version=ASN1_INTEGER_new()) == NULL) goto err;
+                if (!ASN1_INTEGER_set(xi->version,2)) goto err;
+/*              xi->extensions=ri->attributes; <- bad, should not ever be done
+                ri->attributes=NULL; */
+                }
+        xn=X509_REQ_get_subject_name(r);
+        X509_set_subject_name(ret,X509_NAME_dup(xn));
+        X509_set_issuer_name(ret,X509_NAME_dup(xn));
+        X509_gmtime_adj(xi->validity->notBefore,0);
+        X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days);
+        X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
+        if (!X509_sign(ret,pkey,EVP_md5()))
+                goto err;
+        er=0;
+err:
+        if (er)
+                {
+                X509_free(ret);
+                X509_REQ_INFO_free(ri);
+                return(NULL);
+                }
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x509_req.c b/src/lib/libssl/src/crypto/x509/x509_req.c
new file mode 100644
index 0000000000..5004365bad
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_req.c
@@ -0,0 +1,116 @@
+/* crypto/x509/x509_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "evp.h"
+#include "asn1.h"
+#include "x509.h"
+#include "objects.h"
+#include "buffer.h"
+#include "pem.h"
+X509_REQ *X509_to_X509_REQ(x,pkey,md)
+X509 *x;
+EVP_PKEY *pkey;
+EVP_MD *md;
+        {
+        X509_REQ *ret;
+        X509_REQ_INFO *ri;
+        int i;
+        ret=X509_REQ_new();
+        if (ret == NULL)
+                {
+                X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        ri=ret->req_info;
+        ri->version->length=1;
+        ri->version->data=(unsigned char *)Malloc(1);
+        if (ri->version->data == NULL) goto err;
+        ri->version->data[0]=0; /* version == 0 */
+        if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
+                goto err;
+        i=X509_REQ_set_pubkey(ret,X509_get_pubkey(x));
+        if (!i) goto err;
+        if (pkey != NULL)
+                {
+                if (!X509_REQ_sign(ret,pkey,md))
+                        goto err;
+                }
+        return(ret);
+err:
+        X509_REQ_free(ret);
+        return(NULL);
+        }
+EVP_PKEY *X509_REQ_get_pubkey(req)
+X509_REQ *req;
+        {
+        if ((req == NULL) || (req->req_info == NULL))
+                return(NULL);
+        return(X509_PUBKEY_get(req->req_info->pubkey));
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x509_set.c b/src/lib/libssl/src/crypto/x509/x509_set.c
new file mode 100644
index 0000000000..5d0a3a0c0e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_set.c
@@ -0,0 +1,164 @@
+/* crypto/x509/x509_set.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+int X509_set_version(x,version)
+X509 *x;
+long version;
+        {
+        if (x == NULL) return(0);
+        if (x->cert_info->version == NULL)
+                {
+                if ((x->cert_info->version=ASN1_INTEGER_new()) == NULL)
+                        return(0);
+                }
+        return(ASN1_INTEGER_set(x->cert_info->version,version));
+        }
+int X509_set_serialNumber(x,serial)
+X509 *x;
+ASN1_INTEGER *serial;
+        {
+        ASN1_INTEGER *in;
+        if (x == NULL) return(0);
+        in=x->cert_info->serialNumber;
+        if (in != serial)
+                {
+                in=ASN1_INTEGER_dup(serial);
+                if (in != NULL)
+                        {
+                        ASN1_INTEGER_free(x->cert_info->serialNumber);
+                        x->cert_info->serialNumber=in;
+                        }
+                }
+        return(in != NULL);
+        }
+int X509_set_issuer_name(x,name)
+X509 *x;
+X509_NAME *name;
+        {
+        if ((x == NULL) || (x->cert_info == NULL)) return(0);
+        return(X509_NAME_set(&x->cert_info->issuer,name));
+        }
+int X509_set_subject_name(x,name)
+X509 *x;
+X509_NAME *name;
+        {
+        if ((x == NULL) || (x->cert_info == NULL)) return(0);
+        return(X509_NAME_set(&x->cert_info->subject,name));
+        }
+int X509_set_notBefore(x,tm)
+X509 *x;
+ASN1_UTCTIME *tm;
+        {
+        ASN1_UTCTIME *in;
+        if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
+        in=x->cert_info->validity->notBefore;
+        if (in != tm)
+                {
+                in=ASN1_UTCTIME_dup(tm);
+                if (in != NULL)
+                        {
+                        ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
+                        x->cert_info->validity->notBefore=in;
+                        }
+                }
+        return(in != NULL);
+        }
+int X509_set_notAfter(x,tm)
+X509 *x;
+ASN1_UTCTIME *tm;
+        {
+        ASN1_UTCTIME *in;
+        if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
+        in=x->cert_info->validity->notAfter;
+        if (in != tm)
+                {
+                in=ASN1_UTCTIME_dup(tm);
+                if (in != NULL)
+                        {
+                        ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
+                        x->cert_info->validity->notAfter=in;
+                        }
+                }
+        return(in != NULL);
+        }
+int X509_set_pubkey(x,pkey)
+X509 *x;
+EVP_PKEY *pkey;
+        {
+        if ((x == NULL) || (x->cert_info == NULL)) return(0);
+        return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x509_txt.c b/src/lib/libssl/src/crypto/x509/x509_txt.c
new file mode 100644
index 0000000000..408d1c277c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_txt.c
@@ -0,0 +1,132 @@
+/* crypto/x509/x509_txt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+#include <sys/types.h>
+#include "cryptlib.h"
+#include "lhash.h"
+#include "buffer.h"
+#include "evp.h"
+#include "asn1.h"
+#include "x509.h"
+#include "objects.h"
+#include "pem.h"
+char *X509_verify_cert_error_string(n)
+long n;
+        {
+        static char buf[100];
+        switch ((int)n)
+                {
+        case X509_V_OK:
+                return("ok");
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+                return("unable to get issuer certificate");
+        case X509_V_ERR_UNABLE_TO_GET_CRL:
+                return("unable to get certificate CRL");
+        case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+                return("unable to decrypt certificate's signature");
+        case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+                return("unable to decrypt CRL's's signature");
+        case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+                return("unable to decode issuer public key");
+        case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+                return("certificate signature failure");
+        case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+                return("CRL signature failure");
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+                return("certificate is not yet valid");
+        case X509_V_ERR_CRL_NOT_YET_VALID:
+                return("CRL is not yet valid");
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+                return("Certificate has expired");
+        case X509_V_ERR_CRL_HAS_EXPIRED:
+                return("CRL has expired");
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+                return("format error in certificate's notBefore field");
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+                return("format error in certificate's notAfter field");
+        case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+                return("format error in CRL's lastUpdate field");
+        case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+                return("format error in CRL's nextUpdate field");
+        case X509_V_ERR_OUT_OF_MEM:
+                return("out of memory");
+        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+                return("self signed certificate");
+        case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+                return("self signed certificate in certificate chain");
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+                return("unable to get local issuer certificate");
+        case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+                return("unable to verify the first certificate");
+        case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+                return("certificate chain too long");
+        case X509_V_ERR_APPLICATION_VERIFICATION:
+                return("application verification failure");
+        default:
+                sprintf(buf,"error number %ld",n);
+                return(buf);
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x509_v3.c b/src/lib/libssl/src/crypto/x509/x509_v3.c
new file mode 100644
index 0000000000..1c03602f0b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_v3.c
@@ -0,0 +1,409 @@
+/* crypto/x509/x509_v3.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "stack.h"
+#include "cryptlib.h"
+#include "asn1.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+#ifndef NOPROTO
+static X509_EXTENSION_METHOD *find_by_nid(int nid);
+static int xem_cmp(X509_EXTENSION_METHOD **a, X509_EXTENSION_METHOD **b);
+#else
+static X509_EXTENSION_METHOD *find_by_nid();
+static int xem_cmp();
+#endif
+static STACK *extensions=NULL;
+int X509v3_get_ext_count(x)
+STACK *x;
+        {
+        if (x == NULL) return(0);
+        return(sk_num(x));
+        }
+int X509v3_get_ext_by_NID(x,nid,lastpos)
+STACK *x;
+int nid;
+int lastpos;
+        {
+        ASN1_OBJECT *obj;
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL) return(-2);
+        return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
+        }
+int X509v3_get_ext_by_OBJ(sk,obj,lastpos)
+STACK *sk;
+ASN1_OBJECT *obj;
+int lastpos;
+        {
+        int n;
+        X509_EXTENSION *ex;
+        if (sk == NULL) return(-1);
+        lastpos++;
+        if (lastpos < 0)
+                lastpos=0;
+        n=sk_num(sk);
+        for ( ; lastpos < n; lastpos++)
+                {
+                ex=(X509_EXTENSION *)sk_value(sk,lastpos);
+                if (OBJ_cmp(ex->object,obj) == 0)
+                        return(lastpos);
+                }
+        return(-1);
+        }
+int X509v3_get_ext_by_critical(sk,crit,lastpos)
+STACK *sk;
+int crit;
+int lastpos;
+        {
+        int n;
+        X509_EXTENSION *ex;
+        if (sk == NULL) return(-1);
+        lastpos++;
+        if (lastpos < 0)
+                lastpos=0;
+        n=sk_num(sk);
+        for ( ; lastpos < n; lastpos++)
+                {
+                ex=(X509_EXTENSION *)sk_value(sk,lastpos);
+                if (    (ex->critical && crit) ||
+                        (!ex->critical && !crit))
+                        return(lastpos);
+                }
+        return(-1);
+        }
+X509_EXTENSION *X509v3_get_ext(x,loc)
+STACK *x;
+int loc;
+        {
+        if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0))
+                return(NULL);
+        else
+                return((X509_EXTENSION *)sk_value(x,loc));
+        }
+X509_EXTENSION *X509v3_delete_ext(x,loc)
+STACK *x;
+int loc;
+        {
+        X509_EXTENSION *ret;
+        if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0))
+                return(NULL);
+        ret=(X509_EXTENSION *)sk_delete(x,loc);
+        return(ret);
+        }
+STACK *X509v3_add_ext(x,ex,loc)
+STACK **x;
+X509_EXTENSION *ex;
+int loc;
+        {
+        X509_EXTENSION *new_ex=NULL;
+        int n;
+        STACK *sk=NULL;
+        if ((x != NULL) && (*x == NULL))
+                {
+                if ((sk=sk_new_null()) == NULL)
+                        goto err;
+                }
+        else
+                sk= *x;
+        n=sk_num(sk);
+        if (loc > n) loc=n;
+        else if (loc < 0) loc=n;
+        if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
+                goto err2;
+        if (!sk_insert(sk,(char *)new_ex,loc))
+                goto err;
+        if ((x != NULL) && (*x == NULL))
+                *x=sk;
+        return(sk);
+err:
+        X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
+err2:
+        if (new_ex != NULL) X509_EXTENSION_free(new_ex);
+        if (sk != NULL) sk_free(sk);
+        return(NULL);
+        }
+X509_EXTENSION *X509_EXTENSION_create_by_NID(ex,nid,crit,data)
+X509_EXTENSION **ex;
+int nid;
+int crit;
+ASN1_OCTET_STRING *data;
+        {
+        ASN1_OBJECT *obj;
+        X509_EXTENSION *ret;
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
+                return(NULL);
+                }
+        ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
+        if (ret == NULL) ASN1_OBJECT_free(obj);
+        return(ret);
+        }
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(ex,obj,crit,data)
+X509_EXTENSION **ex;
+ASN1_OBJECT *obj;
+int crit;
+ASN1_OCTET_STRING *data;
+        {
+        X509_EXTENSION *ret;
+        if ((ex == NULL) || (*ex == NULL))
+                {
+                if ((ret=X509_EXTENSION_new()) == NULL)
+                        {
+                        X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                }
+        else
+                ret= *ex;
+        if (!X509_EXTENSION_set_object(ret,obj))
+                goto err;
+        if (!X509_EXTENSION_set_critical(ret,crit))
+                goto err;
+        if (!X509_EXTENSION_set_data(ret,data))
+                goto err;
+        
+        if ((ex != NULL) && (*ex == NULL)) *ex=ret;
+        return(ret);
+err:
+        if ((ex == NULL) || (ret != *ex))
+                X509_EXTENSION_free(ret);
+        return(NULL);
+        }
+int X509_EXTENSION_set_object(ex,obj)
+X509_EXTENSION *ex;
+ASN1_OBJECT *obj;
+        {
+        if ((ex == NULL) || (obj == NULL))
+                return(0);
+        ASN1_OBJECT_free(ex->object);
+        ex->object=OBJ_dup(obj);
+        return(1);
+        }
+int X509_EXTENSION_set_critical(ex,crit)
+X509_EXTENSION *ex;
+int crit;
+        {
+        if (ex == NULL) return(0);
+        ex->critical=(crit)?0xFF:0;
+        return(1);
+        }
+int X509_EXTENSION_set_data(ex,data)
+X509_EXTENSION *ex;
+ASN1_OCTET_STRING *data;
+        {
+        int i;
+        if (ex == NULL) return(0);
+        i=ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
+        if (!i) return(0);
+        return(1);
+        }
+ASN1_OBJECT *X509_EXTENSION_get_object(ex)
+X509_EXTENSION *ex;
+        {
+        if (ex == NULL) return(NULL);
+        return(ex->object);
+        }
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(ex)
+X509_EXTENSION *ex;
+        {
+        if (ex == NULL) return(NULL);
+        return(ex->value);
+        }
+int X509_EXTENSION_get_critical(ex)
+X509_EXTENSION *ex;
+        {
+        if (ex == NULL) return(0);
+        return(ex->critical);
+        }
+int X509v3_data_type_by_OBJ(obj)
+ASN1_OBJECT *obj;
+        {
+        int nid;
+        nid=OBJ_obj2nid(obj);
+        if (nid == V_ASN1_UNDEF) return(V_ASN1_UNDEF);
+        return(X509v3_data_type_by_NID(nid));
+        }
+int X509v3_data_type_by_NID(nid)
+int nid;
+        {
+        X509_EXTENSION_METHOD *x;
+        x=find_by_nid(nid);
+        if (x == NULL)
+                return(V_ASN1_UNDEF);
+        else
+                return(x->data_type);
+        }
+int X509v3_pack_type_by_OBJ(obj)
+ASN1_OBJECT *obj;
+        {
+        int nid;
+        nid=OBJ_obj2nid(obj);
+        if (nid == NID_undef) return(X509_EXT_PACK_UNKNOWN);
+        return(X509v3_pack_type_by_NID(nid));
+        }
+int X509v3_pack_type_by_NID(nid)
+int nid;
+        {
+        X509_EXTENSION_METHOD *x;
+        x=find_by_nid(nid);
+        if (x == NULL)
+                return(X509_EXT_PACK_UNKNOWN);
+        else
+                return(x->pack_type);
+        }
+static X509_EXTENSION_METHOD *find_by_nid(nid)
+int nid;
+        {
+        X509_EXTENSION_METHOD x;
+        int i;
+        x.nid=nid;
+        if (extensions == NULL) return(NULL);
+        i=sk_find(extensions,(char *)&x);
+        if (i < 0)
+                return(NULL);
+        else
+                return((X509_EXTENSION_METHOD *)sk_value(extensions,i));
+        }
+static int xem_cmp(a,b)
+X509_EXTENSION_METHOD **a,**b;
+        {
+        return((*a)->nid-(*b)->nid);
+        }
+void X509v3_cleanup_extensions()
+        {
+        int i;
+        if (extensions != NULL)
+                {
+                for (i=0; i<sk_num(extensions); i++)
+                        Free(sk_value(extensions,i));
+                sk_free(extensions);
+                extensions=NULL;
+                }
+        }
+int X509v3_add_extension(x)
+X509_EXTENSION_METHOD *x;
+        {
+        X509_EXTENSION_METHOD *newx;
+        if (extensions == NULL)
+                {
+                extensions=sk_new(xem_cmp);
+                if (extensions == NULL) goto err;
+                }
+        newx=(X509_EXTENSION_METHOD *)Malloc(sizeof(X509_EXTENSION_METHOD));
+        if (newx == NULL) goto err;
+        newx->nid=x->nid;
+        newx->data_type=x->data_type;
+        newx->pack_type=x->pack_type;
+        if (!sk_push(extensions,(char *)newx))
+                {
+                Free(newx);
+                goto err;
+                }
+        return(1);
+err:
+        X509err(X509_F_X509V3_ADD_EXTENSION,ERR_R_MALLOC_FAILURE);
+        return(0);
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c
new file mode 100644
index 0000000000..c1be91edba
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -0,0 +1,704 @@
+/* crypto/x509/x509_vfy.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "crypto.h"
+#include "cryptlib.h"
+#include "lhash.h"
+#include "buffer.h"
+#include "evp.h"
+#include "asn1.h"
+#include "x509.h"
+#include "objects.h"
+#include "pem.h"
+#ifndef NOPROTO
+static int null_callback(int ok,X509_STORE_CTX *e);
+static int internal_verify(X509_STORE_CTX *ctx);
+#else
+static int null_callback();
+static int internal_verify();
+#endif
+char *X509_version="X509 part of SSLeay 0.9.0b 29-Jun-1998";
+static STACK *x509_store_ctx_method=NULL;
+static int x509_store_ctx_num=0;
+#if 0
+static int x509_store_num=1;
+static STACK *x509_store_method=NULL;
+#endif
+static int null_callback(ok,e)
+int ok;
+X509_STORE_CTX *e;
+        {
+        return(ok);
+        }
+#if 0
+static int x509_subject_cmp(a,b)
+X509 **a,**b;
+        {
+        return(X509_subject_name_cmp(*a,*b));
+        }
+#endif
+int X509_verify_cert(ctx)
+X509_STORE_CTX *ctx;
+        {
+        X509 *x,*xtmp,*chain_ss=NULL;
+        X509_NAME *xn;
+        X509_OBJECT obj;
+        int depth,i,ok=0;
+        int num;
+        int (*cb)();
+        STACK *sktmp=NULL;
+        if (ctx->cert == NULL)
+                {
+                X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+                return(-1);
+                }
+        cb=ctx->ctx->verify_cb;
+        if (cb == NULL) cb=null_callback;
+        /* first we make sure the chain we are going to build is
+         * present and that the first entry is in place */
+        if (ctx->chain == NULL)
+                {
+                if (    ((ctx->chain=sk_new_null()) == NULL) ||
+                        (!sk_push(ctx->chain,(char *)ctx->cert)))
+                        {
+                        X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+                        goto end;
+                        }
+                CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
+                ctx->last_untrusted=1;
+                }
+        /* We use a temporary so we can chop and hack at it */
+        if ((ctx->untrusted != NULL) && (sktmp=sk_dup(ctx->untrusted)) == NULL)
+                {
+                X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+                goto end;
+                }
+        num=sk_num(ctx->chain);
+        x=(X509 *)sk_value(ctx->chain,num-1);
+        depth=ctx->depth;
+        for (;;)
+                {
+                /* If we have enough, we break */
+                if (depth <= num) break;
+                /* If we are self signed, we break */
+                xn=X509_get_issuer_name(x);
+                if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
+                        break;
+                /* If we were passed a cert chain, use it first */
+                if (ctx->untrusted != NULL)
+                        {
+                        xtmp=X509_find_by_subject(sktmp,xn);
+                        if (xtmp != NULL)
+                                {
+                                if (!sk_push(ctx->chain,(char *)xtmp))
+                                        {
+                                        X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+                                        goto end;
+                                        }
+                                CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
+                                sk_delete_ptr(sktmp,(char *)xtmp);
+                                ctx->last_untrusted++;
+                                x=xtmp;
+                                num++;
+                                /* reparse the full chain for
+                                 * the next one */
+                                continue;
+                                }
+                        }
+                break;
+                }
+        /* at this point, chain should contain a list of untrusted
+         * certificates.  We now need to add at least one trusted one,
+         * if possible, otherwise we complain. */
+        i=sk_num(ctx->chain);
+        x=(X509 *)sk_value(ctx->chain,i-1);
+        if (X509_NAME_cmp(X509_get_subject_name(x),X509_get_issuer_name(x))
+                == 0)
+                {
+                /* we have a self signed certificate */
+                if (sk_num(ctx->chain) == 1)
+                        {
+                        ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
+                        ctx->current_cert=x;
+                        ctx->error_depth=i-1;
+                        ok=cb(0,ctx);
+                        if (!ok) goto end;
+                        }
+                else
+                        {
+                        /* worry more about this one elsewhere */
+                        chain_ss=(X509 *)sk_pop(ctx->chain);
+                        ctx->last_untrusted--;
+                        num--;
+                        x=(X509 *)sk_value(ctx->chain,num-1);
+                        }
+                }
+        /* We now lookup certs from the certificate store */
+        for (;;)
+                {
+                /* If we have enough, we break */
+                if (depth <= num) break;
+                /* If we are self signed, we break */
+                xn=X509_get_issuer_name(x);
+                if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
+                        break;
+                ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
+                if (ok != X509_LU_X509)
+                        {
+                        if (ok == X509_LU_RETRY)
+                                {
+                                X509_OBJECT_free_contents(&obj);
+                                X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
+                                return(ok);
+                                }
+                        else if (ok != X509_LU_FAIL)
+                                {
+                                X509_OBJECT_free_contents(&obj);
+                                /* not good :-(, break anyway */
+                                return(ok);
+                                }
+                        break;
+                        }
+                x=obj.data.x509;
+                if (!sk_push(ctx->chain,(char *)obj.data.x509))
+                        {
+                        X509_OBJECT_free_contents(&obj);
+                        X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                num++;
+                }
+        /* we now have our chain, lets check it... */
+        xn=X509_get_issuer_name(x);
+        if (X509_NAME_cmp(X509_get_subject_name(x),xn) != 0)
+                {
+                if ((chain_ss == NULL) || (X509_NAME_cmp(X509_get_subject_name(chain_ss),xn) != 0))
+                        {
+                        if (ctx->last_untrusted >= num)
+                                ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
+                        else
+                                ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
+                        ctx->current_cert=x;
+                        }
+                else
+                        {
+                        sk_push(ctx->chain,(char *)chain_ss);
+                        num++;
+                        ctx->last_untrusted=num;
+                        ctx->current_cert=chain_ss;
+                        ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
+                        chain_ss=NULL;
+                        }
+                ctx->error_depth=num-1;
+                ok=cb(0,ctx);
+                if (!ok) goto end;
+                }
+        /* We may as well copy down any DSA parameters that are required */
+        X509_get_pubkey_parameters(NULL,ctx->chain);
+        /* At this point, we have a chain and just need to verify it */
+        if (ctx->ctx->verify != NULL)
+                ok=ctx->ctx->verify(ctx);
+        else
+                ok=internal_verify(ctx);
+end:
+        if (sktmp != NULL) sk_free(sktmp);
+        if (chain_ss != NULL) X509_free(chain_ss);
+        return(ok);
+        }
+static int internal_verify(ctx)
+X509_STORE_CTX *ctx;
+        {
+        int i,ok=0,n;
+        X509 *xs,*xi;
+        EVP_PKEY *pkey=NULL;
+        int (*cb)();
+        cb=ctx->ctx->verify_cb;
+        if (cb == NULL) cb=null_callback;
+        n=sk_num(ctx->chain);
+        ctx->error_depth=n-1;
+        n--;
+        xi=(X509 *)sk_value(ctx->chain,n);
+        if (X509_NAME_cmp(X509_get_subject_name(xi),
+                X509_get_issuer_name(xi)) == 0)
+                xs=xi;
+        else
+                {
+                if (n <= 0)
+                        {
+                        ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
+                        ctx->current_cert=xi;
+                        ok=cb(0,ctx);
+                        goto end;
+                        }
+                else
+                        {
+                        n--;
+                        ctx->error_depth=n;
+                        xs=(X509 *)sk_value(ctx->chain,n);
+                        }
+                }
+/*      ctx->error=0;  not needed */
+        while (n >= 0)
+                {
+                ctx->error_depth=n;
+                if (!xs->valid)
+                        {
+                        if ((pkey=X509_get_pubkey(xi)) == NULL)
+                                {
+                                ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+                                ctx->current_cert=xi;
+                                ok=(*cb)(0,ctx);
+                                if (!ok) goto end;
+                                }
+                        if (X509_verify(xs,pkey) <= 0)
+                                {
+                                ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
+                                ctx->current_cert=xs;
+                                ok=(*cb)(0,ctx);
+                                if (!ok) goto end;
+                                }
+                        pkey=NULL;
+                        i=X509_cmp_current_time(X509_get_notBefore(xs));
+                        if (i == 0)
+                                {
+                                ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
+                                ctx->current_cert=xs;
+                                ok=(*cb)(0,ctx);
+                                if (!ok) goto end;
+                                }
+                        if (i > 0)
+                                {
+                                ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
+                                ctx->current_cert=xs;
+                                ok=(*cb)(0,ctx);
+                                if (!ok) goto end;
+                                }
+                        xs->valid=1;
+                        }
+                i=X509_cmp_current_time(X509_get_notAfter(xs));
+                if (i == 0)
+                        {
+                        ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
+                        ctx->current_cert=xs;
+                        ok=(*cb)(0,ctx);
+                        if (!ok) goto end;
+                        }
+                if (i < 0)
+                        {
+                        ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
+                        ctx->current_cert=xs;
+                        ok=(*cb)(0,ctx);
+                        if (!ok) goto end;
+                        }
+                /* CRL CHECK */
+                /* The last error (if any) is still in the error value */
+                ctx->current_cert=xs;
+                ok=(*cb)(1,ctx);
+                if (!ok) goto end;
+                n--;
+                if (n >= 0)
+                        {
+                        xi=xs;
+                        xs=(X509 *)sk_value(ctx->chain,n);
+                        }
+                }
+        ok=1;
+end:
+        return(ok);
+        }
+int X509_cmp_current_time(ctm)
+ASN1_UTCTIME *ctm;
+        {
+        char *str;
+        ASN1_UTCTIME atm;
+        time_t offset;
+        char buff1[24],buff2[24],*p;
+        int i,j;
+        p=buff1;
+        i=ctm->length;
+        str=(char *)ctm->data;
+        if ((i < 11) || (i > 17)) return(0);
+        memcpy(p,str,10);
+        p+=10;
+        str+=10;
+        if ((*str == 'Z') || (*str == '-') || (*str == '+'))
+                { *(p++)='0'; *(p++)='0'; }
+        else    { *(p++)= *(str++); *(p++)= *(str++); }
+        *(p++)='Z';
+        *(p++)='\0';
+        if (*str == 'Z')
+                offset=0;
+        else
+                {
+                if ((*str != '+') && (str[5] != '-'))
+                        return(0);
+                offset=((str[1]-'0')*10+(str[2]-'0'))*60;
+                offset+=(str[3]-'0')*10+(str[4]-'0');
+                if (*str == '-')
+                        offset=-offset;
+                }
+        atm.type=V_ASN1_UTCTIME;
+        atm.length=sizeof(buff2);
+        atm.data=(unsigned char *)buff2;
+        X509_gmtime_adj(&atm,-offset);
+        i=(buff1[0]-'0')*10+(buff1[1]-'0');
+        if (i < 70) i+=100;
+        j=(buff2[0]-'0')*10+(buff2[1]-'0');
+        if (j < 70) j+=100;
+        if (i < j) return (-1);
+        if (i > j) return (1);
+        i=strcmp(buff1,buff2);
+        if (i == 0) /* wait a second then return younger :-) */
+                return(-1);
+        else
+                return(i);
+        }
+ASN1_UTCTIME *X509_gmtime_adj(s, adj)
+ASN1_UTCTIME *s;
+long adj;
+        {
+        time_t t;
+        time(&t);
+        t+=adj;
+        return(ASN1_UTCTIME_set(s,t));
+        }
+int X509_get_pubkey_parameters(pkey,chain)
+EVP_PKEY *pkey;
+STACK *chain;
+        {
+        EVP_PKEY *ktmp=NULL,*ktmp2;
+        int i,j;
+        if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1);
+        for (i=0; i<sk_num(chain); i++)
+                {
+                ktmp=X509_get_pubkey((X509 *)sk_value(chain,i));
+                if (ktmp == NULL)
+                        {
+                        X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
+                        return(0);
+                        }
+                if (!EVP_PKEY_missing_parameters(ktmp))
+                        break;
+                else
+                        {
+                        ktmp=NULL;
+                        }
+                }
+        if (ktmp == NULL)
+                {
+                X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
+                return(0);
+                }
+        /* first, populate the other certs */
+        for (j=i-1; j >= 0; j--)
+                {
+                ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j));
+                EVP_PKEY_copy_parameters(ktmp2,ktmp);
+                }
+        
+        if (pkey != NULL)
+                EVP_PKEY_copy_parameters(pkey,ktmp);
+        return(1);
+        }
+EVP_PKEY *X509_get_pubkey(x)
+X509 *x;
+        {
+        if ((x == NULL) || (x->cert_info == NULL))
+                return(NULL);
+        return(X509_PUBKEY_get(x->cert_info->key));
+        }
+int X509_check_private_key(x,k)
+X509 *x;
+EVP_PKEY *k;
+        {
+        EVP_PKEY *xk=NULL;
+        int ok=0;
+        xk=X509_get_pubkey(x);
+        if (xk->type != k->type) goto err;
+        switch (k->type)
+                {
+#ifndef NO_RSA
+        case EVP_PKEY_RSA:
+                if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err;
+                if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err;
+                break;
+#endif
+#ifndef NO_DSA
+        case EVP_PKEY_DSA:
+                if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
+                        goto err;
+                break;
+#endif
+#ifndef NO_DH
+        case EVP_PKEY_DH:
+                /* No idea */
+                goto err;
+#endif
+        default:
+                goto err;
+                }
+        ok=1;
+err:
+        return(ok);
+        }
+int X509_STORE_add_cert(ctx,x)
+X509_STORE *ctx;
+X509 *x;
+        {
+        X509_OBJECT *obj,*r;
+        int ret=1;
+        if (x == NULL) return(0);
+        obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        obj->type=X509_LU_X509;
+        obj->data.x509=x;
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        X509_OBJECT_up_ref_count(obj);
+        r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
+        if (r != NULL)
+                { /* oops, put it back */
+                lh_delete(ctx->certs,(char *)obj);
+                X509_OBJECT_free_contents(obj);
+                Free(obj);
+                lh_insert(ctx->certs,(char *)r);
+                X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
+                ret=0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        return(ret);    
+        }
+int X509_STORE_add_crl(ctx,x)
+X509_STORE *ctx;
+X509_CRL *x;
+        {
+        X509_OBJECT *obj,*r;
+        int ret=1;
+        if (x == NULL) return(0);
+        obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        obj->type=X509_LU_CRL;
+        obj->data.crl=x;
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        X509_OBJECT_up_ref_count(obj);
+        r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
+        if (r != NULL)
+                { /* oops, put it back */
+                lh_delete(ctx->certs,(char *)obj);
+                X509_OBJECT_free_contents(obj);
+                Free(obj);
+                lh_insert(ctx->certs,(char *)r);
+                X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
+                ret=0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        return(ret);    
+        }
+int X509_STORE_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+        x509_store_ctx_num++;
+        return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
+                &x509_store_ctx_method,
+                argl,argp,new_func,dup_func,free_func));
+        }
+int X509_STORE_CTX_set_ex_data(ctx,idx,data)
+X509_STORE_CTX *ctx;
+int idx;
+char *data;
+        {
+        return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
+        }
+char *X509_STORE_CTX_get_ex_data(ctx,idx)
+X509_STORE_CTX *ctx;
+int idx;
+        {
+        return(CRYPTO_get_ex_data(&ctx->ex_data,idx));
+        }
+int X509_STORE_CTX_get_error(ctx)
+X509_STORE_CTX *ctx;
+        {
+        return(ctx->error);
+        }
+void X509_STORE_CTX_set_error(ctx,err)
+X509_STORE_CTX *ctx;
+int err;
+        {
+        ctx->error=err;
+        }
+int X509_STORE_CTX_get_error_depth(ctx)
+X509_STORE_CTX *ctx;
+        {
+        return(ctx->error_depth);
+        }
+X509 *X509_STORE_CTX_get_current_cert(ctx)
+X509_STORE_CTX *ctx;
+        {
+        return(ctx->current_cert);
+        }
+STACK *X509_STORE_CTX_get_chain(ctx)
+X509_STORE_CTX *ctx;
+        {
+        return(ctx->chain);
+        }
+void X509_STORE_CTX_set_cert(ctx,x)
+X509_STORE_CTX *ctx;
+X509 *x;
+        {
+        ctx->cert=x;
+        }
+void X509_STORE_CTX_set_chain(ctx,sk)
+X509_STORE_CTX *ctx;
+STACK *sk;
+        {
+        ctx->untrusted=sk;
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.h b/src/lib/libssl/src/crypto/x509/x509_vfy.h
new file mode 100644
index 0000000000..dfc060f899
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.h
@@ -0,0 +1,378 @@
+/* crypto/x509/x509_vfy.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_X509_VFY_H
+#define HEADER_X509_VFY_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#include "bio.h"
+#include "crypto.h"
+/* Outer object */
+typedef struct x509_hash_dir_st
+        {
+        int num_dirs;
+        char **dirs;
+        int *dirs_type;
+        int num_dirs_alloced;
+        } X509_HASH_DIR_CTX;
+typedef struct x509_file_st
+        {
+        int num_paths;  /* number of paths to files or directories */
+        int num_alloced;
+        char **paths;   /* the list of paths or directories */
+        int *path_type;
+        } X509_CERT_FILE_CTX;
+/*******************************/
+/*
+SSL_CTX -> X509_STORE    
+                -> X509_LOOKUP
+                        ->X509_LOOKUP_METHOD
+                -> X509_LOOKUP
+                        ->X509_LOOKUP_METHOD
+ 
+SSL     -> X509_STORE_CTX
+                ->X509_STORE    
+The X509_STORE holds the tables etc for verification stuff.
+A X509_STORE_CTX is used while validating a single certificate.
+The X509_STORE has X509_LOOKUPs for looking up certs.
+The X509_STORE then calls a function to actually verify the
+certificate chain.
+*/
+#define X509_LU_RETRY           -1
+#define X509_LU_FAIL            0
+#define X509_LU_X509            1
+#define X509_LU_CRL             2
+#define X509_LU_PKEY            3
+typedef struct x509_object_st
+        {
+        /* one of the above types */
+        int type;
+        union   {
+                char *ptr;
+                X509 *x509;
+                X509_CRL *crl;
+                EVP_PKEY *pkey;
+                } data;
+        } X509_OBJECT;
+/* This is a static that defines the function interface */
+typedef struct x509_lookup_method_st
+        {
+        char *name;
+        int (*new_item)();
+        void (*free)();
+        int (*init)(/* meth, char ** */);
+        int (*shutdown)( /* meth, char ** */);
+        int (*ctrl)( /* meth, char **, int cmd, char *argp, int argi */);
+        int (*get_by_subject)(/* meth, char **, XNAME *, X509 **ret */);
+        int (*get_by_issuer_serial)();
+        int (*get_by_fingerprint)();
+        int (*get_by_alias)();
+        } X509_LOOKUP_METHOD;
+/* This is used to hold everything.  It is used for all certificate
+ * validation.  Once we have a certificate chain, the 'verify'
+ * function is then called to actually check the cert chain. */
+typedef struct x509_store_st
+        {
+        /* The following is a cache of trusted certs */
+        int cache;      /* if true, stash any hits */
+#ifdef HEADER_LHASH_H
+        LHASH *certs;   /* cached certs; */ 
+#else
+        char *certs;
+#endif
+        /* These are external lookup methods */
+        STACK *get_cert_methods;/* X509_LOOKUP */
+        int (*verify)();        /* called to verify a certificate */
+        int (*verify_cb)();     /* error callback */
+        CRYPTO_EX_DATA ex_data;
+        int references;
+        int depth;              /* how deep to look */
+        }  X509_STORE;
+#define X509_STORE_set_depth(ctx,d)       ((ctx)->depth=(d))
+#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
+#define X509_STORE_set_verify_func(ctx,func)    ((ctx)->verify=(func))
+/* This is the functions plus an instance of the local variables. */
+typedef struct x509_lookup_st
+        {
+        int init;                       /* have we been started */
+        int skip;                       /* don't use us. */
+        X509_LOOKUP_METHOD *method;     /* the functions */
+        char *method_data;              /* method data */
+        X509_STORE *store_ctx;  /* who owns us */
+        } X509_LOOKUP;
+/* This is a temporary used when processing cert chains.  Since the
+ * gathering of the cert chain can take some time (and have to be
+ * 'retried', this needs to be kept and passed around. */
+typedef struct x509_store_state_st
+        {
+        X509_STORE *ctx;
+        int current_method;     /* used when looking up certs */
+        /* The following are set by the caller */
+        X509 *cert;             /* The cert to check */
+        STACK *untrusted;       /* chain of X509s - untrusted - passed in */
+        /* The following is built up */
+        int depth;              /* how far to go looking up certs */
+        int valid;              /* if 0, rebuild chain */
+        int last_untrusted;     /* index of last untrusted cert */
+        STACK *chain;           /* chain of X509s - built up and trusted */
+        /* When something goes wrong, this is why */
+        int error_depth;
+        int error;
+        X509 *current_cert;
+        CRYPTO_EX_DATA ex_data;
+        } X509_STORE_CTX;
+#define X509_STORE_CTX_set_app_data(ctx,data) \
+        X509_STORE_CTX_set_ex_data(ctx,0,data)
+#define X509_STORE_CTX_get_app_data(ctx) \
+        X509_STORE_CTX_get_ex_data(ctx,0)
+#define X509_L_FILE_LOAD        1
+#define X509_L_ADD_DIR          2
+X509_LOOKUP_METHOD *X509_LOOKUP_file();
+#define X509_LOOKUP_load_file(x,name,type) \
+                X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
+X509_LOOKUP_METHOD *X509_LOOKUP_dir();
+#define X509_LOOKUP_add_dir(x,name,type) \
+                X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
+#define         X509_V_OK                                       0
+#define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
+#define         X509_V_ERR_UNABLE_TO_GET_CRL                    3
+#define         X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
+#define         X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
+#define         X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
+#define         X509_V_ERR_CERT_SIGNATURE_FAILURE               7
+#define         X509_V_ERR_CRL_SIGNATURE_FAILURE                8
+#define         X509_V_ERR_CERT_NOT_YET_VALID                   9       
+#define         X509_V_ERR_CERT_HAS_EXPIRED                     10
+#define         X509_V_ERR_CRL_NOT_YET_VALID                    11
+#define         X509_V_ERR_CRL_HAS_EXPIRED                      12
+#define         X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
+#define         X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
+#define         X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
+#define         X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD       16
+#define         X509_V_ERR_OUT_OF_MEM                           17
+#define         X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT          18
+#define         X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN            19
+#define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY    20
+#define         X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE      21
+#define         X509_V_ERR_CERT_CHAIN_TOO_LONG                  22
+#define         X509_V_ERR_CERT_REVOKED                         23
+/* The application is not happy */
+#define         X509_V_ERR_APPLICATION_VERIFICATION             50
+#ifndef NOPROTO
+#ifdef HEADER_LHASH_H
+X509_OBJECT *X509_OBJECT_retrive_by_subject(LHASH *h,int type,X509_NAME *name);
+#endif
+void X509_OBJECT_up_ref_count(X509_OBJECT *a);
+void X509_OBJECT_free_contents(X509_OBJECT *a);
+X509_STORE *X509_STORE_new(void );
+void X509_STORE_free(X509_STORE *v);
+void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+        X509 *x509, STACK *chain);
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
+        X509_OBJECT *ret);
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,long argl,char **ret);
+#ifndef NO_STDIO
+int X509_load_cert_file(X509_LOOKUP *ctx, char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, char *file, int type);
+#endif
+void X509v3_cleanup_extensions(void );
+int X509v3_add_extension(X509_EXTENSION_METHOD *x);
+int X509v3_add_netscape_extensions(void );
+int X509v3_add_standard_extensions(void );
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+void X509_LOOKUP_free(X509_LOOKUP *ctx);
+int X509_LOOKUP_init(X509_LOOKUP *ctx);
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
+        X509_OBJECT *ret);
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
+        ASN1_INTEGER *serial, X509_OBJECT *ret);
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
+        unsigned char *bytes, int len, X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
+        int len, X509_OBJECT *ret);
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+#ifndef NO_STDIO
+int     X509_STORE_load_locations (X509_STORE *ctx,
+                char *file, char *dir);
+int     X509_STORE_set_default_paths(X509_STORE *ctx);
+#endif
+int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+        int (*dup_func)(), void (*free_func)());
+int     X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,char *data);
+char *  X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
+int     X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+void    X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
+int     X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+X509 *  X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+STACK * X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+void    X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
+void    X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK /* X509 */ *sk);
+#else
+#ifdef HEADER_LHASH_H
+X509_OBJECT *X509_OBJECT_retrive_by_subject();
+#endif
+void X509_OBJECT_up_ref_count();
+void X509_OBJECT_free_contents();
+X509_STORE *X509_STORE_new();
+void X509_STORE_free();
+void X509_STORE_CTX_init();
+void X509_STORE_CTX_cleanup();
+X509_LOOKUP *X509_STORE_add_lookup();
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir();
+X509_LOOKUP_METHOD *X509_LOOKUP_file();
+int X509_STORE_add_cert();
+int X509_STORE_add_crl();
+int X509_STORE_get_by_subject();
+int X509_LOOKUP_ctrl();
+#ifndef NO_STDIO
+int X509_load_cert_file();
+int X509_load_crl_file();
+#endif
+void X509v3_cleanup_extensions();
+int X509v3_add_extension();
+int X509v3_add_netscape_extensions();
+int X509v3_add_standard_extensions();
+X509_LOOKUP *X509_LOOKUP_new();
+void X509_LOOKUP_free();
+int X509_LOOKUP_init();
+int X509_LOOKUP_by_subject();
+int X509_LOOKUP_by_issuer_serial();
+int X509_LOOKUP_by_fingerprint();
+int X509_LOOKUP_by_alias();
+int X509_LOOKUP_shutdown();
+#ifndef NO_STDIO
+int     X509_STORE_load_locations ();
+int     X509_STORE_set_default_paths();
+#endif
+int     X509_STORE_CTX_set_ex_data();
+char *  X509_STORE_CTX_get_ex_data();
+int     X509_STORE_CTX_get_error();
+void    X509_STORE_CTX_set_error();
+int     X509_STORE_CTX_get_error_depth();
+X509 *  X509_STORE_CTX_get_current_cert();
+STACK * X509_STORE_CTX_get_chain();
+void    X509_STORE_CTX_set_cert();
+void    X509_STORE_CTX_set_chain();
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/x509/x509name.c b/src/lib/libssl/src/crypto/x509/x509name.c
new file mode 100644
index 0000000000..650e71b1b5
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509name.c
@@ -0,0 +1,358 @@
+/* crypto/x509/x509name.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "stack.h"
+#include "cryptlib.h"
+#include "asn1.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+int X509_NAME_get_text_by_NID(name,nid,buf,len)
+X509_NAME *name;
+int nid;
+char *buf;
+int len;
+        {
+        ASN1_OBJECT *obj;
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL) return(-1);
+        return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
+        }
+int X509_NAME_get_text_by_OBJ(name,obj,buf,len)
+X509_NAME *name;
+ASN1_OBJECT *obj;
+char *buf;
+int len;
+        {
+        int i;
+        ASN1_STRING *data;
+        i=X509_NAME_get_index_by_OBJ(name,obj,-1);
+        if (i < 0) return(-1);
+        data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
+        i=(data->length > (len-1))?(len-1):data->length;
+        if (buf == NULL) return(data->length);
+        memcpy(buf,data->data,i);
+        buf[i]='\0';
+        return(i);
+        }
+int X509_NAME_entry_count(name)
+X509_NAME *name;
+        {
+        if (name == NULL) return(0);
+        return(sk_num(name->entries));
+        }
+int X509_NAME_get_index_by_NID(name,nid,lastpos)
+X509_NAME *name;
+int nid;
+int lastpos;
+        {
+        ASN1_OBJECT *obj;
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL) return(-2);
+        return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
+        }
+/* NOTE: you should be passsing -1, not 0 as lastpos */
+int X509_NAME_get_index_by_OBJ(name,obj,lastpos)
+X509_NAME *name;
+ASN1_OBJECT *obj;
+int lastpos;
+        {
+        int n;
+        X509_NAME_ENTRY *ne;
+        STACK *sk;
+        if (name == NULL) return(-1);
+        if (lastpos < 0)
+                lastpos= -1;
+        sk=name->entries;
+        n=sk_num(sk);
+        for (lastpos++; lastpos < n; lastpos++)
+                {
+                ne=(X509_NAME_ENTRY *)sk_value(sk,lastpos);
+                if (OBJ_cmp(ne->object,obj) == 0)
+                        return(lastpos);
+                }
+        return(-1);
+        }
+X509_NAME_ENTRY *X509_NAME_get_entry(name,loc)
+X509_NAME *name;
+int loc;
+        {
+        if (    (name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
+                return(NULL);
+        else
+                return((X509_NAME_ENTRY *)sk_value(name->entries,loc));
+        }
+X509_NAME_ENTRY *X509_NAME_delete_entry(name,loc)
+X509_NAME *name;
+int loc;
+        {
+        X509_NAME_ENTRY *ret;
+        int i,j,n,set_prev,set_next;
+        STACK *sk;
+        if ((name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
+                return(NULL);
+        sk=name->entries;
+        ret=(X509_NAME_ENTRY *)sk_delete(sk,loc);
+        n=sk_num(sk);
+        name->modified=1;
+        if (loc == n) return(ret);
+        /* else we need to fixup the set field */
+        if (loc != 0)
+                set_prev=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set;
+        else
+                set_prev=ret->set-1;
+        set_next=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
+        /* set_prev is the previous set
+         * set is the current set
+         * set_next is the following
+         * prev  1 1    1 1     1 1     1 1
+         * set   1      1       2       2
+         * next  1 1    2 2     2 2     3 2
+         * so basically only if prev and next differ by 2, then
+         * re-number down by 1 */
+        if (set_prev+1 < set_next)
+                {
+                j=set_next-set_prev-1;
+                for (i=loc; i<n; i++)
+                        ((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set-=j;
+                }
+        return(ret);
+        }
+/* if set is -1, append to previous set, 0 'a new one', and 1,
+ * prepend to the guy we are about to stomp on. */
+int X509_NAME_add_entry(name,ne,loc,set)
+X509_NAME *name;
+X509_NAME_ENTRY *ne;
+int loc;
+int set;
+        {
+        X509_NAME_ENTRY *new_name=NULL;
+        int n,i,inc;
+        STACK *sk;
+        if (name == NULL) return(0);
+        sk=name->entries;
+        n=sk_num(sk);
+        if (loc > n) loc=n;
+        else if (loc < 0) loc=n;
+        name->modified=1;
+        if (set == -1)
+                {
+                if (loc == 0)
+                        {
+                        set=0;
+                        inc=1;
+                        }
+                else
+                        {
+                        set=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set;
+                        inc=0;
+                        }
+                }
+        else /* if (set >= 0) */
+                {
+                if (loc >= n)
+                        {
+                        if (loc != 0)
+                                set=((X509_NAME_ENTRY *)
+                                        sk_value(sk,loc-1))->set+1;
+                        else
+                                set=0;
+                        }
+                else
+                        set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
+                inc=(set == 0)?1:0;
+                }
+        if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
+                goto err;
+        new_name->set=set;
+        if (!sk_insert(sk,(char *)new_name,loc))
+                {
+                X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (inc)
+                {
+                n=sk_num(sk);
+                for (i=loc+1; i<n; i++)
+                        ((X509_NAME_ENTRY *)sk_value(sk,i-1))->set+=1;
+                }       
+        return(1);
+err:
+        if (new_name != NULL)
+                X509_NAME_ENTRY_free(ne);
+        return(0);
+        }
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(ne,nid,type,bytes,len)
+X509_NAME_ENTRY **ne;
+int nid;
+int type;
+unsigned char *bytes;
+int len;
+        {
+        ASN1_OBJECT *obj;
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
+                return(NULL);
+                }
+        return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len));
+        }
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len)
+X509_NAME_ENTRY **ne;
+ASN1_OBJECT *obj;
+int type;
+unsigned char *bytes;
+int len;
+        {
+        X509_NAME_ENTRY *ret;
+        if ((ne == NULL) || (*ne == NULL))
+                {
+                if ((ret=X509_NAME_ENTRY_new()) == NULL)
+                        return(NULL);
+                }
+        else
+                ret= *ne;
+        if (!X509_NAME_ENTRY_set_object(ret,obj))
+                goto err;
+        if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
+                goto err;
+        
+        if ((ne != NULL) && (*ne == NULL)) *ne=ret;
+        return(ret);
+err:
+        if ((ne == NULL) || (ret != *ne))
+                X509_NAME_ENTRY_free(ret);
+        return(NULL);
+        }
+int X509_NAME_ENTRY_set_object(ne,obj)
+X509_NAME_ENTRY *ne;
+ASN1_OBJECT *obj;
+        {
+        if ((ne == NULL) || (obj == NULL))
+                {
+                X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        ASN1_OBJECT_free(ne->object);
+        ne->object=OBJ_dup(obj);
+        return((ne->object == NULL)?0:1);
+        }
+int X509_NAME_ENTRY_set_data(ne,type,bytes,len)
+X509_NAME_ENTRY *ne;
+int type;
+unsigned char *bytes;
+int len;
+        {
+        int i;
+        if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
+        if (len < 0) len=strlen((char *)bytes);
+        i=ASN1_STRING_set(ne->value,bytes,len);
+        if (!i) return(0);
+        if (type != V_ASN1_UNDEF)
+                {
+                if (type == V_ASN1_APP_CHOOSE)
+                        ne->value->type=ASN1_PRINTABLE_type(bytes,len);
+                else
+                        ne->value->type=type;
+                }
+        return(1);
+        }
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(ne)
+X509_NAME_ENTRY *ne;
+        {
+        if (ne == NULL) return(NULL);
+        return(ne->object);
+        }
+ASN1_STRING *X509_NAME_ENTRY_get_data(ne)
+X509_NAME_ENTRY *ne;
+        {
+        if (ne == NULL) return(NULL);
+        return(ne->value);
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x509rset.c b/src/lib/libssl/src/crypto/x509/x509rset.c
new file mode 100644
index 0000000000..323b25470a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509rset.c
@@ -0,0 +1,89 @@
+/* crypto/x509/x509rset.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+int X509_REQ_set_version(x,version)
+X509_REQ *x;
+long version;
+        {
+        if (x == NULL) return(0);
+        return(ASN1_INTEGER_set(x->req_info->version,version));
+        }
+int X509_REQ_set_subject_name(x,name)
+X509_REQ *x;
+X509_NAME *name;
+        {
+        if ((x == NULL) || (x->req_info == NULL)) return(0);
+        return(X509_NAME_set(&x->req_info->subject,name));
+        }
+int X509_REQ_set_pubkey(x,pkey)
+X509_REQ *x;
+EVP_PKEY *pkey;
+        {
+        if ((x == NULL) || (x->req_info == NULL)) return(0);
+        return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x509type.c b/src/lib/libssl/src/crypto/x509/x509type.c
new file mode 100644
index 0000000000..42c23bcfca
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x509type.c
@@ -0,0 +1,115 @@
+/* crypto/x509/x509type.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+int X509_certificate_type(x,pkey)
+X509 *x;
+EVP_PKEY *pkey;
+        {
+        EVP_PKEY *pk;
+        int ret=0,i;
+        if (x == NULL) return(0);
+        if (pkey == NULL)
+                pk=X509_get_pubkey(x);
+        else
+                pk=pkey;
+        if (pk == NULL) return(0);
+        switch (pk->type)
+                {
+        case EVP_PKEY_RSA:
+                ret=EVP_PK_RSA|EVP_PKT_SIGN;
+/*              if (!sign only extension) */
+                        ret|=EVP_PKT_ENC;
+        break;
+        case EVP_PKEY_DSA:
+                ret=EVP_PK_DSA|EVP_PKT_SIGN;
+                break;
+        case EVP_PKEY_DH:
+                ret=EVP_PK_DH|EVP_PKT_EXCH;
+                break;
+        default:
+                break;
+                }
+        i=X509_get_signature_type(x);
+        switch (i)
+                {
+        case EVP_PKEY_RSA:
+                ret|=EVP_PKS_RSA;
+                break;
+        case EVP_PKS_DSA:
+                ret|=EVP_PKS_DSA;
+                break;
+        default:
+                break;
+                }
+        if (EVP_PKEY_size(pkey) <= 512)
+                ret|=EVP_PKT_EXP;
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/x509/x_all.c b/src/lib/libssl/src/crypto/x509/x_all.c
new file mode 100644
index 0000000000..b7dde23e9a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509/x_all.c
@@ -0,0 +1,465 @@
+/* crypto/x509/x_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include "stack.h"
+#include "cryptlib.h"
+#include "buffer.h"
+#include "asn1.h"
+#include "evp.h"
+#include "x509.h"
+int X509_verify(a,r)
+X509 *a;
+EVP_PKEY *r;
+        {
+        return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,
+                a->signature,(char *)a->cert_info,r));
+        }
+int X509_REQ_verify(a,r)
+X509_REQ *a;
+EVP_PKEY *r;
+        {
+        return( ASN1_verify((int (*)())i2d_X509_REQ_INFO,
+                a->sig_alg,a->signature,(char *)a->req_info,r));
+        }
+int X509_CRL_verify(a,r)
+X509_CRL *a;
+EVP_PKEY *r;
+        {
+        return(ASN1_verify((int (*)())i2d_X509_CRL_INFO,
+                a->sig_alg, a->signature,(char *)a->crl,r));
+        }
+int NETSCAPE_SPKI_verify(a,r)
+NETSCAPE_SPKI *a;
+EVP_PKEY *r;
+        {
+        return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC,
+                a->sig_algor,a->signature, (char *)a->spkac,r));
+        }
+int X509_sign(x,pkey,md)
+X509 *x;
+EVP_PKEY *pkey;
+EVP_MD *md;
+        {
+        return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature,
+                x->sig_alg, x->signature, (char *)x->cert_info,pkey,md));
+        }
+int X509_REQ_sign(x,pkey,md)
+X509_REQ *x;
+EVP_PKEY *pkey;
+EVP_MD *md;
+        {
+        return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL,
+                x->signature, (char *)x->req_info,pkey,md));
+        }
+int X509_CRL_sign(x,pkey,md)
+X509_CRL *x;
+EVP_PKEY *pkey;
+EVP_MD *md;
+        {
+        return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,
+                x->sig_alg, x->signature, (char *)x->crl,pkey,md));
+        }
+int NETSCAPE_SPKI_sign(x,pkey,md)
+NETSCAPE_SPKI *x;
+EVP_PKEY *pkey;
+EVP_MD *md;
+        {
+        return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL,
+                x->signature, (char *)x->spkac,pkey,md));
+        }
+X509 *X509_dup(x509)
+X509 *x509;
+        {
+        return((X509 *)ASN1_dup((int (*)())i2d_X509,
+                (char *(*)())d2i_X509,(char *)x509));
+        }
+X509_EXTENSION *X509_EXTENSION_dup(ex)
+X509_EXTENSION *ex;
+        {
+        return((X509_EXTENSION *)ASN1_dup(
+                (int (*)())i2d_X509_EXTENSION,
+                (char *(*)())d2i_X509_EXTENSION,(char *)ex));
+        }
+#ifndef NO_FP_API
+X509 *d2i_X509_fp(fp,x509)
+FILE *fp;
+X509 *x509;
+        {
+        return((X509 *)ASN1_d2i_fp((char *(*)())X509_new,
+                (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)));
+        }
+int i2d_X509_fp(fp,x509)
+FILE *fp;
+X509 *x509;
+        {
+        return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509));
+        }
+#endif
+X509 *d2i_X509_bio(bp,x509)
+BIO *bp;
+X509 *x509;
+        {
+        return((X509 *)ASN1_d2i_bio((char *(*)())X509_new,
+                (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)));
+        }
+int i2d_X509_bio(bp,x509)
+BIO *bp;
+X509 *x509;
+        {
+        return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509));
+        }
+X509_CRL *X509_CRL_dup(crl)
+X509_CRL *crl;
+        {
+        return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL,
+                (char *(*)())d2i_X509_CRL,(char *)crl));
+        }
+#ifndef NO_FP_API
+X509_CRL *d2i_X509_CRL_fp(fp,crl)
+FILE *fp;
+X509_CRL *crl;
+        {
+        return((X509_CRL *)ASN1_d2i_fp((char *(*)())
+                X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),
+                (unsigned char **)(crl)));
+        }
+int i2d_X509_CRL_fp(fp,crl)
+FILE *fp;
+X509_CRL *crl;
+        {
+        return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl));
+        }
+#endif
+X509_CRL *d2i_X509_CRL_bio(bp,crl)
+BIO *bp;
+X509_CRL *crl;
+        {
+        return((X509_CRL *)ASN1_d2i_bio((char *(*)())
+                X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),
+                (unsigned char **)(crl)));
+        }
+int i2d_X509_CRL_bio(bp,crl)
+BIO *bp;
+X509_CRL *crl;
+        {
+        return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl));
+        }
+PKCS7 *PKCS7_dup(p7)
+PKCS7 *p7;
+        {
+        return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7,
+                (char *(*)())d2i_PKCS7,(char *)p7));
+        }
+#ifndef NO_FP_API
+PKCS7 *d2i_PKCS7_fp(fp,p7)
+FILE *fp;
+PKCS7 *p7;
+        {
+        return((PKCS7 *)ASN1_d2i_fp((char *(*)())
+                PKCS7_new,(char *(*)())d2i_PKCS7, (fp),
+                (unsigned char **)(p7)));
+        }
+int i2d_PKCS7_fp(fp,p7)
+FILE *fp;
+PKCS7 *p7;
+        {
+        return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7));
+        }
+#endif
+PKCS7 *d2i_PKCS7_bio(bp,p7)
+BIO *bp;
+PKCS7 *p7;
+        {
+        return((PKCS7 *)ASN1_d2i_bio((char *(*)())
+                PKCS7_new,(char *(*)())d2i_PKCS7, (bp),
+                (unsigned char **)(p7)));
+        }
+int i2d_PKCS7_bio(bp,p7)
+BIO *bp;
+PKCS7 *p7;
+        {
+        return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7));
+        }
+X509_REQ *X509_REQ_dup(req)
+X509_REQ *req;
+        {
+        return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ,
+                (char *(*)())d2i_X509_REQ,(char *)req));
+        }
+#ifndef NO_FP_API
+X509_REQ *d2i_X509_REQ_fp(fp,req)
+FILE *fp;
+X509_REQ *req;
+        {
+        return((X509_REQ *)ASN1_d2i_fp((char *(*)())
+                X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),
+                (unsigned char **)(req)));
+        }
+int i2d_X509_REQ_fp(fp,req)
+FILE *fp;
+X509_REQ *req;
+        {
+        return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req));
+        }
+#endif
+X509_REQ *d2i_X509_REQ_bio(bp,req)
+BIO *bp;
+X509_REQ *req;
+        {
+        return((X509_REQ *)ASN1_d2i_bio((char *(*)())
+                X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),
+                (unsigned char **)(req)));
+        }
+int i2d_X509_REQ_bio(bp,req)
+BIO *bp;
+X509_REQ *req;
+        {
+        return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req));
+        }
+#ifndef NO_RSA
+RSA *RSAPublicKey_dup(rsa)
+RSA *rsa;
+        {
+        return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey,
+                (char *(*)())d2i_RSAPublicKey,(char *)rsa));
+        }
+RSA *RSAPrivateKey_dup(rsa)
+RSA *rsa;
+        {
+        return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey,
+                (char *(*)())d2i_RSAPrivateKey,(char *)rsa));
+        }
+#ifndef NO_FP_API
+RSA *d2i_RSAPrivateKey_fp(fp,rsa)
+FILE *fp;
+RSA *rsa;
+        {
+        return((RSA *)ASN1_d2i_fp((char *(*)())
+                RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp),
+                (unsigned char **)(rsa)));
+        }
+int i2d_RSAPrivateKey_fp(fp,rsa)
+FILE *fp;
+RSA *rsa;
+        {
+        return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa));
+        }
+RSA *d2i_RSAPublicKey_fp(fp,rsa)
+FILE *fp;
+RSA *rsa;
+        {
+        return((RSA *)ASN1_d2i_fp((char *(*)())
+                RSA_new,(char *(*)())d2i_RSAPublicKey, (fp),
+                (unsigned char **)(rsa)));
+        }
+int i2d_RSAPublicKey_fp(fp,rsa)
+FILE *fp;
+RSA *rsa;
+        {
+        return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
+        }
+#endif
+RSA *d2i_RSAPrivateKey_bio(bp,rsa)
+BIO *bp;
+RSA *rsa;
+        {
+        return((RSA *)ASN1_d2i_bio((char *(*)())
+                RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp),
+                (unsigned char **)(rsa)));
+        }
+int i2d_RSAPrivateKey_bio(bp,rsa)
+BIO *bp;
+RSA *rsa;
+        {
+        return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa));
+        }
+RSA *d2i_RSAPublicKey_bio(bp,rsa)
+BIO *bp;
+RSA *rsa;
+        {
+        return((RSA *)ASN1_d2i_bio((char *(*)())
+                RSA_new,(char *(*)())d2i_RSAPublicKey, (bp),
+                (unsigned char **)(rsa)));
+        }
+int i2d_RSAPublicKey_bio(bp,rsa)
+BIO *bp;
+RSA *rsa;
+        {
+        return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
+        }
+#endif
+#ifndef NO_DSA
+#ifndef NO_FP_API
+DSA *d2i_DSAPrivateKey_fp(fp,dsa)
+FILE *fp;
+DSA *dsa;
+        {
+        return((DSA *)ASN1_d2i_fp((char *(*)())
+                DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
+                (unsigned char **)(dsa)));
+        }
+int i2d_DSAPrivateKey_fp(fp,dsa)
+FILE *fp;
+DSA *dsa;
+        {
+        return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
+        }
+#endif
+DSA *d2i_DSAPrivateKey_bio(bp,dsa)
+BIO *bp;
+DSA *dsa;
+        {
+        return((DSA *)ASN1_d2i_bio((char *(*)())
+                DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
+                (unsigned char **)(dsa)));
+        }
+int i2d_DSAPrivateKey_bio(bp,dsa)
+BIO *bp;
+DSA *dsa;
+        {
+        return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
+        }
+#endif
+X509_NAME *X509_NAME_dup(xn)
+X509_NAME *xn;
+        {
+        return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME,
+                (char *(*)())d2i_X509_NAME,(char *)xn));
+        }
+X509_NAME_ENTRY *X509_NAME_ENTRY_dup(ne)
+X509_NAME_ENTRY *ne;
+        {
+        return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY,
+                (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
+        }
+int X509_digest(data,type,md,len)
+X509 *data;
+EVP_MD *type;
+unsigned char *md;
+unsigned int *len;
+        {
+        return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
+        }
+int X509_NAME_digest(data,type,md,len)
+X509_NAME *data;
+EVP_MD *type;
+unsigned char *md;
+unsigned int *len;
+        {
+        return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
+        }
+int PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len)
+PKCS7_ISSUER_AND_SERIAL *data;
+EVP_MD *type;
+unsigned char *md;
+unsigned int *len;
+        {
+        return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
+                (char *)data,md,len));
+        }
diff --git a/src/lib/libssl/src/crypto/x509v3/x509v3.h b/src/lib/libssl/src/crypto/x509v3/x509v3.h
new file mode 100644
index 0000000000..d7945bc9cd
--- /dev/null
+++ b/src/lib/libssl/src/crypto/x509v3/x509v3.h
@@ -0,0 +1,87 @@
+/* crypto/x509v3/x509v3.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#define X509v3_N_KU_digitalSignature    0
+#define X509v3_N_KU_nonRepudiation      1
+#define X509v3_N_KU_keyEncipherment     2
+#define X509v3_N_KU_dataEncipherment    3
+#define X509v3_N_KU_keyAgreement        4
+#define X509v3_N_KU_keyCertSign         5
+#define X509v3_N_KU_cRLSign             6
+#define X509v3_N_KU_encipherOnly        7
+#define X509v3_N_KU_decipherOnly        8
+#define X509v3_N_KU_NUM                 9
+#define X509v3_S_KU_digitalSignature    "digitalSignature"
+#define X509v3_S_KU_nonRepudiation      "nonRepudiation"
+#define X509v3_S_KU_keyEncipherment     "keyEncipherment"
+#define X509v3_S_KU_dataEncipherment    "dataEncipherment"
+#define X509v3_S_KU_keyAgreement        "keyAgreement"
+#define X509v3_S_KU_keyCertSign         "keyCertSign"
+#define X509v3_S_KU_cRLSign             "cRLSign"
+#define X509v3_S_KU_encipherOnly        "encipherOnly"
+#define X509v3_S_KU_decipherOnly        "decipherOnly"
+void X509_ex_clear(X509_EXTENSION *a);
+int X509_ex_get_bool(X509_EXTENSION *a,int num);
+int X509_ex_set_bool(X509_EXTENSION *a,int num,int value);
+int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len);
+int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len);
+char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p);
+int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p);
+int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len);
+int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a);
diff --git a/src/lib/libssl/src/demos/README b/src/lib/libssl/src/demos/README
new file mode 100644
index 0000000000..769965ab83
--- /dev/null
+++ b/src/lib/libssl/src/demos/README
@@ -0,0 +1,3 @@
+Some demo programs sent to me by various people
+eric
diff --git a/src/lib/libssl/src/demos/b64.c b/src/lib/libssl/src/demos/b64.c
new file mode 100644
index 0000000000..42abc42d33
--- /dev/null
+++ b/src/lib/libssl/src/demos/b64.c
@@ -0,0 +1,270 @@
+/* demos/b64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "buffer.h"
+#include "err.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "pem.h"
+#undef SIZE
+#undef BSIZE
+#undef PROG
+#define SIZE    (512)
+#define BSIZE   (8*1024)
+#define PROG    enc_main
+int main(argc,argv)
+int argc;
+char **argv;
+        {
+        char *strbuf=NULL;
+        unsigned char *buff=NULL,*bufsize=NULL;
+        int bsize=BSIZE,verbose=0;
+        int ret=1,inl;
+        unsigned char key[24],iv[MD5_DIGEST_LENGTH];
+        char *str=NULL;
+        char *hkey=NULL,*hiv=NULL;
+        int enc=1,printkey=0,i,base64=0;
+        int debug=0;
+        EVP_CIPHER *cipher=NULL,*c;
+        char *inf=NULL,*outf=NULL;
+        BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+#define PROG_NAME_SIZE  16
+        char pname[PROG_NAME_SIZE];
+        apps_startup();
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+        base64=1;
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-e") == 0)
+                        enc=1;
+                if (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        inf= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outf= *(++argv);
+                        }
+                else if (strcmp(*argv,"-d") == 0)
+                        enc=0;
+                else if (strcmp(*argv,"-v") == 0)
+                        verbose=1;
+                else if (strcmp(*argv,"-debug") == 0)
+                        debug=1;
+                else if (strcmp(*argv,"-bufsize") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        bufsize=(unsigned char *)*(++argv);
+                        }
+                else
+                        {
+                        BIO_printf(bio_err,"unknown option '%s'\n",*argv);
+bad:
+                        BIO_printf(bio_err,"options are\n");
+                        BIO_printf(bio_err,"%-14s input file\n","-in <file>");
+                        BIO_printf(bio_err,"%-14s output file\n","-out <file>");
+                        BIO_printf(bio_err,"%-14s encode\n","-e");
+                        BIO_printf(bio_err,"%-14s decode\n","-d");
+                        BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+                        goto end;
+                        }
+                argc--;
+                argv++;
+                }
+        if (bufsize != NULL)
+                {
+                int i;
+                unsigned long n;
+                for (n=0; *bufsize; bufsize++)
+                        {
+                        i= *bufsize;
+                        if ((i <= '9') && (i >= '0'))
+                                n=n*10+i-'0';
+                        else if (i == 'k')
+                                {
+                                n*=1024;
+                                bufsize++;
+                                break;
+                                }
+                        }
+                if (*bufsize != '\0')
+                        {
+                        BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
+                        goto end;
+                        }
+                /* It must be large enough for a base64 encoded line */
+                if (n < 80) n=80;
+                bsize=(int)n;
+                if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
+                }
+        strbuf=Malloc(SIZE);
+        buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
+        if ((buff == NULL) || (strbuf == NULL))
+                {
+                BIO_printf(bio_err,"Malloc failure\n");
+                goto end;
+                }
+        in=BIO_new(BIO_s_file());
+        out=BIO_new(BIO_s_file());
+        if ((in == NULL) || (out == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (debug)
+                {
+                BIO_set_callback(in,BIO_debug_callback);
+                BIO_set_callback(out,BIO_debug_callback);
+                BIO_set_callback_arg(in,bio_err);
+                BIO_set_callback_arg(out,bio_err);
+                }
+        if (inf == NULL)
+                BIO_set_fp(in,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(in,inf) <= 0)
+                        {
+                        perror(inf);
+                        goto end;
+                        }
+                }
+        if (outf == NULL)
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_write_filename(out,outf) <= 0)
+                        {
+                        perror(outf);
+                        goto end;
+                        }
+                }
+        rbio=in;
+        wbio=out;
+        if (base64)
+                {
+                if ((b64=BIO_new(BIO_f_base64())) == NULL)
+                        goto end;
+                if (debug)
+                        {
+                        BIO_set_callback(b64,BIO_debug_callback);
+                        BIO_set_callback_arg(b64,bio_err);
+                        }
+                if (enc)
+                        wbio=BIO_push(b64,wbio);
+                else
+                        rbio=BIO_push(b64,rbio);
+                }
+        for (;;)
+                {
+                inl=BIO_read(rbio,(char *)buff,bsize);
+                if (inl <= 0) break;
+                if (BIO_write(wbio,(char *)buff,inl) != inl)
+                        {
+                        BIO_printf(bio_err,"error writing output file\n");
+                        goto end;
+                        }
+                }
+        BIO_flush(wbio);
+        ret=0;
+        if (verbose)
+                {
+                BIO_printf(bio_err,"bytes read   :%8ld\n",BIO_number_read(in));
+                BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
+                }
+end:
+        if (strbuf != NULL) Free(strbuf);
+        if (buff != NULL) Free(buff);
+        if (in != NULL) BIO_free(in);
+        if (out != NULL) BIO_free(out);
+        if (benc != NULL) BIO_free(benc);
+        if (b64 != NULL) BIO_free(b64);
+        EXIT(ret);
+        }
diff --git a/src/lib/libssl/src/demos/b64.pl b/src/lib/libssl/src/demos/b64.pl
new file mode 100644
index 0000000000..dc5d983787
--- /dev/null
+++ b/src/lib/libssl/src/demos/b64.pl
@@ -0,0 +1,20 @@
+#!/usr/bin/perl
+#
+# Make PEM encoded data have lines of 64 bytes of data
+#
+while (<>)
+        {
+        if (/^-----BEGIN/ .. /^-----END/)
+                {
+                if (/^-----BEGIN/) { $first=$_; next; }
+                if (/^-----END/) { $last=$_; next; }
+                $out.=$_;
+                }
+        }
+$out =~ s/\s//g;
+$out =~ s/(.{64})/$1\n/g;
+print "$first$out\n$last\n";
diff --git a/src/lib/libssl/src/demos/bio/README b/src/lib/libssl/src/demos/bio/README
new file mode 100644
index 0000000000..0b24e5b80c
--- /dev/null
+++ b/src/lib/libssl/src/demos/bio/README
@@ -0,0 +1,3 @@
+This directory contains some simple examples of the use of BIO's
+to simplify socket programming.
diff --git a/src/lib/libssl/src/demos/bio/saccept.c b/src/lib/libssl/src/demos/bio/saccept.c
new file mode 100644
index 0000000000..920eab397c
--- /dev/null
+++ b/src/lib/libssl/src/demos/bio/saccept.c
@@ -0,0 +1,107 @@
+/* NOCW */
+/* demos/bio/saccept.c */
+/* A minimal program to server an SSL connection.
+ * It uses blocking.
+ * saccept host:port
+ * host is the interface IP to use.  If any interface, use *:port
+ * The default it *:4433
+ *
+ * cc -I../../include saccept.c -L../.. -lssl -lcrypto
+ */
+#include <stdio.h>
+#include <signal.h>
+#include "err.h"
+#include "ssl.h"
+#define CERT_FILE       "server.pem"
+BIO *in=NULL;
+void close_up()
+        {
+        if (in != NULL)
+                BIO_free(in);
+        }
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        char *port=NULL;
+        BIO *ssl_bio,*tmp;
+        SSL_CTX *ctx;
+        SSL *ssl;
+        char buf[512];
+        int ret=1,i;
+        if (argc <= 1)
+                port="*:4433";
+        else
+                port=argv[1];
+        signal(SIGINT,close_up);
+        SSL_load_error_strings();
+        /* Add ciphers and message digests */
+        SSLeay_add_ssl_algorithms();
+        ctx=SSL_CTX_new(SSLv23_server_method());
+        if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
+                goto err;
+        if (!SSL_CTX_use_PrivateKey_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
+                goto err;
+        if (!SSL_CTX_check_private_key(ctx))
+                goto err;
+        /* Setup server side SSL bio */
+        ssl=SSL_new(ctx);
+        ssl_bio=BIO_new_ssl(ctx,0);
+        if ((in=BIO_new_accept(port)) == NULL) goto err;
+        /* This means that when a new connection is acceptede on 'in',
+         * The ssl_bio will be 'dupilcated' and have the new socket
+         * BIO push into it.  Basically it means the SSL BIO will be
+         * automatically setup */
+        BIO_set_accept_bios(in,ssl_bio);
+again:
+        /* The first call will setup the accept socket, and the second
+         * will get a socket.  In this loop, the first actual accept
+         * will occur in the BIO_read() function. */
+        if (BIO_do_accept(in) <= 0) goto err;
+        for (;;)
+                {
+                i=BIO_read(in,buf,512);
+                if (i == 0)
+                        {
+                        /* If we have finished, remove the underlying
+                         * BIO stack so the next time we call any function
+                         * for this BIO, it will attempt to do an
+                         * accept */
+                        printf("Done\n");
+                        tmp=BIO_pop(in);
+                        BIO_free_all(tmp);
+                        goto again;
+                        }
+                if (i < 0) goto err;
+                fwrite(buf,1,i,stdout);
+                fflush(stdout);
+                }
+        ret=0;
+err:
+        if (ret)
+                {
+                ERR_print_errors_fp(stderr);
+                }
+        if (in != NULL) BIO_free(in);
+        exit(ret);
+        return(!ret);
+        }
diff --git a/src/lib/libssl/src/demos/bio/sconnect.c b/src/lib/libssl/src/demos/bio/sconnect.c
new file mode 100644
index 0000000000..8a667f5911
--- /dev/null
+++ b/src/lib/libssl/src/demos/bio/sconnect.c
@@ -0,0 +1,115 @@
+/* NOCW */
+/* demos/bio/sconnect.c */
+/* A minimal program to do SSL to a passed host and port.
+ * It is actually using non-blocking IO but in a very simple manner
+ * sconnect host:port - it does a 'GET / HTTP/1.0'
+ *
+ * cc -I../../include sconnect.c -L../.. -lssl -lcrypto
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "err.h"
+#include "ssl.h"
+extern int errno;
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        char *host;
+        BIO *out;
+        char buf[1024*10],*p;
+        SSL_CTX *ssl_ctx=NULL;
+        SSL *ssl;
+        BIO *ssl_bio;
+        int i,len,off,ret=1;
+        if (argc <= 1)
+                host="localhost:4433";
+        else
+                host=argv[1];
+        /* Lets get nice error messages */
+        SSL_load_error_strings();
+        /* Setup all the global SSL stuff */
+        SSLeay_add_ssl_algorithms();
+        ssl_ctx=SSL_CTX_new(SSLv23_client_method());
+        /* Lets make a SSL structure */
+        ssl=SSL_new(ssl_ctx);
+        SSL_set_connect_state(ssl);
+        /* Use it inside an SSL BIO */
+        ssl_bio=BIO_new(BIO_f_ssl());
+        BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);
+        /* Lets use a connect BIO under the SSL BIO */
+        out=BIO_new(BIO_s_connect());
+        BIO_set_hostname(out,host);
+        BIO_set_nbio(out,1);
+        out=BIO_push(ssl_bio,out);
+        p="GET / HTTP/1.0\r\n\r\n";
+        len=strlen(p);
+        off=0;
+        for (;;)
+                {
+                i=BIO_write(out,&(p[off]),len);
+                if (i <= 0)
+                        {
+                        if (BIO_should_retry(out))
+                                {
+                                fprintf(stderr,"write DELAY\n");
+                                sleep(1);
+                                continue;
+                                }
+                        else
+                                {
+                                goto err;
+                                }
+                        }
+                off+=i;
+                len-=i;
+                if (len <= 0) break;
+                }
+        for (;;)
+                {
+                i=BIO_read(out,buf,sizeof(buf));
+                if (i == 0) break;
+                if (i < 0)
+                        {
+                        if (BIO_should_retry(out))
+                                {
+                                fprintf(stderr,"read DELAY\n");
+                                sleep(1);
+                                continue;
+                                }
+                        goto err;
+                        }
+                fwrite(buf,1,i,stdout);
+                }
+        ret=1;
+        if (0)
+                {
+err:
+                if (ERR_peek_error() == 0) /* system call error */
+                        {
+                        fprintf(stderr,"errno=%d ",errno);
+                        perror("error");
+                        }
+                else
+                        ERR_print_errors_fp(stderr);
+                }
+        BIO_free_all(out);
+        if (ssl_ctx != NULL) SSL_CTX_free(ssl_ctx);
+        exit(!ret);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/demos/bio/server.pem b/src/lib/libssl/src/demos/bio/server.pem
new file mode 100644
index 0000000000..5cf1387d65
--- /dev/null
+++ b/src/lib/libssl/src/demos/bio/server.pem
@@ -0,0 +1,30 @@
+subject=/C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+issuer= /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+-----BEGIN X509 CERTIFICATE-----
+MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
+MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
+BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
+LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
+/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
+DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
+IMs6ZOZB
+-----END X509 CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
+Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
+hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
+sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
+tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
+agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
+g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
+-----END RSA PRIVATE KEY-----
+-----BEGIN DH PARAMETERS-----
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
+-----END DH PARAMETERS-----
diff --git a/src/lib/libssl/src/demos/maurice/Makefile b/src/lib/libssl/src/demos/maurice/Makefile
new file mode 100644
index 0000000000..fa67dcca81
--- /dev/null
+++ b/src/lib/libssl/src/demos/maurice/Makefile
@@ -0,0 +1,23 @@
+CC=cc
+CFLAGS= -g -I../../include
+LIBS= -L/usr/local/ssl/lib -L../.. -lcrypto
+EXAMPLES=example1 example2 example3 example4
+all: $(EXAMPLES) 
+example1: example1.o loadkeys.o 
+        $(CC) -o example1 example1.o loadkeys.o $(LIBS)
+example2: example2.o loadkeys.o
+        $(CC) -o example2 example2.o loadkeys.o $(LIBS)
+example3: example3.o 
+        $(CC) -o example3 example3.o $(LIBS)
+example4: example4.o
+        $(CC) -o example4 example4.o $(LIBS)
+        
+clean:  
+        rm -f $(EXAMPLES) *.o
diff --git a/src/lib/libssl/src/demos/maurice/README b/src/lib/libssl/src/demos/maurice/README
new file mode 100644
index 0000000000..29778d55cb
--- /dev/null
+++ b/src/lib/libssl/src/demos/maurice/README
@@ -0,0 +1,34 @@
+From Maurice Gittens <mgittens@gits.nl>
+--
+        Example programs, demonstrating some basic SSLeay crypto library
+        operations, to help you not to make the same mistakes I did. 
+        The following files are present.
+        - loadkeys.c    Demonstrates the loading and of public and 
+                        private keys.
+        - loadkeys.h    The interface for loadkeys.c
+        - example1.c    Demonstrates the sealing and opening API's
+        - example2.c    Demonstrates rsa encryption and decryption
+        - example3.c    Demonstrates the use of symmetric block ciphers
+        - example4.c    Demonstrates base64 and decoding                
+        - Makefile      A makefile you probably will have to adjust for
+                        your environment
+        - README        this file
+        The programs were written by Maurice Gittens <mgittens@gits.nl>
+        with the necesary help from Eric Young <eay@cryptsoft.com> 
+        
+        You may do as you please with these programs, but please don't
+        pretend that you wrote them. 
+        To be complete: If you use these programs you acknowlegde that
+        you are aware that there is NO warranty of any kind associated
+        with these programs. I don't even claim that the programs work,
+        they are provided AS-IS.
+        January 1997
+        Maurice 
diff --git a/src/lib/libssl/src/demos/maurice/cert.pem b/src/lib/libssl/src/demos/maurice/cert.pem
new file mode 100644
index 0000000000..e31a9ae05f
--- /dev/null
+++ b/src/lib/libssl/src/demos/maurice/cert.pem
@@ -0,0 +1,77 @@
+issuer :/C=NL/SP=Brabant/L=Eindhoven/O=Gittens Information Systems B.V./OU=Certification Services/CN=ca.gits.nl/Email=mgittens@gits.nl
+subject:/C=NL/SP=Brabant/O=Gittens Information Systems B.V./OU=Certification Services/CN=caleb.gits.nl/Email=mgittens@gits.nl
+serial :01
+Certificate:
+    Data:
+        Version: 0 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=NL, SP=Brabant, L=Eindhoven, O=Gittens Information Systems B.V., OU=Certification Services, CN=ca.gits.nl/Email=mgittens@gits.nl
+        Validity
+            Not Before: Jan  5 13:21:16 1997 GMT
+            Not After : Jul 24 13:21:16 1997 GMT
+        Subject: C=NL, SP=Brabant, O=Gittens Information Systems B.V., OU=Certification Services, CN=caleb.gits.nl/Email=mgittens@gits.nl
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:dd:82:a0:fe:a9:8d:6a:02:7e:78:d6:33:75:9b:
+                    82:01:4b:12:80:ea:6b:9b:83:9e:e3:ae:dc:f3:d0:
+                    71:7c:4b:ea:03:57:b4:cc:ba:44:5b:b8:4b:49:d3:
+                    f6:39:cc:3d:12:1f:da:58:26:27:bc:bc:ab:a4:6d:
+                    62:d1:91:5a:47:9f:80:40:c1:b9:fa:e3:1e:ef:52:
+                    78:46:26:43:65:1d:f2:6b:bf:ff:c0:81:66:14:cd:
+                    81:32:91:f1:f8:51:7d:0e:17:1f:27:fc:c7:51:fd:
+                    1c:73:41:e5:66:43:3c:67:a3:09:b9:5e:36:50:50:
+                    b1:e8:42:bd:5c:c6:2b:ec:a9:2c:fe:6a:fe:40:26:
+                    64:9e:b9:bf:2d:1d:fb:d0:48:5b:82:2a:8e:ab:a4:
+                    d5:7b:5f:26:84:8a:9a:69:5e:c1:71:e2:a9:59:4c:
+                    2a:76:f7:fd:f4:cf:3f:d3:ce:30:72:62:65:1c:e9:
+                    e9:ee:d2:fc:44:00:1e:e0:80:57:e9:41:b3:f0:44:
+                    e5:0f:77:3b:1a:1f:57:5e:94:1d:c3:a5:fa:af:41:
+                    8c:4c:30:6b:2b:00:84:52:0c:64:0c:a8:5b:17:16:
+                    d1:1e:f8:ea:72:01:47:9a:b9:21:95:f9:71:ed:7c:
+                    d2:93:54:0c:c5:9c:e8:e5:40:28:c5:a0:ca:b1:a9:
+                    20:f9
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5withRSAEncryption
+        93:08:f9:e0:d4:c5:ca:95:de:4e:38:3b:28:87:e9:d3:b6:ce:
+        4f:69:2e:c9:09:57:2f:fa:e2:50:9f:39:ec:f3:84:e8:3a:8f:
+        9b:c3:06:62:90:49:93:6d:23:7a:2b:3d:7b:f9:46:32:18:d3:
+        87:44:49:f7:29:2f:f3:58:97:70:c3:45:5b:90:52:1c:df:fb:
+        a8:a3:a1:29:53:a3:4c:ed:d2:51:d0:44:98:a4:14:6f:76:9d:
+        0d:03:76:e5:d3:13:21:ce:a3:4d:2a:77:fe:ad:b3:47:6d:42:
+        b9:4a:0e:ff:61:f4:ec:62:b2:3b:00:9c:ac:16:a2:ec:19:c8:
+        c7:3d:d7:7d:97:cd:4d:1a:d2:00:07:4e:40:3d:b9:ba:1e:e2:
+        fe:81:28:57:b9:ad:2b:74:59:b0:9f:8b:a5:98:d3:75:06:67:
+        4a:04:11:b2:ea:1a:8c:e0:d4:be:c8:0c:46:76:7f:5f:5a:7b:
+        72:09:dd:b6:d3:6b:97:70:e8:7e:17:74:1c:f7:3a:5f:e3:fa:
+        c2:f7:95:bd:74:5e:44:4b:9b:bd:27:de:02:7f:87:1f:68:68:
+        60:b9:f4:1d:2b:7b:ce:ef:b1:7f:3a:be:b9:66:60:54:6f:0c:
+        a0:dd:8c:03:a7:f1:9f:f8:0e:8d:bb:c6:ba:77:61:f7:8e:be:
+        28:ba:d8:4f
+-----BEGIN CERTIFICATE-----
+MIIDzzCCArcCAQEwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAk5MMRAwDgYD
+VQQIEwdCcmFiYW50MRIwEAYDVQQHEwlFaW5kaG92ZW4xKTAnBgNVBAoTIEdpdHRl
+bnMgSW5mb3JtYXRpb24gU3lzdGVtcyBCLlYuMR8wHQYDVQQLExZDZXJ0aWZpY2F0
+aW9uIFNlcnZpY2VzMRMwEQYDVQQDEwpjYS5naXRzLm5sMR8wHQYJKoZIhvcNAQkB
+FhBtZ2l0dGVuc0BnaXRzLm5sMB4XDTk3MDEwNTEzMjExNloXDTk3MDcyNDEzMjEx
+NlowgaQxCzAJBgNVBAYTAk5MMRAwDgYDVQQIEwdCcmFiYW50MSkwJwYDVQQKEyBH
+aXR0ZW5zIEluZm9ybWF0aW9uIFN5c3RlbXMgQi5WLjEfMB0GA1UECxMWQ2VydGlm
+aWNhdGlvbiBTZXJ2aWNlczEWMBQGA1UEAxMNY2FsZWIuZ2l0cy5ubDEfMB0GCSqG
+SIb3DQEJARYQbWdpdHRlbnNAZ2l0cy5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAN2CoP6pjWoCfnjWM3WbggFLEoDqa5uDnuOu3PPQcXxL6gNXtMy6
+RFu4S0nT9jnMPRIf2lgmJ7y8q6RtYtGRWkefgEDBufrjHu9SeEYmQ2Ud8mu//8CB
+ZhTNgTKR8fhRfQ4XHyf8x1H9HHNB5WZDPGejCbleNlBQsehCvVzGK+ypLP5q/kAm
+ZJ65vy0d+9BIW4Iqjquk1XtfJoSKmmlewXHiqVlMKnb3/fTPP9POMHJiZRzp6e7S
+/EQAHuCAV+lBs/BE5Q93OxofV16UHcOl+q9BjEwwaysAhFIMZAyoWxcW0R746nIB
+R5q5IZX5ce180pNUDMWc6OVAKMWgyrGpIPkCAwEAATANBgkqhkiG9w0BAQQFAAOC
+AQEAkwj54NTFypXeTjg7KIfp07bOT2kuyQlXL/riUJ857POE6DqPm8MGYpBJk20j
+eis9e/lGMhjTh0RJ9ykv81iXcMNFW5BSHN/7qKOhKVOjTO3SUdBEmKQUb3adDQN2
+5dMTIc6jTSp3/q2zR21CuUoO/2H07GKyOwCcrBai7BnIxz3XfZfNTRrSAAdOQD25
+uh7i/oEoV7mtK3RZsJ+LpZjTdQZnSgQRsuoajODUvsgMRnZ/X1p7cgndttNrl3Do
+fhd0HPc6X+P6wveVvXReREubvSfeAn+HH2hoYLn0HSt7zu+xfzq+uWZgVG8MoN2M
+A6fxn/gOjbvGundh946+KLrYTw==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/demos/maurice/example1.c b/src/lib/libssl/src/demos/maurice/example1.c
new file mode 100644
index 0000000000..77730d3232
--- /dev/null
+++ b/src/lib/libssl/src/demos/maurice/example1.c
@@ -0,0 +1,200 @@
+/* NOCW */
+/*
+        Please read the README file for condition of use, before
+        using this software.
+        
+        Maurice Gittens  <mgittens@gits.nl>   January 1997
+*/
+#include <unistd.h>
+#include <stdio.h>
+#include <netinet/in.h>
+#include <fcntl.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "rsa.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "err.h"
+#include "pem.h"
+#include "ssl.h"
+#include "loadkeys.h"
+#define PUBFILE   "cert.pem"
+#define PRIVFILE  "privkey.pem"
+#define STDIN     0
+#define STDOUT    1 
+void main_encrypt(void);
+void main_decrypt(void);
+static const char *usage = "Usage: example1 [-d]\n";
+int main(int argc, char *argv[])
+{
+        ERR_load_crypto_strings();
+        if ((argc == 1))        
+        {
+                main_encrypt();
+        }       
+        else if ((argc == 2) && !strcmp(argv[1],"-d"))
+        {
+                main_decrypt();
+        }
+        else
+        {
+                printf("%s",usage);
+                exit(1);
+        }
+        return 0;               
+}
+void main_encrypt(void)
+{
+        unsigned int ebuflen;
+        EVP_CIPHER_CTX ectx;
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        unsigned char *ekey[1]; 
+        int readlen;
+        int ekeylen, net_ekeylen; 
+        EVP_PKEY *pubKey[1];
+        char buf[512];
+        char ebuf[512];
+        
+        memset(iv, '\0', sizeof(iv));
+        pubKey[0] = ReadPublicKey(PUBFILE);
+        if(!pubKey)
+        {
+           fprintf(stderr,"Error: can't load public key");
+           exit(1);
+        }      
+        ekey[0] = malloc(EVP_PKEY_size(pubKey[0]));  
+        if (!ekey[0])
+        {
+           EVP_PKEY_free(pubKey[0]); 
+           perror("malloc");
+           exit(1);
+        }
+        EVP_SealInit(&ectx,
+                   EVP_des_ede3_cbc(),
+                   ekey,
+                   &ekeylen,
+                   iv,
+                   pubKey,
+                   1); 
+        net_ekeylen = htonl(ekeylen);   
+        write(STDOUT, (char*)&net_ekeylen, sizeof(net_ekeylen));
+        write(STDOUT, ekey[0], ekeylen);
+        write(STDOUT, iv, sizeof(iv));
+        while(1)
+        {
+                readlen = read(STDIN, buf, sizeof(buf));
+                if (readlen <= 0)
+                {
+                   if (readlen < 0)
+                        perror("read");
+                   break;
+                }
+                EVP_SealUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
+                write(STDOUT, ebuf, ebuflen);
+        }
+        EVP_SealFinal(&ectx, ebuf, &ebuflen);
+        
+        write(STDOUT, ebuf, ebuflen);
+        EVP_PKEY_free(pubKey[0]);
+        free(ekey[0]);
+}
+void main_decrypt(void)
+{
+        char buf[512];
+        char ebuf[512];
+        unsigned int buflen;
+        EVP_CIPHER_CTX ectx;
+        unsigned char iv[8];
+        unsigned char *encryptKey; 
+        unsigned int ekeylen; 
+        EVP_PKEY *privateKey;
+        memset(iv, '\0', sizeof(iv));
+        privateKey = ReadPrivateKey(PRIVFILE);
+        if (!privateKey)
+        {
+                fprintf(stderr, "Error: can't load private key");
+                exit(1);        
+        }
+        read(STDIN, &ekeylen, sizeof(ekeylen));
+        ekeylen = ntohl(ekeylen);
+        if (ekeylen != EVP_PKEY_size(privateKey))
+        {
+                EVP_PKEY_free(privateKey);
+                fprintf(stderr, "keylength mismatch");
+                exit(1);        
+        }
+        encryptKey = malloc(sizeof(char) * ekeylen);
+        if (!encryptKey)
+        {
+                EVP_PKEY_free(privateKey);
+                perror("malloc");
+                exit(1);
+        }
+        read(STDIN, encryptKey, ekeylen);
+        read(STDIN, iv, sizeof(iv));
+        EVP_OpenInit(&ectx,
+                   EVP_des_ede3_cbc(), 
+                   encryptKey,
+                   ekeylen,
+                   iv,
+                   privateKey);         
+        while(1)
+        {
+                int readlen = read(STDIN, ebuf, sizeof(ebuf));
+                if (readlen <= 0)
+                {
+                        if (readlen < 0)
+                                perror("read");
+                        break;
+                }
+                EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);
+                write(STDOUT, buf, buflen);
+        }
+        EVP_OpenFinal(&ectx, buf, &buflen);
+        write(STDOUT, buf, buflen);
+        EVP_PKEY_free(privateKey);
+        free(encryptKey);
+}
diff --git a/src/lib/libssl/src/demos/maurice/example2.c b/src/lib/libssl/src/demos/maurice/example2.c
new file mode 100644
index 0000000000..99f7b22440
--- /dev/null
+++ b/src/lib/libssl/src/demos/maurice/example2.c
@@ -0,0 +1,77 @@
+/* NOCW */
+/*
+        Please read the README file for condition of use, before
+        using this software.
+        Maurice Gittens  <mgittens@gits.nl>   January 1997
+*/
+#include <stdlib.h>
+#include <stdio.h>
+#include <strings.h>
+#include "rsa.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "err.h"
+#include "pem.h"
+#include "ssl.h"
+#include "loadkeys.h"
+#define PUBFILE   "cert.pem"
+#define PRIVFILE  "privkey.pem"
+#define STDIN     0
+#define STDOUT    1 
+int main()
+{
+        char *ct = "This the clear text";
+        char *buf;   
+        char *buf2;
+        EVP_PKEY *pubKey;
+        EVP_PKEY *privKey;
+        int len;
+        FILE *fp;
+        ERR_load_crypto_strings();
+        privKey = ReadPrivateKey(PRIVFILE);
+        if (!privKey) 
+        {  
+                ERR_print_errors_fp (stderr);    
+                exit (1);  
+        }
+        pubKey = ReadPublicKey(PUBFILE);  
+        if(!pubKey)
+        {
+           EVP_PKEY_free(privKey);   
+           fprintf(stderr,"Error: can't load public key");
+           exit(1);
+        }
+        /* No error checking */
+        buf = malloc(EVP_PKEY_size(pubKey));
+        buf2 = malloc(EVP_PKEY_size(pubKey));
+        len = RSA_public_encrypt(strlen(ct)+1, ct, buf, pubKey->pkey.rsa,RSA_PKCS1_PADDING);
+        if (len != EVP_PKEY_size(pubKey))
+        {
+            fprintf(stderr,"Error: ciphertext should match length of key\n");
+            exit(1);
+        }
+        RSA_private_decrypt(len, buf, buf2, privKey->pkey.rsa,RSA_PKCS1_PADDING);
+        printf("%s\n", buf2);
+        EVP_PKEY_free(privKey);
+        EVP_PKEY_free(pubKey);
+        free(buf);
+        free(buf2);
+}
diff --git a/src/lib/libssl/src/demos/maurice/example3.c b/src/lib/libssl/src/demos/maurice/example3.c
new file mode 100644
index 0000000000..fcaff00c37
--- /dev/null
+++ b/src/lib/libssl/src/demos/maurice/example3.c
@@ -0,0 +1,86 @@
+/* NOCW */
+/*
+        Please read the README file for condition of use, before
+        using this software.
+        Maurice Gittens  <mgittens@gits.nl>   January 1997
+*/
+#include <stdio.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <evp.h>
+#define STDIN           0
+#define STDOUT          1
+#define BUFLEN          512 
+#define INIT_VECTOR     "12345678"
+#define ENCRYPT         1
+#define DECRYPT         0
+#define ALG             EVP_des_ede3_cbc()
+static const char *usage = "Usage: example3 [-d] password\n";
+void do_cipher(char *,int);
+int main(int argc, char *argv[])
+{
+        if ((argc == 2))        
+        {
+                do_cipher(argv[1],ENCRYPT);
+        }       
+        else if ((argc == 3) && !strcmp(argv[1],"-d"))
+        {
+                do_cipher(argv[2],DECRYPT);
+        }
+        else
+        {
+                fprintf(stderr,"%s", usage);
+                exit(1);
+        }
+        return 0;               
+}
+void do_cipher(char *pw, int operation)
+{
+        char buf[BUFLEN];
+        char ebuf[BUFLEN + 8];
+        unsigned int ebuflen, rc;
+        unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
+        unsigned int ekeylen, net_ekeylen; 
+        EVP_CIPHER_CTX ectx;
+        
+        memcpy(iv, INIT_VECTOR, sizeof(iv));
+        EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv);
+        EVP_CipherInit(&ectx, ALG, key, iv, operation);
+        while(1)
+        {
+                int readlen = read(STDIN, buf, sizeof(buf));
+        
+                if (readlen <= 0)
+                {
+                        if (!readlen)
+                           break;
+                        else
+                        {
+                                perror("read");
+                                exit(1);
+                        }
+                }
+                EVP_CipherUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
+                write(STDOUT, ebuf, ebuflen);
+        }
+        EVP_CipherFinal(&ectx, ebuf, &ebuflen); 
+        write(STDOUT, ebuf, ebuflen); 
+}
diff --git a/src/lib/libssl/src/demos/maurice/example4.c b/src/lib/libssl/src/demos/maurice/example4.c
new file mode 100644
index 0000000000..d436a20019
--- /dev/null
+++ b/src/lib/libssl/src/demos/maurice/example4.c
@@ -0,0 +1,122 @@
+/* NOCW */
+/*
+        Please read the README file for condition of use, before
+        using this software.
+        Maurice Gittens  <mgittens@gits.nl>   January 1997
+*/
+#include <stdio.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <evp.h>
+#define STDIN           0
+#define STDOUT          1
+#define BUFLEN          512 
+static const char *usage = "Usage: example4 [-d]\n";
+void do_encode(void);
+void do_decode(void);
+int main(int argc, char *argv[])
+{
+        if ((argc == 1))        
+        {
+                do_encode();
+        }       
+        else if ((argc == 2) && !strcmp(argv[1],"-d"))
+        {
+                do_decode();
+        }
+        else
+        {
+                fprintf(stderr,"%s", usage);
+                exit(1);
+        }
+        return 0;               
+}
+void do_encode()
+{
+        char buf[BUFLEN];
+        char ebuf[BUFLEN+24];
+        unsigned int ebuflen, rc;
+        EVP_ENCODE_CTX ectx;
+        
+        EVP_EncodeInit(&ectx);
+        while(1)
+        {
+                int readlen = read(STDIN, buf, sizeof(buf));
+        
+                if (readlen <= 0)
+                {
+                        if (!readlen)
+                           break;
+                        else
+                        {
+                                perror("read");
+                                exit(1);
+                        }
+                }
+                EVP_EncodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
+                write(STDOUT, ebuf, ebuflen);
+        }
+        EVP_EncodeFinal(&ectx, ebuf, &ebuflen); 
+        write(STDOUT, ebuf, ebuflen);
+}
+void do_decode()
+{
+        char buf[BUFLEN];
+        char ebuf[BUFLEN+24];
+        unsigned int ebuflen, rc;
+        EVP_ENCODE_CTX ectx;
+        
+        EVP_DecodeInit(&ectx);
+        while(1)
+        {
+                int readlen = read(STDIN, buf, sizeof(buf));
+                int rc; 
+        
+                if (readlen <= 0)
+                {
+                        if (!readlen)
+                           break;
+                        else
+                        {
+                                perror("read");
+                                exit(1);
+                        }
+                }
+                rc = EVP_DecodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
+                if (rc <= 0)
+                {
+                        if (!rc)
+                        {
+                                write(STDOUT, ebuf, ebuflen);
+                                break;
+                        }
+                        fprintf(stderr, "Error: decoding message\n");
+                        return;
+                }
+                write(STDOUT, ebuf, ebuflen);
+        }
+        EVP_DecodeFinal(&ectx, ebuf, &ebuflen); 
+        write(STDOUT, ebuf, ebuflen); 
+}
diff --git a/src/lib/libssl/src/demos/maurice/loadkeys.c b/src/lib/libssl/src/demos/maurice/loadkeys.c
new file mode 100644
index 0000000000..7c89f071f3
--- /dev/null
+++ b/src/lib/libssl/src/demos/maurice/loadkeys.c
@@ -0,0 +1,77 @@
+/* NOCW */
+/*
+        Please read the README file for condition of use, before
+        using this software.
+        Maurice Gittens  <mgittens@gits.nl>   January 1997
+*/
+#include <unistd.h>
+#include <stdio.h>
+#include <netinet/in.h>
+#include <fcntl.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "rsa.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "err.h"
+#include "pem.h"
+#include "ssl.h"
+EVP_PKEY * ReadPublicKey(const char *certfile)
+{
+  FILE *fp = fopen (certfile, "r");   
+  X509 *x509;
+  EVP_PKEY *pkey;
+  if (!fp) 
+     return NULL; 
+  x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
+                                   PEM_STRING_X509,
+                                   fp, NULL, NULL);
+  if (x509 == NULL) 
+  {  
+     ERR_print_errors_fp (stderr);
+     return NULL;   
+  }
+  fclose (fp);
+  
+  pkey=X509_extract_key(x509);
+  X509_free(x509);
+  if (pkey == NULL) 
+     ERR_print_errors_fp (stderr);
+  return pkey; 
+}
+EVP_PKEY *ReadPrivateKey(const char *keyfile)
+{
+        FILE *fp = fopen(keyfile, "r");
+        EVP_PKEY *pkey;
+        if (!fp)
+                return NULL;
+        pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
+                              PEM_STRING_EVP_PKEY,
+                              fp,
+                              NULL, NULL);
+        fclose (fp);
+        if (pkey == NULL) 
+                ERR_print_errors_fp (stderr);   
+        return pkey;
+}
diff --git a/src/lib/libssl/src/demos/maurice/loadkeys.h b/src/lib/libssl/src/demos/maurice/loadkeys.h
new file mode 100644
index 0000000000..e42c6f8dc4
--- /dev/null
+++ b/src/lib/libssl/src/demos/maurice/loadkeys.h
@@ -0,0 +1,19 @@
+/* NOCW */
+/*
+        Please read the README file for condition of use, before
+        using this software.
+        Maurice Gittens  <mgittens@gits.nl>   January 1997
+*/
+#ifndef LOADKEYS_H_SEEN
+#define LOADKEYS_H_SEEN
+#include "evp.h"
+EVP_PKEY * ReadPublicKey(const char *certfile);
+EVP_PKEY *ReadPrivateKey(const char *keyfile);
+#endif
diff --git a/src/lib/libssl/src/demos/maurice/privkey.pem b/src/lib/libssl/src/demos/maurice/privkey.pem
new file mode 100644
index 0000000000..fc3554e930
--- /dev/null
+++ b/src/lib/libssl/src/demos/maurice/privkey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA3YKg/qmNagJ+eNYzdZuCAUsSgOprm4Oe467c89BxfEvqA1e0
+zLpEW7hLSdP2Ocw9Eh/aWCYnvLyrpG1i0ZFaR5+AQMG5+uMe71J4RiZDZR3ya7//
+wIFmFM2BMpHx+FF9DhcfJ/zHUf0cc0HlZkM8Z6MJuV42UFCx6EK9XMYr7Kks/mr+
+QCZknrm/LR370EhbgiqOq6TVe18mhIqaaV7BceKpWUwqdvf99M8/084wcmJlHOnp
+7tL8RAAe4IBX6UGz8ETlD3c7Gh9XXpQdw6X6r0GMTDBrKwCEUgxkDKhbFxbRHvjq
+cgFHmrkhlflx7XzSk1QMxZzo5UAoxaDKsakg+QIDAQABAoIBAQC0hnh083PnuJ6g
+Flob+B+stCUhYWtPc6ZzgphaMD+9ABV4oescipWZdooNYiyikBwZgFIvUvFBtTXh
+rLBDgUVlZ81beUb7/EvC2aBh818rsotWW0Sw/ARY4d7wetcL/EWBzUA8E5vR6wlb
+uZGelR9OiyYqp2h2bj1/v5yaVnuHxBeBj5clTHtPMXc+/70iUNBDMZ0ruZTdSwll
+e0DH8pp/5USYewlrKtRIJT7elC8LFMqEz4OpNvfaR2OEY0FatYYmSvQPNwV8/Eor
+XlNzRi9qD0uXbVexaAgQZ3/KZuAzUbOgwJZZXEAOGkZ/J1n08jljPXdU0o7bHhNl
+7siHbuEBAoGBAP53IvvJkhnH8Akf6E6sXelZkPKHnwDwfywDAiIhXza9DB1DViRS
+bZUB5gzcxmLGalex5+LcwZmsqFO5NXZ8SQeE9p0YT8yJsX4J1w9JzSvsWJBS2vyW
+Kbt21oG6JAGrWSGMIfxKpuahtWLf4JpGjftti0qIVQ60GKEPc1/xE2PZAoGBAN7Y
+nRPaUaqcIwbnH9kovOKwZ/PWREy1ecr3YXj65VYTnwSJHD0+CJa/DX8eB/G4AoNA
+Y2LPbq0Xu3+7SaUsO45VkaZuJmNwheUQ4tmyd/YdnVZ0AHXx1tvpR7QeO0WjnlNK
+mR+x00fetrff2Ypahs0wtU0Xf3F8ORgVB8jnxBIhAoGAcwf0PpI+g30Im3dbEsWE
+poogpiJ81HXjZ0fs3PTtD9eh9FCOTlkcxHFZR5M980TyqbX4t2tH8WpFpaNh8a/5
+a3bF7PoiiLnuDKXyHC0mnKZ42rU53VkcgGwWSAqXYFHPNwUcD+rHTBbp4kqGQ/eF
+E5XPk9/RY5YyVAyiAUr/kvECgYBvW1Ua75SxqbZDI8mhbZ79tGMt0NtubZz/1KCL
+oOxrGAD1dkJ7Q/1svunSpMIZgvcWeV1wqfFHY72ZNZC2jiTwmkffH9nlBPyTm92Q
+JYOWo/PUmMEGLyRL3gWrtxOtV/as7nEYCndmyZ8KwTxmy5fi/z0J2f0gS5AIPbIX
+LeGnoQKBgQDapjz9K4HWR5AMxyga4eiLIrmADySP846uz3eZIvTJQZ+6TAamvnno
+KbnU21cGq5HBBtxqQvGswLPGW9rZAgykHHJmYBUp0xv4+I4qHfXyD7QNmvq+Vxjj
+V2tgIafEpaf2ZsfM7BZeZz8MzeGcDwyrHtIO1FQiYN5Qz9Hq68XmVA==
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/prime/prime.c b/src/lib/libssl/src/demos/prime/prime.c
new file mode 100644
index 0000000000..e4a17765bb
--- /dev/null
+++ b/src/lib/libssl/src/demos/prime/prime.c
@@ -0,0 +1,100 @@
+/* demos/prime/prime.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bn.h"    
+void callback(type,num)
+int type,num;
+        {
+        if (type == 0)
+                fprintf(stderr,".");
+        else if (type == 1)
+                fprintf(stderr,"+");
+        else if (type == 2)
+                fprintf(stderr,"*");
+        fflush(stderr);
+        }
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        BIGNUM *rand;
+        int num=256;
+        /* we should really call RAND_seed(char *bytes,int num);
+         * to fully initalise the random number generator */
+        if (argc >= 2)
+                {
+                num=atoi(argv[1]);
+                if (num == 0) num=256;
+                }
+        fprintf(stderr,"generate a strong prime\n");
+        rand=BN_generate_prime(num,1,NULL,NULL,callback);
+        /* change the second parameter to 1 for a strong prime */
+        fprintf(stderr,"\n");
+        BN_print_fp(stdout,rand);           
+        fprintf(stdout,"\n");
+        BN_free(rand); 
+        exit(0);
+        return(0);
+        }
diff --git a/src/lib/libssl/src/demos/privkey.pem b/src/lib/libssl/src/demos/privkey.pem
new file mode 100644
index 0000000000..ddae24075d
--- /dev/null
+++ b/src/lib/libssl/src/demos/privkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAN+FmbxmHVOp/RxtpMGz0DvQEBz1sDktHp19hIoMSu0YZift5MAu
+4xAEJYvWVCshDiyOTWsUBXwZkrkt87FyctkCAwEAAQJAG/vxBGpQb6IPo1iC0RF/
+F430BnwoBPCGLbeCOXpSgx5X+19vuTSdEqMgeNB6+aNb+XY/7mvVfCjyD6WZ0oxs
+JQIhAPO+uL9cP40lFs62pdL3QSWsh3VNDByvOtr9LpeaxBm/AiEA6sKVfXsDQ5hd
+SHt9U61r2r8Lcxmzi9Kw6JNqjMmzqWcCIQCKoRy+aZ8Tjdas9yDVHh+FZ90bEBkl
+b1xQFNOdEj8aTQIhAOJWrO6INYNsWTPS6+hLYZtLamyUsQj0H+B8kNQge/mtAiEA
+nBfvUl243qbqN8gF7Az1u33uc9FsPVvQPiBzLxZ4ixw=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/selfsign.c b/src/lib/libssl/src/demos/selfsign.c
new file mode 100644
index 0000000000..72146fc068
--- /dev/null
+++ b/src/lib/libssl/src/demos/selfsign.c
@@ -0,0 +1,168 @@
+/* NOCW */
+/* cc -o ssdemo -I../include selfsign.c ../libcrypto.a */
+#include <stdio.h>
+#include <stdlib.h>
+#include "buffer.h"
+#include "crypto.h"
+#include "objects.h"
+#include "asn1.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
+int main()
+        {
+        BIO *bio_err;
+        X509 *x509=NULL;
+        EVP_PKEY *pkey=NULL;
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        X509v3_add_netscape_extensions();
+        if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+        mkit(&x509,&pkey,512,0,365);
+        RSA_print_fp(stdout,pkey->pkey.rsa,0);
+        X509_print_fp(stdout,x509);
+        PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL);
+        PEM_write_X509(stdout,x509);
+        X509_free(x509);
+        EVP_PKEY_free(pkey);
+        BIO_free(bio_err);
+        X509_cleanup_extensions();
+        CRYPTO_mem_leaks(bio_err);
+        return(0);
+        }
+#ifdef WIN16
+#  define MS_CALLBACK   _far _loadds
+#  define MS_FAR        _far
+#else
+#  define MS_CALLBACK
+#  define MS_FAR
+#endif
+static void MS_CALLBACK callback(p, n)
+int p;
+int n;
+        {
+        char c='B';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        fputc(c,stderr);
+        }
+int mkit(x509p,pkeyp,bits,serial,days)
+X509 **x509p;
+EVP_PKEY **pkeyp;
+int bits;
+int serial;
+int days;
+        {
+        X509 *x;
+        EVP_PKEY *pk;
+        RSA *rsa;
+        char *s;
+        X509_NAME *name=NULL;
+        X509_NAME_ENTRY *ne=NULL;
+        X509_EXTENSION *ex=NULL;
+        ASN1_OCTET_STRING *data=NULL;
+        
+        if ((pkeyp == NULL) || (*pkeyp == NULL))
+                {
+                if ((pk=EVP_PKEY_new()) == NULL)
+                        {
+                        abort(); 
+                        return(0);
+                        }
+                }
+        else
+                pk= *pkeyp;
+        if ((x509p == NULL) || (*x509p == NULL))
+                {
+                if ((x=X509_new()) == NULL)
+                        goto err;
+                }
+        else
+                x= *x509p;
+        rsa=RSA_generate_key(bits,RSA_F4,callback);
+        if (!EVP_PKEY_assign_RSA(pk,rsa))
+                {
+                abort();
+                goto err;
+                }
+        rsa=NULL;
+        X509_set_version(x,3);
+        ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
+        X509_gmtime_adj(X509_get_notBefore(x),0);
+        X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+        X509_set_pubkey(x,pk);
+        name=X509_NAME_new();
+        ne=X509_NAME_ENTRY_create_by_NID(NULL,NID_countryName,
+                V_ASN1_APP_CHOOSE,"AU",-1);
+        X509_NAME_add_entry(name,ne,0,0);
+        X509_NAME_ENTRY_create_by_NID(&ne,NID_commonName,
+                V_ASN1_APP_CHOOSE,"Eric Young",-1);
+        X509_NAME_add_entry(name,ne,1,0);
+        /* finished with structure */
+        X509_NAME_ENTRY_free(ne);
+        X509_set_subject_name(x,name);
+        X509_set_issuer_name(x,name);
+        /* finished with structure */
+        X509_NAME_free(name);
+        data=X509v3_pack_string(NULL,V_ASN1_BIT_STRING,
+                "\001",1);
+        ex=X509_EXTENSION_create_by_NID(NULL,NID_netscape_cert_type,0,data);
+        X509_add_ext(x,ex,-1);
+        X509v3_pack_string(&data,V_ASN1_IA5STRING,
+                "example comment extension",-1);
+        X509_EXTENSION_create_by_NID(&ex,NID_netscape_comment,0,data);
+        X509_add_ext(x,ex,-1);
+        X509v3_pack_string(&data,V_ASN1_BIT_STRING,
+                "www.cryptsoft.com",-1);
+        X509_EXTENSION_create_by_NID(&ex,NID_netscape_ssl_server_name,0,data);
+        X509_add_ext(x,ex,-1);
+        
+        X509_EXTENSION_free(ex);
+        ASN1_OCTET_STRING_free(data);
+        if (!X509_sign(x,pk,EVP_md5()))
+                goto err;
+        *x509p=x;
+        *pkeyp=pk;
+        return(1);
+err:
+        return(0);
+        }
+                         
diff --git a/src/lib/libssl/src/demos/sign/cert.pem b/src/lib/libssl/src/demos/sign/cert.pem
new file mode 100644
index 0000000000..9d7ac238d8
--- /dev/null
+++ b/src/lib/libssl/src/demos/sign/cert.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
+bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
+dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
+DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
+EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
+dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
+EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
+L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
+BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
+9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/demos/sign/key.pem b/src/lib/libssl/src/demos/sign/key.pem
new file mode 100644
index 0000000000..239ad66f99
--- /dev/null
+++ b/src/lib/libssl/src/demos/sign/key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
+2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
+oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
+8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
+a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
+WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
+6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/sign/sig.txt b/src/lib/libssl/src/demos/sign/sig.txt
new file mode 100644
index 0000000000..5613c0ee77
--- /dev/null
+++ b/src/lib/libssl/src/demos/sign/sig.txt
@@ -0,0 +1,158 @@
+From ssl-lists-owner@mincom.com Mon Sep 30 02:37:40 1996
+Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11782
+  (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 11:46:21 +1000
+Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id LAA18980 for ssl-users-outgoing; Mon, 30 Sep 1996 11:44:56 +1000 (EST)
+Received: from minbne.mincom.oz.au (minbne.mincom.oz.au [192.55.196.247]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id LAA18962 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 11:44:51 +1000 (EST)
+Received: by minbne.mincom.oz.au id AA22230
+  (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 11:38:41 +1000
+Received: from brutus.neuronio.pt (brutus.neuronio.pt [193.126.253.2]) by bunyip.cc.uq.oz.au (8.7.6/8.7.3) with SMTP id LAA15824 for <ssl-users@mincom.com>; Mon, 30 Sep 1996 11:40:07 +1000
+Received: (from sampo@localhost) by brutus.neuronio.pt (8.6.11/8.6.11) id BAA08729; Mon, 30 Sep 1996 01:37:40 +0100
+Date: Mon, 30 Sep 1996 01:37:40 +0100
+Message-Id: <199609300037.BAA08729@brutus.neuronio.pt>
+From: Sampo Kellomaki <sampo@neuronio.pt>
+To: ssl-users@mincom.com
+Cc: sampo@brutus.neuronio.pt
+Subject: Signing with envelope routines
+Sender: ssl-lists-owner@mincom.com
+Precedence: bulk
+Status: RO
+X-Status: D
+I have been trying to figure out how to produce signatures with EVP_
+routines. I seem to be able to read in private key and sign some
+data ok, but I can't figure out how I am supposed to read in
+public key so that I could verify my signature. I use self signed
+certificate.
+I figured I should use
+        EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
+                                       fp, NULL, NULL);
+to read in private key and this seems to work Ok.
+However when I try analogous
+        EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
+                                       fp, NULL, NULL);
+the program fails with
+error:0D09508D:asn1 encoding routines:D2I_PUBLICKEY:unknown public key type:d2i_pu.c:93
+error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:232
+I figured that the second argument to PEM_ASN1_read should match the
+name in my PEM encoded object, hence PEM_STRING_X509.
+PEM_STRING_EVP_PKEY seems to be somehow magical
+because it matches whatever private key there happens to be. I could
+not find a similar constant to use with getting the certificate, however.
+Is my approach of using PEM_ASN1_read correct? What should I pass in
+as name?  Can I use normal (or even self signed) X509 certificate for
+verifying the signature?
+When will SSLeay documentation be written ;-)? If I would contribute
+comments to the code, would Eric take time to review them and include
+them in distribution?
+I'm using SSLeay-0.6.4. My program is included below along with the
+key and cert that I use.
+--Sampo
+-----------------------------------
+/* sign-it.cpp  -  Simple test app using SSLeay envelopes to sign data
+   29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
+#include <stdio.h>
+#include "rsa.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "err.h"
+#include "pem.h"
+#include "ssl.h"
+void main ()
+{
+  int err;
+  int sig_len;
+  unsigned char sig_buf [4096];
+  const char certfile[] = "plain-cert.pem";
+  const char keyfile[]  = "plain-key.pem";
+  const char data[]     = "I owe you...";
+  EVP_MD_CTX     md_ctx;
+  EVP_PKEY*      pkey;
+  FILE*          fp;
+  SSL_load_error_strings();
+  
+  /* Read private key */
+  
+  fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);
+  pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
+                                   PEM_STRING_EVP_PKEY,
+                                   fp,
+                                   NULL, NULL);
+  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fclose (fp);
+  
+  /* Do the signature */
+  
+  EVP_SignInit   (&md_ctx, EVP_md5());
+  EVP_SignUpdate (&md_ctx, data, strlen(data));
+  sig_len = sizeof(sig_buf);
+  err = EVP_SignFinal (&md_ctx,
+                       sig_buf, 
+                       &sig_len,
+                       pkey);
+  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  EVP_PKEY_free (pkey);
+  
+  /* Read public key */
+  
+  fp = fopen (certfile, "r");   if (fp == NULL) exit (1);
+  pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PublicKey,
+                                   PEM_STRING_X509,
+                                   fp,
+                                   NULL, NULL);
+  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fclose (fp);
+  
+  /* Verify the signature */
+  
+  EVP_VerifyInit   (&md_ctx, EVP_md5());
+  EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
+  err = EVP_VerifyFinal (&md_ctx,
+                         sig_buf,
+                         sig_len,
+                         pkey);
+  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  EVP_PKEY_free (pkey);
+  printf ("Signature Verified Ok.\n");
+}
+/* EOF */
+--------------- plain-cert.pem -----------------
+-----BEGIN CERTIFICATE-----
+MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
+bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
+dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
+DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
+EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
+dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
+EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
+L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
+BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
+9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
+-----END CERTIFICATE-----
+---------------- plain-key.pem -----------------
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
+2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
+oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
+8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
+a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
+WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
+6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
+-----END RSA PRIVATE KEY-----
+------------------------------------------------
diff --git a/src/lib/libssl/src/demos/sign/sign.c b/src/lib/libssl/src/demos/sign/sign.c
new file mode 100644
index 0000000000..5cbce3cdc5
--- /dev/null
+++ b/src/lib/libssl/src/demos/sign/sign.c
@@ -0,0 +1,137 @@
+/* demos/sign/sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* sign-it.cpp  -  Simple test app using SSLeay envelopes to sign data
+   29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
+/* converted to C - eay :-) */
+#include <stdio.h>
+#include "rsa.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "err.h"
+#include "pem.h"
+#include "ssl.h"
+void main ()
+{
+  int err;
+  int sig_len;
+  unsigned char sig_buf [4096];
+  static char certfile[] = "cert.pem";
+  static char keyfile[]  = "key.pem";
+  static char data[]     = "I owe you...";
+  EVP_MD_CTX     md_ctx;
+  EVP_PKEY *      pkey;
+  FILE *          fp;
+  X509 *        x509;
+  /* Just load the crypto library error strings,
+   * SSL_load_error_strings() loads the crypto AND the SSL ones */
+  /* SSL_load_error_strings();*/
+  ERR_load_crypto_strings();
+  
+  /* Read private key */
+  
+  fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);
+  pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
+                                   PEM_STRING_EVP_PKEY,
+                                   fp,
+                                   NULL, NULL);
+  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fclose (fp);
+  
+  /* Do the signature */
+  
+  EVP_SignInit   (&md_ctx, EVP_md5());
+  EVP_SignUpdate (&md_ctx, data, strlen(data));
+  sig_len = sizeof(sig_buf);
+  err = EVP_SignFinal (&md_ctx,
+                       sig_buf, 
+                       &sig_len,
+                       pkey);
+  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  EVP_PKEY_free (pkey);
+  
+  /* Read public key */
+  
+  fp = fopen (certfile, "r");   if (fp == NULL) exit (1);
+  x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
+                                   PEM_STRING_X509,
+                                   fp, NULL, NULL);
+  if (x509 == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fclose (fp);
+  
+  /* Get public key - eay */
+  pkey=X509_extract_key(x509);
+  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  /* Verify the signature */
+  
+  EVP_VerifyInit   (&md_ctx, EVP_md5());
+  EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
+  err = EVP_VerifyFinal (&md_ctx,
+                         sig_buf,
+                         sig_len,
+                         pkey);
+  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  EVP_PKEY_free (pkey);
+  printf ("Signature Verified Ok.\n");
+}
diff --git a/src/lib/libssl/src/demos/sign/sign.txt b/src/lib/libssl/src/demos/sign/sign.txt
new file mode 100644
index 0000000000..2aa2b46cc3
--- /dev/null
+++ b/src/lib/libssl/src/demos/sign/sign.txt
@@ -0,0 +1,170 @@
+From ssl-lists-owner@mincom.com Mon Sep 30 22:43:15 1996
+Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA12802
+  (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 12:45:43 +1000
+Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id MAA25922 for ssl-users-outgoing; Mon, 30 Sep 1996 12:43:43 +1000 (EST)
+Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id MAA25900 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 12:43:39 +1000 (EST)
+Received: by orb.mincom.oz.au id AA12688
+  (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 12:43:16 +1000
+Date: Mon, 30 Sep 1996 12:43:15 +1000 (EST)
+From: Eric Young <eay@mincom.com>
+X-Sender: eay@orb
+To: Sampo Kellomaki <sampo@neuronio.pt>
+Cc: ssl-users@mincom.com, sampo@brutus.neuronio.pt
+Subject: Re: Signing with envelope routines
+In-Reply-To: <199609300037.BAA08729@brutus.neuronio.pt>
+Message-Id: <Pine.SOL.3.91.960930121504.11800Y-100000@orb>
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Sender: ssl-lists-owner@mincom.com
+Precedence: bulk
+Status: O
+X-Status: 
+On Mon, 30 Sep 1996, Sampo Kellomaki wrote:
+> I have been trying to figure out how to produce signatures with EVP_
+> routines. I seem to be able to read in private key and sign some
+> data ok, but I can't figure out how I am supposed to read in
+> public key so that I could verify my signature. I use self signed
+> certificate.
+hmm... a rather poorly documented are of the library at this point in time.
+> I figured I should use
+>       EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
+>                                      fp, NULL, NULL);
+> to read in private key and this seems to work Ok.
+> 
+> However when I try analogous
+>       EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
+>                                      fp, NULL, NULL);
+What you should do is 
+        X509 *x509=PEM_read_X509(fp,NULL,NULL);
+        /* which is the same as PEM_ASN1_read(d2i_X509,PEM_STRING_X509,fp,
+         * NULL,NULL); */
+Then
+        EVP_PKEY *pkey=X509_extract_key(x509);
+There is also a X509_REQ_extract_key(req);
+which gets the public key from a certificate request.
+I re-worked quite a bit of this when I cleaned up the dependancy on
+RSA as the private key.
+> I figured that the second argument to PEM_ASN1_read should match the
+> name in my PEM encoded object, hence PEM_STRING_X509.
+> PEM_STRING_EVP_PKEY seems to be somehow magical
+> because it matches whatever private key there happens to be. I could
+> not find a similar constant to use with getting the certificate, however.
+:-), PEM_STRING_EVP_PKEY is 'magical' :-).  In theory I should be using a
+standard such as PKCS#8 to store the private key so that the type is 
+encoded in the asn.1 encoding of the object.
+> Is my approach of using PEM_ASN1_read correct? What should I pass in
+> as name?  Can I use normal (or even self signed) X509 certificate for
+> verifying the signature?
+The actual public key is kept in the certificate, so basically you have 
+to load the certificate and then 'unpack' the public key from the 
+certificate.
+> When will SSLeay documentation be written ;-)? If I would contribute
+> comments to the code, would Eric take time to review them and include
+> them in distribution?
+:-) After SSLv3 and PKCS#7 :-).  I actually started doing a function list 
+but what I really need to do is do quite a few 'this is how you do xyz' 
+type documents.  I suppose the current method is to post to ssl-users and 
+I'll respond :-).
+I'll add a 'demo' directory for the next release, I've appended a 
+modified version of your program that works, you were very close :-).
+eric
+/* sign-it.cpp  -  Simple test app using SSLeay envelopes to sign data
+   29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
+/* converted to C - eay :-) */
+#include <stdio.h>
+#include "rsa.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "err.h"
+#include "pem.h"
+#include "ssl.h"
+void main ()
+{
+  int err;
+  int sig_len;
+  unsigned char sig_buf [4096];
+  static char certfile[] = "plain-cert.pem";
+  static char keyfile[]  = "plain-key.pem";
+  static char data[]     = "I owe you...";
+  EVP_MD_CTX     md_ctx;
+  EVP_PKEY *      pkey;
+  FILE *          fp;
+  X509 *        x509;
+  /* Just load the crypto library error strings,
+   * SSL_load_error_strings() loads the crypto AND the SSL ones */
+  /* SSL_load_error_strings();*/
+  ERR_load_crypto_strings();
+  
+  /* Read private key */
+  
+  fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);
+  pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
+                                   PEM_STRING_EVP_PKEY,
+                                   fp,
+                                   NULL, NULL);
+  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fclose (fp);
+  
+  /* Do the signature */
+  
+  EVP_SignInit   (&md_ctx, EVP_md5());
+  EVP_SignUpdate (&md_ctx, data, strlen(data));
+  sig_len = sizeof(sig_buf);
+  err = EVP_SignFinal (&md_ctx,
+                       sig_buf, 
+                       &sig_len,
+                       pkey);
+  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  EVP_PKEY_free (pkey);
+  
+  /* Read public key */
+  
+  fp = fopen (certfile, "r");   if (fp == NULL) exit (1);
+  x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
+                                   PEM_STRING_X509,
+                                   fp, NULL, NULL);
+  if (x509 == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fclose (fp);
+  
+  /* Get public key - eay */
+  pkey=X509_extract_key(x509);
+  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  /* Verify the signature */
+  
+  EVP_VerifyInit   (&md_ctx, EVP_md5());
+  EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
+  err = EVP_VerifyFinal (&md_ctx,
+                         sig_buf,
+                         sig_len,
+                         pkey);
+  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  EVP_PKEY_free (pkey);
+  printf ("Signature Verified Ok.\n");
+}
diff --git a/src/lib/libssl/src/demos/spkigen.c b/src/lib/libssl/src/demos/spkigen.c
new file mode 100644
index 0000000000..01fe6254f2
--- /dev/null
+++ b/src/lib/libssl/src/demos/spkigen.c
@@ -0,0 +1,160 @@
+/* NOCW */
+/* demos/spkigen.c
+ * 18-Mar-1997 - eay - A quick hack :-) 
+ *              version 1.1, it would probably help to save or load the
+ *              private key :-)
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "err.h"
+#include "asn1.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+/* The following two don't exist in SSLeay but they are in here as
+ * examples */
+#define PEM_write_SPKI(fp,x) \
+        PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\
+                        (char *)x,NULL,NULL,0,NULL)
+int SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
+/* These are defined in the next version of SSLeay */
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type,char *key);
+#define RSA_F4  0x10001
+#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
+                                        (char *)(rsa))
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        RSA *rsa=NULL;
+        NETSCAPE_SPKI *spki=NULL;
+        EVP_PKEY *pkey=NULL;
+        char buf[128];
+        int ok=0,i;
+        FILE *fp;
+        pkey=EVP_PKEY_new();
+         
+        if (argc < 2)
+                {
+                /* Generate an RSA key, the random state should have been seeded
+                 * with lots of calls to RAND_seed(....) */
+                fprintf(stderr,"generating RSA key, could take some time...\n");
+                if ((rsa=RSA_generate_key(512,RSA_F4,NULL)) == NULL) goto err;
+                }
+        else
+                {
+                if ((fp=fopen(argv[1],"r")) == NULL)
+                        { perror(argv[1]); goto err; }
+                if ((rsa=PEM_read_RSAPrivateKey(fp,NULL,NULL)) == NULL)
+                        goto err;
+                fclose(fp);
+                }
+        
+        if (!EVP_PKEY_assign_RSA(pkey,rsa)) goto err;
+        rsa=NULL;
+        /* lets make the spki and set the public key and challenge */
+        if ((spki=NETSCAPE_SPKI_new()) == NULL) goto err;
+        if (!SPKI_set_pubkey(spki,pkey)) goto err;
+        fprintf(stderr,"please enter challenge string:");
+        fflush(stderr);
+        fgets(buf,120,stdin);
+        i=strlen(buf);
+        if (i > 0) buf[--i]='\0';
+        if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge,
+                buf,i)) goto err;
+        if (!NETSCAPE_SPKI_sign(spki,pkey,EVP_md5())) goto err;
+        PEM_write_SPKI(stdout,spki);
+        if (argc < 2)
+                PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL);
+        ok=1;
+err:
+        if (!ok)
+                {
+                fprintf(stderr,"something bad happened....");
+                ERR_print_errors_fp(stderr);
+                }
+        NETSCAPE_SPKI_free(spki);
+        EVP_PKEY_free(pkey);
+        exit(!ok);
+        }
+/* This function is in the next version of SSLeay */
+int EVP_PKEY_assign(pkey,type,key)
+EVP_PKEY *pkey;
+int type;
+char *key;
+        {
+        if (pkey == NULL) return(0);
+        if (pkey->pkey.ptr != NULL)
+                {
+                if (pkey->type == EVP_PKEY_RSA)
+                        RSA_free(pkey->pkey.rsa);
+                /* else memory leak */
+                }
+        pkey->type=type;
+        pkey->pkey.ptr=key;
+        return(1);
+        }
+/* While I have a 
+ * X509_set_pubkey() and X509_REQ_set_pubkey(), SPKI_set_pubkey() does
+ * not currently exist so here is a version of it.
+ * The next SSLeay release will probably have
+ * X509_set_pubkey(),
+ * X509_REQ_set_pubkey() and
+ * NETSCAPE_SPKI_set_pubkey()
+ * as macros calling the same function */
+int SPKI_set_pubkey(x,pkey)
+NETSCAPE_SPKI *x;
+EVP_PKEY *pkey;
+        {
+        int ok=0;
+        X509_PUBKEY *pk;
+        X509_ALGOR *a;
+        ASN1_OBJECT *o;
+        unsigned char *s,*p;
+        int i;
+        if (x == NULL) return(0);
+        if ((pk=X509_PUBKEY_new()) == NULL) goto err;
+        a=pk->algor;
+        /* set the algorithm id */
+        if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
+        ASN1_OBJECT_free(a->algorithm);
+        a->algorithm=o;
+        /* Set the parameter list */
+        if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL))
+                {
+                ASN1_TYPE_free(a->parameter);
+                a->parameter=ASN1_TYPE_new();
+                a->parameter->type=V_ASN1_NULL;
+                }
+        i=i2d_PublicKey(pkey,NULL);
+        if ((s=(unsigned char *)malloc(i+1)) == NULL) goto err;
+        p=s;
+        i2d_PublicKey(pkey,&p);
+        if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
+        free(s);
+        X509_PUBKEY_free(x->spkac->pubkey);
+        x->spkac->pubkey=pk;
+        pk=NULL;
+        ok=1;
+err:
+        if (pk != NULL) X509_PUBKEY_free(pk);
+        return(ok);
+        }
diff --git a/src/lib/libssl/src/demos/ssl/cli.cpp b/src/lib/libssl/src/demos/ssl/cli.cpp
new file mode 100644
index 0000000000..f52a9c025b
--- /dev/null
+++ b/src/lib/libssl/src/demos/ssl/cli.cpp
@@ -0,0 +1,102 @@
+/* cli.cpp  -  Minimal ssleay client for Unix
+   30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
+#include <stdio.h>
+#include <memory.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include "rsa.h"       /* SSLeay stuff */
+#include "crypto.h"
+#include "x509.h"
+#include "pem.h"
+#include "ssl.h"
+#include "err.h"
+#define CHK_NULL(x) if ((x)==NULL) exit (1)
+#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
+#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
+void main ()
+{
+  int err;
+  int sd;
+  struct sockaddr_in sa;
+  SSL_CTX* ctx;
+  SSL*     ssl;
+  X509*    server_cert;
+  char*    str;
+  char     buf [4096];
+  SSL_load_error_strings();
+  ctx = SSL_CTX_new ();                        CHK_NULL(ctx);
+  
+  /* ----------------------------------------------- */
+  /* Create a socket and connect to server using normal socket calls. */
+  
+  sd = socket (AF_INET, SOCK_STREAM, 0);       CHK_ERR(sd, "socket");
+ 
+  memset (&sa, '\0', sizeof(sa));
+  sa.sin_family      = AF_INET;
+  sa.sin_addr.s_addr = inet_addr ("127.0.0.1");   /* Server IP */
+  sa.sin_port        = htons     (1111);          /* Server Port number */
+  
+  err = connect(sd, (struct sockaddr*) &sa,
+                sizeof(sa));                   CHK_ERR(err, "connect");
+  /* ----------------------------------------------- */
+  /* Now we have TCP conncetion. Start SSL negotiation. */
+  
+  ssl = SSL_new (ctx);                         CHK_NULL(ssl);    
+  SSL_set_fd (ssl, sd);
+  err = SSL_connect (ssl);                     CHK_SSL(err);
+    
+  /* Following two steps are optional and not required for
+     data exchange to be successful. */
+  
+  /* Get the cipher - opt */
+  printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
+  
+  /* Get server's certificate (note: beware of dynamic allocation) - opt */
+  server_cert = SSL_get_peer_certificate (ssl);       CHK_NULL(server_cert);
+  printf ("Server certificate:\n");
+  
+  str = X509_NAME_oneline (X509_get_subject_name (server_cert));
+  CHK_NULL(str);
+  printf ("\t subject: %s\n", str);
+  Free (str);
+  str = X509_NAME_oneline (X509_get_issuer_name  (server_cert));
+  CHK_NULL(str);
+  printf ("\t issuer: %s\n", str);
+  Free (str);
+  /* We could do all sorts of certificate verification stuff here before
+     deallocating the certificate. */
+  X509_free (server_cert);
+  
+  /* --------------------------------------------------- */
+  /* DATA EXCHANGE - Send a message and receive a reply. */
+  err = SSL_write (ssl, "Hello World!", strlen("Hello World!"));  CHK_SSL(err);
+  
+  shutdown (sd, 1);  /* Half close, send EOF to server. */
+  
+  err = SSL_read (ssl, buf, sizeof(buf) - 1);                     CHK_SSL(err);
+  buf[err] = '\0';
+  printf ("Got %d chars:'%s'\n", err, buf);
+  /* Clean up. */
+  close (sd);
+  SSL_free (ssl);
+  SSL_CTX_free (ctx);
+}
+/* EOF - cli.cpp */
diff --git a/src/lib/libssl/src/demos/ssl/inetdsrv.cpp b/src/lib/libssl/src/demos/ssl/inetdsrv.cpp
new file mode 100644
index 0000000000..b09c8b6e0b
--- /dev/null
+++ b/src/lib/libssl/src/demos/ssl/inetdsrv.cpp
@@ -0,0 +1,98 @@
+/* inetdserv.cpp  -  Minimal ssleay server for Unix inetd.conf
+ * 30.9.1996, Sampo Kellomaki <sampo@iki.fi>
+ * From /etc/inetd.conf:
+ *     1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv
+ */
+#include <stdio.h>
+#include <errno.h>
+#include "rsa.h"       /* SSLeay stuff */
+#include "crypto.h"
+#include "x509.h"
+#include "pem.h"
+#include "ssl.h"
+#include "err.h"
+#define HOME "/usr/users/sampo/demo/"
+#define CERTF HOME "plain-cert.pem"
+#define KEYF  HOME "plain-key.pem"
+#define CHK_NULL(x) if ((x)==NULL) exit (1)
+#define CHK_ERR(err,s) if ((err)==-1) \
+                         { fprintf(log, "%s %d\n", (s), errno); exit(1); }
+#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); }
+void main ()
+{
+  int err;
+  SSL_CTX* ctx;
+  SSL*     ssl;
+  X509*    client_cert;
+  char*    str;
+  char     buf [4096];
+  FILE* log;
+  
+  log = fopen ("/dev/console", "a");                     CHK_NULL(log);
+  fprintf (log, "inetdserv %ld\n", (long)getpid());
+  
+  SSL_load_error_strings();
+  ctx = SSL_CTX_new (); CHK_NULL(ctx);
+  
+  err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF,  SSL_FILETYPE_PEM);
+  CHK_SSL (err);
+  
+  err = SSL_CTX_use_certificate_file   (ctx, CERTF, SSL_FILETYPE_PEM);
+  CHK_SSL (err);
+  /* inetd has already opened the TCP connection, so we can get right
+     down to business. */
+  
+  ssl = SSL_new (ctx);  CHK_NULL(ssl);
+  SSL_set_fd (ssl,  fileno(stdin));
+  err = SSL_accept (ssl);                                CHK_SSL(err);
+  
+  /* Get the cipher - opt */
+  
+  fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl));
+  
+  /* Get client's certificate (note: beware of dynamic allocation) - opt */
+  client_cert = SSL_get_peer_certificate (ssl);
+  if (client_cert != NULL) {
+    fprintf (log, "Client certificate:\n");
+    
+    str = X509_NAME_oneline (X509_get_subject_name (client_cert));
+    CHK_NULL(str);
+    fprintf (log, "\t subject: %s\n", str);
+    Free (str);
+    
+    str = X509_NAME_oneline (X509_get_issuer_name  (client_cert));
+    CHK_NULL(str);
+    fprintf (log, "\t issuer: %s\n", str);
+    Free (str);
+    
+    /* We could do all sorts of certificate verification stuff here before
+       deallocating the certificate. */
+    
+    X509_free (client_cert);
+  } else
+    fprintf (log, "Client doe not have certificate.\n");
+  /* ------------------------------------------------- */
+  /* DATA EXCHANGE: Receive message and send reply  */
+  
+  err = SSL_read (ssl, buf, sizeof(buf) - 1);  CHK_SSL(err);
+  buf[err] = '\0';
+  fprintf (log, "Got %d chars:'%s'\n", err, buf);
+  
+  err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear."));
+  CHK_SSL(err);
+  /* Clean up. */
+  fclose (log);
+  SSL_free (ssl);
+  SSL_CTX_free (ctx);
+}
+/* EOF - inetdserv.cpp */
diff --git a/src/lib/libssl/src/demos/ssl/serv.cpp b/src/lib/libssl/src/demos/ssl/serv.cpp
new file mode 100644
index 0000000000..8681f2f22b
--- /dev/null
+++ b/src/lib/libssl/src/demos/ssl/serv.cpp
@@ -0,0 +1,126 @@
+/* serv.cpp  -  Minimal ssleay server for Unix
+   30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
+#include <stdio.h>
+#include <memory.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include "rsa.h"       /* SSLeay stuff */
+#include "crypto.h"
+#include "x509.h"
+#include "pem.h"
+#include "ssl.h"
+#include "err.h"
+#define HOME "/usr/users/sampo/sibs/tim/"
+#define CERTF HOME "plain-cert.pem"
+#define KEYF  HOME "plain-key.pem"
+#define CHK_NULL(x) if ((x)==NULL) exit (1)
+#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
+#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
+void main ()
+{
+  int err;
+  int listen_sd;
+  int sd;
+  struct sockaddr_in sa_serv;
+  struct sockaddr_in sa_cli;
+  int client_len;
+  SSL_CTX* ctx;
+  SSL*     ssl;
+  X509*    client_cert;
+  char*    str;
+  char     buf [4096];
+  /* SSL preliminaries. We keep the certificate and key with the context. */
+  SSL_load_error_strings();
+  ctx = SSL_CTX_new ();   CHK_NULL(ctx);
+  
+  err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF,  SSL_FILETYPE_PEM);
+  CHK_SSL(err);
+  
+  err = SSL_CTX_use_certificate_file   (ctx, CERTF, SSL_FILETYPE_PEM);
+  CHK_SSL(err);
+  
+  /* ----------------------------------------------- */
+  /* Prepare TCP socket for receiving connections */
+  listen_sd = socket (AF_INET, SOCK_STREAM, 0);   CHK_ERR(listen_sd, "socket");
+  
+  memset (&sa_serv, '\0', sizeof(sa_serv));
+  sa_serv.sin_family      = AF_INET;
+  sa_serv.sin_addr.s_addr = INADDR_ANY;
+  sa_serv.sin_port        = htons (1111);          /* Server Port number */
+  
+  err = bind(listen_sd, (struct sockaddr*) &sa_serv,
+             sizeof (sa_serv));                   CHK_ERR(err, "bind");
+             
+  /* Receive a TCP connection. */
+             
+  err = listen (listen_sd, 5);                    CHK_ERR(err, "listen");
+  
+  client_len = sizeof(sa_cli);
+  sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
+  CHK_ERR(sd, "accept");
+  close (listen_sd);
+  printf ("Connection from %lx, port %x\n",
+          sa_cli.sin_addr.s_addr, sa_cli.sin_port);
+  
+  /* ----------------------------------------------- */
+  /* TCP connection is ready. Do server side SSL. */
+  ssl = SSL_new (ctx);                           CHK_NULL(ssl);
+  SSL_set_fd (ssl, sd);
+  err = SSL_accept (ssl);                        CHK_SSL(err);
+  
+  /* Get the cipher - opt */
+  
+  printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
+  
+  /* Get client's certificate (note: beware of dynamic allocation) - opt */
+  client_cert = SSL_get_peer_certificate (ssl);
+  if (client_cert != NULL) {
+    printf ("Client certificate:\n");
+    
+    str = X509_NAME_oneline (X509_get_subject_name (client_cert));
+    CHK_NULL(str);
+    printf ("\t subject: %s\n", str);
+    Free (str);
+    
+    str = X509_NAME_oneline (X509_get_issuer_name  (client_cert));
+    CHK_NULL(str);
+    printf ("\t issuer: %s\n", str);
+    Free (str);
+    
+    /* We could do all sorts of certificate verification stuff here before
+       deallocating the certificate. */
+    
+    X509_free (client_cert);
+  } else
+    printf ("Client does not have certificate.\n");
+  /* DATA EXCHANGE - Receive message and send reply. */
+  err = SSL_read (ssl, buf, sizeof(buf) - 1);                   CHK_SSL(err);
+  buf[err] = '\0';
+  printf ("Got %d chars:'%s'\n", err, buf);
+  
+  err = SSL_write (ssl, "I hear you.", strlen("I hear you."));  CHK_SSL(err);
+  /* Clean up. */
+  close (sd);
+  SSL_free (ssl);
+  SSL_CTX_free (ctx);
+}
+/* EOF - serv.cpp */
diff --git a/src/lib/libssl/src/e_os.h b/src/lib/libssl/src/e_os.h
new file mode 100644
index 0000000000..3d142ec2ba
--- /dev/null
+++ b/src/lib/libssl/src/e_os.h
@@ -0,0 +1,322 @@
+/* e_os.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_E_OS_H
+#define HEADER_E_OS_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+/* Used to checking reference counts, most while doing perl5 stuff :-) */
+#ifdef REF_PRINT
+#undef REF_PRINT
+#define REF_PRINT(a,b)  fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a)
+#endif
+#ifndef DEVRANDOM
+/* set this to your 'random' device if you have one.
+ * My default, we will try to read this file */
+#define DEVRANDOM "/dev/urandom"
+#endif
+#if defined(NOCONST)
+#define const
+#endif
+/********************************************************************
+ The Microsoft section
+ ********************************************************************/
+/* The following is used becaue of the small stack in some
+ * Microsoft operating systems */
+#if defined(WIN16) || defined(MSDOS)
+#  define MS_STATIC     static
+#else
+#  define MS_STATIC
+#endif
+#if defined(WIN32) || defined(WIN16)
+#  ifndef WINDOWS
+#    define WINDOWS
+#  endif
+#  ifndef MSDOS
+#    define MSDOS
+#  endif
+#endif
+#ifdef WIN32
+#define get_last_sys_error()    GetLastError()
+#define clear_sys_error()       SetLastError(0)
+#else
+#define get_last_sys_error()    errno
+#define clear_sys_error()       errno=0
+#endif
+#ifdef WINDOWS
+#define get_last_socket_error() WSAGetLastError()
+#define clear_socket_error()    WSASetLastError(0)
+#else
+#define get_last_socket_error() errno
+#define clear_socket_error()    errno=0
+#define ioctlsocket(a,b,c)      ioctl(a,b,c)
+#endif
+#ifdef WIN16
+#  define NO_FP_API
+#  define MS_CALLBACK   _far _loadds
+#  define MS_FAR        _far
+#else
+#  define MS_CALLBACK
+#  define MS_FAR
+#endif
+#ifdef NO_STDIO
+#  define NO_FP_API
+#endif
+#if defined(WINDOWS) || defined(MSDOS)
+#ifndef S_IFDIR
+#define S_IFDIR _S_IFDIR
+#endif
+#ifndef S_IFMT
+#define S_IFMT  _S_IFMT
+#endif
+#define strncasecmp(a,b,c)      strnicmp((a),(b),(c))
+#  ifdef WINDOWS
+#    include <windows.h>
+#    include <stddef.h>
+#    include <errno.h>
+#    include <string.h>
+#    include <malloc.h>
+#  endif
+#  include <io.h>
+#  include <fcntl.h>
+#if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+#  define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); }
+#else
+#  define EXIT(n)               return(n);
+#endif
+#  define LIST_SEPARATOR_CHAR ';'
+#ifndef X_OK
+#  define X_OK  0
+#endif
+#ifndef W_OK
+#  define W_OK  2
+#endif
+#ifndef R_OK
+#  define R_OK  4
+#endif
+#  define SSLEAY_CONF   "ssleay.cnf"
+#  define NUL_DEV       "nul"
+#  define RFILE         ".rnd"
+#else /* The non-microsoft world world */
+#  ifdef VMS
+#    include <unixlib.h>
+#  else
+#    include <unistd.h>
+#  endif
+#  define SSLEAY_CONF   "ssleay.cnf"
+#  define RFILE         ".rnd"
+#  define LIST_SEPARATOR_CHAR ':'
+#  ifndef MONOLITH
+#    define EXIT(n)             exit(n); return(n)
+#  else
+#    define EXIT(n)             return(n)
+#  endif
+#  define NUL_DEV               "/dev/null"
+#  define SSLeay_getpid()       getpid()
+#endif
+/*************/
+#ifdef USE_SOCKETS
+#  if defined(WINDOWS) || defined(MSDOS)
+      /* windows world */
+#    ifdef NO_SOCK
+#      define SSLeay_Write(a,b,c)       (-1)
+#      define SSLeay_Read(a,b,c)        (-1)
+#      define SHUTDOWN(fd)              close(fd)
+#      define SHUTDOWN2(fd)             close(fd)
+#    else
+#      include <winsock.h>
+extern HINSTANCE _hInstance;
+#      define SSLeay_Write(a,b,c)       send((a),(b),(c),0)
+#      define SSLeay_Read(a,b,c)        recv((a),(b),(c),0)
+#      define SHUTDOWN(fd)              { shutdown((fd),0); closesocket(fd); }
+#      define SHUTDOWN2(fd)             { shutdown((fd),2); closesocket(fd); }
+#    endif
+#  else
+#    ifndef VMS
+      /* unix world */
+#      include <netdb.h>
+#      include <sys/types.h>
+#      include <sys/socket.h>
+#      ifdef FILIO_H
+#        include <sys/filio.h> /* Added for FIONBIO under unixware */
+#      endif
+#      include <sys/param.h>
+#      include <sys/time.h> /* Needed under linux for FD_XXX */
+#      include <netinet/in.h>
+#    endif
+#    if defined(NeXT) || defined(_NEXT_SOURCE)
+#      include <sys/fcntl.h>
+#      include <sys/types.h>
+#    endif
+#    ifdef AIX
+#      include <sys/select.h>
+#    endif
+#    if defined(sun)
+#      include <sys/filio.h>
+#    else
+#      include <sys/ioctl.h>
+#    endif
+#    ifdef VMS
+#      include <unixio.h>
+#    endif
+#    define SSLeay_Read(a,b,c)     read((a),(b),(c))
+#    define SSLeay_Write(a,b,c)    write((a),(b),(c))
+#    define SHUTDOWN(fd)    { shutdown((fd),0); close((fd)); }
+#    define SHUTDOWN2(fd)   { shutdown((fd),2); close((fd)); }
+#    define INVALID_SOCKET      -1
+#  endif
+#endif
+#if defined(THREADS) || defined(sun)
+#ifndef _REENTRANT
+#define _REENTRANT
+#endif
+#endif
+/***********************************************/
+#ifndef NOPROTO
+#define P_CC_CC const void *,const void *
+#define P_I_I           int,int 
+#define P_I_I_P         int,int,char *
+#define P_I_I_P_I       int,int,char *,int
+#define P_IP_I_I_P_I    int *,int,int,char *,int
+#define P_V             void 
+#else
+#define P_CC_CC
+#define P_I_I
+#define P_I_I_P
+#define P_IP_I_I_P_I
+#define P_I_I_P_I
+#define P_V
+#endif
+/* not used yet */
+#define CS_BEGIN
+#define CS_END
+/* do we need to do this for getenv.
+ * Just define getenv for use under windows */
+#ifdef WIN16
+/* How to do this needs to be thought out a bit more.... */
+/*char *GETENV(char *);
+#define Getenv  GETENV*/
+#define Getenv  getenv
+#else
+#define Getenv getenv
+#endif
+#define DG_GCC_BUG      /* gcc < 2.6.3 on DGUX */
+#ifdef sgi
+#define IRIX_CC_BUG     /* all version of IRIX I've tested (4.* 5.*) */
+#endif
+#ifdef NO_MD2
+#define MD2_Init MD2Init
+#define MD2_Update MD2Update
+#define MD2_Final MD2Final
+#define MD2_DIGEST_LENGTH 16
+#endif
+#ifdef NO_MD5
+#define MD5_Init MD5Init 
+#define MD5_Update MD5Update
+#define MD5_Final MD5Final
+#define MD5_DIGEST_LENGTH 16
+#endif
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/makevms.com b/src/lib/libssl/src/makevms.com
new file mode 100644
index 0000000000..2f4792aa9a
--- /dev/null
+++ b/src/lib/libssl/src/makevms.com
@@ -0,0 +1,65 @@
+$!
+$! This procedure compiles the SSL sources into 2 libraries:
+$!      [.CRYPTO]CRYPTO-xxx.OLB         ! crypto-graphics subroutines
+$!      [.SSL]SSL-xxx.OLB               ! SSL protocol.
+$!
+$!  where 'xxx' specifies the machine achitecture: AXP or VAX
+$!
+$!  To perform 1 sub-option, specify P1 as one of:
+$!      INCLUDE CRYPTO SSL SSL_TASK
+$!
+$!  Requirements:
+$!      DECC 4.0        (may work with other versions)
+$!      OpenVMS 6.1     (may work with other versions)
+$!
+$ original_default = f$environment("DEFAULT")
+$ proc = f$environment("PROCEDURE")
+$ proc_dir = f$parse("1.1;1",proc) - "1.1;1"
+$ set default 'proc_dir'
+$!
+$! Copy all include files to [.include]
+$!
+$ set noon
+$ if P1 .nes. "" then goto do_'p1'
+$ do_include
+$ write sys$output "Rebuilding [.include] directory..."
+$ delete [.include]*.h;*
+$ backup [.*...]*.h; includes.bck/save
+$ backup includes.bck/save [.include]
+$ delete includes.bck;
+$ if p1 .nes. "" then goto cleanup
+$!
+$! Build crypto lib.
+$!
+$ do_crypto:
+$ write sys$Output "Making CRYPTO library"
+$ set default [.crypto]
+$ @libvms
+$ set default [-]
+$ if p1 .nes. "" then goto cleanup
+$!
+$! Build SSL lib.
+$!
+$ do_ssl:
+$ write sys$output "Making SSL library"
+$ set default [.ssl]
+$ libname = "ssl-axp.olb"
+$ if f$getsyi("CPU") .lt. 128 then libname = "ssl-vax.olb"
+$ if f$search(libname) .eqs. "" then library/create/log 'libname'
+$ cc ssl.c/include=[-.include]/prefix=all
+$ library/replace 'libname' ssl.obj
+$ set default [-]
+$ if p1 .nes. "" then goto cleanup
+$!
+$ do_ssl_task:
+$ write sys$output "Building SSL_TASK.EXE, the DECnet-based SSL engine"
+$ set default [.ssl]
+$ libname = "ssl-axp.olb"
+$ if f$getsyi("CPU") .lt. 128 then libname = "ssl-vax.olb"
+$ cc ssl_task/include=[-.include]/prefix=all
+$ cryptolib = "[-.crypto]crypto-" + f$element(1,"-",libname)
+$ link ssl_task,'libname'/library,'cryptolib'/library
+$!
+$ cleanup:
+$ set default 'original_default'
+$ write sys$output "Done"
diff --git a/src/lib/libssl/src/ms/.rnd b/src/lib/libssl/src/ms/.rnd
new file mode 100644
index 0000000000..03072abc1f
--- /dev/null
+++ b/src/lib/libssl/src/ms/.rnd
Binary files differ
diff --git a/src/lib/libssl/src/ms/16all.bat b/src/lib/libssl/src/ms/16all.bat
new file mode 100644
index 0000000000..e57e177177
--- /dev/null
+++ b/src/lib/libssl/src/ms/16all.bat
@@ -0,0 +1,12 @@
+set OPTS=no_asm
+perl Configure VC-WIN16
+perl util\mk1mf.pl %OPTS% debug VC-WIN16 >d16.mak
+perl util\mk1mf.pl %OPTS% VC-WIN16 >16.mak
+perl util\mk1mf.pl %OPTS% debug dll VC-WIN16 >d16dll.mak
+perl util\mk1mf.pl %OPTS% dll VC-WIN16 >16dll.mak
+nmake -f d16.mak
+nmake -f 16.mak
+nmake -f d16dll.mak
+nmake -f 16dll.mak
diff --git a/src/lib/libssl/src/ms/32all.bat b/src/lib/libssl/src/ms/32all.bat
new file mode 100644
index 0000000000..088c942887
--- /dev/null
+++ b/src/lib/libssl/src/ms/32all.bat
@@ -0,0 +1,12 @@
+set OPTS=no_asm
+perl Configure VC-WIN32
+perl util\mk1mf.pl %OPTS% debug VC-WIN32 >d32.mak
+perl util\mk1mf.pl %OPTS% VC-WIN32 >32.mak
+perl util\mk1mf.pl %OPTS% debug dll VC-WIN32 >d32dll.mak
+perl util\mk1mf.pl %OPTS% dll VC-WIN32 >32dll.mak
+nmake -f d32.mak
+nmake -f 32.mak
+nmake -f d32dll.mak
+nmake -f 32dll.mak
diff --git a/src/lib/libssl/src/ms/README b/src/lib/libssl/src/ms/README
new file mode 100644
index 0000000000..5804a2d84a
--- /dev/null
+++ b/src/lib/libssl/src/ms/README
@@ -0,0 +1,18 @@
+Run these makefiles from the top level as in
+nmake -f ms\makefilename
+to build with visual C++ 4.[01].
+The results will be in the out directory.
+These makefiles and def files were generated my typing
+perl util\mk1mf.pl VC-MSDOS no-sock >ms/msdos.mak
+perl util\mk1mf.pl VC-W31-32 >ms/w31.mak
+perl util\mk1mf.pl VC-W31-32 dll >ms/w31dll.mak
+perl util\mk1mf.pl VC-NT >ms/nt.mak
+perl util\mk1mf.pl VC-NT dll >ms/ntdll.mak
+perl util\mkdef.pl 16 crypto > ms/crypto16.def
+perl util\mkdef.pl 32 crypto > ms/crypto32.def
+perl util\mkdef.pl 16 ssl > ms/ssl16.def
+perl util\mkdef.pl 32 ssl > ms/ssl32.def
diff --git a/src/lib/libssl/src/ms/certCA.srl b/src/lib/libssl/src/ms/certCA.srl
new file mode 100644
index 0000000000..d6b24041cf
--- /dev/null
+++ b/src/lib/libssl/src/ms/certCA.srl
@@ -0,0 +1 @@
+19
diff --git a/src/lib/libssl/src/ms/certCA.ss b/src/lib/libssl/src/ms/certCA.ss
new file mode 100644
index 0000000000..6bfccc7c48
--- /dev/null
+++ b/src/lib/libssl/src/ms/certCA.ss
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBXDCCAQYCAQAwDQYJKoZIhvcNAQEEBQAwOTELMAkGA1UEBhMCQVUxFzAVBgNV
+BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05NzExMjgw
+MDA3MzBaFw05NzEyMjgwMDA3MzBaMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E
+b2RneSBCcm90aGVyczERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEF
+AANLADBIAkEAwOKExbdfKLemEMGOKeBgqI3abJE9yzf3WhrPcQLRAyM85YPxk0DQ
+YWwhEh9i2BxGWYAZ7Krv1EqdsViCQBGuBQIDAQABMA0GCSqGSIb3DQEBBAUAA0EA
+VXYhZ1FnfBFIjHiYV8PD4uQuVJLhNa2q3cSWX1HTHfbrAPa/lMSUWuWcYwD3lBeb
+D69W77B0LqAfVajBQwbXkQ==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/ms/certU.ss b/src/lib/libssl/src/ms/certU.ss
new file mode 100644
index 0000000000..6a0302ed1d
--- /dev/null
+++ b/src/lib/libssl/src/ms/certU.ss
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBcTCCARsCARgwDQYJKoZIhvcNAQEEBQAwOTELMAkGA1UEBhMCQVUxFzAVBgNV
+BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05NzExMjgw
+MDA3MzRaFw05NzEyMjgwMDA3MzRaME4xCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E
+b2RneSBCcm90aGVyczESMBAGA1UEAxMJQnJvdGhlciAxMRIwEAYDVQQDEwlCcm90
+aGVyIDIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyfgRHCZvlyq9yiQisWmetnpb
+DZMhZB+HjuxQxp3gEpI7P8q5Z5tXIU5+OFAfIRkRdMGa/UK+NVg7AJ6UYyIR3wID
+AQABMA0GCSqGSIb3DQEBBAUAA0EAgH3htGAw6tMcZYANofqYr96RhjnxzCGZkUq3
+SH9thHUBywcXQo6BUpGxUXFExW4NA2f49OWQxf8kYrVAXHcCsA==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/ms/cmp.pl b/src/lib/libssl/src/ms/cmp.pl
new file mode 100644
index 0000000000..c6bfcae6c5
--- /dev/null
+++ b/src/lib/libssl/src/ms/cmp.pl
@@ -0,0 +1,47 @@
+#!/usr/bin/perl
+($#ARGV == 1) || die "usage: cmp.pl <file1> <file2>\n";
+open(IN0,"<$ARGV[0]") || die "unable to open $ARGV[0]\n";
+open(IN1,"<$ARGV[1]") || die "unable to open $ARGV[1]\n";
+binmode IN0;
+binmode IN1;
+$tot=0;
+$ret=1;
+for (;;)
+        {
+        $n1=sysread(IN0,$b1,4096);
+        $n2=sysread(IN1,$b2,4096);
+        last if ($n1 != $n2);
+        last if ($b1 ne $b2);
+        last if ($n1 < 0);
+        if ($n1 == 0)
+                {
+                $ret=0;
+                last;
+                }
+        $tot+=$n1;
+        }
+close(IN0);
+close(IN1);
+if ($ret)
+        {
+        printf STDERR "$ARGV[0] and $ARGV[1] are different\n";
+        @a1=unpack("C*",$b1);
+        @a2=unpack("C*",$b2);
+        for ($i=0; $i<=$#a1; $i++)
+                {
+                if ($a1[$i] ne $a2[$i])
+                        {
+                        printf "%02X %02X <<\n",$a1[$i],$a2[$i];
+                        last;
+                        }
+                }
+        $nm=$tot+$n1;
+        $tot+=$i+1;
+        printf STDERR "diff at char $tot of $nm\n";
+        }
+exit($ret);
diff --git a/src/lib/libssl/src/ms/do_ms.bat b/src/lib/libssl/src/ms/do_ms.bat
new file mode 100644
index 0000000000..673d706a1a
--- /dev/null
+++ b/src/lib/libssl/src/ms/do_ms.bat
@@ -0,0 +1,11 @@
+rem perl util\mk1mf.pl VC-MSDOS no-sock >ms\msdos.mak
+rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak
+perl util\mk1mf.pl VC-W31-32 dll >ms\w31dll.mak
+rem perl util\mk1mf.pl VC-WIN32 >ms\nt.mak
+perl util\mk1mf.pl VC-WIN32 dll >ms\ntdll.mak
+perl util\mkdef.pl 16 libeay > ms\libeay16.def
+perl util\mkdef.pl 32 libeay > ms\libeay32.def
+perl util\mkdef.pl 16 ssleay > ms\ssleay16.def
+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
diff --git a/src/lib/libssl/src/ms/keyCA.ss b/src/lib/libssl/src/ms/keyCA.ss
new file mode 100644
index 0000000000..9ed3e7dc46
--- /dev/null
+++ b/src/lib/libssl/src/ms/keyCA.ss
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAMDihMW3Xyi3phDBjingYKiN2myRPcs391oaz3EC0QMjPOWD8ZNA
+0GFsIRIfYtgcRlmAGeyq79RKnbFYgkARrgUCAwEAAQJAGEWo/ZRoth/+Fse0kxJ4
+N126acURKJx/VOhgyFDZanJxxwhaXRRkZZfXgFP5StY2lAOrcuMnsDjc8XYNrvcE
+wQIhAOXcIp0eZfoPAAuhoQ2bd94dg8QX+8Hv38oJBUuduTs1AiEA1tHvlMrRC1dp
+mPUWooFaRFfadFvCMJy5ouGQ24bKMZECIB1YiHbEvcI6DghuHzCsi5Yo8HyljzfI
+VyrlEe8AePiNAiEAv6Hxpnsy9noZAlEIyxi3TKZOg2Rjm/gDhfDQx3S7pHECIQDC
+R6w+uHZzVJ50/kNh3mJow2W2+Rffkk2hcM4r5Sf4Vg==
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/ms/keyU.ss b/src/lib/libssl/src/ms/keyU.ss
new file mode 100644
index 0000000000..ab62876195
--- /dev/null
+++ b/src/lib/libssl/src/ms/keyU.ss
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAMn4ERwmb5cqvcokIrFpnrZ6Ww2TIWQfh47sUMad4BKSOz/KuWeb
+VyFOfjhQHyEZEXTBmv1CvjVYOwCelGMiEd8CAwEAAQJAEu/4orwT4Ie4bfi/bAUs
+RY3pdbdi/SFbs5IC7OymsvbqO/J5/6lTLKX/CFUvXjbpd922jfNMQzdalOfZ7R+K
+aQIhAP9DOq6eFRbNqzxxDadOOSLFEcWBZwzIX12zoPgxarPDAiEAyo1tF3zbU93G
+WQ1yjlhXYm07VdoZV0CUI6dKkB0ok7UCIEmiQhZHAbxfPcskrZSaiv7NrE+2AVz9
+nAzymTefQbFzAiAFCODmTY8yFXghrIjlauK5Kpfn+WTZ21wTSsw6qs7gZQIhAK2l
+vwdD73PZSW928dZ9VoV7Dh7Klflf6J+xrJIibP7z
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/ms/req2CA.ss b/src/lib/libssl/src/ms/req2CA.ss
new file mode 100644
index 0000000000..6a3dd4e2d0
--- /dev/null
+++ b/src/lib/libssl/src/ms/req2CA.ss
@@ -0,0 +1,29 @@
+Certificate Request:
+    Data:
+        Version: 0 (0x0)
+        Subject: C=AU, O=Dodgy Brothers, CN=Dodgy CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:c0:e2:84:c5:b7:5f:28:b7:a6:10:c1:8e:29:e0:
+                    60:a8:8d:da:6c:91:3d:cb:37:f7:5a:1a:cf:71:02:
+                    d1:03:23:3c:e5:83:f1:93:40:d0:61:6c:21:12:1f:
+                    62:d8:1c:46:59:80:19:ec:aa:ef:d4:4a:9d:b1:58:
+                    82:40:11:ae:05
+                Exponent: 65537 (0x10001)
+        Attributes:
+            a0:00
+    Signature Algorithm: md5WithRSAEncryption
+        12:14:96:c0:0e:ea:5a:08:6f:13:fd:72:84:6a:26:33:29:f9:
+        52:39:4c:fc:ec:da:0d:83:39:2e:27:17:9b:f8:46:03:b5:dd:
+        52:a6:dd:3a:50:8e:73:4f:87:94:59:31:1d:5a:54:24:96:4d:
+        d4:57:95:4c:ca:4c:dc:0b:b8:5f
+-----BEGIN CERTIFICATE REQUEST-----
+MIHzMIGeAgEAMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5Eb2RneSBCcm90aGVy
+czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwOKE
+xbdfKLemEMGOKeBgqI3abJE9yzf3WhrPcQLRAyM85YPxk0DQYWwhEh9i2BxGWYAZ
+7Krv1EqdsViCQBGuBQIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQASFJbADupaCG8T
+/XKEaiYzKflSOUz87NoNgzkuJxeb+EYDtd1Spt06UI5zT4eUWTEdWlQklk3UV5VM
+ykzcC7hf
+-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/src/ms/reqCA.ss b/src/lib/libssl/src/ms/reqCA.ss
new file mode 100644
index 0000000000..be8ca974d0
--- /dev/null
+++ b/src/lib/libssl/src/ms/reqCA.ss
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIHzMIGeAgEAMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5Eb2RneSBCcm90aGVy
+czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwOKE
+xbdfKLemEMGOKeBgqI3abJE9yzf3WhrPcQLRAyM85YPxk0DQYWwhEh9i2BxGWYAZ
+7Krv1EqdsViCQBGuBQIDAQABoAAwDQYJKoZIhvcNAQEFBQADQQDAvyCzrfhnLH8V
+tldPhV9imEi8Dh8vjRYIIb4AlIq25ku8NJyTHi3zOwvH2iiTUx4oxOV9/++UbU+l
+dmT7y1IS
+-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/src/ms/reqU.ss b/src/lib/libssl/src/ms/reqU.ss
new file mode 100644
index 0000000000..9223897196
--- /dev/null
+++ b/src/lib/libssl/src/ms/reqU.ss
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCDCBswIBADBOMQswCQYDVQQGEwJBVTEXMBUGA1UEChMORG9kZ3kgQnJvdGhl
+cnMxEjAQBgNVBAMTCUJyb3RoZXIgMTESMBAGA1UEAxMJQnJvdGhlciAyMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAMn4ERwmb5cqvcokIrFpnrZ6Ww2TIWQfh47sUMad
+4BKSOz/KuWebVyFOfjhQHyEZEXTBmv1CvjVYOwCelGMiEd8CAwEAAaAAMA0GCSqG
+SIb3DQEBAgUAA0EAbE4cboaJY3vKmskyPC1cS5Jn4WjFOjaUCNI5MjeTNTZ6AE4o
+h6Sx4PeQomjMA1gRGrHCz+5IyVBcgskY5IYLCw==
+-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/src/ms/speed16.bat b/src/lib/libssl/src/ms/speed16.bat
new file mode 100644
index 0000000000..7ff08851a2
--- /dev/null
+++ b/src/lib/libssl/src/ms/speed16.bat
@@ -0,0 +1,38 @@
+set makefile=ms\dos.bat
+perl Configure b
+del tmp\*.obj
+nmake -f %makefile%
+nmake -f %makefile%
+nmake -f %makefile%
+out\ssleay version -v -b -f >speed.1
+out\ssleay speed >speed.1l
+perl Configure bl-4c-2c
+del tmp\rc4*.obj tmp\bn*.obj tmp\md2_dgst.obj
+nmake -f %makefile%
+nmake -f %makefile%
+nmake -f %makefile%
+out\ssleay speed rc4 rsa md2 >speed.2l
+perl Configure bl-4c-ri
+del tmp\rc4*.obj
+nmake -f %makefile%
+nmake -f %makefile%
+nmake -f %makefile%
+out\ssleay speed rc4 >speed.3l
+perl Configure b2-is-ri-dp
+perl util\mk1mf.pl VC-MSDOS no-asm >m2
+del tmp\i_*.obj tmp\rc4*.obj tmp\ecb_enc.obj tmp\bn*.obj
+nmake -f m2
+nmake -f m2
+nmake -f m2
+out\ssleay speed rsa rc4 idea des >speed.4l
+type speed.1 >speed.log
+type speed.1l >>speed.log
+perl util\sp-diff.pl speed.1l speed.2l >>speed.log
+perl util\sp-diff.pl speed.1l speed.3l >>speed.log
+perl util\sp-diff.pl speed.1l speed.4l >>speed.log
diff --git a/src/lib/libssl/src/ms/speed32.bat b/src/lib/libssl/src/ms/speed32.bat
new file mode 100644
index 0000000000..95f7ce9505
--- /dev/null
+++ b/src/lib/libssl/src/ms/speed32.bat
@@ -0,0 +1,37 @@
+set makefile=ms\nt.mak
+perl Configure b
+del tmp\*.obj
+nmake -f %makefile%
+nmake -f %makefile%
+nmake -f %makefile%
+out\ssleay version -v -b -f >speed.1
+out\ssleay speed >speed.1l
+perl Configure bl-4c-2c
+del tmp\rc4*.obj tmp\bn*.obj tmp\md2_dgst.obj
+nmake -f %makefile%
+nmake -f %makefile%
+nmake -f %makefile%
+out\ssleay speed rc4 rsa md2 >speed.2l
+perl Configure bl-4c-ri
+del tmp\rc4*.obj
+nmake -f %makefile%
+nmake -f %makefile%
+nmake -f %makefile%
+out\ssleay speed rc4 >speed.3l
+perl Configure b2-is-ri-dp
+del tmp\i_*.obj tmp\rc4*.obj tmp\ecb_enc.obj tmp\bn*.obj
+nmake -f %makefile%
+nmake -f %makefile%
+nmake -f %makefile%
+out\ssleay speed rsa rc4 idea des >speed.4l
+type speed.1 >speed.log
+type speed.1l >>speed.log
+perl util\sp-diff.pl speed.1l speed.2l >>speed.log
+perl util\sp-diff.pl speed.1l speed.3l >>speed.log
+perl util\sp-diff.pl speed.1l speed.4l >>speed.log
diff --git a/src/lib/libssl/src/ms/tenc.bat b/src/lib/libssl/src/ms/tenc.bat
new file mode 100644
index 0000000000..a4fa7f3652
--- /dev/null
+++ b/src/lib/libssl/src/ms/tenc.bat
@@ -0,0 +1,14 @@
+rem called by testenc
+echo test %1 %2 %3 %4 %5 %6 
+%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in %input% -out %tmp1%
+%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in %tmp1% -out %out1%
+%cmp% %input% %out1%
+if errorlevel 1 goto err
+echo test base64 %1 %2 %3 %4 %5 %6 
+%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in %input% -out %tmp1%
+%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in %tmp1% -out %out1%
+%cmp% %input% %out1%
+:err
diff --git a/src/lib/libssl/src/ms/test.bat b/src/lib/libssl/src/ms/test.bat
new file mode 100644
index 0000000000..cffaf46524
--- /dev/null
+++ b/src/lib/libssl/src/ms/test.bat
@@ -0,0 +1,134 @@
+@echo=off
+set test=..\ms
+rem run this from inside the bin directory
+echo destest
+destest
+if errorlevel 1 goto done
+echo ideatest
+ideatest
+if errorlevel 1 goto done
+echo bftest
+bftest
+if errorlevel 1 goto done
+echo shatest
+shatest
+if errorlevel 1 goto done
+echo sha1test
+sha1test
+if errorlevel 1 goto done
+echo md5test
+md5test
+if errorlevel 1 goto done
+echo md2test
+md2test
+if errorlevel 1 goto done
+echo mdc2test
+mdc2test
+if errorlevel 1 goto done
+echo rc2test
+rc2test
+if errorlevel 1 goto done
+echo rc4test
+rc4test
+if errorlevel 1 goto done
+echo randtest
+randtest
+if errorlevel 1 goto done
+echo dhtest
+dhtest
+if errorlevel 1 goto done
+echo exptest
+exptest
+if errorlevel 1 goto done
+echo dsatest
+dsatest
+if errorlevel 1 goto done
+echo testenc
+call %test%\testenc ssleay
+if errorlevel 1 goto done
+echo testpem
+call %test%\testpem ssleay
+if errorlevel 1 goto done
+echo verify
+copy ..\certs\*.pem cert.tmp >nul
+ssleay verify -CAfile cert.tmp ..\certs\*.pem
+echo testss
+call %test%\testss ssleay
+if errorlevel 1 goto done
+echo test sslv2
+ssltest -ssl2
+if errorlevel 1 goto done
+echo test sslv2 with server authentication
+ssltest -ssl2 -server_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+echo test sslv2 with client authentication 
+ssltest -ssl2 -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+echo test sslv2 with both client and server authentication
+ssltest -ssl2 -server_auth -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+echo test sslv3
+ssltest -ssl3
+if errorlevel 1 goto done
+echo test sslv3 with server authentication
+ssltest -ssl3 -server_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+echo test sslv3 with client authentication 
+ssltest -ssl3 -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+echo test sslv3 with both client and server authentication
+ssltest -ssl3 -server_auth -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+echo test sslv2/sslv3
+ssltest
+if errorlevel 1 goto done
+echo test sslv2/sslv3 with server authentication
+ssltest -server_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+echo test sslv2/sslv3 with client authentication 
+ssltest -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+echo test sslv2/sslv3 with both client and server authentication
+ssltest -server_auth -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+del cert.tmp
+echo passed all tests
+goto end
+:done
+echo problems.....
+:end
diff --git a/src/lib/libssl/src/ms/testenc.bat b/src/lib/libssl/src/ms/testenc.bat
new file mode 100644
index 0000000000..2c73bb7d1c
--- /dev/null
+++ b/src/lib/libssl/src/ms/testenc.bat
@@ -0,0 +1,93 @@
+echo=off
+echo start testenc
+path=..\ms;%path%
+set ssleay=%1%
+set input=..\ms\testenc.bat
+set tmp1=..\ms\cipher.out
+set out1=..\ms\clear.out
+set cmp=perl ..\ms\cmp.pl
+call tenc.bat enc
+if errorlevel 1 goto err
+call tenc.bat rc4
+if errorlevel 1 goto err
+call tenc.bat des-cfb
+if errorlevel 1 goto err
+call tenc.bat des-ede-cfb
+if errorlevel 1 goto err
+call tenc.bat des-ede3-cfb
+if errorlevel 1 goto err
+call tenc.bat des-ofb
+if errorlevel 1 goto err
+call tenc.bat des-ede-ofb
+if errorlevel 1 goto err
+call tenc.bat des-ede3-ofb
+if errorlevel 1 goto err
+call tenc.bat des-ecb
+if errorlevel 1 goto err
+call tenc.bat des-ede
+if errorlevel 1 goto err
+call tenc.bat des-ede3
+if errorlevel 1 goto err
+call tenc.bat des-cbc
+if errorlevel 1 goto err
+call tenc.bat des-ede-cbc
+if errorlevel 1 goto err
+call tenc.bat des-ede3-cbc
+if errorlevel 1 goto err
+call tenc.bat idea-ecb
+if errorlevel 1 goto err
+call tenc.bat idea-cfb
+if errorlevel 1 goto err
+call tenc.bat idea-ofb
+if errorlevel 1 goto err
+call tenc.bat idea-cbc
+if errorlevel 1 goto err
+call tenc.bat rc2-ecb
+if errorlevel 1 goto err
+call tenc.bat rc2-cfb
+if errorlevel 1 goto err
+call tenc.bat rc2-ofb
+if errorlevel 1 goto err
+call tenc.bat rc2-cbc
+if errorlevel 1 goto err
+call tenc.bat bf-ecb
+if errorlevel 1 goto err
+call tenc.bat bf-cfb
+if errorlevel 1 goto err
+call tenc.bat bf-ofb
+if errorlevel 1 goto err
+call tenc.bat bf-cbc
+if errorlevel 1 goto err
+echo OK
+del %out1%
+del %tmp1%
+:err
diff --git a/src/lib/libssl/src/ms/testpem.bat b/src/lib/libssl/src/ms/testpem.bat
new file mode 100644
index 0000000000..8f6cdd4d04
--- /dev/null
+++ b/src/lib/libssl/src/ms/testpem.bat
@@ -0,0 +1,36 @@
+echo=off
+set ssleay=%1%
+set tmp1=pem.out
+set cmp=perl ..\ms\cmp.pl
+call tpem.bat crl ..\test\testcrl.pem
+if errorlevel 1 goto err
+call tpem.bat pkcs7 ..\test\testp7.pem
+if errorlevel 1 goto err
+call tpem.bat req ..\test\testreq.pem
+if errorlevel 1 goto err
+call tpem.bat req ..\test\testreq2.pem
+if errorlevel 1 goto err
+call tpem.bat rsa ..\test\testrsa.pem
+if errorlevel 1 goto err
+call tpem.bat x509 ..\test\testx509.pem
+if errorlevel 1 goto err
+call tpem.bat x509 ..\test\v3-cert1.pem
+if errorlevel 1 goto err
+call tpem.bat x509 ..\test\v3-cert1.pem
+if errorlevel 1 goto err
+call tpem.bat sess_id ..\test\testsid.pem
+if errorlevel 1 goto err
+echo OK
+del %tmp1%
+:err
diff --git a/src/lib/libssl/src/ms/testss.bat b/src/lib/libssl/src/ms/testss.bat
new file mode 100644
index 0000000000..9a3bf428ce
--- /dev/null
+++ b/src/lib/libssl/src/ms/testss.bat
@@ -0,0 +1,98 @@
+echo=off
+rem set ssleay=..\out\ssleay
+set ssleay=%1
+set reqcmd=%ssleay% req
+set x509cmd=%ssleay% x509
+set verifycmd=%ssleay% verify
+set CAkey=keyCA.ss
+set CAcert=certCA.ss
+set CAserial=certCA.srl
+set CAreq=reqCA.ss
+set CAconf=..\test\CAss.cnf
+set CAreq2=req2CA.ss    
+set Uconf=..\test\Uss.cnf
+set Ukey=keyU.ss
+set Ureq=reqU.ss
+set Ucert=certU.ss
+echo make a certificate request using 'req'
+%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
+if errorlevel 1 goto err_req
+echo convert the certificate request into a self signed certificate using 'x509'
+%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% >err.ss
+if errorlevel 1 goto err_x509
+echo --
+echo convert a certificate into a certificate request using 'x509'
+%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% >err.ss
+if errorlevel 1 goto err_x509_2
+%reqcmd% -verify -in %CAreq% -noout
+if errorlevel 1 goto err_verify_1
+%reqcmd% -verify -in %CAreq2% -noout
+if errorlevel 1 goto err_verify_2
+%verifycmd% -CAfile %CAcert% %CAcert%
+if errorlevel 1 goto err_verify_3
+echo --
+echo make another certificate request using 'req'
+%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new >err.ss
+if errorlevel 1 goto err_req_gen
+echo --
+echo sign certificate request with the just created CA via 'x509'
+%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
+if errorlevel 1 goto err_x509_sign
+%verifycmd% -CAfile %CAcert% %Ucert%
+echo --
+echo Certificate details
+%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
+echo Everything appeared to work
+echo --
+echo The generated CA certificate is %CAcert%
+echo The generated CA private key is %CAkey%
+echo The current CA signing serial number is in %CAserial%
+echo The generated user certificate is %Ucert%
+echo The generated user private key is %Ukey%
+echo --
+del err.ss
+goto end
+:err_req
+echo error using 'req' to generate a certificate request
+goto end
+:err_x509
+echo error using 'x509' to self sign a certificate request
+goto end
+:err_x509_2
+echo error using 'x509' convert a certificate to a certificate request
+goto end
+:err_verify_1
+echo first generated request is invalid
+goto end
+:err_verify_2
+echo second generated request is invalid
+goto end
+:err_verify_3
+echo first generated cert is invalid
+goto end
+:err_req_gen
+echo error using 'req' to generate a certificate request
+goto end
+:err_x509_sign
+echo error using 'x509' to sign a certificate request
+goto end
+:end
diff --git a/src/lib/libssl/src/ms/tpem.bat b/src/lib/libssl/src/ms/tpem.bat
new file mode 100644
index 0000000000..cd01792e9f
--- /dev/null
+++ b/src/lib/libssl/src/ms/tpem.bat
@@ -0,0 +1,6 @@
+rem called by testpem
+echo test %1 %2
+%ssleay% %1 -in %2 -out %tmp1%
+%cmp% %2 %tmp1%
diff --git a/src/lib/libssl/src/shlib/README b/src/lib/libssl/src/shlib/README
new file mode 100644
index 0000000000..fea07a59ea
--- /dev/null
+++ b/src/lib/libssl/src/shlib/README
@@ -0,0 +1 @@
+Only the windows NT and, linux builds have been tested for SSLeay 0.8.0
diff --git a/src/lib/libssl/src/shlib/irix.sh b/src/lib/libssl/src/shlib/irix.sh
new file mode 100644
index 0000000000..22e4e6ad50
--- /dev/null
+++ b/src/lib/libssl/src/shlib/irix.sh
@@ -0,0 +1,7 @@
+FLAGS="-DTERMIOS -O2 -mips2 -DB_ENDIAN -fomit-frame-pointer -Wall -Iinclude"
+SHFLAGS="-DPIC -fpic"
+gcc -c -Icrypto $SHFLAGS $FLAGS -o crypto.o crypto/crypto.c
+ld -shared -o libcrypto.so crypto.o
+gcc -c -Issl $SHFLAGS $FLAGS -o ssl.o ssl/ssl.c
+ld -shared -o libssl.so ssl.o
diff --git a/src/lib/libssl/src/shlib/solaris.sh b/src/lib/libssl/src/shlib/solaris.sh
new file mode 100644
index 0000000000..03475f12b4
--- /dev/null
+++ b/src/lib/libssl/src/shlib/solaris.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+echo "#define DATE      \"`date`\"" >crypto/date.h
+major="0"
+minor="8.0"
+slib=libssl
+clib=libcrypto
+CC=gcc
+CPP='gcc -E'
+AS=as
+#FLAGS='-DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -mv8 -Wall'
+FLAGS='-DTERMIO -g2 -ggdb -DL_ENDIAN -Wall -DREF_CHECK -DCRYPTO_MDEBUG'
+INCLUDE='-Iinclude -Icrypto -Issl'
+SHFLAGS='-DPIC -fpic'
+CFLAGS="$FLAGS $INCLUDE $SHFLAGS"
+ASM_OBJ="";
+echo compiling bignum assember
+$AS -o bn_asm.o crypto/bn/asm/sparc.s
+CFLAGS="$CFLAGS -DBN_ASM"
+ASM_OBJ="$ASM_OBJ bn_asm.o"
+echo compiling $clib
+$CC -c $CFLAGS -DCFLAGS="\"$FLAGS\"" -o crypto.o crypto/crypto.c
+echo linking $clib.so
+gcc $CFLAGS -shared -o $clib.so.$major.$minor crypto.o $ASM_OBJ -lnsl -lsocket
+echo compiling $slib.so
+$CC -c $CFLAGS -o ssl.o ssl/ssl.c
+echo building $slib.so
+gcc $CFLAGS -shared -o $slib.so ssl.o -L. -lcrypto
diff --git a/src/lib/libssl/src/shlib/sun.sh b/src/lib/libssl/src/shlib/sun.sh
new file mode 100644
index 0000000000..a890bbd376
--- /dev/null
+++ b/src/lib/libssl/src/shlib/sun.sh
@@ -0,0 +1,8 @@
+FLAGS="-DTERMIO -O3 -DB_ENDIAN -fomit-frame-pointer -mv8 -Wall -Iinclude"
+SHFLAGS="-DPIC -fpic"
+gcc -c -Icrypto $SHFLAGS -fpic $FLAGS -o crypto.o crypto/crypto.c
+ld -G -z text -o libcrypto.so crypto.o
+gcc -c -Issl $SHFLAGS $FLAGS -o ssl.o ssl/ssl.c
+ld -G -z text -o libssl.so ssl.o
diff --git a/src/lib/libssl/src/shlib/win32.bat b/src/lib/libssl/src/shlib/win32.bat
new file mode 100644
index 0000000000..c807a99d35
--- /dev/null
+++ b/src/lib/libssl/src/shlib/win32.bat
@@ -0,0 +1,18 @@
+rem win32 dll build
+set OPTIONS1=-DDES_ASM -DBN_ASM -DBF_ASM -DFLAT_INC -Iout -Itmp -DL_ENDIAN
+set OPTIONS2=/W3 /WX /Ox /Gs0 /GF /Gy /nologo
+set OPTIONS=%OPTIONS1% %OPTIONS2%
+rem ml /coff /c crypto\bf\asm\b-win32.asm
+rem ml /coff /c crypto\des\asm\c-win32.asm
+rem ml /coff /c crypto\des\asm\d-win32.asm
+rem ml /coff /c crypto\bn\asm\x86nt32.asm
+cl /Focrypto.obj -DWIN32 %OPTIONS% -c crypto\crypto.c
+cl /Fossl.obj -DWIN32 %OPTIONS% -c ssl\ssl.c
+cl /Foeay.obj -DWIN32 %OPTIONS% -c apps\eay.c
+cl /Fessleay.exe %OPTIONS% eay.obj ssl.obj crypto.obj crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib wsock32.lib
diff --git a/src/lib/libssl/src/shlib/win32dll.bat b/src/lib/libssl/src/shlib/win32dll.bat
new file mode 100644
index 0000000000..294c94c81c
--- /dev/null
+++ b/src/lib/libssl/src/shlib/win32dll.bat
@@ -0,0 +1,13 @@
+rem win32 dll build
+set OPTIONS1=-DDES_ASM -DBN_ASM -DBF_ASM -DFLAT_INC -Iout -Itmp -DL_ENDIAN
+set OPTIONS2=/W3 /WX /Ox /Gf /nologo
+set OPTIONS=%OPTIONS1% %OPTIONS2%
+cl /Felibeay32.dll /GD /MD /LD -DWIN32 %OPTIONS% ms\libeay32.def crypto\crypto.c crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib wsock32.lib
+cl /Fessleay32.dll /GD /MD /LD -DWIN32 %OPTIONS% ms\ssleay32.def ssl\ssl.c libeay32.lib
+cl /Fessleay.exe /MD -DWIN32 %OPTIONS% apps\eay.c ssleay32.lib libeay32.lib user32.lib wsock32.lib
diff --git a/src/lib/libssl/src/ssl/bio_ssl.c b/src/lib/libssl/src/ssl/bio_ssl.c
new file mode 100644
index 0000000000..58a6d69b9b
--- /dev/null
+++ b/src/lib/libssl/src/ssl/bio_ssl.c
@@ -0,0 +1,585 @@
+/* ssl/bio_ssl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include "crypto.h"
+#include "bio.h"
+#include "err.h"
+#include "ssl.h"
+#ifndef NOPROTO
+static int ssl_write(BIO *h,char *buf,int num);
+static int ssl_read(BIO *h,char *buf,int size);
+static int ssl_puts(BIO *h,char *str);
+static long ssl_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int ssl_new(BIO *h);
+static int ssl_free(BIO *data);
+#else
+static int ssl_write();
+static int ssl_read();
+static int ssl_puts();
+static long ssl_ctrl();
+static int ssl_new();
+static int ssl_free();
+#endif
+typedef struct bio_ssl_st
+        {
+        SSL *ssl; /* The ssl handle :-) */
+        /* re-negotiate every time the total number of bytes is this size */
+        int num_renegotiates;
+        unsigned long renegotiate_count;
+        unsigned long byte_count;
+        unsigned long renegotiate_timeout;
+        unsigned long last_time;
+        } BIO_SSL;
+static BIO_METHOD methods_sslp=
+        {
+        BIO_TYPE_SSL,"ssl",
+        ssl_write,
+        ssl_read,
+        ssl_puts,
+        NULL, /* ssl_gets, */
+        ssl_ctrl,
+        ssl_new,
+        ssl_free,
+        };
+BIO_METHOD *BIO_f_ssl()
+        {
+        return(&methods_sslp);
+        }
+static int ssl_new(bi)
+BIO *bi;
+        {
+        BIO_SSL *bs;
+        bs=(BIO_SSL *)Malloc(sizeof(BIO_SSL));
+        if (bs == NULL)
+                {
+                BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        memset(bs,0,sizeof(BIO_SSL));
+        bi->init=0;
+        bi->ptr=(char *)bs;
+        bi->flags=0;
+        return(1);
+        }
+static int ssl_free(a)
+BIO *a;
+        {
+        BIO_SSL *bs;
+        if (a == NULL) return(0);
+        bs=(BIO_SSL *)a->ptr;
+        if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
+        if (a->shutdown)
+                {
+                if (a->init && (bs->ssl != NULL))
+                        SSL_free(bs->ssl);
+                a->init=0;
+                a->flags=0;
+                }
+        if (a->ptr != NULL)
+                Free(a->ptr);
+        return(1);
+        }
+        
+static int ssl_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        int ret=1;
+        BIO_SSL *sb;
+        SSL *ssl;
+        int retry_reason=0;
+        int r=0;
+        if (out == NULL) return(0);
+        sb=(BIO_SSL *)b->ptr;
+        ssl=sb->ssl;
+        BIO_clear_retry_flags(b);
+#if 0
+        if (!SSL_is_init_finished(ssl))
+                {
+/*              ret=SSL_do_handshake(ssl); */
+                if (ret > 0)
+                        {
+                        outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
+                        ret= -1;
+                        goto end;
+                        }
+                }
+#endif
+/*      if (ret > 0) */
+        ret=SSL_read(ssl,out,outl);
+        switch (SSL_get_error(ssl,ret))
+                {
+        case SSL_ERROR_NONE:
+                if (ret <= 0) break;
+                if (sb->renegotiate_count > 0)
+                        {
+                        sb->byte_count+=ret;
+                        if (sb->byte_count > sb->renegotiate_count)
+                                {
+                                sb->byte_count=0;
+                                sb->num_renegotiates++;
+                                SSL_renegotiate(ssl);
+                                r=1;
+                                }
+                        }
+                if ((sb->renegotiate_timeout > 0) && (!r))
+                        {
+                        unsigned long tm;
+                        tm=(unsigned long)time(NULL);
+                        if (tm > sb->last_time+sb->renegotiate_timeout)
+                                {
+                                sb->last_time=tm;
+                                sb->num_renegotiates++;
+                                SSL_renegotiate(ssl);
+                                }
+                        }
+                break;
+        case SSL_ERROR_WANT_READ:
+                BIO_set_retry_read(b);
+                break;
+        case SSL_ERROR_WANT_WRITE:
+                BIO_set_retry_write(b);
+                break;
+        case SSL_ERROR_WANT_X509_LOOKUP:
+                BIO_set_retry_special(b);
+                retry_reason=BIO_RR_SSL_X509_LOOKUP;
+                break;
+        case SSL_ERROR_WANT_CONNECT:
+                BIO_set_retry_special(b);
+                retry_reason=BIO_RR_CONNECT;
+                break;
+        case SSL_ERROR_SYSCALL:
+        case SSL_ERROR_SSL:
+        case SSL_ERROR_ZERO_RETURN:
+        default:
+                break;
+                }
+        b->retry_reason=retry_reason;
+        return(ret);
+        }
+static int ssl_write(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+        {
+        int ret,r=0;
+        int retry_reason=0;
+        SSL *ssl;
+        BIO_SSL *bs;
+        if (out == NULL) return(0);
+        bs=(BIO_SSL *)b->ptr;
+        ssl=bs->ssl;
+        BIO_clear_retry_flags(b);
+/*      ret=SSL_do_handshake(ssl);
+        if (ret > 0) */
+        ret=SSL_write(ssl,out,outl);
+        switch (SSL_get_error(ssl,ret))
+                {
+        case SSL_ERROR_NONE:
+                if (ret <= 0) break;
+                if (bs->renegotiate_count > 0)
+                        {
+                        bs->byte_count+=ret;
+                        if (bs->byte_count > bs->renegotiate_count)
+                                {
+                                bs->byte_count=0;
+                                bs->num_renegotiates++;
+                                SSL_renegotiate(ssl);
+                                r=1;
+                                }
+                        }
+                if ((bs->renegotiate_timeout > 0) && (!r))
+                        {
+                        unsigned long tm;
+                        tm=(unsigned long)time(NULL);
+                        if (tm > bs->last_time+bs->renegotiate_timeout)
+                                {
+                                bs->last_time=tm;
+                                bs->num_renegotiates++;
+                                SSL_renegotiate(ssl);
+                                }
+                        }
+                break;
+        case SSL_ERROR_WANT_WRITE:
+                BIO_set_retry_write(b);
+                break;
+        case SSL_ERROR_WANT_READ:
+                BIO_set_retry_read(b);
+                break;
+        case SSL_ERROR_WANT_X509_LOOKUP:
+                BIO_set_retry_special(b);
+                retry_reason=BIO_RR_SSL_X509_LOOKUP;
+                break;
+        case SSL_ERROR_WANT_CONNECT:
+                BIO_set_retry_special(b);
+                retry_reason=BIO_RR_CONNECT;
+        case SSL_ERROR_SYSCALL:
+        case SSL_ERROR_SSL:
+        default:
+                break;
+                }
+        b->retry_reason=retry_reason;
+        return(ret);
+        }
+static long ssl_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+        {
+        SSL **sslp,*ssl;
+        BIO_SSL *bs;
+        BIO *dbio,*bio;
+        long ret=1;
+        bs=(BIO_SSL *)b->ptr;
+        ssl=bs->ssl;
+        if ((ssl == NULL)  && (cmd != BIO_C_SET_SSL))
+                return(0);
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                SSL_shutdown(ssl);
+                if (ssl->handshake_func == ssl->method->ssl_connect)
+                        SSL_set_connect_state(ssl);
+                else if (ssl->handshake_func == ssl->method->ssl_accept)
+                        SSL_set_accept_state(ssl);
+                SSL_clear(ssl);
+                if (b->next_bio != NULL)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                else if (ssl->rbio != NULL)
+                        ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
+                else
+                        ret=1;
+                break;
+        case BIO_CTRL_INFO:
+                ret=0;
+                break;
+        case BIO_C_SSL_MODE:
+                if (num) /* client mode */
+                        SSL_set_connect_state(ssl);
+                else
+                        SSL_set_accept_state(ssl);
+                break;
+        case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
+                ret=bs->renegotiate_timeout;
+                if (num < 60) num=5;
+                bs->renegotiate_timeout=(unsigned long)num;
+                bs->last_time=(unsigned long)time(NULL);
+                break;
+        case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
+                ret=bs->renegotiate_count;
+                if ((long)num >=512)
+                        bs->renegotiate_count=(unsigned long)num;
+                break;
+        case BIO_C_GET_SSL_NUM_RENEGOTIATES:
+                ret=bs->num_renegotiates;
+                break;
+        case BIO_C_SET_SSL:
+                if (ssl != NULL)
+                        ssl_free(b);
+                b->shutdown=(int)num;
+                ssl=(SSL *)ptr;
+                ((BIO_SSL *)b->ptr)->ssl=ssl;
+                bio=SSL_get_rbio(ssl);
+                if (bio != NULL)
+                        {
+                        if (b->next_bio != NULL)
+                                BIO_push(bio,b->next_bio);
+                        b->next_bio=bio;
+                        CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
+                        }
+                b->init=1;
+                break;
+        case BIO_C_GET_SSL:
+                if (ptr != NULL)
+                        {
+                        sslp=(SSL **)ptr;
+                        *sslp=ssl;
+                        }
+                else
+                        ret=0;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+                ret=b->shutdown;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+                b->shutdown=(int)num;
+                break;
+        case BIO_CTRL_WPENDING:
+                ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_PENDING:
+                ret=SSL_pending(ssl);
+                if (ret == 0)
+                        ret=BIO_pending(ssl->rbio);
+                break;
+        case BIO_CTRL_FLUSH:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_CTRL_PUSH:
+                if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
+                        {
+                        SSL_set_bio(ssl,b->next_bio,b->next_bio);
+                        CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
+                        }
+                break;
+        case BIO_CTRL_POP:
+                /* ugly bit of a hack */
+                if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */
+                        {
+                        BIO_free_all(ssl->wbio);
+                        }
+                ssl->wbio=NULL;
+                ssl->rbio=NULL;
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                b->retry_reason=0;
+                ret=(int)SSL_do_handshake(ssl);
+                switch (SSL_get_error(ssl,(int)ret))
+                        {
+                case SSL_ERROR_WANT_READ:
+                        BIO_set_flags(b,
+                                BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
+                        break;
+                case SSL_ERROR_WANT_WRITE:
+                        BIO_set_flags(b,
+                                BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
+                        break;
+                case SSL_ERROR_WANT_CONNECT:
+                        BIO_set_flags(b,
+                                BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
+                        b->retry_reason=b->next_bio->retry_reason;
+                        break;
+                default:
+                        break;
+                        }
+                break;
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+                if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
+                        SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
+                ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
+                ((BIO_SSL *)dbio->ptr)->renegotiate_count=
+                        ((BIO_SSL *)b->ptr)->renegotiate_count;
+                ((BIO_SSL *)dbio->ptr)->byte_count=
+                        ((BIO_SSL *)b->ptr)->byte_count;
+                ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
+                        ((BIO_SSL *)b->ptr)->renegotiate_timeout;
+                ((BIO_SSL *)dbio->ptr)->last_time=
+                        ((BIO_SSL *)b->ptr)->last_time;
+                ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
+                break;
+        case BIO_C_GET_FD:
+                ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_SET_CALLBACK:
+                SSL_set_info_callback(ssl,(void (*)())ptr);
+                break;
+        case BIO_CTRL_GET_CALLBACK:
+                {
+                void (**fptr)();
+                fptr=(void (**)())ptr;
+                *fptr=SSL_get_info_callback(ssl);
+                }
+                break;
+        default:
+                ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
+static int ssl_puts(bp,str)
+BIO *bp;
+char *str;
+        {
+        int n,ret;
+        n=strlen(str);
+        ret=BIO_write(bp,str,n);
+        return(ret);
+        }
+BIO *BIO_new_buffer_ssl_connect(ctx)
+SSL_CTX *ctx;
+        {
+        BIO *ret=NULL,*buf=NULL,*ssl=NULL;
+        if ((buf=BIO_new(BIO_f_buffer())) == NULL)
+                return(NULL);
+        if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
+                goto err;
+        if ((ret=BIO_push(buf,ssl)) == NULL)
+                goto err;
+        return(ret);
+err:
+        if (buf != NULL) BIO_free(buf);
+        if (ssl != NULL) BIO_free(ssl);
+        return(NULL);
+        }
+BIO *BIO_new_ssl_connect(ctx)
+SSL_CTX *ctx;
+        {
+        BIO *ret=NULL,*con=NULL,*ssl=NULL;
+        if ((con=BIO_new(BIO_s_connect())) == NULL)
+                return(NULL);
+        if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
+                goto err;
+        if ((ret=BIO_push(ssl,con)) == NULL)
+                goto err;
+        return(ret);
+err:
+        if (con != NULL) BIO_free(con);
+        if (ret != NULL) BIO_free(ret);
+        return(NULL);
+        }
+BIO *BIO_new_ssl(ctx,client)
+SSL_CTX *ctx;
+int client;
+        {
+        BIO *ret;
+        SSL *ssl;
+        if ((ret=BIO_new(BIO_f_ssl())) == NULL)
+                return(NULL);
+        if ((ssl=SSL_new(ctx)) == NULL)
+                {
+                BIO_free(ret);
+                return(NULL);
+                }
+        if (client)
+                SSL_set_connect_state(ssl);
+        else
+                SSL_set_accept_state(ssl);
+                
+        BIO_set_ssl(ret,ssl,BIO_CLOSE);
+        return(ret);
+        }
+int BIO_ssl_copy_session_id(t,f)
+BIO *t,*f;
+        {
+        t=BIO_find_type(t,BIO_TYPE_SSL);
+        f=BIO_find_type(f,BIO_TYPE_SSL);
+        if ((t == NULL) || (f == NULL))
+                return(0);
+        if (    (((BIO_SSL *)t->ptr)->ssl == NULL) || 
+                (((BIO_SSL *)f->ptr)->ssl == NULL))
+                return(0);
+        SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
+        return(1);
+        }
+void BIO_ssl_shutdown(b)
+BIO *b;
+        {
+        SSL *s;
+        while (b != NULL)
+                {
+                if (b->method->type == BIO_TYPE_SSL)
+                        {
+                        s=((BIO_SSL *)b->ptr)->ssl;
+                        SSL_shutdown(s);
+                        break;
+                        }
+                b=b->next_bio;
+                }
+        }
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
new file mode 100644
index 0000000000..a4661ebb68
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -0,0 +1,466 @@
+/* ssl/s23_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "buffer.h"
+#include "rand.h"
+#include "objects.h"
+#include "evp.h"
+#include "ssl_locl.h"
+#define BREAK break
+#ifndef NOPROTO
+static int ssl23_client_hello(SSL *s);
+static int ssl23_get_server_hello(SSL *s);
+#else
+static int ssl23_client_hello();
+static int ssl23_get_server_hello();
+#endif
+static SSL_METHOD *ssl23_get_client_method(ver)
+int ver;
+        {
+        if (ver == SSL2_VERSION)
+                return(SSLv2_client_method());
+        else if (ver == SSL3_VERSION)
+                return(SSLv3_client_method());
+        else if (ver == TLS1_VERSION)
+                return(TLSv1_client_method());
+        else
+                return(NULL);
+        }
+SSL_METHOD *SSLv23_client_method()
+        {
+        static int init=1;
+        static SSL_METHOD SSLv23_client_data;
+        if (init)
+                {
+                init=0;
+                memcpy((char *)&SSLv23_client_data,
+                        (char *)sslv23_base_method(),sizeof(SSL_METHOD));
+                SSLv23_client_data.ssl_connect=ssl23_connect;
+                SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+                }
+        return(&SSLv23_client_data);
+        }
+int ssl23_connect(s)
+SSL *s;
+        {
+        BUF_MEM *buf;
+        unsigned long Time=time(NULL);
+        void (*cb)()=NULL;
+        int ret= -1;
+        int new_state,state;
+        RAND_seed((unsigned char *)&Time,sizeof(Time));
+        ERR_clear_error();
+        clear_sys_error();
+        if (s->info_callback != NULL)
+                cb=s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+                cb=s->ctx->info_callback;
+        
+        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+        s->in_handshake++;
+        for (;;)
+                {
+                state=s->state;
+                switch(s->state)
+                        {
+                case SSL_ST_BEFORE:
+                case SSL_ST_CONNECT:
+                case SSL_ST_BEFORE|SSL_ST_CONNECT:
+                case SSL_ST_OK|SSL_ST_CONNECT:
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+                        /* s->version=TLS1_VERSION; */
+                        s->type=SSL_ST_CONNECT;
+                        if (s->init_buf == NULL)
+                                {
+                                if ((buf=BUF_MEM_new()) == NULL)
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                s->init_buf=buf;
+                                }
+                        if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+                        ssl3_init_finished_mac(s);
+                        s->state=SSL23_ST_CW_CLNT_HELLO_A;
+                        s->ctx->sess_connect++;
+                        s->init_num=0;
+                        break;
+                case SSL23_ST_CW_CLNT_HELLO_A:
+                case SSL23_ST_CW_CLNT_HELLO_B:
+                        s->shutdown=0;
+                        ret=ssl23_client_hello(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL23_ST_CR_SRVR_HELLO_A;
+                        s->init_num=0;
+                        break;
+                case SSL23_ST_CR_SRVR_HELLO_A:
+                case SSL23_ST_CR_SRVR_HELLO_B:
+                        ret=ssl23_get_server_hello(s);
+                        if (ret >= 0) cb=NULL;
+                        goto end;
+                        break;
+                default:
+                        SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
+                        ret= -1;
+                        goto end;
+                        /* break; */
+                        }
+                if (s->debug) BIO_flush(s->wbio);
+                if ((cb != NULL) && (s->state != state))
+                        {
+                        new_state=s->state;
+                        s->state=state;
+                        cb(s,SSL_CB_CONNECT_LOOP,1);
+                        s->state=new_state;
+                        }
+                }
+end:
+        s->in_handshake--;
+        if (cb != NULL)
+                cb(s,SSL_CB_CONNECT_EXIT,ret);
+        return(ret);
+        }
+static int ssl23_client_hello(s)
+SSL *s;
+        {
+        unsigned char *buf;
+        unsigned char *p,*d;
+        int i,ch_len;
+        buf=(unsigned char *)s->init_buf->data;
+        if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+                {
+#if 0
+                /* don't reuse session-id's */
+                if (!ssl_get_new_session(s,0))
+                        {
+                        return(-1);
+                        }
+#endif
+                p=s->s3->client_random;
+                RAND_bytes(p,SSL3_RANDOM_SIZE);
+                /* Do the message type and length last */
+                d= &(buf[2]);
+                p=d+9;
+                *(d++)=SSL2_MT_CLIENT_HELLO;
+                if (!(s->options & SSL_OP_NO_TLSv1))
+                        {
+                        *(d++)=TLS1_VERSION_MAJOR;
+                        *(d++)=TLS1_VERSION_MINOR;
+                        }
+                else if (!(s->options & SSL_OP_NO_SSLv3))
+                        {
+                        *(d++)=SSL3_VERSION_MAJOR;
+                        *(d++)=SSL3_VERSION_MINOR;
+                        }
+                else if (!(s->options & SSL_OP_NO_SSLv2))
+                        {
+                        *(d++)=SSL2_VERSION_MAJOR;
+                        *(d++)=SSL2_VERSION_MINOR;
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
+                        return(-1);
+                        }
+                /* Ciphers supported */
+                i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p);
+                if (i == 0)
+                        {
+                        /* no ciphers */
+                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+                        return(-1);
+                        }
+                s2n(i,d);
+                p+=i;
+                /* put in the session-id, zero since there is no
+                 * reuse. */
+#if 0
+                s->session->session_id_length=0;
+#endif
+                s2n(0,d);
+                if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+                        ch_len=SSL2_CHALLENGE_LENGTH;
+                else
+                        ch_len=SSL2_MAX_CHALLENGE_LENGTH;
+                /* write out sslv2 challenge */
+                if (SSL3_RANDOM_SIZE < ch_len)
+                        i=SSL3_RANDOM_SIZE;
+                else
+                        i=ch_len;
+                s2n(i,d);
+                memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
+                RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+                memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+                p+=i;
+                i= p- &(buf[2]);
+                buf[0]=((i>>8)&0xff)|0x80;
+                buf[1]=(i&0xff);
+                s->state=SSL23_ST_CW_CLNT_HELLO_B;
+                /* number of bytes to write */
+                s->init_num=i+2;
+                s->init_off=0;
+                ssl3_finish_mac(s,&(buf[2]),i);
+                }
+        /* SSL3_ST_CW_CLNT_HELLO_B */
+        return(ssl23_write_bytes(s));
+        }
+static int ssl23_get_server_hello(s)
+SSL *s;
+        {
+        char buf[8];
+        unsigned char *p;
+        int i,ch_len;
+        int n;
+        n=ssl23_read_bytes(s,7);
+        if (n != 7) return(n);
+        p=s->packet;
+        memcpy(buf,p,n);
+        if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
+                (p[5] == 0x00) && (p[6] == 0x02))
+                {
+                /* we are talking sslv2 */
+                /* we need to clean up the SSLv3 setup and put in the
+                 * sslv2 stuff. */
+                if (s->options & SSL_OP_NO_SSLv2)
+                        {
+                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+                        goto err;
+                        }
+                if (s->s2 == NULL)
+                        {
+                        if (!ssl2_new(s))
+                                goto err;
+                        }
+                else
+                        ssl2_clear(s);
+                if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+                        ch_len=SSL2_CHALLENGE_LENGTH;
+                else
+                        ch_len=SSL2_MAX_CHALLENGE_LENGTH;
+                /* write out sslv2 challenge */
+                i=(SSL3_RANDOM_SIZE < ch_len)
+                        ?SSL3_RANDOM_SIZE:ch_len;
+                s->s2->challenge_length=i;
+                memcpy(s->s2->challenge,
+                        &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+                if (s->s3 != NULL) ssl3_free(s);
+                if (!BUF_MEM_grow(s->init_buf,
+                        SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+                        {
+                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
+                        goto err;
+                        }
+                s->state=SSL2_ST_GET_SERVER_HELLO_A;
+                s->s2->ssl2_rollback=1;
+                /* setup the 5 bytes we have read so we get them from
+                 * the sslv2 buffer */
+                s->rstate=SSL_ST_READ_HEADER;
+                s->packet_length=n;
+                s->packet= &(s->s2->rbuf[0]);
+                memcpy(s->packet,buf,n);
+                s->s2->rbuf_left=n;
+                s->s2->rbuf_offs=0;
+                /* we have already written one */
+                s->s2->write_sequence=1;
+                s->method=SSLv2_client_method();
+                s->handshake_func=s->method->ssl_connect;
+                }
+        else if ((p[0] == SSL3_RT_HANDSHAKE) &&
+                 (p[1] == SSL3_VERSION_MAJOR) &&
+                 ((p[2] == SSL3_VERSION_MINOR) ||
+                  (p[2] == TLS1_VERSION_MINOR)) &&
+                 (p[5] == SSL3_MT_SERVER_HELLO))
+                {
+                /* we have sslv3 or tls1 */
+                if (!ssl_init_wbio_buffer(s,1)) goto err;
+                /* we are in this state */
+                s->state=SSL3_ST_CR_SRVR_HELLO_A;
+                /* put the 5 bytes we have read into the input buffer
+                 * for SSLv3 */
+                s->rstate=SSL_ST_READ_HEADER;
+                s->packet_length=n;
+                s->packet= &(s->s3->rbuf.buf[0]);
+                memcpy(s->packet,buf,n);
+                s->s3->rbuf.left=n;
+                s->s3->rbuf.offset=0;
+                if ((p[2] == SSL3_VERSION_MINOR) &&
+                        !(s->options & SSL_OP_NO_SSLv3))
+                        {
+                        s->version=SSL3_VERSION;
+                        s->method=SSLv3_client_method();
+                        }
+                else if ((p[2] == TLS1_VERSION_MINOR) &&
+                        !(s->options & SSL_OP_NO_TLSv1))
+                        {
+                        s->version=TLS1_VERSION;
+                        s->method=TLSv1_client_method();
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+                        goto err;
+                        }
+                        
+                s->handshake_func=s->method->ssl_connect;
+                }
+        else if ((p[0] == SSL3_RT_ALERT) &&
+                 (p[1] == SSL3_VERSION_MAJOR) &&
+                 ((p[2] == SSL3_VERSION_MINOR) ||
+                  (p[2] == TLS1_VERSION_MINOR)) &&
+                 (p[3] == 0) &&
+                 (p[4] == 2))
+                {
+                void (*cb)()=NULL;
+                int j;
+                /* An alert */
+                if (s->info_callback != NULL)
+                        cb=s->info_callback;
+                else if (s->ctx->info_callback != NULL)
+                        cb=s->ctx->info_callback;
+ 
+                i=p[5];
+                if (cb != NULL)
+                        {
+                        j=(i<<8)|p[6];
+                        cb(s,SSL_CB_READ_ALERT,j);
+                        }
+                s->rwstate=SSL_NOTHING;
+                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,1000+p[6]);
+                goto err;
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
+                goto err;
+                }
+        s->init_num=0;
+        /* Since, if we are sending a ssl23 client hello, we are not
+         * reusing a session-id */
+        if (!ssl_get_new_session(s,0))
+                goto err;
+        s->first_packet=1;
+        return(SSL_connect(s));
+err:
+        return(-1);
+        }
diff --git a/src/lib/libssl/src/ssl/s23_lib.c b/src/lib/libssl/src/ssl/s23_lib.c
new file mode 100644
index 0000000000..e16f641101
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s23_lib.c
@@ -0,0 +1,233 @@
+/* ssl/s23_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "objects.h"
+#include "ssl_locl.h"
+#ifndef NOPROTO
+static int ssl23_num_ciphers(void );
+static SSL_CIPHER *ssl23_get_cipher(unsigned int u);
+static int ssl23_read(SSL *s, char *buf, int len);
+static int ssl23_write(SSL *s, char *buf, int len);
+static long ssl23_default_timeout(void );
+static int ssl23_put_cipher_by_char(SSL_CIPHER *c, unsigned char *p);
+static SSL_CIPHER *ssl23_get_cipher_by_char(unsigned char *p);
+#else
+static int ssl23_num_ciphers();
+static SSL_CIPHER *ssl23_get_cipher();
+static int ssl23_read();
+static int ssl23_write();
+static long ssl23_default_timeout();
+static int ssl23_put_cipher_by_char();
+static SSL_CIPHER *ssl23_get_cipher_by_char();
+#endif
+char *SSL23_version_str="SSLv2/3 compatablity part of SSLeay 0.7.0 30-Jan-1997";
+static SSL_METHOD SSLv23_data= {
+        TLS1_VERSION,
+        tls1_new,
+        tls1_clear,
+        tls1_free,
+        ssl_undefined_function,
+        ssl_undefined_function,
+        ssl23_read,
+        ssl_undefined_function,
+        ssl23_write,
+        ssl_undefined_function,
+        ssl_undefined_function,
+        ssl3_ctrl,
+        ssl3_ctx_ctrl,
+        ssl23_get_cipher_by_char,
+        ssl23_put_cipher_by_char,
+        ssl_undefined_function,
+        ssl23_num_ciphers,
+        ssl23_get_cipher,
+        ssl_bad_method,
+        ssl23_default_timeout,
+        &ssl3_undef_enc_method,
+        };
+static long ssl23_default_timeout()
+        {
+        return(300);
+        }
+SSL_METHOD *sslv23_base_method()
+        {
+        return(&SSLv23_data);
+        }
+static int ssl23_num_ciphers()
+        {
+        return(ssl3_num_ciphers()+ssl2_num_ciphers());
+        }
+static SSL_CIPHER *ssl23_get_cipher(u)
+unsigned int u;
+        {
+        unsigned int uu=ssl3_num_ciphers();
+        if (u < uu)
+                return(ssl3_get_cipher(u));
+        else
+                return(ssl2_get_cipher(u-uu));
+        }
+/* This function needs to check if the ciphers required are actually
+ * available */
+static SSL_CIPHER *ssl23_get_cipher_by_char(p)
+unsigned char *p;
+        {
+        SSL_CIPHER c,*cp;
+        unsigned long id;
+        int n;
+        n=ssl3_num_ciphers();
+        id=0x03000000|((unsigned long)p[0]<<16L)|
+                ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
+        c.id=id;
+        cp=ssl3_get_cipher_by_char(p);
+        if (cp == NULL)
+                cp=ssl2_get_cipher_by_char(p);
+        return(cp);
+        }
+static int ssl23_put_cipher_by_char(c,p)
+SSL_CIPHER *c;
+unsigned char *p;
+        {
+        long l;
+        /* We can write SSLv2 and SSLv3 ciphers */
+        if (p != NULL)
+                {
+                l=c->id;
+                p[0]=((unsigned char)(l>>16L))&0xFF;
+                p[1]=((unsigned char)(l>> 8L))&0xFF;
+                p[2]=((unsigned char)(l     ))&0xFF;
+                }
+        return(3);
+        }
+static int ssl23_read(s,buf,len)
+SSL *s;
+char *buf;
+int len;
+        {
+        int n;
+#if 0
+        if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
+                {
+                s->rwstate=SSL_NOTHING;
+                return(0);
+                }
+#endif
+        clear_sys_error();
+        if (SSL_in_init(s) && (!s->in_handshake))
+                {
+                n=s->handshake_func(s);
+                if (n < 0) return(n);
+                if (n == 0)
+                        {
+                        SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return(-1);
+                        }
+                return(SSL_read(s,buf,len));
+                }
+        else
+                {
+                ssl_undefined_function(s);
+                return(-1);
+                }
+        }
+static int ssl23_write(s,buf,len)
+SSL *s;
+char *buf;
+int len;
+        {
+        int n;
+#if 0
+        if (s->shutdown & SSL_SENT_SHUTDOWN)
+                {
+                s->rwstate=SSL_NOTHING;
+                return(0);
+                }
+#endif
+        clear_sys_error();
+        if (SSL_in_init(s) && (!s->in_handshake))
+                {
+                n=s->handshake_func(s);
+                if (n < 0) return(n);
+                if (n == 0)
+                        {
+                        SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return(-1);
+                        }
+                return(SSL_write(s,buf,len));
+                }
+        else
+                {
+                ssl_undefined_function(s);
+                return(-1);
+                }
+        }
diff --git a/src/lib/libssl/src/ssl/s23_meth.c b/src/lib/libssl/src/ssl/s23_meth.c
new file mode 100644
index 0000000000..1eed7a54bc
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s23_meth.c
@@ -0,0 +1,92 @@
+/* ssl/s23_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "objects.h"
+#include "ssl_locl.h"
+static SSL_METHOD *ssl23_get_method(ver)
+int ver;
+        {
+        if (ver == SSL2_VERSION)
+                return(SSLv23_method());
+        else if (ver == SSL3_VERSION)
+                return(SSLv3_method());
+        else if (ver == TLS1_VERSION)
+                return(TLSv1_method());
+        else
+                return(NULL);
+        }
+SSL_METHOD *SSLv23_method()
+        {
+        static int init=1;
+        static SSL_METHOD SSLv23_data;
+        if (init)
+                {
+                init=0;
+                memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
+                        sizeof(SSL_METHOD));
+                SSLv23_data.ssl_connect=ssl23_connect;
+                SSLv23_data.ssl_accept=ssl23_accept;
+                SSLv23_data.get_ssl_method=ssl23_get_method;
+                }
+        return(&SSLv23_data);
+        }
diff --git a/src/lib/libssl/src/ssl/s23_pkt.c b/src/lib/libssl/src/ssl/s23_pkt.c
new file mode 100644
index 0000000000..c25c312772
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s23_pkt.c
@@ -0,0 +1,120 @@
+/* ssl/s23_pkt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "evp.h"
+#include "buffer.h"
+#include "ssl_locl.h"
+int ssl23_write_bytes(s)
+SSL *s;
+        {
+        int i,num,tot;
+        char *buf;
+        buf=s->init_buf->data;
+        tot=s->init_off;
+        num=s->init_num;
+        for (;;)
+                {
+                s->rwstate=SSL_WRITING;
+                i=BIO_write(s->wbio,&(buf[tot]),num);
+                if (i < 0)
+                        {
+                        s->init_off=tot;
+                        s->init_num=num;
+                        return(i);
+                        }
+                s->rwstate=SSL_NOTHING;
+                if (i == num) return(tot+i);
+                num-=i;
+                tot+=i;
+                }
+        }
+/* only return when we have read 'n' bytes */
+int ssl23_read_bytes(s,n)
+SSL *s;
+int n;
+        {
+        unsigned char *p;
+        int j;
+        if (s->packet_length < (unsigned int)n)
+                {
+                p=s->packet;
+                for (;;)
+                        {
+                        s->rwstate=SSL_READING;
+                        j=BIO_read(s->rbio,(char *)&(p[s->packet_length]),
+                                n-s->packet_length);
+                        if (j <= 0)
+                                return(j);
+                        s->rwstate=SSL_NOTHING;
+                        s->packet_length+=j;
+                        if (s->packet_length >= (unsigned int)n)
+                                return(s->packet_length);
+                        }
+                }
+        return(n);
+        }
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
new file mode 100644
index 0000000000..c7b9ecbcf2
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -0,0 +1,499 @@
+/* ssl/s23_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "buffer.h"
+#include "rand.h"
+#include "objects.h"
+#include "evp.h"
+#include "ssl_locl.h"
+#define BREAK break
+#ifndef NOPROTO
+int ssl23_get_client_hello(SSL *s);
+#else
+int ssl23_get_client_hello();
+#endif
+static SSL_METHOD *ssl23_get_server_method(ver)
+int ver;
+        {
+        if (ver == SSL2_VERSION)
+                return(SSLv2_server_method());
+        else if (ver == SSL3_VERSION)
+                return(SSLv3_server_method());
+        else if (ver == TLS1_VERSION)
+                return(TLSv1_server_method());
+        else
+                return(NULL);
+        }
+SSL_METHOD *SSLv23_server_method()
+        {
+        static int init=1;
+        static SSL_METHOD SSLv23_server_data;
+        if (init)
+                {
+                init=0;
+                memcpy((char *)&SSLv23_server_data,
+                        (char *)sslv23_base_method(),sizeof(SSL_METHOD));
+                SSLv23_server_data.ssl_accept=ssl23_accept;
+                SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+                }
+        return(&SSLv23_server_data);
+        }
+int ssl23_accept(s)
+SSL *s;
+        {
+        BUF_MEM *buf;
+        unsigned long Time=time(NULL);
+        void (*cb)()=NULL;
+        int ret= -1;
+        int new_state,state;
+        RAND_seed((unsigned char *)&Time,sizeof(Time));
+        ERR_clear_error();
+        clear_sys_error();
+        if (s->info_callback != NULL)
+                cb=s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+                cb=s->ctx->info_callback;
+        
+        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+        s->in_handshake++;
+        for (;;)
+                {
+                state=s->state;
+                switch(s->state)
+                        {
+                case SSL_ST_BEFORE:
+                case SSL_ST_ACCEPT:
+                case SSL_ST_BEFORE|SSL_ST_ACCEPT:
+                case SSL_ST_OK|SSL_ST_ACCEPT:
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+                        /* s->version=SSL3_VERSION; */
+                        s->type=SSL_ST_ACCEPT;
+                        if (s->init_buf == NULL)
+                                {
+                                if ((buf=BUF_MEM_new()) == NULL)
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                s->init_buf=buf;
+                                }
+                        ssl3_init_finished_mac(s);
+                        s->state=SSL23_ST_SR_CLNT_HELLO_A;
+                        s->ctx->sess_accept++;
+                        s->init_num=0;
+                        break;
+                case SSL23_ST_SR_CLNT_HELLO_A:
+                case SSL23_ST_SR_CLNT_HELLO_B:
+                        s->shutdown=0;
+                        ret=ssl23_get_client_hello(s);
+                        if (ret >= 0) cb=NULL;
+                        goto end;
+                        break;
+                default:
+                        SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
+                        ret= -1;
+                        goto end;
+                        /* break; */
+                        }
+                if ((cb != NULL) && (s->state != state))
+                        {
+                        new_state=s->state;
+                        s->state=state;
+                        cb(s,SSL_CB_ACCEPT_LOOP,1);
+                        s->state=new_state;
+                        }
+                }
+end:
+        if (cb != NULL)
+                cb(s,SSL_CB_ACCEPT_EXIT,ret);
+        s->in_handshake--;
+        return(ret);
+        }
+int ssl23_get_client_hello(s)
+SSL *s;
+        {
+        char buf_space[8];
+        char *buf= &(buf_space[0]);
+        unsigned char *p,*d,*dd;
+        unsigned int i;
+        unsigned int csl,sil,cl;
+        int n=0,j,tls1=0;
+        int type=0,use_sslv2_strong=0;
+        /* read the initial header */
+        if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
+                {
+                if (!ssl3_setup_buffers(s)) goto err;
+                n=ssl23_read_bytes(s,7);
+                if (n != 7) return(n);
+                p=s->packet;
+                memcpy(buf,p,n);
+                if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
+                        {
+                        /* SSLv2 header */
+                        if ((p[3] == 0x00) && (p[4] == 0x02))
+                                {
+                                /* SSLv2 */
+                                if (!(s->options & SSL_OP_NO_SSLv2))
+                                        type=1;
+                                }
+                        else if (p[3] == SSL3_VERSION_MAJOR)
+                                {
+                                /* SSLv3/TLSv1 */
+                                if (p[4] >= TLS1_VERSION_MINOR)
+                                        {
+                                        if (!(s->options & SSL_OP_NO_TLSv1))
+                                                {
+                                                tls1=1;
+                                                s->state=SSL23_ST_SR_CLNT_HELLO_B;
+                                                }
+                                        else if (!(s->options & SSL_OP_NO_SSLv3))
+                                                {
+                                                s->state=SSL23_ST_SR_CLNT_HELLO_B;
+                                                }
+                                        }
+                                else if (!(s->options & SSL_OP_NO_SSLv3))
+                                        s->state=SSL23_ST_SR_CLNT_HELLO_B;
+                                if (s->options & SSL_OP_NON_EXPORT_FIRST)
+                                        {
+                                        STACK *sk;
+                                        SSL_CIPHER *c;
+                                        int ne2,ne3;
+                                        j=((p[0]&0x7f)<<8)|p[1];
+                                        if (j > (1024*4))
+                                                {
+                                                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
+                                                goto err;
+                                                }
+                                        n=ssl23_read_bytes(s,j+2);
+                                        if (n <= 0) return(n);
+                                        p=s->packet;
+                                        if ((buf=Malloc(n)) == NULL)
+                                                {
+                                                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
+                                                goto err;
+                                                }
+                                        memcpy(buf,p,n);
+                                        p+=5;
+                                        n2s(p,csl);
+                                        p+=4;
+                                        sk=ssl_bytes_to_cipher_list(
+                                                s,p,csl,NULL);
+                                        if (sk != NULL)
+                                                {
+                                                ne2=ne3=0;
+                                                for (j=0; j<sk_num(sk); j++)
+                                                        {
+                                                        c=(SSL_CIPHER *)sk_value(sk,j);
+                                                        if (!(c->algorithms & SSL_EXP))
+                                                                {
+                                                                if ((c->id>>24L) == 2L)
+                                                                        ne2=1;
+                                                                else
+                                                                        ne3=1;
+                                                                }
+                                                        }
+                                                if (ne2 && !ne3)
+                                                        {
+                                                        type=1;
+                                                        use_sslv2_strong=1;
+                                                        goto next_bit;
+                                                        }
+                                                }
+                                        }
+                                }
+                        }
+                else if ((p[0] == SSL3_RT_HANDSHAKE) &&
+                         (p[1] == SSL3_VERSION_MAJOR) &&
+                         (p[5] == SSL3_MT_CLIENT_HELLO))
+                        {
+                        /* true SSLv3 or tls1 */
+                        if (p[2] >= TLS1_VERSION_MINOR)
+                                {
+                                if (!(s->options & SSL_OP_NO_TLSv1))
+                                        {
+                                        type=3;
+                                        tls1=1;
+                                        }
+                                else if (!(s->options & SSL_OP_NO_SSLv3))
+                                        type=3;
+                                }
+                        else if (!(s->options & SSL_OP_NO_SSLv3))
+                                type=3;
+                        }
+                else if ((strncmp("GET ", p,4) == 0) ||
+                         (strncmp("POST ",p,5) == 0) ||
+                         (strncmp("HEAD ",p,5) == 0) ||
+                         (strncmp("PUT ", p,4) == 0))
+                        {
+                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
+                        goto err;
+                        }
+                else if (strncmp("CONNECT",p,7) == 0)
+                        {
+                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
+                        goto err;
+                        }
+                }
+next_bit:
+        if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
+                {
+                /* we have a SSLv3/TLSv1 in a SSLv2 header */
+                type=2;
+                p=s->packet;
+                n=((p[0]&0x7f)<<8)|p[1];
+                if (n > (1024*4))
+                        {
+                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
+                        goto err;
+                        }
+                j=ssl23_read_bytes(s,n+2);
+                if (j <= 0) return(j);
+                ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2);
+                p=s->packet;
+                p+=5;
+                n2s(p,csl);
+                n2s(p,sil);
+                n2s(p,cl);
+                d=(unsigned char *)s->init_buf->data;
+                if ((csl+sil+cl+11) != s->packet_length)
+                        {
+                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
+                        goto err;
+                        }
+                *(d++)=SSL3_VERSION_MAJOR;
+                if (tls1)
+                        *(d++)=TLS1_VERSION_MINOR;
+                else
+                        *(d++)=SSL3_VERSION_MINOR;
+                /* lets populate the random area */
+                /* get the chalenge_length */
+                i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
+                memset(d,0,SSL3_RANDOM_SIZE);
+                memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
+                d+=SSL3_RANDOM_SIZE;
+                /* no session-id reuse */
+                *(d++)=0;
+                /* ciphers */
+                j=0;
+                dd=d;
+                d+=2;
+                for (i=0; i<csl; i+=3)
+                        {
+                        if (p[i] != 0) continue;
+                        *(d++)=p[i+1];
+                        *(d++)=p[i+2];
+                        j+=2;
+                        }
+                s2n(j,dd);
+                /* compression */
+                *(d++)=1;
+                *(d++)=0;
+                
+                i=(d-(unsigned char *)s->init_buf->data);
+                /* get the data reused from the init_buf */
+                s->s3->tmp.reuse_message=1;
+                s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
+                s->s3->tmp.message_size=i;
+                }
+        if (type == 1)
+                {
+                /* we are talking sslv2 */
+                /* we need to clean up the SSLv3/TLSv1 setup and put in the
+                 * sslv2 stuff. */
+                if (s->s2 == NULL)
+                        {
+                        if (!ssl2_new(s))
+                                goto err;
+                        }
+                else
+                        ssl2_clear(s);
+                if (s->s3 != NULL) ssl3_free(s);
+                if (!BUF_MEM_grow(s->init_buf,
+                        SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+                        {
+                        goto err;
+                        }
+                s->state=SSL2_ST_GET_CLIENT_HELLO_A;
+                if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
+                        use_sslv2_strong)
+                        s->s2->ssl2_rollback=0;
+                else
+                        s->s2->ssl2_rollback=1;
+                /* setup the 5 bytes we have read so we get them from
+                 * the sslv2 buffer */
+                s->rstate=SSL_ST_READ_HEADER;
+                s->packet_length=n;
+                s->packet= &(s->s2->rbuf[0]);
+                memcpy(s->packet,buf,n);
+                s->s2->rbuf_left=n;
+                s->s2->rbuf_offs=0;
+                s->method=SSLv2_server_method();
+                s->handshake_func=s->method->ssl_accept;
+                }
+        if ((type == 2) || (type == 3))
+                {
+                /* we have SSLv3/TLSv1 */
+                if (!ssl_init_wbio_buffer(s,1)) goto err;
+                /* we are in this state */
+                s->state=SSL3_ST_SR_CLNT_HELLO_A;
+                if (type == 3)
+                        {
+                        /* put the 'n' bytes we have read into the input buffer
+                         * for SSLv3 */
+                        s->rstate=SSL_ST_READ_HEADER;
+                        s->packet_length=n;
+                        s->packet= &(s->s3->rbuf.buf[0]);
+                        memcpy(s->packet,buf,n);
+                        s->s3->rbuf.left=n;
+                        s->s3->rbuf.offset=0;
+                        }
+                else
+                        {
+                        s->packet_length=0;
+                        s->s3->rbuf.left=0;
+                        s->s3->rbuf.offset=0;
+                        }
+                if (tls1)
+                        {
+                        s->version=TLS1_VERSION;
+                        s->method=TLSv1_server_method();
+                        }
+                else
+                        {
+                        s->version=SSL3_VERSION;
+                        s->method=SSLv3_server_method();
+                        }
+                s->handshake_func=s->method->ssl_accept;
+                }
+        
+        if ((type < 1) || (type > 3))
+                {
+                /* bad, very bad */
+                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
+                goto err;
+                }
+        s->init_num=0;
+        if (buf != buf_space) Free(buf);
+        s->first_packet=1;
+        return(SSL_accept(s));
+err:
+        if (buf != buf_space) Free(buf);
+        return(-1);
+        }
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
new file mode 100644
index 0000000000..16df9ec565
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -0,0 +1,983 @@
+/* ssl/s2_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "rand.h"
+#include "buffer.h"
+#include "objects.h"
+#include "ssl_locl.h"
+#include "evp.h"
+#ifndef NOPROTO
+static int get_server_finished(SSL *s);
+static int get_server_verify(SSL *s);
+static int get_server_hello(SSL *s);
+static int client_hello(SSL *s); 
+static int client_master_key(SSL *s);
+static int client_finished(SSL *s);
+static int client_certificate(SSL *s);
+static int ssl_rsa_public_encrypt(CERT *c, int len, unsigned char *from,
+        unsigned char *to,int padding);
+#else
+static int get_server_finished();
+static int get_server_verify();
+static int get_server_hello();
+static int client_hello(); 
+static int client_master_key();
+static int client_finished();
+static int client_certificate();
+static int ssl_rsa_public_encrypt();
+#endif
+#define BREAK   break
+static SSL_METHOD *ssl2_get_client_method(ver)
+int ver;
+        {
+        if (ver == SSL2_VERSION)
+                return(SSLv2_client_method());
+        else
+                return(NULL);
+        }
+SSL_METHOD *SSLv2_client_method()
+        {
+        static int init=1;
+        static SSL_METHOD SSLv2_client_data;
+        if (init)
+                {
+                init=0;
+                memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
+                        sizeof(SSL_METHOD));
+                SSLv2_client_data.ssl_connect=ssl2_connect;
+                SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+                }
+        return(&SSLv2_client_data);
+        }
+int ssl2_connect(s)
+SSL *s;
+        {
+        unsigned long l=time(NULL);
+        BUF_MEM *buf=NULL;
+        int ret= -1;
+        void (*cb)()=NULL;
+        int new_state,state;
+        RAND_seed((unsigned char *)&l,sizeof(l));
+        ERR_clear_error();
+        clear_sys_error();
+        if (s->info_callback != NULL)
+                cb=s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+                cb=s->ctx->info_callback;
+        /* init things to blank */
+        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+        s->in_handshake++;
+        for (;;)
+                {
+                state=s->state;
+                switch (s->state)
+                        {
+                case SSL_ST_BEFORE:
+                case SSL_ST_CONNECT:
+                case SSL_ST_BEFORE|SSL_ST_CONNECT:
+                case SSL_ST_OK|SSL_ST_CONNECT:
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+                        s->version=SSL2_VERSION;
+                        s->type=SSL_ST_CONNECT;
+                        buf=s->init_buf;
+                        if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+                        if (!BUF_MEM_grow(buf,
+                                SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+                        s->init_buf=buf;
+                        s->init_num=0;
+                        s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
+                        s->ctx->sess_connect++;
+                        s->handshake_func=ssl2_connect;
+                        BREAK;
+                case SSL2_ST_SEND_CLIENT_HELLO_A:
+                case SSL2_ST_SEND_CLIENT_HELLO_B:
+                        s->shutdown=0;
+                        ret=client_hello(s);
+                        if (ret <= 0) goto end;
+                        s->init_num=0;
+                        s->state=SSL2_ST_GET_SERVER_HELLO_A;
+                        BREAK;
+                
+                case SSL2_ST_GET_SERVER_HELLO_A:
+                case SSL2_ST_GET_SERVER_HELLO_B:
+                        ret=get_server_hello(s);
+                        if (ret <= 0) goto end;
+                        s->init_num=0;
+                        if (!s->hit) /* new session */
+                                {
+                                s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A;
+                                BREAK; 
+                                }
+                        else
+                                {
+                                s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
+                                break;
+                                }
+        
+                case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
+                case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
+                        ret=client_master_key(s);
+                        if (ret <= 0) goto end;
+                        s->init_num=0;
+                        s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
+                        break;
+                case SSL2_ST_CLIENT_START_ENCRYPTION:
+                        /* Ok, we now have all the stuff needed to
+                         * start encrypting, so lets fire it up :-) */
+                        if (!ssl2_enc_init(s,1))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+                        s->s2->clear_text=0;
+                        s->state=SSL2_ST_SEND_CLIENT_FINISHED_A;
+                        break;
+                case SSL2_ST_SEND_CLIENT_FINISHED_A:
+                case SSL2_ST_SEND_CLIENT_FINISHED_B:
+                        ret=client_finished(s);
+                        if (ret <= 0) goto end;
+                        s->init_num=0;
+                        s->state=SSL2_ST_GET_SERVER_VERIFY_A;
+                        break;
+                case SSL2_ST_GET_SERVER_VERIFY_A:
+                case SSL2_ST_GET_SERVER_VERIFY_B:
+                        ret=get_server_verify(s);
+                        if (ret <= 0) goto end;
+                        s->init_num=0;
+                        s->state=SSL2_ST_GET_SERVER_FINISHED_A;
+                        break;
+                case SSL2_ST_GET_SERVER_FINISHED_A:
+                case SSL2_ST_GET_SERVER_FINISHED_B:
+                        ret=get_server_finished(s);
+                        if (ret <= 0) goto end;
+                        break;
+                case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
+                case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
+                case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
+                case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
+                case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
+                        ret=client_certificate(s);
+                        if (ret <= 0) goto end;
+                        s->init_num=0;
+                        s->state=SSL2_ST_GET_SERVER_FINISHED_A;
+                        break;
+                case SSL_ST_OK:
+                        BUF_MEM_free(s->init_buf);
+                        s->init_buf=NULL;
+                        s->init_num=0;
+                /*      ERR_clear_error();*/
+                        /* If we want to cache session-ids in the client
+                         * and we sucessfully add the session-id to the
+                         * cache, and there is a callback, then pass it out.
+                         * 26/11/96 - eay - only add if not a re-used session.
+                         */
+                        ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
+                        if (s->hit) s->ctx->sess_hit++;
+                        ret=1;
+                        /* s->server=0; */
+                        s->ctx->sess_connect_good++;
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+                        goto end;
+                        break;
+                default:
+                        SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);
+                        return(-1);
+                        /* break; */
+                        }
+                if ((cb != NULL) && (s->state != state))
+                        {
+                        new_state=s->state;
+                        s->state=state;
+                        cb(s,SSL_CB_CONNECT_LOOP,1);
+                        s->state=new_state;
+                        }
+                }
+end:
+        s->in_handshake--;
+        if (cb != NULL) 
+                cb(s,SSL_CB_CONNECT_EXIT,ret);
+        return(ret);
+        }
+static int get_server_hello(s)
+SSL *s;
+        {
+        unsigned char *buf;
+        unsigned char *p;
+        int i,j;
+        STACK *sk=NULL,*cl;
+        buf=(unsigned char *)s->init_buf->data;
+        p=buf;
+        if (s->state == SSL2_ST_GET_SERVER_HELLO_A)
+                {
+                i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);
+                if (i < (11-s->init_num)) 
+                        return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
+                if (*(p++) != SSL2_MT_SERVER_HELLO)
+                        {
+                        if (p[-1] != SSL2_MT_ERROR)
+                                {
+                                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                                SSLerr(SSL_F_GET_SERVER_HELLO,
+                                        SSL_R_READ_WRONG_PACKET_TYPE);
+                                }
+                        else
+                                SSLerr(SSL_F_GET_SERVER_HELLO,
+                                        SSL_R_PEER_ERROR);
+                        return(-1);
+                        }
+                s->hit=(*(p++))?1:0;
+                s->s2->tmp.cert_type= *(p++);
+                n2s(p,i);
+                if (i < s->version) s->version=i;
+                n2s(p,i); s->s2->tmp.cert_length=i;
+                n2s(p,i); s->s2->tmp.csl=i;
+                n2s(p,i); s->s2->tmp.conn_id_length=i;
+                s->state=SSL2_ST_GET_SERVER_HELLO_B;
+                s->init_num=0;
+                }
+        /* SSL2_ST_GET_SERVER_HELLO_B */
+        j=s->s2->tmp.cert_length+s->s2->tmp.csl+s->s2->tmp.conn_id_length
+                - s->init_num;
+        i=ssl2_read(s,(char *)&(buf[s->init_num]),j);
+        if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
+        /* things are looking good */
+        p=buf;
+        if (s->hit)
+                {
+                if (s->s2->tmp.cert_length != 0) 
+                        {
+                        SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_LENGTH_NOT_ZERO);
+                        return(-1);
+                        }
+                if (s->s2->tmp.cert_type != 0)
+                        {
+                        if (!(s->options &
+                                SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG))
+                                {
+                                SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
+                                return(-1);
+                                }
+                        }
+                if (s->s2->tmp.csl != 0)
+                        {
+                        SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CIPHER_LIST_NOT_ZERO);
+                        return(-1);
+                        }
+                }
+        else
+                {
+#ifdef undef
+                /* very bad */
+                memset(s->session->session_id,0,
+                        SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
+                s->session->session_id_length=0;
+                */
+#endif
+                /* we need to do this incase we were trying to reuse a 
+                 * client session but others are already reusing it.
+                 * If this was a new 'blank' session ID, the session-id
+                 * length will still be 0 */
+                if (s->session->session_id_length > 0)
+                        {
+                        if (!ssl_get_new_session(s,0))
+                                {
+                                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                                return(-1);
+                                }
+                        }
+                if (ssl2_set_certificate(s,s->s2->tmp.cert_type,
+                        s->s2->tmp.cert_length,p) <= 0)
+                        {
+                        ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
+                        return(-1);
+                        }
+                p+=s->s2->tmp.cert_length;
+                if (s->s2->tmp.csl == 0)
+                        {
+                        ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+                        SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_LIST);
+                        return(-1);
+                        }
+                /* We have just received a list of ciphers back from the
+                 * server.  We need to get the ones that match, then select
+                 * the one we want the most :-). */
+                /* load the ciphers */
+                sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl,
+                        &s->session->ciphers);
+                p+=s->s2->tmp.csl;
+                if (sk == NULL)
+                        {
+                        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                        SSLerr(SSL_F_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
+                        return(-1);
+                        }
+                sk_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
+                /* get the array of ciphers we will accept */
+                cl=ssl_get_ciphers_by_id(s);
+                /* In theory we could have ciphers sent back that we
+                 * don't want to use but that does not matter since we
+                 * will check against the list we origionally sent and
+                 * for performance reasons we should not bother to match
+                 * the two lists up just to check. */
+                for (i=0; i<sk_num(cl); i++)
+                        {
+                        if (sk_find(sk,sk_value(cl,i)) >= 0)
+                                break;
+                        }
+                if (i >= sk_num(cl))
+                        {
+                        ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+                        SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH);
+                        return(-1);
+                        }
+                s->session->cipher=(SSL_CIPHER *)sk_value(cl,i);
+                }
+        if ((s->session != NULL) && (s->session->peer != NULL))
+                X509_free(s->session->peer);
+        /* hmmm, can we have the problem of the other session with this
+         * cert, Free's it before we increment the reference count. */
+        CRYPTO_w_lock(CRYPTO_LOCK_X509);
+        s->session->peer=s->session->cert->key->x509;
+        CRYPTO_add(&s->session->peer->references,1,CRYPTO_LOCK_X509);
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+        s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+        memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
+        return(1);
+        }
+static int client_hello(s)
+SSL *s;
+        {
+        unsigned char *buf;
+        unsigned char *p,*d;
+/*      CIPHER **cipher;*/
+        int i,n,j;
+        buf=(unsigned char *)s->init_buf->data;
+        if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A)
+                {
+                if ((s->session == NULL) ||
+                        (s->session->ssl_version != s->version))
+                        {
+                        if (!ssl_get_new_session(s,0))
+                                {
+                                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                                return(-1);
+                                }
+                        }
+                /* else use the pre-loaded session */
+                p=buf;                                  /* header */
+                d=p+9;                                  /* data section */
+                *(p++)=SSL2_MT_CLIENT_HELLO;            /* type */
+                s2n(SSL2_CLIENT_VERSION,p);             /* version */
+                n=j=0;
+                n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);
+                d+=n;
+                if (n == 0)
+                        {
+                        SSLerr(SSL_F_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+                        return(-1);
+                        }
+                s2n(n,p);                       /* cipher spec num bytes */
+                if ((s->session->session_id_length > 0) &&
+                        (s->session->session_id_length <=
+                        SSL2_MAX_SSL_SESSION_ID_LENGTH))
+                        {
+                        i=s->session->session_id_length;
+                        s2n(i,p);               /* session id length */
+                        memcpy(d,s->session->session_id,(unsigned int)i);
+                        d+=i;
+                        }
+                else
+                        {
+                        s2n(0,p);
+                        }
+                s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
+                s2n(SSL2_CHALLENGE_LENGTH,p);           /* challenge length */
+                /*challenge id data*/
+                RAND_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
+                memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
+                d+=SSL2_CHALLENGE_LENGTH;
+                s->state=SSL2_ST_SEND_CLIENT_HELLO_B;
+                s->init_num=d-buf;
+                s->init_off=0;
+                }
+        /* SSL2_ST_SEND_CLIENT_HELLO_B */
+        return(ssl2_do_write(s));
+        }
+static int client_master_key(s)
+SSL *s;
+        {
+        unsigned char *buf;
+        unsigned char *p,*d;
+        int clear,enc,karg,i;
+        SSL_SESSION *sess;
+        EVP_CIPHER *c;
+        EVP_MD *md;
+        buf=(unsigned char *)s->init_buf->data;
+        if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
+                {
+                if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
+                        {
+                        ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+                        SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
+                        return(-1);
+                        }
+                sess=s->session;
+                p=buf;
+                d=p+10;
+                *(p++)=SSL2_MT_CLIENT_MASTER_KEY;/* type */
+                i=ssl_put_cipher_by_char(s,sess->cipher,p);
+                p+=i;
+                /* make key_arg data */
+                i=EVP_CIPHER_iv_length(c);
+                sess->key_arg_length=i;
+                if (i > 0) RAND_bytes(sess->key_arg,i);
+                /* make a master key */
+                i=EVP_CIPHER_key_length(c);
+                sess->master_key_length=i;
+                if (i > 0) RAND_bytes(sess->master_key,i);
+                if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
+                        enc=8;
+                else if (sess->cipher->algorithms & SSL_EXP)
+                        enc=5;
+                else
+                        enc=i;
+                if (i < enc)
+                        {
+                        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                        SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR);
+                        return(-1);
+                        }
+                clear=i-enc;
+                s2n(clear,p);
+                memcpy(d,sess->master_key,(unsigned int)clear);
+                d+=clear;
+                enc=ssl_rsa_public_encrypt(sess->cert,enc,
+                        &(sess->master_key[clear]),d,
+                        (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
+                if (enc <= 0)
+                        {
+                        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                        SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
+                        return(-1);
+                        }
+                s2n(enc,p);
+                d+=enc;
+                karg=sess->key_arg_length;      
+                s2n(karg,p); /* key arg size */
+                memcpy(d,sess->key_arg,(unsigned int)karg);
+                d+=karg;
+                s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_B;
+                s->init_num=d-buf;
+                s->init_off=0;
+                }
+        /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */
+        return(ssl2_do_write(s));
+        }
+static int client_finished(s)
+SSL *s;
+        {
+        unsigned char *p;
+        if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A)
+                {
+                p=(unsigned char *)s->init_buf->data;
+                *(p++)=SSL2_MT_CLIENT_FINISHED;
+                memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
+                s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
+                s->init_num=s->s2->conn_id_length+1;
+                s->init_off=0;
+                }
+        return(ssl2_do_write(s));
+        }
+/* read the data and then respond */
+static int client_certificate(s)
+SSL *s;
+        {
+        unsigned char *buf;
+        unsigned char *p,*d;
+        int i;
+        unsigned int n;
+        int cert_ch_len=0;
+        unsigned char *cert_ch;
+        buf=(unsigned char *)s->init_buf->data;
+        cert_ch= &(buf[2]);
+        /* We have a cert associated with the SSL, so attach it to
+         * the session if it does not have one */
+        if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
+                {
+                i=ssl2_read(s,(char *)&(buf[s->init_num]),
+                        SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
+                if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
+                        return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
+                /* type=buf[0]; */
+                /* type eq x509 */
+                if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
+                        {
+                        ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
+                        SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);
+                        return(-1);
+                        }
+                cert_ch_len=i-1;
+                if ((s->cert == NULL) ||
+                        (s->cert->key->x509 == NULL) ||
+                        (s->cert->key->privatekey == NULL))
+                        {
+                        s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE;
+                        }
+                else
+                        s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
+                }
+        if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)
+                {
+                X509 *x509=NULL;
+                EVP_PKEY *pkey=NULL;
+                /* If we get an error we need to
+                 * ssl->rwstate=SSL_X509_LOOKUP;
+                 * return(error);
+                 * We should then be retried when things are ok and we
+                 * can get a cert or not */
+                i=0;
+                if (s->ctx->client_cert_cb != NULL)
+                        {
+                        i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
+                        }
+                if (i < 0)
+                        {
+                        s->rwstate=SSL_X509_LOOKUP;
+                        return(-1);
+                        }
+                s->rwstate=SSL_NOTHING;
+                if ((i == 1) && (pkey != NULL) && (x509 != NULL))
+                        {
+                        s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
+                        if (    !SSL_use_certificate(s,x509) || 
+                                !SSL_use_PrivateKey(s,pkey))
+                                {
+                                i=0;
+                                }
+                        X509_free(x509);
+                        EVP_PKEY_free(pkey);
+                        }
+                else if (i == 1)
+                        {
+                        if (x509 != NULL) X509_free(x509);
+                        if (pkey != NULL) EVP_PKEY_free(pkey);
+                        SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+                        i=0;
+                        }
+                if (i == 0)
+                        {
+                        /* We have no client certificate to respond with
+                         * so send the correct error message back */
+                        s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_B;
+                        p=buf;
+                        *(p++)=SSL2_MT_ERROR;
+                        s2n(SSL2_PE_NO_CERTIFICATE,p);
+                        s->init_off=0;
+                        s->init_num=3;
+                        /* Write is done at the end */
+                        }
+                }
+        if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B)
+                {
+                return(ssl2_do_write(s));
+                }
+        if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C)
+                {
+                EVP_MD_CTX ctx;
+                /* ok, now we calculate the checksum
+                 * do it first so we can reuse buf :-) */
+                p=buf;
+                EVP_SignInit(&ctx,s->ctx->rsa_md5);
+                EVP_SignUpdate(&ctx,s->s2->key_material,
+                        (unsigned int)s->s2->key_material_length);
+                EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
+                n=i2d_X509(s->session->cert->key->x509,&p);
+                EVP_SignUpdate(&ctx,buf,(unsigned int)n);
+                p=buf;
+                d=p+6;
+                *(p++)=SSL2_MT_CLIENT_CERTIFICATE;
+                *(p++)=SSL2_CT_X509_CERTIFICATE;
+                n=i2d_X509(s->cert->key->x509,&d);
+                s2n(n,p);
+                if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey))
+                        {
+                        /* this is not good.  If things have failed it
+                         * means there so something wrong with the key.
+                         * We will contiune with a 0 length signature
+                         */
+                        }
+                memset(&ctx,0,sizeof(ctx));
+                s2n(n,p);
+                d+=n;
+                s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_D;
+                s->init_num=d-buf;
+                s->init_off=0;
+                }
+        /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */
+        return(ssl2_do_write(s));
+        }
+static int get_server_verify(s)
+SSL *s;
+        {
+        unsigned char *p;
+        int i;
+        p=(unsigned char *)s->init_buf->data;
+        if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
+                {
+                i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
+                if (i < (1-s->init_num)) 
+                        return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
+                s->state= SSL2_ST_GET_SERVER_VERIFY_B;
+                s->init_num=0;
+                if (*p != SSL2_MT_SERVER_VERIFY)
+                        {
+                        if (p[0] != SSL2_MT_ERROR)
+                                {
+                                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                                SSLerr(SSL_F_GET_SERVER_VERIFY,
+                                        SSL_R_READ_WRONG_PACKET_TYPE);
+                                }
+                        else
+                                SSLerr(SSL_F_GET_SERVER_VERIFY,
+                                        SSL_R_PEER_ERROR);
+                        return(-1);
+                        }
+                }
+        
+        p=(unsigned char *)s->init_buf->data;
+        i=ssl2_read(s,(char *)&(p[s->init_num]),
+                (unsigned int)s->s2->challenge_length-s->init_num);
+        if (i < ((int)s->s2->challenge_length-s->init_num))
+                return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
+        if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
+                {
+                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
+                return(-1);
+                }
+        return(1);
+        }
+static int get_server_finished(s)
+SSL *s;
+        {
+        unsigned char *buf;
+        unsigned char *p;
+        int i;
+        buf=(unsigned char *)s->init_buf->data;
+        p=buf;
+        if (s->state == SSL2_ST_GET_SERVER_FINISHED_A)
+                {
+                i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
+                if (i < (1-s->init_num))
+                        return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
+                s->init_num=i;
+                if (*p == SSL2_MT_REQUEST_CERTIFICATE)
+                        {
+                        s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
+                        return(1);
+                        }
+                else if (*p != SSL2_MT_SERVER_FINISHED)
+                        {
+                        if (p[0] != SSL2_MT_ERROR)
+                                {
+                                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                                SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
+                                }
+                        else
+                                SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
+                        return(-1);
+                        }
+                s->state=SSL_ST_OK;
+                s->init_num=0;
+                }
+        i=ssl2_read(s,(char *)&(buf[s->init_num]),
+                SSL2_SSL_SESSION_ID_LENGTH-s->init_num);
+        if (i < (SSL2_SSL_SESSION_ID_LENGTH-s->init_num))
+                return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
+        if (!s->hit) /* new session */
+                {
+                /* new session-id */
+                /* Make sure we were not trying to re-use an old SSL_SESSION
+                 * or bad things can happen */
+                /* ZZZZZZZZZZZZZ */
+                s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
+                memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
+                }
+        else
+                {
+                if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+                        {
+                        if (memcmp(buf,s->session->session_id,
+                                (unsigned int)s->session->session_id_length) != 0)
+                                {
+                                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                                SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
+                                return(-1);
+                                }
+                        }
+                }
+        return(1);
+        }
+/* loads in the certificate from the server */
+int ssl2_set_certificate(s, type, len, data)
+SSL *s;
+int type;
+int len;
+unsigned char *data;
+        {
+        STACK *sk=NULL;
+        EVP_PKEY *pkey=NULL;
+        CERT *c=NULL;
+        int i;
+        X509 *x509=NULL;
+        int ret=0;
+        
+        x509=d2i_X509(NULL,&data,(long)len);
+        if (x509 == NULL)
+                {
+                SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB);
+                goto err;
+                }
+        if (((sk=sk_new_null()) == NULL) ||
+                (!sk_push(sk,(char *)x509)))
+                {
+                SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        i=ssl_verify_cert_chain(s,sk);
+                
+        if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
+                {
+                SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
+                goto err;
+                }
+        /* cert for ssl */
+        c=ssl_cert_new();
+        if (c == NULL)
+                {
+                ret= -1;
+                goto err;
+                }
+        /* cert for session */
+        if (s->session->cert) ssl_cert_free(s->session->cert);
+        s->session->cert=c;
+/*      c->cert_type=type; */
+        c->pkeys[SSL_PKEY_RSA_ENC].x509=x509;
+        c->key= &(c->pkeys[SSL_PKEY_RSA_ENC]);
+        pkey=X509_get_pubkey(x509);
+        x509=NULL;
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);
+                goto err;
+                }
+        if (pkey->type != EVP_PKEY_RSA)
+                {
+                SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA);
+                goto err;
+                }
+        if (!ssl_set_cert_type(c,SSL2_CT_X509_CERTIFICATE))
+                goto err;
+        ret=1;
+err:
+        if (sk != NULL) sk_free(sk);
+        if (x509 != NULL) X509_free(x509);
+        return(ret);
+        }
+static int ssl_rsa_public_encrypt(c, len, from, to, padding)
+CERT *c;
+int len;
+unsigned char *from;
+unsigned char *to;
+int padding;
+        {
+        EVP_PKEY *pkey=NULL;
+        int i= -1;
+        if ((c == NULL) || (c->key->x509 == NULL) ||
+                ((pkey=X509_get_pubkey(c->key->x509)) == NULL))
+                {
+                SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY);
+                return(-1);
+                }
+        if (pkey->type != EVP_PKEY_RSA)
+                {
+                SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
+                goto end;
+                }
+        /* we have the public key */
+        i=RSA_public_encrypt(len,from,to,pkey->pkey.rsa,padding);
+        if (i < 0)
+                SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
+end:
+        return(i);
+        }
diff --git a/src/lib/libssl/src/ssl/s2_enc.c b/src/lib/libssl/src/ssl/s2_enc.c
new file mode 100644
index 0000000000..b43056fa14
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s2_enc.c
@@ -0,0 +1,187 @@
+/* ssl/s2_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "ssl_locl.h"
+int ssl2_enc_init(s, client)
+SSL *s;
+int client;
+        {
+        /* Max number of bytes needed */
+        EVP_CIPHER_CTX *rs,*ws;
+        EVP_CIPHER *c;
+        EVP_MD *md;
+        int num;
+        if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
+                {
+                ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+                SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
+                return(0);
+                }
+        s->read_hash=md;
+        s->write_hash=md;
+        if ((s->enc_read_ctx == NULL) &&
+                ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
+                Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                goto err;
+        if ((s->enc_write_ctx == NULL) &&
+                ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
+                Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                goto err;
+        rs= s->enc_read_ctx;
+        ws= s->enc_write_ctx;
+        EVP_CIPHER_CTX_init(rs);
+        EVP_CIPHER_CTX_init(ws);
+        num=c->key_len;
+        s->s2->key_material_length=num*2;
+        ssl2_generate_key_material(s);
+        EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+                s->session->key_arg);
+        EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]),
+                s->session->key_arg);
+        s->s2->read_key=  &(s->s2->key_material[(client)?0:num]);
+        s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
+        return(1);
+err:
+        SSLerr(SSL_F_SSL2_ENC_INIT,ERR_R_MALLOC_FAILURE);
+        return(0);
+        }
+/* read/writes from s->s2->mac_data using length for encrypt and 
+ * decrypt.  It sets the s->s2->padding, s->[rw]length and
+ * s->s2->pad_data ptr if we are encrypting */
+void ssl2_enc(s,send)
+SSL *s;
+int send;
+        {
+        EVP_CIPHER_CTX *ds;
+        unsigned long l;
+        int bs;
+        if (send)
+                {
+                ds=s->enc_write_ctx;
+                l=s->s2->wlength;
+                }
+        else
+                {
+                ds=s->enc_read_ctx;
+                l=s->s2->rlength;
+                }
+        /* check for NULL cipher */
+        if (ds == NULL) return;
+        bs=ds->cipher->block_size;
+        /* This should be using (bs-1) and bs instead of 7 and 8, but
+         * what the hell. */
+        if (bs == 8)
+                l=(l+7)/8*8;
+        EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
+        }
+void ssl2_mac(s, md,send)
+SSL *s;
+unsigned char *md;
+int send;
+        {
+        EVP_MD_CTX c;
+        unsigned char sequence[4],*p,*sec,*act;
+        unsigned long seq;
+        unsigned int len;
+        if (send)
+                {
+                seq=s->s2->write_sequence;
+                sec=s->s2->write_key;
+                len=s->s2->wact_data_length;
+                act=s->s2->wact_data;
+                }
+        else
+                {
+                seq=s->s2->read_sequence;
+                sec=s->s2->read_key;
+                len=s->s2->ract_data_length;
+                act=s->s2->ract_data;
+                }
+        p= &(sequence[0]);
+        l2n(seq,p);
+        /* There has to be a MAC algorithm. */
+        EVP_DigestInit(&c,s->read_hash);
+        EVP_DigestUpdate(&c,sec,
+                EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
+        EVP_DigestUpdate(&c,act,len); 
+        /* the above line also does the pad data */
+        EVP_DigestUpdate(&c,sequence,4); 
+        EVP_DigestFinal(&c,md,NULL);
+        /* some would say I should zero the md context */
+        }
diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c
new file mode 100644
index 0000000000..275eb52f13
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s2_lib.c
@@ -0,0 +1,444 @@
+/* ssl/s2_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "rsa.h"
+#include "objects.h"
+#include "ssl_locl.h"
+#ifndef NOPROTO
+static int ssl2_ok(SSL *s);
+static long ssl2_default_timeout(void );
+#else
+static int ssl2_ok();
+static long ssl2_default_timeout();
+#endif
+char *ssl2_version_str="SSLv2 part of SSLeay 0.9.0b 29-Jun-1998";
+#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
+SSL_CIPHER ssl2_ciphers[]={
+/* NULL_WITH_MD5 v3 */
+#if 0
+        {
+        1,
+        SSL2_TXT_NULL_WITH_MD5,
+        SSL2_CK_NULL_WITH_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP|SSL_SSLV2,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+#endif
+/* RC4_128_EXPORT40_WITH_MD5 */
+        {
+        1,
+        SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
+        SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP|SSL_SSLV2,
+        SSL2_CF_5_BYTE_ENC,
+        SSL_ALL_CIPHERS,
+        },
+/* RC4_128_WITH_MD5 */
+        {
+        1,
+        SSL2_TXT_RC4_128_WITH_MD5,
+        SSL2_CK_RC4_128_WITH_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* RC2_128_CBC_EXPORT40_WITH_MD5 */
+        {
+        1,
+        SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
+        SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP|SSL_SSLV2,
+        SSL2_CF_5_BYTE_ENC,
+        SSL_ALL_CIPHERS,
+        },
+/* RC2_128_CBC_WITH_MD5 */
+        {
+        1,
+        SSL2_TXT_RC2_128_CBC_WITH_MD5,
+        SSL2_CK_RC2_128_CBC_WITH_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* IDEA_128_CBC_WITH_MD5 */
+        {
+        1,
+        SSL2_TXT_IDEA_128_CBC_WITH_MD5,
+        SSL2_CK_IDEA_128_CBC_WITH_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* DES_64_CBC_WITH_MD5 */
+        {
+        1,
+        SSL2_TXT_DES_64_CBC_WITH_MD5,
+        SSL2_CK_DES_64_CBC_WITH_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* DES_192_EDE3_CBC_WITH_MD5 */
+        {
+        1,
+        SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
+        SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* RC4_64_WITH_MD5 */
+#if 1
+        {
+        1,
+        SSL2_TXT_RC4_64_WITH_MD5,
+        SSL2_CK_RC4_64_WITH_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2|SSL_LOW,
+        SSL2_CF_8_BYTE_ENC,
+        SSL_ALL_CIPHERS,
+        },
+#endif
+/* NULL SSLeay (testing) */
+#if 0
+        {       
+        0,
+        SSL2_TXT_NULL,
+        SSL2_CK_NULL,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+#endif
+/* end of list :-) */
+        };
+static SSL_METHOD SSLv2_data= {
+        SSL2_VERSION,
+        ssl2_new,       /* local */
+        ssl2_clear,     /* local */
+        ssl2_free,      /* local */
+        ssl_undefined_function,
+        ssl_undefined_function,
+        ssl2_read,
+        ssl2_peek,
+        ssl2_write,
+        ssl2_shutdown,
+        ssl2_ok,
+        ssl2_ctrl,      /* local */
+        ssl2_ctx_ctrl,  /* local */
+        ssl2_get_cipher_by_char,
+        ssl2_put_cipher_by_char,
+        ssl2_pending,
+        ssl2_num_ciphers,
+        ssl2_get_cipher,
+        ssl_bad_method,
+        ssl2_default_timeout,
+        &ssl3_undef_enc_method,
+        };
+static long ssl2_default_timeout()
+        {
+        return(300);
+        }
+SSL_METHOD *sslv2_base_method()
+        {
+        return(&SSLv2_data);
+        }
+int ssl2_num_ciphers()
+        {
+        return(SSL2_NUM_CIPHERS);
+        }
+SSL_CIPHER *ssl2_get_cipher(u)
+unsigned int u;
+        {
+        if (u < SSL2_NUM_CIPHERS)
+                return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
+        else
+                return(NULL);
+        }
+int ssl2_pending(s)
+SSL *s;
+        {
+        return(s->s2->ract_data_length);
+        }
+int ssl2_new(s)
+SSL *s;
+        {
+        SSL2_CTX *s2;
+        if ((s2=(SSL2_CTX *)Malloc(sizeof(SSL2_CTX))) == NULL) goto err;
+        memset(s2,0,sizeof(SSL2_CTX));
+        if ((s2->rbuf=(unsigned char *)Malloc(
+                SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
+        if ((s2->wbuf=(unsigned char *)Malloc(
+                SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
+        s->s2=s2;
+        ssl2_clear(s);
+        return(1);
+err:
+        if (s2 != NULL)
+                {
+                if (s2->wbuf != NULL) Free(s2->wbuf);
+                if (s2->rbuf != NULL) Free(s2->rbuf);
+                Free(s2);
+                }
+        return(0);
+        }
+void ssl2_free(s)
+SSL *s;
+        {
+        SSL2_CTX *s2;
+        s2=s->s2;
+        if (s2->rbuf != NULL) Free(s2->rbuf);
+        if (s2->wbuf != NULL) Free(s2->wbuf);
+        memset(s2,0,sizeof(SSL2_CTX));
+        Free(s2);
+        s->s2=NULL;
+        }
+void ssl2_clear(s)
+SSL *s;
+        {
+        SSL2_CTX *s2;
+        unsigned char *rbuf,*wbuf;
+        s2=s->s2;
+        rbuf=s2->rbuf;
+        wbuf=s2->wbuf;
+        memset(s2,0,sizeof(SSL2_CTX));
+        s2->rbuf=rbuf;
+        s2->wbuf=wbuf;
+        s2->clear_text=1;
+        s->packet=s2->rbuf;
+        s->version=SSL2_VERSION;
+        s->packet_length=0;
+        }
+long ssl2_ctrl(s,cmd,larg,parg)
+SSL *s;
+int cmd;
+long larg;
+char *parg;
+        {
+        int ret=0;
+        switch(cmd)
+                {
+        case SSL_CTRL_GET_SESSION_REUSED:
+                ret=s->hit;
+                break;
+        default:
+                break;
+                }
+        return(ret);
+        }
+long ssl2_ctx_ctrl(ctx,cmd,larg,parg)
+SSL_CTX *ctx;
+int cmd;
+long larg;
+char *parg;
+        {
+        return(0);
+        }
+/* This function needs to check if the ciphers required are actually
+ * available */
+SSL_CIPHER *ssl2_get_cipher_by_char(p)
+unsigned char *p;
+        {
+        static int init=1;
+        static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS];
+        SSL_CIPHER c,*cp= &c,**cpp;
+        unsigned long id;
+        int i;
+        if (init)
+                {
+                init=0;
+                for (i=0; i<SSL2_NUM_CIPHERS; i++)
+                        sorted[i]= &(ssl2_ciphers[i]);
+                qsort(  (char *)sorted,
+                        SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+                        FP_ICC ssl_cipher_ptr_id_cmp);
+                }
+        id=0x02000000L|((unsigned long)p[0]<<16L)|
+                ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
+        c.id=id;
+        cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
+                (char *)sorted,
+                SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+                (int (*)())ssl_cipher_ptr_id_cmp);
+        if ((cpp == NULL) || !(*cpp)->valid)
+                return(NULL);
+        else
+                return(*cpp);
+        }
+int ssl2_put_cipher_by_char(c,p)
+SSL_CIPHER *c;
+unsigned char *p;
+        {
+        long l;
+        if (p != NULL)
+                {
+                l=c->id;
+                if ((l & 0xff000000) != 0x02000000) return(0);
+                p[0]=((unsigned char)(l>>16L))&0xFF;
+                p[1]=((unsigned char)(l>> 8L))&0xFF;
+                p[2]=((unsigned char)(l     ))&0xFF;
+                }
+        return(3);
+        }
+void ssl2_generate_key_material(s)
+SSL *s;
+        {
+        unsigned int i;
+        MD5_CTX ctx;
+        unsigned char *km;
+        unsigned char c='0';
+        km=s->s2->key_material;
+        for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
+                {
+                MD5_Init(&ctx);
+                MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
+                MD5_Update(&ctx,(unsigned char *)&c,1);
+                c++;
+                MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length);
+                MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length);
+                MD5_Final(km,&ctx);
+                km+=MD5_DIGEST_LENGTH;
+                }
+        }
+void ssl2_return_error(s,err)
+SSL *s;
+int err;
+        {
+        if (!s->error)
+                {
+                s->error=3;
+                s->error_code=err;
+                ssl2_write_error(s);
+                }
+        }
+void ssl2_write_error(s)
+SSL *s;
+        {
+        char buf[3];
+        int i,error;
+        buf[0]=SSL2_MT_ERROR;
+        buf[1]=(s->error_code>>8)&0xff;
+        buf[2]=(s->error_code)&0xff;
+/*      state=s->rwstate;*/
+        error=s->error;
+        s->error=0;
+        i=ssl2_write(s,&(buf[3-error]),error);
+/*      if (i == error) s->rwstate=state; */
+        if (i < 0)
+                s->error=error;
+        else if (i != s->error)
+                s->error=error-i;
+        /* else
+                s->error=0; */
+        }
+static int ssl2_ok(s)
+SSL *s;
+        {
+        return(1);
+        }
+int ssl2_shutdown(s)
+SSL *s;
+        {
+        s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+        return(1);
+        }
diff --git a/src/lib/libssl/src/ssl/s2_meth.c b/src/lib/libssl/src/ssl/s2_meth.c
new file mode 100644
index 0000000000..cfc8828cc7
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s2_meth.c
@@ -0,0 +1,88 @@
+/* ssl/s2_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "objects.h"
+#include "ssl_locl.h"
+static SSL_METHOD *ssl2_get_method(ver)
+int ver;
+        {
+        if (ver == SSL2_VERSION)
+                return(SSLv2_method());
+        else
+                return(NULL);
+        }
+SSL_METHOD *SSLv2_method()
+        {
+        static int init=1;
+        static SSL_METHOD SSLv2_data;
+        if (init)
+                {
+                init=0;
+                memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
+                        sizeof(SSL_METHOD));
+                SSLv2_data.ssl_connect=ssl2_connect;
+                SSLv2_data.ssl_accept=ssl2_accept;
+                SSLv2_data.get_ssl_method=ssl2_get_method;
+                }
+        return(&SSLv2_data);
+        }
diff --git a/src/lib/libssl/src/ssl/s2_pkt.c b/src/lib/libssl/src/ssl/s2_pkt.c
new file mode 100644
index 0000000000..e4167b53af
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s2_pkt.c
@@ -0,0 +1,651 @@
+/* ssl/s2_pkt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "ssl_locl.h"
+/* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_NO_CIPHER);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_NO_CERTIFICATE);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_CERTIFICATE);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_UNKNOWN_REMOTE_ERROR_TYPE);
+ */
+#ifndef NOPROTO
+static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
+static int do_ssl_write(SSL *s, char *buf, unsigned int len);
+static int write_pending(SSL *s, char *buf, unsigned int len);
+static int ssl_mt_error(int n);
+#else
+static int read_n();
+static int do_ssl_write();
+static int write_pending();
+static int ssl_mt_error();
+#endif
+int ssl2_peek(s,buf,len)
+SSL *s;
+char *buf;
+int len;
+        {
+        int ret;
+        ret=ssl2_read(s,buf,len);
+        if (ret > 0)
+                {
+                s->s2->ract_data_length+=ret;
+                s->s2->ract_data-=ret;
+                }
+        return(ret);
+        }
+/* SSL_read -
+ * This routine will return 0 to len bytes, decrypted etc if required.
+ */
+int ssl2_read(s, buf, len)
+SSL *s;
+char *buf;
+int len;
+        {
+        int n;
+        unsigned char mac[MAX_MAC_SIZE];
+        unsigned char *p;
+        int i;
+        unsigned int mac_size=0;
+        if (SSL_in_init(s) && !s->in_handshake)
+                {
+                n=s->handshake_func(s);
+                if (n < 0) return(n);
+                if (n == 0)
+                        {
+                        SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return(-1);
+                        }
+                }
+        clear_sys_error();
+        s->rwstate=SSL_NOTHING;
+        if (len <= 0) return(len);
+        if (s->s2->ract_data_length != 0) /* read from buffer */
+                {
+                if (len > s->s2->ract_data_length)
+                        n=s->s2->ract_data_length;
+                else
+                        n=len;
+                memcpy(buf,s->s2->ract_data,(unsigned int)n);
+                s->s2->ract_data_length-=n;
+                s->s2->ract_data+=n;
+                if (s->s2->ract_data_length == 0)
+                        s->rstate=SSL_ST_READ_HEADER;
+                return(n);
+                }
+        if (s->rstate == SSL_ST_READ_HEADER)
+                {
+                if (s->first_packet)
+                        {
+                        n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
+                        if (n <= 0) return(n); /* error or non-blocking */
+                        s->first_packet=0;
+                        p=s->packet;
+                        if (!((p[0] & 0x80) && (
+                                (p[2] == SSL2_MT_CLIENT_HELLO) ||
+                                (p[2] == SSL2_MT_SERVER_HELLO))))
+                                {
+                                SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET);
+                                return(-1);
+                                }
+                        }
+                else
+                        {
+                        n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
+                        if (n <= 0) return(n); /* error or non-blocking */
+                        }
+                /* part read stuff */
+                s->rstate=SSL_ST_READ_BODY;
+                p=s->packet;
+                /* Do header */
+                /*s->s2->padding=0;*/
+                s->s2->escape=0;
+                s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]);
+                if ((p[0] & TWO_BYTE_BIT))              /* Two byte header? */
+                        {
+                        s->s2->three_byte_header=0;
+                        s->s2->rlength&=TWO_BYTE_MASK;  
+                        }
+                else
+                        {
+                        s->s2->three_byte_header=1;
+                        s->s2->rlength&=THREE_BYTE_MASK;
+                        /* security >s2->escape */
+                        s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0;
+                        }
+                }
+        if (s->rstate == SSL_ST_READ_BODY)
+                {
+                n=s->s2->rlength+2+s->s2->three_byte_header;
+                if (n > (int)s->packet_length)
+                        {
+                        n-=s->packet_length;
+                        i=read_n(s,(unsigned int)n,(unsigned int)n,1);
+                        if (i <= 0) return(i); /* ERROR */
+                        }
+                p= &(s->packet[2]);
+                s->rstate=SSL_ST_READ_HEADER;
+                if (s->s2->three_byte_header)
+                        s->s2->padding= *(p++);
+                else    s->s2->padding=0;
+                /* Data portion */
+                if (s->s2->clear_text)
+                        {
+                        s->s2->mac_data=p;
+                        s->s2->ract_data=p;
+                        s->s2->pad_data=NULL;
+                        }
+                else
+                        {
+                        mac_size=EVP_MD_size(s->read_hash);
+                        s->s2->mac_data=p;
+                        s->s2->ract_data= &p[mac_size];
+                        s->s2->pad_data= &p[mac_size+
+                                s->s2->rlength-s->s2->padding];
+                        }
+                s->s2->ract_data_length=s->s2->rlength;
+                /* added a check for length > max_size in case
+                 * encryption was not turned on yet due to an error */
+                if ((!s->s2->clear_text) &&
+                        (s->s2->rlength >= mac_size))
+                        {
+                        ssl2_enc(s,0);
+                        s->s2->ract_data_length-=mac_size;
+                        ssl2_mac(s,mac,0);
+                        s->s2->ract_data_length-=s->s2->padding;
+                        if (    (memcmp(mac,s->s2->mac_data,
+                                (unsigned int)mac_size) != 0) ||
+                                (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
+                                {
+                                SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE);
+                                return(-1);
+                                }
+                        }
+                INC32(s->s2->read_sequence); /* expect next number */
+                /* s->s2->ract_data is now available for processing */
+                /* If a 0 byte packet was sent, return 0, otherwise
+                 * we play havoc with people using select with
+                 * blocking sockets.  Let them handle a packet at a time,
+                 * they should really be using non-blocking sockets. */
+                if (s->s2->ract_data_length == 0)
+                        return(0);
+                return(ssl2_read(s,buf,len));
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE);
+                        return(-1);
+                }
+        }
+static int read_n(s, n, max, extend)
+SSL *s;
+unsigned int n;
+unsigned int max;
+unsigned int extend;
+        {
+        int i,off,newb;
+        /* if there is stuff still in the buffer from a previous read,
+         * and there is more than we want, take some. */
+        if (s->s2->rbuf_left >= (int)n)
+                {
+                if (extend)
+                        s->packet_length+=n;
+                else
+                        {
+                        s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]);
+                        s->packet_length=n;
+                        }
+                s->s2->rbuf_left-=n;
+                s->s2->rbuf_offs+=n;
+                return(n);
+                }
+        if (!s->read_ahead) max=n;
+        if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2))
+                max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2;
+        
+        /* Else we want more than we have.
+         * First, if there is some left or we want to extend */
+        off=0;
+        if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend))
+                {
+                newb=s->s2->rbuf_left;
+                if (extend)
+                        {
+                        off=s->packet_length;
+                        if (s->packet != s->s2->rbuf)
+                                memcpy(s->s2->rbuf,s->packet,
+                                        (unsigned int)newb+off);
+                        }
+                else if (s->s2->rbuf_offs != 0)
+                        {
+                        memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]),
+                                (unsigned int)newb);
+                        s->s2->rbuf_offs=0;
+                        }
+                s->s2->rbuf_left=0;
+                }
+        else
+                newb=0;
+        /* off is the offset to start writing too.
+         * r->s2->rbuf_offs is the 'unread data', now 0. 
+         * newb is the number of new bytes so far
+         */
+        s->packet=s->s2->rbuf;
+        while (newb < (int)n)
+                {
+                clear_sys_error();
+                if (s->rbio != NULL)
+                        {
+                        s->rwstate=SSL_READING;
+                        i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]),
+                                max-newb);
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET);
+                        i= -1;
+                        }
+#ifdef PKT_DEBUG
+                if (s->debug & 0x01) sleep(1);
+#endif
+                if (i <= 0)
+                        {
+                        s->s2->rbuf_left+=newb;
+                        return(i);
+                        }
+                newb+=i;
+                }
+        /* record unread data */
+        if (newb > (int)n)
+                {
+                s->s2->rbuf_offs=n+off;
+                s->s2->rbuf_left=newb-n;
+                }
+        else
+                {
+                s->s2->rbuf_offs=0;
+                s->s2->rbuf_left=0;
+                }
+        if (extend)
+                s->packet_length+=n;
+        else
+                s->packet_length=n;
+        s->rwstate=SSL_NOTHING;
+        return(n);
+        }
+int ssl2_write(s, buf, len)
+SSL *s;
+char *buf;
+int len;
+        {
+        unsigned int n,tot;
+        int i;
+        if (SSL_in_init(s) && !s->in_handshake)
+                {
+                i=s->handshake_func(s);
+                if (i < 0) return(i);
+                if (i == 0)
+                        {
+                        SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return(-1);
+                        }
+                }
+        if (s->error)
+                {
+                ssl2_write_error(s);
+                if (s->error)
+                        return(-1);
+                }
+        clear_sys_error();
+        s->rwstate=SSL_NOTHING;
+        if (len <= 0) return(len);
+        tot=s->s2->wnum;
+        s->s2->wnum=0;
+        n=(len-tot);
+        for (;;)
+                {
+                i=do_ssl_write(s,&(buf[tot]),n);
+                if (i <= 0)
+                        {
+                        s->s2->wnum=tot;
+                        return(i);
+                        }
+                if (i == (int)n) return(tot+i);
+                n-=i;
+                tot+=i;
+                }
+        }
+static int write_pending(s,buf,len)
+SSL *s;
+char *buf;
+unsigned int len;
+        {
+        int i;
+        /* s->s2->wpend_len != 0 MUST be true. */
+        /* check that they have given us the same buffer to
+         * write */
+        if ((s->s2->wpend_tot > (int)len) || (s->s2->wpend_buf != buf))
+                {
+                SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
+                return(-1);
+                }
+        for (;;)
+                {
+                clear_sys_error();
+                if (s->wbio != NULL)
+                        {
+                        s->rwstate=SSL_WRITING;
+                        i=BIO_write(s->wbio,
+                                (char *)&(s->s2->write_ptr[s->s2->wpend_off]),
+                                (unsigned int)s->s2->wpend_len);
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET);
+                        i= -1;
+                        }
+#ifdef PKT_DEBUG
+                if (s->debug & 0x01) sleep(1);
+#endif
+                if (i == s->s2->wpend_len)
+                        {
+                        s->s2->wpend_len=0;
+                        s->rwstate=SSL_NOTHING;
+                        return(s->s2->wpend_ret);
+                        }
+                else if (i <= 0)
+                        return(i);
+                s->s2->wpend_off+=i;
+                s->s2->wpend_len-=i;
+                }
+        }
+static int do_ssl_write(s, buf, len)
+SSL *s;
+char *buf;
+unsigned int len;
+        {
+        unsigned int j,k,olen,p,mac_size,bs;
+        register unsigned char *pp;
+        olen=len;
+        /* first check if there is data from an encryption waiting to
+         * be sent - it must be sent because the other end is waiting.
+         * This will happen with non-blocking IO.  We print it and then
+         * return.
+         */
+        if (s->s2->wpend_len != 0) return(write_pending(s,buf,len));
+        /* set mac_size to mac size */
+        if (s->s2->clear_text)
+                mac_size=0;
+        else
+                mac_size=EVP_MD_size(s->write_hash);
+        /* lets set the pad p */
+        if (s->s2->clear_text)
+                {
+                if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
+                        len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
+                p=0;
+                s->s2->three_byte_header=0;
+                /* len=len; */
+                }
+        else
+                {
+                bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
+                j=len+mac_size;
+                if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
+                        (!s->s2->escape))
+                        {
+                        if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
+                                j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
+                        /* set k to the max number of bytes with 2
+                         * byte header */
+                        k=j-(j%bs);
+                        /* how many data bytes? */
+                        len=k-mac_size; 
+                        s->s2->three_byte_header=0;
+                        p=0;
+                        }
+                else if ((bs <= 1) && (!s->s2->escape))
+                        {
+                        /* len=len; */
+                        s->s2->three_byte_header=0;
+                        p=0;
+                        }
+                else /* 3 byte header */
+                        {
+                        /*len=len; */
+                        p=(j%bs);
+                        p=(p == 0)?0:(bs-p);
+                        if (s->s2->escape)
+                                s->s2->three_byte_header=1;
+                        else
+                                s->s2->three_byte_header=(p == 0)?0:1;
+                        }
+                }
+        /* mac_size is the number of MAC bytes
+         * len is the number of data bytes we are going to send
+         * p is the number of padding bytes
+         * if p == 0, it is a 2 byte header */
+        s->s2->wlength=len;
+        s->s2->padding=p;
+        s->s2->mac_data= &(s->s2->wbuf[3]);
+        s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
+        /* we copy the data into s->s2->wbuf */
+        memcpy(s->s2->wact_data,buf,len);
+#ifdef PURIFY
+        if (p)
+                memset(&(s->s2->wact_data[len]),0,p);
+#endif
+        if (!s->s2->clear_text)
+                {
+                s->s2->wact_data_length=len+p;
+                ssl2_mac(s,s->s2->mac_data,1);
+                s->s2->wlength+=p+mac_size;
+                ssl2_enc(s,1);
+                }
+        /* package up the header */
+        s->s2->wpend_len=s->s2->wlength;
+        if (s->s2->three_byte_header) /* 3 byte header */
+                {
+                pp=s->s2->mac_data;
+                pp-=3;
+                pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8);
+                if (s->s2->escape) pp[0]|=SEC_ESC_BIT;
+                pp[1]=s->s2->wlength&0xff;
+                pp[2]=s->s2->padding;
+                s->s2->wpend_len+=3;
+                }
+        else
+                {
+                pp=s->s2->mac_data;
+                pp-=2;
+                pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT;
+                pp[1]=s->s2->wlength&0xff;
+                s->s2->wpend_len+=2;
+                }
+        s->s2->write_ptr=pp;
+        
+        INC32(s->s2->write_sequence); /* expect next number */
+        /* lets try to actually write the data */
+        s->s2->wpend_tot=olen;
+        s->s2->wpend_buf=(char *)buf;
+        s->s2->wpend_ret=len;
+        s->s2->wpend_off=0;
+        return(write_pending(s,buf,olen));
+        }
+int ssl2_part_read(s,f,i)
+SSL *s;
+unsigned long f;
+int i;
+        {
+        unsigned char *p;
+        int j;
+        /* check for error */
+        if ((s->init_num == 0) && (i >= 3))
+                {
+                p=(unsigned char *)s->init_buf->data;
+                if (p[0] == SSL2_MT_ERROR)
+                        {
+                        j=(p[1]<<8)|p[2];
+                        SSLerr((int)f,ssl_mt_error(j));
+                        }
+                }
+        if (i < 0)
+                {
+                /* ssl2_return_error(s); */
+                /* for non-blocking io,
+                 * this is not fatal */
+                return(i);
+                }
+        else
+                {
+                s->init_num+=i;
+                return(0);
+                }
+        }
+int ssl2_do_write(s)
+SSL *s;
+        {
+        int ret;
+        ret=ssl2_write(s,(char *)&(s->init_buf->data[s->init_off]),
+                s->init_num);
+        if (ret == s->init_num)
+                return(1);
+        if (ret < 0)
+                return(-1);
+        s->init_off+=ret;
+        s->init_num-=ret;
+        return(0);
+        }
+static int ssl_mt_error(n)
+int n;
+        {
+        int ret;
+        switch (n)
+                {
+        case SSL2_PE_NO_CIPHER:
+                ret=SSL_R_PEER_ERROR_NO_CIPHER;
+                break;
+        case SSL2_PE_NO_CERTIFICATE:
+                ret=SSL_R_PEER_ERROR_NO_CERTIFICATE;
+                break;
+        case SSL2_PE_BAD_CERTIFICATE:
+                ret=SSL_R_PEER_ERROR_CERTIFICATE;
+                break;
+        case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE:
+                ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE;
+                break;
+        default:
+                ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE;
+                break;
+                }
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c
new file mode 100644
index 0000000000..c6c8ea32f1
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s2_srvr.c
@@ -0,0 +1,964 @@
+/* ssl/s2_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bio.h"
+#include "rand.h"
+#include "objects.h"
+#include "ssl_locl.h"
+#include "evp.h"
+#ifndef NOPROTO
+static int get_client_master_key(SSL *s);
+static int get_client_hello(SSL *s);
+static int server_hello(SSL *s); 
+static int get_client_finished(SSL *s);
+static int server_verify(SSL *s);
+static int server_finish(SSL *s);
+static int request_certificate(SSL *s);
+static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
+        unsigned char *to,int padding);
+#else
+static int get_client_master_key();
+static int get_client_hello();
+static int server_hello(); 
+static int get_client_finished();
+static int server_verify();
+static int server_finish();
+static int request_certificate();
+static int ssl_rsa_private_decrypt();
+#endif
+#define BREAK   break
+static SSL_METHOD *ssl2_get_server_method(ver)
+int ver;
+        {
+        if (ver == SSL2_VERSION)
+                return(SSLv2_server_method());
+        else
+                return(NULL);
+        }
+SSL_METHOD *SSLv2_server_method()
+        {
+        static int init=1;
+        static SSL_METHOD SSLv2_server_data;
+        if (init)
+                {
+                init=0;
+                memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+                        sizeof(SSL_METHOD));
+                SSLv2_server_data.ssl_accept=ssl2_accept;
+                SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+                }
+        return(&SSLv2_server_data);
+        }
+int ssl2_accept(s)
+SSL *s;
+        {
+        unsigned long l=time(NULL);
+        BUF_MEM *buf=NULL;
+        int ret= -1;
+        long num1;
+        void (*cb)()=NULL;
+        int new_state,state;
+        RAND_seed((unsigned char *)&l,sizeof(l));
+        ERR_clear_error();
+        clear_sys_error();
+        if (s->info_callback != NULL)
+                cb=s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+                cb=s->ctx->info_callback;
+        /* init things to blank */
+        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+        s->in_handshake++;
+        if (((s->session == NULL) || (s->session->cert == NULL)) &&
+                (s->cert == NULL))
+                {
+                SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
+                return(-1);
+                }
+        clear_sys_error();
+        for (;;)
+                {
+                state=s->state;
+                switch (s->state)
+                        {
+                case SSL_ST_BEFORE:
+                case SSL_ST_ACCEPT:
+                case SSL_ST_BEFORE|SSL_ST_ACCEPT:
+                case SSL_ST_OK|SSL_ST_ACCEPT:
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+                        s->version=SSL2_VERSION;
+                        s->type=SSL_ST_ACCEPT;
+                        buf=s->init_buf;
+                        if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
+                                { ret= -1; goto end; }
+                        if (!BUF_MEM_grow(buf,(int)
+                                SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+                                { ret= -1; goto end; }
+                        s->init_buf=buf;
+                        s->init_num=0;
+                        s->ctx->sess_accept++;
+                        s->handshake_func=ssl2_accept;
+                        s->state=SSL2_ST_GET_CLIENT_HELLO_A;
+                        BREAK;
+                case SSL2_ST_GET_CLIENT_HELLO_A:
+                case SSL2_ST_GET_CLIENT_HELLO_B:
+                case SSL2_ST_GET_CLIENT_HELLO_C:
+                        s->shutdown=0;
+                        ret=get_client_hello(s);
+                        if (ret <= 0) goto end;
+                        s->init_num=0;
+                        s->state=SSL2_ST_SEND_SERVER_HELLO_A;
+                        BREAK;
+                case SSL2_ST_SEND_SERVER_HELLO_A:
+                case SSL2_ST_SEND_SERVER_HELLO_B:
+                        ret=server_hello(s);
+                        if (ret <= 0) goto end;
+                        s->init_num=0;
+                        if (!s->hit)
+                                {
+                                s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_A;
+                                BREAK;
+                                }
+                        else
+                                {
+                                s->state=SSL2_ST_SERVER_START_ENCRYPTION;
+                                BREAK;
+                                }
+                case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
+                case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
+                        ret=get_client_master_key(s);
+                        if (ret <= 0) goto end;
+                        s->init_num=0;
+                        s->state=SSL2_ST_SERVER_START_ENCRYPTION;
+                        BREAK;
+                case SSL2_ST_SERVER_START_ENCRYPTION:
+                        /* Ok we how have sent all the stuff needed to
+                         * start encrypting, the next packet back will
+                         * be encrypted. */
+                        if (!ssl2_enc_init(s,0))
+                                { ret= -1; goto end; }
+                        s->s2->clear_text=0;
+                        s->state=SSL2_ST_SEND_SERVER_VERIFY_A;
+                        BREAK;
+                case SSL2_ST_SEND_SERVER_VERIFY_A:
+                case SSL2_ST_SEND_SERVER_VERIFY_B:
+                        ret=server_verify(s);
+                        if (ret <= 0) goto end;
+                        s->init_num=0;
+                        if (s->hit)
+                                {
+                                /* If we are in here, we have been
+                                 * buffering the output, so we need to
+                                 * flush it and remove buffering from
+                                 * future traffic */
+                                s->state=SSL2_ST_SEND_SERVER_VERIFY_C;
+                                BREAK;
+                                }
+                        else
+                                {
+                                s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
+                                break;
+                                }
+                case SSL2_ST_SEND_SERVER_VERIFY_C:
+                        /* get the number of bytes to write */
+                        num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+                        if (num1 != 0)
+                                {
+                                s->rwstate=SSL_WRITING;
+                                num1=BIO_flush(s->wbio);
+                                if (num1 <= 0) { ret= -1; goto end; }
+                                s->rwstate=SSL_NOTHING;
+                                }
+                        /* flushed and now remove buffering */
+                        s->wbio=BIO_pop(s->wbio);
+                        s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
+                        BREAK;
+                case SSL2_ST_GET_CLIENT_FINISHED_A:
+                case SSL2_ST_GET_CLIENT_FINISHED_B:
+                        ret=get_client_finished(s);
+                        if (ret <= 0)
+                                goto end;
+                        s->init_num=0;
+                        s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_A;
+                        BREAK;
+                case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
+                case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
+                case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
+                case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
+                        /* don't do a 'request certificate' if we
+                         * don't want to, or we already have one, and
+                         * we only want to do it once. */
+                        if (!(s->verify_mode & SSL_VERIFY_PEER) ||
+                                ((s->session->peer != NULL) &&
+                                (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
+                                {
+                                s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
+                                break;
+                                }
+                        else
+                                {
+                                ret=request_certificate(s);
+                                if (ret <= 0) goto end;
+                                s->init_num=0;
+                                s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
+                                }
+                        BREAK;
+                case SSL2_ST_SEND_SERVER_FINISHED_A:
+                case SSL2_ST_SEND_SERVER_FINISHED_B:
+                        ret=server_finish(s);
+                        if (ret <= 0) goto end;
+                        s->init_num=0;
+                        s->state=SSL_ST_OK;
+                        break;
+                case SSL_ST_OK:
+                        BUF_MEM_free(s->init_buf);
+                        s->init_buf=NULL;
+                        s->init_num=0;
+                /*      ERR_clear_error();*/
+                        ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+                        s->ctx->sess_accept_good++;
+                        /* s->server=1; */
+                        ret=1;
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+                        goto end;
+                        /* BREAK; */
+                default:
+                        SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE);
+                        ret= -1;
+                        goto end;
+                        /* BREAK; */
+                        }
+                
+                if ((cb != NULL) && (s->state != state))
+                        {
+                        new_state=s->state;
+                        s->state=state;
+                        cb(s,SSL_CB_ACCEPT_LOOP,1);
+                        s->state=new_state;
+                        }
+                }
+end:
+        s->in_handshake--;
+        if (cb != NULL)
+                cb(s,SSL_CB_ACCEPT_EXIT,ret);
+        return(ret);
+        }
+static int get_client_master_key(s)
+SSL *s;
+        {
+        int export,i,n,keya,error=0,ek;
+        unsigned char *p;
+        SSL_CIPHER *cp;
+        EVP_CIPHER *c;
+        EVP_MD *md;
+        p=(unsigned char *)s->init_buf->data;
+        if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A)
+                {
+                i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num);
+                if (i < (10-s->init_num))
+                        return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
+                if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY)
+                        {
+                        if (p[-1] != SSL2_MT_ERROR)
+                                {
+                                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
+                                }
+                        else
+                                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+                                        SSL_R_PEER_ERROR);
+                        return(-1);
+                        }
+                cp=ssl2_get_cipher_by_char(p);
+                if (cp == NULL)
+                        {
+                        ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+                        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+                                SSL_R_NO_CIPHER_MATCH);
+                        return(-1);
+                        }
+                s->session->cipher= cp;
+                p+=3;
+                n2s(p,i); s->s2->tmp.clear=i;
+                n2s(p,i); s->s2->tmp.enc=i;
+                n2s(p,i); s->session->key_arg_length=i;
+                s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
+                s->init_num=0;
+                }
+        /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
+        p=(unsigned char *)s->init_buf->data;
+        keya=s->session->key_arg_length;
+        n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
+        i=ssl2_read(s,(char *)&(p[s->init_num]),n);
+        if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
+        memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
+                (unsigned int)keya);
+        if (s->session->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)
+                {
+                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
+                return(-1);
+                }
+        i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
+                &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
+                (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
+        export=(s->session->cipher->algorithms & SSL_EXP)?1:0;
+        
+        if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
+                {
+                ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
+                return(0);
+                }
+        if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
+                {
+                export=1;
+                ek=8;
+                }
+        else
+                ek=5;
+        /* bad decrypt */
+#if 1
+        /* If a bad decrypt, continue with protocol but with a
+         * dud master secret */
+        if ((i < 0) ||
+                ((!export && (i != EVP_CIPHER_key_length(c)))
+                || ( export && ((i != ek) || (s->s2->tmp.clear+i !=
+                        EVP_CIPHER_key_length(c))))))
+                {
+                if (export)
+                        i=ek;
+                else
+                        i=EVP_CIPHER_key_length(c);
+                RAND_bytes(p,i);
+                }
+#else
+        if (i < 0)
+                {
+                error=1;
+                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT);
+                }
+        /* incorrect number of key bytes for non export cipher */
+        else if ((!export && (i != EVP_CIPHER_key_length(c)))
+                || ( export && ((i != ek) || (s->s2->tmp.clear+i !=
+                        EVP_CIPHER_key_length(c)))))
+                {
+                error=1;
+                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_WRONG_NUMBER_OF_KEY_BITS);
+                }
+        if (error)
+                {
+                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                return(-1);
+                }
+#endif
+        if (export) i+=s->s2->tmp.clear;
+        s->session->master_key_length=i;
+        memcpy(s->session->master_key,p,(unsigned int)i);
+        return(1);
+        }
+static int get_client_hello(s)
+SSL *s;
+        {
+        int i,n;
+        unsigned char *p;
+        STACK *cs; /* a stack of SSL_CIPHERS */
+        STACK *cl; /* the ones we want to use */
+        int z;
+        /* This is a bit of a hack to check for the correct packet
+         * type the first time round. */
+        if (s->state == SSL2_ST_GET_CLIENT_HELLO_A)
+                {
+                s->first_packet=1;
+                s->state=SSL2_ST_GET_CLIENT_HELLO_B;
+                }
+        p=(unsigned char *)s->init_buf->data;
+        if (s->state == SSL2_ST_GET_CLIENT_HELLO_B)
+                {
+                i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num);
+                if (i < (9-s->init_num)) 
+                        return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
+        
+                if (*(p++) != SSL2_MT_CLIENT_HELLO)
+                        {
+                        if (p[-1] != SSL2_MT_ERROR)
+                                {
+                                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                                SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_READ_WRONG_PACKET_TYPE);
+                                }
+                        else
+                                SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_PEER_ERROR);
+                        return(-1);
+                        }
+                n2s(p,i);
+                if (i < s->version) s->version=i;
+                n2s(p,i); s->s2->tmp.cipher_spec_length=i;
+                n2s(p,i); s->s2->tmp.session_id_length=i;
+                n2s(p,i); s->s2->challenge_length=i;
+                if (    (i < SSL2_MIN_CHALLENGE_LENGTH) ||
+                        (i > SSL2_MAX_CHALLENGE_LENGTH))
+                        {
+                        SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
+                        return(-1);
+                        }
+                s->state=SSL2_ST_GET_CLIENT_HELLO_C;
+                s->init_num=0;
+                }
+        /* SSL2_ST_GET_CLIENT_HELLO_C */
+        p=(unsigned char *)s->init_buf->data;
+        n=s->s2->tmp.cipher_spec_length+s->s2->challenge_length+
+                s->s2->tmp.session_id_length-s->init_num;
+        i=ssl2_read(s,(char *)&(p[s->init_num]),n);
+        if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
+        /* get session-id before cipher stuff so we can get out session
+         * structure if it is cached */
+        /* session-id */
+        if ((s->s2->tmp.session_id_length != 0) && 
+                (s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH))
+                {
+                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_BAD_SSL_SESSION_ID_LENGTH);
+                return(-1);
+                }
+        if (s->s2->tmp.session_id_length == 0)
+                {
+                if (!ssl_get_new_session(s,1))
+                        {
+                        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                        return(-1);
+                        }
+                }
+        else
+                {
+                i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]),
+                        s->s2->tmp.session_id_length);
+                if (i == 1)
+                        { /* previous session */
+                        s->hit=1;
+                        }
+                else if (i == -1)
+                        {
+                        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                        return(-1);
+                        }
+                else
+                        {
+                        if (s->cert == NULL)
+                                {
+                                ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
+                                SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_NO_CERTIFICATE_SET);
+                                return(-1);
+                                }
+                        if (!ssl_get_new_session(s,1))
+                                {
+                                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                                return(-1);
+                                }
+                        }
+                }
+        if (!s->hit)
+                {
+                cs=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.cipher_spec_length,
+                        &s->session->ciphers);
+                if (cs == NULL) goto mem_err;
+                cl=ssl_get_ciphers_by_id(s);
+                for (z=0; z<sk_num(cs); z++)
+                        {
+                        if (sk_find(cl,sk_value(cs,z)) < 0)
+                                {
+                                sk_delete(cs,z);
+                                z--;
+                                }
+                        }
+                /* s->session->ciphers should now have a list of
+                 * ciphers that are on both the client and server.
+                 * This list is ordered by the order the client sent
+                 * the ciphers.
+                 */
+                }
+        p+=s->s2->tmp.cipher_spec_length;
+        /* done cipher selection */
+        /* session id extracted already */
+        p+=s->s2->tmp.session_id_length;
+        /* challenge */
+        memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
+        return(1);
+mem_err:
+        SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
+        return(0);
+        }
+static int server_hello(s)
+SSL *s;
+        {
+        unsigned char *p,*d;
+        int n,hit;
+        STACK *sk;
+        p=(unsigned char *)s->init_buf->data;
+        if (s->state == SSL2_ST_SEND_SERVER_HELLO_A)
+                {
+                d=p+11;
+                *(p++)=SSL2_MT_SERVER_HELLO;            /* type */
+                hit=s->hit;
+                *(p++)=(unsigned char)hit;
+                if (!hit)
+                        {                       /* else add cert to session */
+                        CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
+                        if (s->session->cert != NULL)
+                                ssl_cert_free(s->session->cert);
+                        s->session->cert=s->cert;               
+                        }
+                else    /* We have a session id-cache hit, if the
+                         * session-id has no certificate listed against
+                         * the 'cert' structure, grab the 'old' one
+                         * listed against the SSL connection */
+                        {
+                        if (s->session->cert == NULL)
+                                {
+                                CRYPTO_add(&s->cert->references,1,
+                                        CRYPTO_LOCK_SSL_CERT);
+                                s->session->cert=s->cert;
+                                }
+                        }
+                if (s->session->cert == NULL)
+                        {
+                        ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
+                        SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED);
+                        return(-1);
+                        }
+                if (hit)
+                        {
+                        *(p++)=0;               /* no certificate type */
+                        s2n(s->version,p);      /* version */
+                        s2n(0,p);               /* cert len */
+                        s2n(0,p);               /* ciphers len */
+                        }
+                else
+                        {
+                        /* EAY EAY */
+                        /* put certificate type */
+                        *(p++)=SSL2_CT_X509_CERTIFICATE;
+                        s2n(s->version,p);      /* version */
+                        n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
+                        s2n(n,p);               /* certificate length */
+                        i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d);
+                        n=0;
+                        
+                        /* lets send out the ciphers we like in the
+                         * prefered order */
+                        sk= s->session->ciphers;
+                        n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d);
+                        d+=n;
+                        s2n(n,p);               /* add cipher length */
+                        }
+                /* make and send conn_id */
+                s2n(SSL2_CONNECTION_ID_LENGTH,p);       /* add conn_id length */
+                s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
+                RAND_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
+                memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
+                d+=SSL2_CONNECTION_ID_LENGTH;
+                s->state=SSL2_ST_SEND_SERVER_HELLO_B;
+                s->init_num=d-(unsigned char *)s->init_buf->data;
+                s->init_off=0;
+                }
+        /* SSL2_ST_SEND_SERVER_HELLO_B */
+        /* If we are using TCP/IP, the performace is bad if we do 2
+         * writes without a read between them.  This occurs when
+         * Session-id reuse is used, so I will put in a buffering module
+         */
+        if (s->hit)
+                {
+                if (!ssl_init_wbio_buffer(s,1)) return(-1);
+                }
+ 
+        return(ssl2_do_write(s));
+        }
+static int get_client_finished(s)
+SSL *s;
+        {
+        unsigned char *p;
+        int i;
+        p=(unsigned char *)s->init_buf->data;
+        if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
+                {
+                i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
+                if (i < 1-s->init_num)
+                        return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
+                if (*p != SSL2_MT_CLIENT_FINISHED)
+                        {
+                        if (*p != SSL2_MT_ERROR)
+                                {
+                                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                                SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
+                                }
+                        else
+                                SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
+                        return(-1);
+                        }
+                s->init_num=0;
+                s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
+                }
+        /* SSL2_ST_GET_CLIENT_FINISHED_B */
+        i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
+        if (i < (int)s->s2->conn_id_length-s->init_num)
+                {
+                return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
+                }
+        if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
+                {
+                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
+                return(-1);
+                }
+        return(1);
+        }
+static int server_verify(s)
+SSL *s;
+        {
+        unsigned char *p;
+        if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A)
+                {
+                p=(unsigned char *)s->init_buf->data;
+                *(p++)=SSL2_MT_SERVER_VERIFY;
+                memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
+                /* p+=s->s2->challenge_length; */
+                s->state=SSL2_ST_SEND_SERVER_VERIFY_B;
+                s->init_num=s->s2->challenge_length+1;
+                s->init_off=0;
+                }
+        return(ssl2_do_write(s));
+        }
+static int server_finish(s)
+SSL *s;
+        {
+        unsigned char *p;
+        if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A)
+                {
+                p=(unsigned char *)s->init_buf->data;
+                *(p++)=SSL2_MT_SERVER_FINISHED;
+                memcpy(p,s->session->session_id,
+                        (unsigned int)s->session->session_id_length);
+                /* p+=s->session->session_id_length; */
+                s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
+                s->init_num=s->session->session_id_length+1;
+                s->init_off=0;
+                }
+        /* SSL2_ST_SEND_SERVER_FINISHED_B */
+        return(ssl2_do_write(s));
+        }
+/* send the request and check the response */
+static int request_certificate(s)
+SSL *s;
+        {
+        unsigned char *p,*p2,*buf2;
+        unsigned char *ccd;
+        int i,j,ctype,ret= -1;
+        X509 *x509=NULL;
+        STACK *sk=NULL;
+        ccd=s->s2->tmp.ccl;
+        if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A)
+                {
+                p=(unsigned char *)s->init_buf->data;
+                *(p++)=SSL2_MT_REQUEST_CERTIFICATE;
+                *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
+                RAND_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+                memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+                s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
+                s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2;
+                s->init_off=0;
+                }
+        if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B)
+                {
+                i=ssl2_do_write(s);
+                if (i <= 0)
+                        {
+                        ret=i;
+                        goto end;
+                        }
+                s->init_num=0;
+                s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_C;
+                }
+        if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)
+                {
+                p=(unsigned char *)s->init_buf->data;
+                i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num);
+                if (i < 3)
+                        {
+                        ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
+                        goto end;
+                        }
+                if ((*p == SSL2_MT_ERROR) && (i >= 3))
+                        {
+                        n2s(p,i);
+                        if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+                                {
+                                ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
+                                SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+                                goto end;
+                                }
+                        ret=1;
+                        goto end;
+                        }
+                if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (i < 6))
+                        {
+                        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                        SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ);
+                        goto end;
+                        }
+                /* ok we have a response */
+                /* certificate type, there is only one right now. */
+                ctype= *(p++);
+                if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
+                        {
+                        ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
+                        SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_RESPONSE_ARGUMENT);
+                        goto end;
+                        }
+                n2s(p,i); s->s2->tmp.clen=i;
+                n2s(p,i); s->s2->tmp.rlen=i;
+                s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
+                s->init_num=0;
+                }
+        /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
+        p=(unsigned char *)s->init_buf->data;
+        j=s->s2->tmp.clen+s->s2->tmp.rlen-s->init_num;
+        i=ssl2_read(s,(char *)&(p[s->init_num]),j);
+        if (i < j) 
+                {
+                ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
+                goto end;
+                }
+        x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
+        if (x509 == NULL)
+                {
+                SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB);
+                goto msg_end;
+                }
+        if (((sk=sk_new_null()) == NULL) || (!sk_push(sk,(char *)x509)))
+                {
+                SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                goto msg_end;
+                }
+        i=ssl_verify_cert_chain(s,sk);
+        if (i)  /* we like the packet, now check the chksum */
+                {
+                EVP_MD_CTX ctx;
+                EVP_PKEY *pkey=NULL;
+                EVP_VerifyInit(&ctx,s->ctx->rsa_md5);
+                EVP_VerifyUpdate(&ctx,s->s2->key_material,
+                        (unsigned int)s->s2->key_material_length);
+                EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+                i=i2d_X509(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
+                buf2=(unsigned char *)Malloc((unsigned int)i);
+                if (buf2 == NULL)
+                        {
+                        SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                        goto msg_end;
+                        }
+                p2=buf2;
+                i=i2d_X509(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
+                EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
+                Free(buf2);
+                pkey=X509_get_pubkey(x509);
+                if (pkey == NULL) goto end;
+                i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
+                memset(&ctx,0,sizeof(ctx));
+                if (i) 
+                        {
+                        if (s->session->peer != NULL)
+                                X509_free(s->session->peer);
+                        s->session->peer=x509;
+                        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+                        ret=1;
+                        goto end;
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_CHECKSUM);
+                        goto msg_end;
+                        }
+                }
+        else
+                {
+msg_end:
+                ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
+                }
+end:
+        if (sk != NULL) sk_free(sk);
+        if (x509 != NULL) X509_free(x509);
+        return(ret);
+        }
+static int ssl_rsa_private_decrypt(c, len, from, to,padding)
+CERT *c;
+int len;
+unsigned char *from;
+unsigned char *to;
+int padding;
+        {
+        RSA *rsa;
+        int i;
+        if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL))
+                {
+                SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_NO_PRIVATEKEY);
+                return(-1);
+                }
+        if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA)
+                {
+                SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
+                return(-1);
+                }
+        rsa=c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa;
+        /* we have the public key */
+        i=RSA_private_decrypt(len,from,to,rsa,padding);
+        if (i < 0)
+                SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
+        return(i);
+        }
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
new file mode 100644
index 0000000000..6de62e1591
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -0,0 +1,469 @@
+/* ssl/s3_both.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "buffer.h"
+#include "rand.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+#include "ssl_locl.h"
+#define BREAK   break
+/* SSL3err(SSL_F_SSL3_GET_FINISHED,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ */
+int ssl3_send_finished(s,a,b,sender,slen)
+SSL *s;
+int a;
+int b;
+unsigned char *sender;
+int slen;
+        {
+        unsigned char *p,*d;
+        int i;
+        unsigned long l;
+        if (s->state == a)
+                {
+                d=(unsigned char *)s->init_buf->data;
+                p= &(d[4]);
+                i=s->method->ssl3_enc->final_finish_mac(s,
+                        &(s->s3->finish_dgst1),
+                        &(s->s3->finish_dgst2),
+                        sender,slen,p);
+                p+=i;
+                l=i;
+                *(d++)=SSL3_MT_FINISHED;
+                l2n3(l,d);
+                s->init_num=(int)l+4;
+                s->init_off=0;
+                s->state=b;
+                }
+        /* SSL3_ST_SEND_xxxxxx_HELLO_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+int ssl3_get_finished(s,a,b)
+SSL *s;
+int a;
+int b;
+        {
+        int al,i,ok;
+        long n;
+        unsigned char *p;
+        /* the mac has already been generated when we received the
+         * change cipher spec message and is in s->s3->tmp.in_dgst[12]
+         */ 
+        n=ssl3_get_message(s,
+                a,
+                b,
+                SSL3_MT_FINISHED,
+                64, /* should actually be 36+4 :-) */
+                &ok);
+        if (!ok) return((int)n);
+        /* If this occurs if we has missed a message */
+        if (!s->s3->change_cipher_spec)
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
+                goto f_err;
+                }
+        s->s3->change_cipher_spec=0;
+        p=(unsigned char *)s->init_buf->data;
+        i=s->method->ssl3_enc->finish_mac_length;
+        if (i != n)
+                {
+                al=SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
+                goto f_err;
+                }
+        if (memcmp(  p,    (char *)&(s->s3->tmp.finish_md[0]),i) != 0)
+                {
+                al=SSL_AD_DECRYPT_ERROR;
+                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
+                goto f_err;
+                }
+        return(1);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+        return(0);
+        }
+/* for these 2 messages, we need to
+ * ssl->enc_read_ctx                    re-init
+ * ssl->s3->read_sequence               zero
+ * ssl->s3->read_mac_secret             re-init
+ * ssl->session->read_sym_enc           assign
+ * ssl->session->read_compression       assign
+ * ssl->session->read_hash              assign
+ */
+int ssl3_send_change_cipher_spec(s,a,b)
+SSL *s;
+int a,b;
+        { 
+        unsigned char *p;
+        if (s->state == a)
+                {
+                p=(unsigned char *)s->init_buf->data;
+                *p=SSL3_MT_CCS;
+                s->init_num=1;
+                s->init_off=0;
+                s->state=b;
+                }
+        /* SSL3_ST_CW_CHANGE_B */
+        return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
+        }
+unsigned long ssl3_output_cert_chain(s,x)
+SSL *s;
+X509 *x;
+        {
+        unsigned char *p;
+        int n,i;
+        unsigned long l=7;
+        BUF_MEM *buf;
+        X509_STORE_CTX xs_ctx;
+        X509_OBJECT obj;
+        /* TLSv1 sends a chain with nothing in it, instead of an alert */
+        buf=s->init_buf;
+        if (!BUF_MEM_grow(buf,(int)(10)))
+                {
+                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+                return(0);
+                }
+        if (x != NULL)
+                {
+                X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL);
+                for (;;)
+                        {
+                        n=i2d_X509(x,NULL);
+                        if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+                                {
+                                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+                                return(0);
+                                }
+                        p=(unsigned char *)&(buf->data[l]);
+                        l2n3(n,p);
+                        i2d_X509(x,&p);
+                        l+=n+3;
+                        if (X509_NAME_cmp(X509_get_subject_name(x),
+                                X509_get_issuer_name(x)) == 0) break;
+                        i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
+                                X509_get_issuer_name(x),&obj);
+                        if (i <= 0) break;
+                        x=obj.data.x509;
+                        /* Count is one too high since the X509_STORE_get uped the
+                         * ref count */
+                        X509_free(x);
+                        }
+                X509_STORE_CTX_cleanup(&xs_ctx);
+                }
+        l-=7;
+        p=(unsigned char *)&(buf->data[4]);
+        l2n3(l,p);
+        l+=3;
+        p=(unsigned char *)&(buf->data[0]);
+        *(p++)=SSL3_MT_CERTIFICATE;
+        l2n3(l,p);
+        l+=4;
+        return(l);
+        }
+long ssl3_get_message(s,st1,stn,mt,max,ok)
+SSL *s;
+int st1,stn,mt;
+long max;
+int *ok;
+        {
+        unsigned char *p;
+        unsigned long l;
+        long n;
+        int i,al;
+        if (s->s3->tmp.reuse_message)
+                {
+                s->s3->tmp.reuse_message=0;
+                if ((mt >= 0) && (s->s3->tmp.message_type != mt))
+                        {
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
+                        goto f_err;
+                        }
+                *ok=1;
+                return((int)s->s3->tmp.message_size);
+                }
+        p=(unsigned char *)s->init_buf->data;
+        if (s->state == st1)
+                {
+                i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,
+                        (char *)&(p[s->init_num]),
+                        4-s->init_num);
+                if (i < (4-s->init_num))
+                        {
+                        *ok=0;
+                        return(ssl3_part_read(s,i));
+                        }
+                if ((mt >= 0) && (*p != mt))
+                        {
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
+                        goto f_err;
+                        }
+                s->s3->tmp.message_type= *(p++);
+                n2l3(p,l);
+                if (l > (unsigned long)max)
+                        {
+                        al=SSL_AD_ILLEGAL_PARAMETER;
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                        goto f_err;
+                        }
+                if (l && !BUF_MEM_grow(s->init_buf,(int)l))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
+                        goto err;
+                        }
+                s->s3->tmp.message_size=l;
+                s->state=stn;
+                s->init_num=0;
+                }
+        /* next state (stn) */
+        p=(unsigned char *)s->init_buf->data;
+        n=s->s3->tmp.message_size;
+        if (n > 0)
+                {
+                i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,
+                        (char *)&(p[s->init_num]),(int)n);
+                if (i != (int)n)
+                        {
+                        *ok=0;
+                        return(ssl3_part_read(s,i));
+                        }
+                }
+        *ok=1;
+        return(n);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        *ok=0;
+        return(-1);
+        }
+int ssl_cert_type(x,pkey)
+X509 *x;
+EVP_PKEY *pkey;
+        {
+        EVP_PKEY *pk;
+        int ret= -1,i,j;
+        if (pkey == NULL)
+                pk=X509_get_pubkey(x);
+        else
+                pk=pkey;
+        if (pk == NULL) goto err;
+        i=pk->type;
+        if (i == EVP_PKEY_RSA)
+                {
+                ret=SSL_PKEY_RSA_ENC;
+                if (x != NULL)
+                        {
+                        j=X509_get_ext_count(x);
+                        /* check to see if this is a signing only certificate */
+                        /* EAY EAY EAY EAY */
+                        }
+                }
+        else if (i == EVP_PKEY_DSA)
+                {
+                ret=SSL_PKEY_DSA_SIGN;
+                }
+        else if (i == EVP_PKEY_DH)
+                {
+                /* if we just have a key, we needs to be guess */
+                if (x == NULL)
+                        ret=SSL_PKEY_DH_DSA;
+                else
+                        {
+                        j=X509_get_signature_type(x);
+                        if (j == EVP_PKEY_RSA)
+                                ret=SSL_PKEY_DH_RSA;
+                        else if (j== EVP_PKEY_DSA)
+                                ret=SSL_PKEY_DH_DSA;
+                        else ret= -1;
+                        }
+                }
+        else
+                ret= -1;
+err:
+        return(ret);
+        }
+int ssl_verify_alarm_type(type)
+long type;
+        {
+        int al;
+        switch(type)
+                {
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        case X509_V_ERR_UNABLE_TO_GET_CRL:
+                al=SSL_AD_UNKNOWN_CA;
+                break;
+        case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+        case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+        case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+        case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_CRL_NOT_YET_VALID:
+                al=SSL_AD_BAD_CERTIFICATE;
+                break;
+        case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+        case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+                al=SSL_AD_DECRYPT_ERROR;
+                break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_CRL_HAS_EXPIRED:
+                al=SSL_AD_CERTIFICATE_EXPIRED;
+                break;
+        case X509_V_ERR_CERT_REVOKED:
+                al=SSL_AD_CERTIFICATE_REVOKED;
+                break;
+        case X509_V_ERR_OUT_OF_MEM:
+                al=SSL_AD_INTERNAL_ERROR;
+                break;
+        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+        case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+        case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+        case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+                al=SSL_AD_UNKNOWN_CA;
+                break;
+        case X509_V_ERR_APPLICATION_VERIFICATION:
+                al=SSL_AD_HANDSHAKE_FAILURE;
+                break;
+        default:
+                al=SSL_AD_CERTIFICATE_UNKNOWN;
+                break;
+                }
+        return(al);
+        }
+int ssl3_setup_buffers(s)
+SSL *s;
+        {
+        unsigned char *p;
+        unsigned int extra;
+        if (s->s3->rbuf.buf == NULL)
+                {
+                if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+                        extra=SSL3_RT_MAX_EXTRA;
+                else
+                        extra=0;
+                if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE+extra))
+                        == NULL)
+                        goto err;
+                s->s3->rbuf.buf=p;
+                }
+        if (s->s3->wbuf.buf == NULL)
+                {
+                if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE))
+                        == NULL)
+                        goto err;
+                s->s3->wbuf.buf=p;
+                }
+        s->packet= &(s->s3->rbuf.buf[0]);
+        return(1);
+err:
+        SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE);
+        return(0);
+        }
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
new file mode 100644
index 0000000000..940c6a458f
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -0,0 +1,1678 @@
+/* ssl/s3_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "buffer.h"
+#include "rand.h"
+#include "objects.h"
+#include "evp.h"
+#include "ssl_locl.h"
+#define BREAK break
+/* SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
+ * SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+ * SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
+ * SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+ * SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
+ * SSLerr(SSL_F_SSL3_GET_SERVER_DONE,ERR_R_MALLOC_FAILURE);
+SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
+ */
+#ifndef NOPROTO
+static int ssl3_client_hello(SSL *s);
+static int ssl3_get_server_hello(SSL *s);
+static int ssl3_get_certificate_request(SSL *s);
+static int ca_dn_cmp(X509_NAME **a,X509_NAME **b);
+static int ssl3_get_server_done(SSL *s);
+static int ssl3_send_client_verify(SSL *s);
+static int ssl3_send_client_certificate(SSL *s);
+static int ssl3_send_client_key_exchange(SSL *s);
+static int ssl3_get_key_exchange(SSL *s);
+static int ssl3_get_server_certificate(SSL *s);
+static int ssl3_check_cert_and_algorithm(SSL *s);
+#else
+static int ssl3_client_hello();
+static int ssl3_get_server_hello();
+static int ssl3_get_certificate_request();
+static int ca_dn_cmp();
+static int ssl3_get_server_done();
+static int ssl3_send_client_verify();
+static int ssl3_send_client_certificate();
+static int ssl3_send_client_key_exchange();
+static int ssl3_get_key_exchange();
+static int ssl3_get_server_certificate();
+static int ssl3_check_cert_and_algorithm();
+#endif
+static SSL_METHOD *ssl3_get_client_method(ver)
+int ver;
+        {
+        if (ver == SSL3_VERSION)
+                return(SSLv3_client_method());
+        else
+                return(NULL);
+        }
+SSL_METHOD *SSLv3_client_method()
+        {
+        static int init=1;
+        static SSL_METHOD SSLv3_client_data;
+        if (init)
+                {
+                init=0;
+                memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+                        sizeof(SSL_METHOD));
+                SSLv3_client_data.ssl_connect=ssl3_connect;
+                SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+                }
+        return(&SSLv3_client_data);
+        }
+int ssl3_connect(s)
+SSL *s;
+        {
+        BUF_MEM *buf;
+        unsigned long Time=time(NULL),l;
+        long num1;
+        void (*cb)()=NULL;
+        int ret= -1;
+        BIO *under;
+        int new_state,state,skip=0;;
+        RAND_seed((unsigned char *)&Time,sizeof(Time));
+        ERR_clear_error();
+        clear_sys_error();
+        if (s->info_callback != NULL)
+                cb=s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+                cb=s->ctx->info_callback;
+        
+        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+        s->in_handshake++;
+        for (;;)
+                {
+                state=s->state;
+                switch(s->state)
+                        {
+                case SSL_ST_RENEGOTIATE:
+                        s->new_session=1;
+                        s->state=SSL_ST_CONNECT;
+                        s->ctx->sess_connect_renegotiate++;
+                        /* break */
+                case SSL_ST_BEFORE:
+                case SSL_ST_CONNECT:
+                case SSL_ST_BEFORE|SSL_ST_CONNECT:
+                case SSL_ST_OK|SSL_ST_CONNECT:
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+                        if ((s->version & 0xff00 ) != 0x0300)
+                                abort();
+                        /* s->version=SSL3_VERSION; */
+                        s->type=SSL_ST_CONNECT;
+                        if (s->init_buf == NULL)
+                                {
+                                if ((buf=BUF_MEM_new()) == NULL)
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                s->init_buf=buf;
+                                }
+                        if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+                        /* setup buffing BIO */
+                        if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
+                        /* don't push the buffering BIO quite yet */
+                        ssl3_init_finished_mac(s);
+                        s->state=SSL3_ST_CW_CLNT_HELLO_A;
+                        s->ctx->sess_connect++;
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_CW_CLNT_HELLO_A:
+                case SSL3_ST_CW_CLNT_HELLO_B:
+                        s->shutdown=0;
+                        ret=ssl3_client_hello(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CR_SRVR_HELLO_A;
+                        s->init_num=0;
+                        /* turn on buffering for the next lot of output */
+                        if (s->bbio != s->wbio)
+                                s->wbio=BIO_push(s->bbio,s->wbio);
+                        break;
+                case SSL3_ST_CR_SRVR_HELLO_A:
+                case SSL3_ST_CR_SRVR_HELLO_B:
+                        ret=ssl3_get_server_hello(s);
+                        if (ret <= 0) goto end;
+                        if (s->hit)
+                                s->state=SSL3_ST_CR_FINISHED_A;
+                        else
+                                s->state=SSL3_ST_CR_CERT_A;
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_CR_CERT_A:
+                case SSL3_ST_CR_CERT_B:
+                        /* Check if it is anon DH */
+                        if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+                                {
+                                ret=ssl3_get_server_certificate(s);
+                                if (ret <= 0) goto end;
+                                }
+                        else
+                                skip=1;
+                        s->state=SSL3_ST_CR_KEY_EXCH_A;
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_CR_KEY_EXCH_A:
+                case SSL3_ST_CR_KEY_EXCH_B:
+                        ret=ssl3_get_key_exchange(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CR_CERT_REQ_A;
+                        s->init_num=0;
+                        /* at this point we check that we have the
+                         * required stuff from the server */
+                        if (!ssl3_check_cert_and_algorithm(s))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+                        break;
+                case SSL3_ST_CR_CERT_REQ_A:
+                case SSL3_ST_CR_CERT_REQ_B:
+                        ret=ssl3_get_certificate_request(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CR_SRVR_DONE_A;
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_CR_SRVR_DONE_A:
+                case SSL3_ST_CR_SRVR_DONE_B:
+                        ret=ssl3_get_server_done(s);
+                        if (ret <= 0) goto end;
+                        if (s->s3->tmp.cert_req)
+                                s->state=SSL3_ST_CW_CERT_A;
+                        else
+                                s->state=SSL3_ST_CW_KEY_EXCH_A;
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_CW_CERT_A:
+                case SSL3_ST_CW_CERT_B:
+                case SSL3_ST_CW_CERT_C:
+                        ret=ssl3_send_client_certificate(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CW_KEY_EXCH_A;
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_CW_KEY_EXCH_A:
+                case SSL3_ST_CW_KEY_EXCH_B:
+                        ret=ssl3_send_client_key_exchange(s);
+                        if (ret <= 0) goto end;
+                        l=s->s3->tmp.new_cipher->algorithms;
+                        /* EAY EAY EAY need to check for DH fix cert
+                         * sent back */
+                        /* For TLS, cert_req is set to 2, so a cert chain
+                         * of nothing is sent, but no verify packet is sent */
+                        if (s->s3->tmp.cert_req == 1)
+                                {
+                                s->state=SSL3_ST_CW_CERT_VRFY_A;
+                                }
+                        else
+                                {
+                                s->state=SSL3_ST_CW_CHANGE_A;
+                                s->s3->change_cipher_spec=0;
+                                }
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_CW_CERT_VRFY_A:
+                case SSL3_ST_CW_CERT_VRFY_B:
+                        ret=ssl3_send_client_verify(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CW_CHANGE_A;
+                        s->init_num=0;
+                        s->s3->change_cipher_spec=0;
+                        break;
+                case SSL3_ST_CW_CHANGE_A:
+                case SSL3_ST_CW_CHANGE_B:
+                        ret=ssl3_send_change_cipher_spec(s,
+                                SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CW_FINISHED_A;
+                        s->init_num=0;
+                        s->session->cipher=s->s3->tmp.new_cipher;
+                        if (!s->method->ssl3_enc->setup_key_block(s))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+                        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                SSL3_CHANGE_CIPHER_CLIENT_WRITE))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+                        break;
+                case SSL3_ST_CW_FINISHED_A:
+                case SSL3_ST_CW_FINISHED_B:
+                        ret=ssl3_send_finished(s,
+                                SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
+                                s->method->ssl3_enc->client_finished,
+                                s->method->ssl3_enc->client_finished_len);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CW_FLUSH;
+                        /* clear flags */
+                        s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
+                        if (s->hit)
+                                {
+                                s->s3->tmp.next_state=SSL_ST_OK;
+                                if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
+                                        {
+                                        s->state=SSL_ST_OK;
+                                        s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
+                                        s->s3->delay_buf_pop_ret=0;
+                                        }
+                                }
+                        else
+                                {
+                                s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
+                                }
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_CR_FINISHED_A:
+                case SSL3_ST_CR_FINISHED_B:
+                        ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
+                                SSL3_ST_CR_FINISHED_B);
+                        if (ret <= 0) goto end;
+                        if (s->hit)
+                                s->state=SSL3_ST_CW_CHANGE_A;
+                        else
+                                s->state=SSL_ST_OK;
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_CW_FLUSH:
+                        /* number of bytes to be flushed */
+                        num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+                        if (num1 > 0)
+                                {
+                                s->rwstate=SSL_WRITING;
+                                num1=BIO_flush(s->wbio);
+                                if (num1 <= 0) { ret= -1; goto end; }
+                                s->rwstate=SSL_NOTHING;
+                                }
+                        s->state=s->s3->tmp.next_state;
+                        break;
+                case SSL_ST_OK:
+                        /* clean a few things up */
+                        ssl3_cleanup_key_block(s);
+                        BUF_MEM_free(s->init_buf);
+                        s->init_buf=NULL;
+                        if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+                                {
+                                /* remove buffering */
+                                under=BIO_pop(s->wbio);
+                                if (under != NULL)
+                                        s->wbio=under;
+                                else
+                                        abort(); /* ok */
+                                BIO_free(s->bbio);
+                                s->bbio=NULL;
+                                }
+                        /* else do it later */
+                        s->init_num=0;
+                        s->new_session=0;
+                        ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
+                        if (s->hit) s->ctx->sess_hit++;
+                        ret=1;
+                        /* s->server=0; */
+                        s->handshake_func=ssl3_connect;
+                        s->ctx->sess_connect_good++;
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+                        goto end;
+                        break;
+                        
+                default:
+                        SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
+                        ret= -1;
+                        goto end;
+                        /* break; */
+                        }
+                /* did we do anything */
+                if (!s->s3->tmp.reuse_message && !skip)
+                        {
+                        if (s->debug)
+                                {
+                                if ((ret=BIO_flush(s->wbio)) <= 0)
+                                        goto end;
+                                }
+                        if ((cb != NULL) && (s->state != state))
+                                {
+                                new_state=s->state;
+                                s->state=state;
+                                cb(s,SSL_CB_CONNECT_LOOP,1);
+                                s->state=new_state;
+                                }
+                        }
+                skip=0;
+                }
+end:
+        if (cb != NULL)
+                cb(s,SSL_CB_CONNECT_EXIT,ret);
+        s->in_handshake--;
+        return(ret);
+        }
+static int ssl3_client_hello(s)
+SSL *s;
+        {
+        unsigned char *buf;
+        unsigned char *p,*d;
+        int i;
+        unsigned long Time,l;
+        buf=(unsigned char *)s->init_buf->data;
+        if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
+                {
+                if ((s->session == NULL) ||
+                        (s->session->ssl_version != s->version))
+                        {
+                        if (!ssl_get_new_session(s,0))
+                                goto err;
+                        }
+                /* else use the pre-loaded session */
+                p=s->s3->client_random;
+                Time=time(NULL);                        /* Time */
+                l2n(Time,p);
+                RAND_bytes(&(p[4]),SSL3_RANDOM_SIZE-sizeof(Time));
+                /* Do the message type and length last */
+                d=p= &(buf[4]);
+                *(p++)=s->version>>8;
+                *(p++)=s->version&0xff;
+                /* Random stuff */
+                memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+                p+=SSL3_RANDOM_SIZE;
+                /* Session ID */
+                if (s->new_session)
+                        i=0;
+                else
+                        i=s->session->session_id_length;
+                *(p++)=i;
+                if (i != 0)
+                        {
+                        memcpy(p,s->session->session_id,i);
+                        p+=i;
+                        }
+                
+                /* Ciphers supported */
+                i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
+                if (i == 0)
+                        {
+                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+                        goto err;
+                        }
+                s2n(i,p);
+                p+=i;
+                /* hardwire in the NULL compression algorithm. */
+                *(p++)=1;
+                *(p++)=0;
+                
+                l=(p-d);
+                d=buf;
+                *(d++)=SSL3_MT_CLIENT_HELLO;
+                l2n3(l,d);
+                s->state=SSL3_ST_CW_CLNT_HELLO_B;
+                /* number of bytes to write */
+                s->init_num=p-buf;
+                s->init_off=0;
+                }
+        /* SSL3_ST_CW_CLNT_HELLO_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+        return(-1);
+        }
+static int ssl3_get_server_hello(s)
+SSL *s;
+        {
+        STACK *sk;
+        SSL_CIPHER *c;
+        unsigned char *p,*d;
+        int i,al,ok;
+        unsigned int j;
+        long n;
+        n=ssl3_get_message(s,
+                SSL3_ST_CR_SRVR_HELLO_A,
+                SSL3_ST_CR_SRVR_HELLO_B,
+                SSL3_MT_SERVER_HELLO,
+                300, /* ?? */
+                &ok);
+        if (!ok) return((int)n);
+        d=p=(unsigned char *)s->init_buf->data;
+        if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
+                {
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
+                s->version=(s->version&0xff00)|p[1];
+                al=SSL_AD_PROTOCOL_VERSION;
+                goto f_err;
+                }
+        p+=2;
+        /* load the server hello data */
+        /* load the server random */
+        memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
+        p+=SSL3_RANDOM_SIZE;
+        /* get the session-id */
+        j= *(p++);
+        if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
+                {
+                /* SSLref returns 16 :-( */
+                if (j < SSL2_SSL_SESSION_ID_LENGTH)
+                        {
+                        al=SSL_AD_ILLEGAL_PARAMETER;
+                        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
+                        goto f_err;
+                        }
+                }
+        if ((j != 0) && (j == s->session->session_id_length) &&
+                (memcmp(p,s->session->session_id,j) == 0))
+                s->hit=1;
+        else    /* a miss or crap from the other end */
+                {
+                /* If we were trying for session-id reuse, make a new
+                 * SSL_SESSION so we don't stuff up other people */
+                s->hit=0;
+                if (s->session->session_id_length > 0)
+                        {
+                        if (!ssl_get_new_session(s,0))
+                                {
+                                al=SSL_AD_INTERNAL_ERROR;
+                                goto f_err;
+                                }
+                        }
+                s->session->session_id_length=j;
+                memcpy(s->session->session_id,p,j); /* j could be 0 */
+                }
+        p+=j;
+        c=ssl_get_cipher_by_char(s,p);
+        if (c == NULL)
+                {
+                /* unknown cipher */
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
+                goto f_err;
+                }
+        p+=ssl_put_cipher_by_char(s,NULL,NULL);
+        sk=ssl_get_ciphers_by_id(s);
+        i=sk_find(sk,(char *)c);
+        if (i < 0)
+                {
+                /* we did not say we would use this cipher */
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
+                goto f_err;
+                }
+        if (s->hit && (s->session->cipher != c))
+                {
+                if (!(s->options &
+                        SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+                        {
+                        al=SSL_AD_ILLEGAL_PARAMETER;
+                        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
+                        goto f_err;
+                        }
+                }
+        s->s3->tmp.new_cipher=c;
+        /* lets get the compression algorithm */
+        j= *(p++);
+        if (j != 0)
+                {
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+                goto f_err;
+                }
+        if (p != (d+n))
+                {
+                /* wrong packet length */
+                al=SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
+                goto err;
+                }
+        return(1);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        return(-1);
+        }
+static int ssl3_get_server_certificate(s)
+SSL *s;
+        {
+        int al,i,ok,ret= -1;
+        unsigned long n,nc,llen,l;
+        X509 *x=NULL;
+        unsigned char *p,*d,*q;
+        STACK *sk=NULL;
+        CERT *c;
+        EVP_PKEY *pkey=NULL;
+        n=ssl3_get_message(s,
+                SSL3_ST_CR_CERT_A,
+                SSL3_ST_CR_CERT_B,
+                -1,
+#if defined(MSDOS) && !defined(WIN32)
+                1024*30, /* 30k max cert list :-) */
+#else
+                1024*100, /* 100k max cert list :-) */
+#endif
+                &ok);
+        if (!ok) return((int)n);
+        if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
+                {
+                s->s3->tmp.reuse_message=1;
+                return(1);
+                }
+        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
+                goto f_err;
+                }
+        d=p=(unsigned char *)s->init_buf->data;
+        if ((sk=sk_new_null()) == NULL)
+                {
+                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        n2l3(p,llen);
+        if (llen+3 != n)
+                {
+                al=SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
+                goto f_err;
+                }
+        for (nc=0; nc<llen; )
+                {
+                n2l3(p,l);
+                if ((l+nc+3) > llen)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
+                        goto f_err;
+                        }
+                q=p;
+                x=d2i_X509(NULL,&q,l);
+                if (x == NULL)
+                        {
+                        al=SSL_AD_BAD_CERTIFICATE;
+                        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
+                        goto f_err;
+                        }
+                if (q != (p+l))
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
+                        goto f_err;
+                        }
+                if (!sk_push(sk,(char *)x))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                x=NULL;
+                nc+=l+3;
+                p=q;
+                }
+        i=ssl_verify_cert_chain(s,sk);
+        if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
+                {
+                al=ssl_verify_alarm_type(s->verify_result);
+                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
+                goto f_err; 
+                }
+        c=ssl_cert_new();
+        if (c == NULL) goto err;
+        if (s->session->cert) ssl_cert_free(s->session->cert);
+        s->session->cert=c;
+        c->cert_chain=sk;
+        x=(X509 *)sk_value(sk,0);
+        sk=NULL;
+        pkey=X509_get_pubkey(x);
+        if (EVP_PKEY_missing_parameters(pkey))
+                {
+                x=NULL;
+                al=SSL3_AL_FATAL;
+                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
+                goto f_err;
+                }
+        i=ssl_cert_type(x,pkey);
+        if (i < 0)
+                {
+                x=NULL;
+                al=SSL3_AL_FATAL;
+                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+                goto f_err;
+                }
+        c->cert_type=i;
+        CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+        if (c->pkeys[i].x509 != NULL)
+                X509_free(c->pkeys[i].x509);
+        c->pkeys[i].x509=x;
+        c->key= &(c->pkeys[i]);
+        if ((s->session != NULL) && (s->session->peer != NULL)) 
+                X509_free(s->session->peer);
+        CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+        s->session->peer=x;
+        x=NULL;
+        ret=1;
+        if (0)
+                {
+f_err:
+                ssl3_send_alert(s,SSL3_AL_FATAL,al);
+                }
+err:
+        if (x != NULL) X509_free(x);
+        if (sk != NULL) sk_pop_free(sk,X509_free);
+        return(ret);
+        }
+static int ssl3_get_key_exchange(s)
+SSL *s;
+        {
+#ifndef NO_RSA
+        unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
+#endif
+        EVP_MD_CTX md_ctx;
+        unsigned char *param,*p;
+        int al,i,j,param_len,ok;
+        long n,alg;
+        EVP_PKEY *pkey=NULL;
+        RSA *rsa=NULL;
+#ifndef NO_DH
+        DH *dh=NULL;
+#endif
+        n=ssl3_get_message(s,
+                SSL3_ST_CR_KEY_EXCH_A,
+                SSL3_ST_CR_KEY_EXCH_B,
+                -1,
+                1024*8, /* ?? */
+                &ok);
+        if (!ok) return((int)n);
+        if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
+                {
+                s->s3->tmp.reuse_message=1;
+                return(1);
+                }
+        param=p=(unsigned char *)s->init_buf->data;
+        if (s->session->cert != NULL)
+                {
+#ifndef NO_RSA
+                if (s->session->cert->rsa_tmp != NULL)
+                        {
+                        RSA_free(s->session->cert->rsa_tmp);
+                        s->session->cert->rsa_tmp=NULL;
+                        }
+#endif
+#ifndef NO_DH
+                if (s->session->cert->dh_tmp)
+                        {
+                        DH_free(s->session->cert->dh_tmp);
+                        s->session->cert->dh_tmp=NULL;
+                        }
+#endif
+                }
+        else
+                {
+                s->session->cert=ssl_cert_new();
+                }
+        param_len=0;
+        alg=s->s3->tmp.new_cipher->algorithms;
+#ifndef NO_RSA
+        if (alg & SSL_kRSA)
+                {
+                if ((rsa=RSA_new()) == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                n2s(p,i);
+                param_len=i+2;
+                if (param_len > n)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
+                        goto f_err;
+                        }
+                if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                        goto err;
+                        }
+                p+=i;
+                n2s(p,i);
+                param_len+=i+2;
+                if (param_len > n)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
+                        goto f_err;
+                        }
+                if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                        goto err;
+                        }
+                p+=i;
+                n-=param_len;
+/*              s->session->cert->rsa_tmp=rsa;*/
+                /* this should be because we are using an export cipher */
+                if (alg & SSL_aRSA)
+                        pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
+                else
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                s->session->cert->rsa_tmp=rsa;
+                }
+        else
+#endif
+#ifndef NO_DH
+                if (alg & SSL_kEDH)
+                {
+                if ((dh=DH_new()) == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
+                        goto err;
+                        }
+                n2s(p,i);
+                param_len=i+2;
+                if (param_len > n)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
+                        goto f_err;
+                        }
+                if (!(dh->p=BN_bin2bn(p,i,NULL)))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                        goto err;
+                        }
+                p+=i;
+                n2s(p,i);
+                param_len+=i+2;
+                if (param_len > n)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
+                        goto f_err;
+                        }
+                if (!(dh->g=BN_bin2bn(p,i,NULL)))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                        goto err;
+                        }
+                p+=i;
+                n2s(p,i);
+                param_len+=i+2;
+                if (param_len > n)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
+                        goto f_err;
+                        }
+                if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                        goto err;
+                        }
+                p+=i;
+                n-=param_len;
+#ifndef NO_RSA
+                if (alg & SSL_aRSA)
+                        pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
+                else
+#endif
+#ifndef NO_DSA
+                if (alg & SSL_aDSS)
+                        pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_DSA_SIGN].x509);
+#endif
+                /* else anonymous DH, so no certificate or pkey. */
+                s->session->cert->dh_tmp=dh;
+                }
+        else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
+                {
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
+                goto f_err;
+                }
+#endif
+        /* p points to the next byte, there are 'n' bytes left */
+        /* if it was signed, check the signature */
+        if (pkey != NULL)
+                {
+                n2s(p,i);
+                n-=2;
+                j=EVP_PKEY_size(pkey);
+                if ((i != n) || (n > j) || (n <= 0))
+                        {
+                        /* wrong packet length */
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
+                        goto err;
+                        }
+#ifndef NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        int num;
+                        j=0;
+                        q=md_buf;
+                        for (num=2; num > 0; num--)
+                                {
+                                EVP_DigestInit(&md_ctx,(num == 2)
+                                        ?s->ctx->md5:s->ctx->sha1);
+                                EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+                                EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+                                EVP_DigestUpdate(&md_ctx,param,param_len);
+                                EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i);
+                                q+=i;
+                                j+=i;
+                                }
+                        i=RSA_public_decrypt((int)n,p,p,pkey->pkey.rsa,
+                                RSA_PKCS1_PADDING);
+                        if (i <= 0)
+                                {
+                                al=SSL_AD_DECRYPT_ERROR;
+                                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
+                                goto f_err;
+                                }
+                        if ((j != i) || (memcmp(p,md_buf,i) != 0))
+                                {
+                                /* bad signature */
+                                al=SSL_AD_DECRYPT_ERROR;
+                                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
+                                goto f_err;
+                                }
+                        }
+                else
+#endif
+#ifndef NO_DSA
+                        if (pkey->type == EVP_PKEY_DSA)
+                        {
+                        /* lets do DSS */
+                        EVP_VerifyInit(&md_ctx,EVP_dss1());
+                        EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+                        EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+                        EVP_VerifyUpdate(&md_ctx,param,param_len);
+                        if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
+                                {
+                                /* bad signature */
+                                al=SSL_AD_DECRYPT_ERROR;
+                                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
+                                goto f_err;
+                                }
+                        }
+                else
+#endif
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                }
+        else
+                {
+                /* still data left over */
+                if (!(alg & SSL_aNULL))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                if (n != 0)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
+                        goto f_err;
+                        }
+                }
+        return(1);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        return(-1);
+        }
+static int ssl3_get_certificate_request(s)
+SSL *s;
+        {
+        int ok,ret=0;
+        unsigned long n,nc,l;
+        unsigned int llen,ctype_num,i;
+        X509_NAME *xn=NULL;
+        unsigned char *p,*d,*q;
+        STACK *ca_sk=NULL;
+        n=ssl3_get_message(s,
+                SSL3_ST_CR_CERT_REQ_A,
+                SSL3_ST_CR_CERT_REQ_B,
+                -1,
+#if defined(MSDOS) && !defined(WIN32)
+                1024*30,  /* 30k max cert list :-) */
+#else
+                1024*100, /* 100k max cert list :-) */
+#endif
+                &ok);
+        if (!ok) return((int)n);
+        s->s3->tmp.cert_req=0;
+        if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
+                {
+                s->s3->tmp.reuse_message=1;
+                return(1);
+                }
+        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
+                {
+                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
+                goto err;
+                }
+        /* TLS does not like anon-DH with client cert */
+        if (s->version > SSL3_VERSION)
+                {
+                l=s->s3->tmp.new_cipher->algorithms;
+                if (l & SSL_aNULL)
+                        {
+                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
+                        goto err;
+                        }
+                }
+        d=p=(unsigned char *)s->init_buf->data;
+        if ((ca_sk=sk_new(ca_dn_cmp)) == NULL)
+                {
+                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        /* get the certificate types */
+        ctype_num= *(p++);
+        if (ctype_num > SSL3_CT_NUMBER)
+                ctype_num=SSL3_CT_NUMBER;
+        for (i=0; i<ctype_num; i++)
+                s->s3->tmp.ctype[i]= p[i];
+        p+=ctype_num;
+        /* get the CA RDNs */
+        n2s(p,llen);
+        if ((llen+ctype_num+2+1) != n)
+                {
+                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
+                goto err;
+                }
+        for (nc=0; nc<llen; )
+                {
+                n2s(p,l);
+                if ((l+nc+2) > llen)
+                        {
+                        if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
+                                goto cont; /* netscape bugs */
+                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
+                        goto err;
+                        }
+                q=p;
+                if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
+                        {
+                        /* If netscape tollerance is on, ignore errors */
+                        if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
+                                goto cont;
+                        else
+                                {
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+                                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
+                                goto err;
+                                }
+                        }
+                if (q != (p+l))
+                        {
+                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
+                        goto err;
+                        }
+                if (!sk_push(ca_sk,(char *)xn))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                p+=l;
+                nc+=l+2;
+                }
+        if (0)
+                {
+cont:
+                ERR_clear_error();
+                }
+        /* we should setup a certficate to return.... */
+        s->s3->tmp.cert_req=1;
+        s->s3->tmp.ctype_num=ctype_num;
+        if (s->s3->tmp.ca_names != NULL)
+                sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+        s->s3->tmp.ca_names=ca_sk;
+        ca_sk=NULL;
+        ret=1;
+err:
+        if (ca_sk != NULL) sk_pop_free(ca_sk,X509_NAME_free);
+        return(ret);
+        }
+static int ca_dn_cmp(a,b)
+X509_NAME **a,**b;
+        {
+        return(X509_NAME_cmp(*a,*b));
+        }
+static int ssl3_get_server_done(s)
+SSL *s;
+        {
+        int ok,ret=0;
+        long n;
+        n=ssl3_get_message(s,
+                SSL3_ST_CR_SRVR_DONE_A,
+                SSL3_ST_CR_SRVR_DONE_B,
+                SSL3_MT_SERVER_DONE,
+                30, /* should be very small, like 0 :-) */
+                &ok);
+        if (!ok) return((int)n);
+        if (n > 0)
+                {
+                /* should contain no data */
+                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+                SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
+                }
+        ret=1;
+        return(ret);
+        }
+static int ssl3_send_client_key_exchange(s)
+SSL *s;
+        {
+        unsigned char *p,*q,*d;
+        int n;
+        unsigned long l;
+        EVP_PKEY *pkey=NULL;
+        if (s->state == SSL3_ST_CW_KEY_EXCH_A)
+                {
+                d=(unsigned char *)s->init_buf->data;
+                p= &(d[4]);
+                l=s->s3->tmp.new_cipher->algorithms;
+#ifndef NO_RSA
+                if (l & SSL_kRSA)
+                        {
+                        RSA *rsa;
+                        unsigned char tmp_buf[48];
+                        if (s->session->cert->rsa_tmp != NULL)
+                                rsa=s->session->cert->rsa_tmp;
+                        else
+                                {
+                                pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
+                                if ((pkey == NULL) ||
+                                        (pkey->type != EVP_PKEY_RSA) ||
+                                        (pkey->pkey.rsa == NULL))
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+                                        goto err;
+                                        }
+                                rsa=pkey->pkey.rsa;
+                                }
+                                
+                        tmp_buf[0]=s->version>>8;
+                        tmp_buf[1]=s->version&0xff;
+                        RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
+                        s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
+                        q=p;
+                        /* Fix buf for TLS and beyond */
+                        if (s->version > SSL3_VERSION)
+                                p+=2;
+                        n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH,
+                                tmp_buf,p,rsa,RSA_PKCS1_PADDING);
+                        if (n <= 0)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
+                                goto err;
+                                }
+                        /* Fix buf for TLS and beyond */
+                        if (s->version > SSL3_VERSION)
+                                {
+                                s2n(n,q);
+                                n+=2;
+                                }
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
+                                        s->session->master_key,
+                                        tmp_buf,48);
+                        memset(tmp_buf,0,48);
+                        }
+                else
+#endif
+#ifndef NO_DH
+                if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+                        {
+                        DH *dh_srvr,*dh_clnt;
+                        if (s->session->cert->dh_tmp != NULL)
+                                dh_srvr=s->session->cert->dh_tmp;
+                        else
+                                {
+                                /* we get them from the cert */
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
+                                goto err;
+                                }
+                        
+                        /* generate a new random key */
+                        if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                goto err;
+                                }
+                        if (!DH_generate_key(dh_clnt))
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                goto err;
+                                }
+                        /* use the 'p' output buffer for the DH key, but
+                         * make sure to clear it out afterwards */
+                        n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
+                        if (n <= 0)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                goto err;
+                                }
+                        /* generate master key from the result */
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
+                                        s->session->master_key,p,n);
+                        /* clean up */
+                        memset(p,0,n);
+                        /* send off the data */
+                        n=BN_num_bytes(dh_clnt->pub_key);
+                        s2n(n,p);
+                        BN_bn2bin(dh_clnt->pub_key,p);
+                        n+=2;
+                        DH_free(dh_clnt);
+                        /* perhaps clean things up a bit EAY EAY EAY EAY*/
+                        }
+                else
+#endif
+                        {
+                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                
+                *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
+                l2n3(n,d);
+                s->state=SSL3_ST_CW_KEY_EXCH_B;
+                /* number of bytes to write */
+                s->init_num=n+4;
+                s->init_off=0;
+                }
+        /* SSL3_ST_CW_KEY_EXCH_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+        return(-1);
+        }
+static int ssl3_send_client_verify(s)
+SSL *s;
+        {
+        unsigned char *p,*d;
+        unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+        EVP_PKEY *pkey;
+        int i=0;
+        unsigned long n;
+#ifndef NO_DSA
+        int j;
+#endif
+        if (s->state == SSL3_ST_CW_CERT_VRFY_A)
+                {
+                d=(unsigned char *)s->init_buf->data;
+                p= &(d[4]);
+                pkey=s->cert->key->privatekey;
+                s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
+                        &(data[MD5_DIGEST_LENGTH]));
+#ifndef NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        s->method->ssl3_enc->cert_verify_mac(s,
+                                &(s->s3->finish_dgst1),&(data[0]));
+                        i=RSA_private_encrypt(
+                                MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
+                                data,&(p[2]),pkey->pkey.rsa,
+                                RSA_PKCS1_PADDING);
+                        if (i <= 0)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
+                                goto err;
+                                }
+                        s2n(i,p);
+                        n=i+2;
+                        }
+                else
+#endif
+#ifndef NO_DSA
+                        if (pkey->type == EVP_PKEY_DSA)
+                        {
+                        if (!DSA_sign(pkey->save_type,
+                                &(data[MD5_DIGEST_LENGTH]),
+                                SHA_DIGEST_LENGTH,&(p[2]),
+                                (unsigned int *)&j,pkey->pkey.dsa))
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
+                                goto err;
+                                }
+                        s2n(j,p);
+                        n=j+2;
+                        }
+                else
+#endif
+                        {
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,SSL_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
+                l2n3(n,d);
+                s->init_num=(int)n+4;
+                s->init_off=0;
+                }
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+        return(-1);
+        }
+static int ssl3_send_client_certificate(s)
+SSL *s;
+        {
+        X509 *x509=NULL;
+        EVP_PKEY *pkey=NULL;
+        int i;
+        unsigned long l;
+        if (s->state == SSL3_ST_CW_CERT_A)
+                {
+                if ((s->cert == NULL) ||
+                        (s->cert->key->x509 == NULL) ||
+                        (s->cert->key->privatekey == NULL))
+                        s->state=SSL3_ST_CW_CERT_B;
+                else
+                        s->state=SSL3_ST_CW_CERT_C;
+                }
+        /* We need to get a client cert */
+        if (s->state == SSL3_ST_CW_CERT_B)
+                {
+                /* If we get an error, we need to
+                 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
+                 * We then get retied later */
+                i=0;
+                if (s->ctx->client_cert_cb != NULL)
+                        i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
+                if (i < 0)
+                        {
+                        s->rwstate=SSL_X509_LOOKUP;
+                        return(-1);
+                        }
+                s->rwstate=SSL_NOTHING;
+                if ((i == 1) && (pkey != NULL) && (x509 != NULL))
+                        {
+                        s->state=SSL3_ST_CW_CERT_B;
+                        if (    !SSL_use_certificate(s,x509) ||
+                                !SSL_use_PrivateKey(s,pkey))
+                                i=0;
+                        }
+                else if (i == 1)
+                        {
+                        i=0;
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+                        }
+                if (x509 != NULL) X509_free(x509);
+                if (pkey != NULL) EVP_PKEY_free(pkey);
+                if (i == 0)
+                        {
+                        if (s->version == SSL3_VERSION)
+                                {
+                                s->s3->tmp.cert_req=0;
+                                ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
+                                return(1);
+                                }
+                        else
+                                {
+                                s->s3->tmp.cert_req=2;
+                                }
+                        }
+                /* Ok, we have a cert */
+                s->state=SSL3_ST_CW_CERT_C;
+                }
+        if (s->state == SSL3_ST_CW_CERT_C)
+                {
+                s->state=SSL3_ST_CW_CERT_D;
+                l=ssl3_output_cert_chain(s,
+                        (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+                s->init_num=(int)l;
+                s->init_off=0;
+                }
+        /* SSL3_ST_CW_CERT_D */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+#define has_bits(i,m)   (((i)&(m)) == (m))
+static int ssl3_check_cert_and_algorithm(s)
+SSL *s;
+        {
+        int i,idx;
+        long algs;
+        EVP_PKEY *pkey=NULL;
+        CERT *c;
+        RSA *rsa;
+        DH *dh;
+        c=s->session->cert;
+        if (c == NULL)
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_INTERNAL_ERROR);
+                goto err;
+                }
+        algs=s->s3->tmp.new_cipher->algorithms;
+        /* we don't have a certificate */
+        if (algs & (SSL_aDH|SSL_aNULL))
+                return(1);
+        rsa=s->session->cert->rsa_tmp;
+        dh=s->session->cert->dh_tmp;
+        /* This is the passed certificate */
+        idx=c->cert_type;
+        pkey=X509_get_pubkey(c->pkeys[idx].x509);
+        i=X509_certificate_type(c->pkeys[idx].x509,pkey);
+        
+        /* Check that we have a certificate if we require one */
+        if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
+                goto f_err;
+                }
+#ifndef NO_DSA
+        else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
+                goto f_err;
+                }
+#endif
+        if ((algs & SSL_kRSA) &&
+                !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+                goto f_err;
+                }
+#ifndef NO_DH
+        else if ((algs & SSL_kEDH) &&
+                !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
+                goto f_err;
+                }
+        else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
+                goto f_err;
+                }
+#ifndef NO_DSA
+        else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
+                goto f_err;
+                }
+#endif
+#endif
+        if ((algs & SSL_EXP) && !has_bits(i,EVP_PKT_EXP))
+                {
+#ifndef NO_RSA
+                if (algs & SSL_kRSA)
+                        {
+                        if ((rsa == NULL) || (RSA_size(rsa) > 512))
+                                {
+                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
+                                goto f_err;
+                                }
+                        }
+                else
+#endif
+#ifndef NO_DH
+                        if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+                        {
+                        if ((dh == NULL) || (DH_size(dh) > 512))
+                                {
+                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
+                                goto f_err;
+                                }
+                        }
+                else
+#endif
+                        {
+                        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+                        goto f_err;
+                        }
+                }
+        return(1);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+err:
+        return(0);
+        }
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
new file mode 100644
index 0000000000..bbd9b637c5
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -0,0 +1,573 @@
+/* ssl/s3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "evp.h"
+#include "ssl_locl.h"
+static unsigned char ssl3_pad_1[48]={
+        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 };
+static unsigned char ssl3_pad_2[48]={
+        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
+        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
+        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
+        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
+        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
+        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
+#ifndef NO_PROTO
+static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
+        unsigned char *sender, int len, unsigned char *p);
+#else
+static int ssl3_handshake_mac();
+#endif
+static void ssl3_generate_key_block(s,km,num)
+SSL *s;
+unsigned char *km;
+int num;
+        {
+        MD5_CTX m5;
+        SHA_CTX s1;
+        unsigned char buf[8],smd[SHA_DIGEST_LENGTH];
+        unsigned char c='A';
+        int i,j,k;
+        k=0;
+        for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
+                {
+                k++;
+                for (j=0; j<k; j++)
+                        buf[j]=c;
+                c++;
+                SHA1_Init(  &s1);
+                SHA1_Update(&s1,buf,k);
+                SHA1_Update(&s1,s->session->master_key,
+                        s->session->master_key_length);
+                SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
+                SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
+                SHA1_Final( smd,&s1);
+                MD5_Init(  &m5);
+                MD5_Update(&m5,s->session->master_key,
+                        s->session->master_key_length);
+                MD5_Update(&m5,smd,SHA_DIGEST_LENGTH);
+                if ((i+MD5_DIGEST_LENGTH) > num)
+                        {
+                        MD5_Final(smd,&m5);
+                        memcpy(km,smd,(num-i));
+                        }
+                else
+                        MD5_Final(km,&m5);
+                km+=MD5_DIGEST_LENGTH;
+                }
+        memset(smd,0,SHA_DIGEST_LENGTH);
+        }
+int ssl3_change_cipher_state(s,which)
+SSL *s;
+int which;
+        {
+        unsigned char *p,*key_block,*mac_secret;
+        unsigned char exp_key[EVP_MAX_KEY_LENGTH];
+        unsigned char exp_iv[EVP_MAX_KEY_LENGTH];
+        unsigned char *ms,*key,*iv,*er1,*er2;
+        EVP_CIPHER_CTX *dd;
+        EVP_CIPHER *c;
+        SSL_COMPRESSION *comp;
+        EVP_MD *m;
+        MD5_CTX md;
+        int exp,n,i,j,k;
+        exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
+        c=s->s3->tmp.new_sym_enc;
+        m=s->s3->tmp.new_hash;
+        comp=s->s3->tmp.new_compression;
+        key_block=s->s3->tmp.key_block;
+        if (which & SSL3_CC_READ)
+                {
+                if ((s->enc_read_ctx == NULL) &&
+                        ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
+                        Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                        goto err;
+                dd= s->enc_read_ctx;
+                s->read_hash=m;
+                s->read_compression=comp;
+                memset(&(s->s3->read_sequence[0]),0,8);
+                mac_secret= &(s->s3->read_mac_secret[0]);
+                }
+        else
+                {
+                if ((s->enc_write_ctx == NULL) &&
+                        ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
+                        Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                        goto err;
+                dd= s->enc_write_ctx;
+                s->write_hash=m;
+                s->write_compression=comp;
+                memset(&(s->s3->write_sequence[0]),0,8);
+                mac_secret= &(s->s3->write_mac_secret[0]);
+                }
+        EVP_CIPHER_CTX_init(dd);
+        p=s->s3->tmp.key_block;
+        i=EVP_MD_size(m);
+        j=(exp)?5:EVP_CIPHER_key_length(c);
+        k=EVP_CIPHER_iv_length(c);
+        if (    (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+                (which == SSL3_CHANGE_CIPHER_SERVER_READ))
+                {
+                ms=  &(p[ 0]); n=i+i;
+                key= &(p[ n]); n+=j+j;
+                iv=  &(p[ n]); n+=k+k;
+                er1= &(s->s3->client_random[0]);
+                er2= &(s->s3->server_random[0]);
+                }
+        else
+                {
+                n=i;
+                ms=  &(p[ n]); n+=i+j;
+                key= &(p[ n]); n+=j+k;
+                iv=  &(p[ n]); n+=k;
+                er1= &(s->s3->server_random[0]);
+                er2= &(s->s3->client_random[0]);
+                }
+        if (n > s->s3->tmp.key_block_length)
+                {
+                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
+                goto err2;
+                }
+        memcpy(mac_secret,ms,i);
+        if (exp)
+                {
+                /* In here I set both the read and write key/iv to the
+                 * same value since only the correct one will be used :-).
+                 */
+                MD5_Init(&md);
+                MD5_Update(&md,key,j);
+                MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
+                MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
+                MD5_Final(&(exp_key[0]),&md);
+                key= &(exp_key[0]);
+                if (k > 0)
+                        {
+                        MD5_Init(&md);
+                        MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
+                        MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
+                        MD5_Final(&(exp_iv[0]),&md);
+                        iv= &(exp_iv[0]);
+                        }
+                }
+        s->session->key_arg_length=0;
+        EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+        memset(&(exp_key[0]),0,sizeof(exp_key));
+        memset(&(exp_iv[0]),0,sizeof(exp_iv));
+        return(1);
+err:
+        SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+err2:
+        return(0);
+        }
+int ssl3_setup_key_block(s)
+SSL *s;
+        {
+        unsigned char *p;
+        EVP_CIPHER *c;
+        EVP_MD *hash;
+        int num,exp;
+        if (s->s3->tmp.key_block_length != 0)
+                return(1);
+        if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
+                {
+                SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+                return(0);
+                }
+        s->s3->tmp.new_sym_enc=c;
+        s->s3->tmp.new_hash=hash;
+        exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
+        num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
+        num*=2;
+        ssl3_cleanup_key_block(s);
+        if ((p=(unsigned char *)Malloc(num)) == NULL)
+                goto err;
+        s->s3->tmp.key_block_length=num;
+        s->s3->tmp.key_block=p;
+        ssl3_generate_key_block(s,p,num);
+        return(1);
+err:
+        SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+        return(0);
+        }
+void ssl3_cleanup_key_block(s)
+SSL *s;
+        {
+        if (s->s3->tmp.key_block != NULL)
+                {
+                memset(s->s3->tmp.key_block,0,
+                        s->s3->tmp.key_block_length);
+                Free(s->s3->tmp.key_block);
+                s->s3->tmp.key_block=NULL;
+                }
+        s->s3->tmp.key_block_length=0;
+        }
+int ssl3_enc(s,send)
+SSL *s;
+int send;
+        {
+        SSL3_RECORD *rec;
+        EVP_CIPHER_CTX *ds;
+        unsigned long l;
+        int bs,i;
+        EVP_CIPHER *enc;
+        SSL_COMPRESSION *comp;
+        if (send)
+                {
+                ds=s->enc_write_ctx;
+                rec= &(s->s3->wrec);
+                if (s->enc_write_ctx == NULL)
+                        { enc=NULL; comp=NULL; }
+                else
+                        {
+                        enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+                        comp=s->write_compression;
+                        }
+                }
+        else
+                {
+                ds=s->enc_read_ctx;
+                rec= &(s->s3->rrec);
+                if (s->enc_read_ctx == NULL)
+                        { enc=NULL; comp=NULL; }
+                else
+                        {
+                        enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+                        comp=s->read_compression;
+                        }
+                }
+        if ((s->session == NULL) || (ds == NULL) ||
+                ((enc == NULL) && (comp == NULL)))
+                {
+                memcpy(rec->data,rec->input,rec->length);
+                rec->input=rec->data;
+                }
+        else
+                {
+                l=rec->length;
+                bs=EVP_CIPHER_block_size(ds->cipher);
+                /* This should be using (bs-1) and bs instead of 7 and 8 */
+                if ((bs != 1) && send)
+                        {
+                        i=bs-((int)l%bs);
+                        /* we need to add 'i-1' padding bytes */
+                        l+=i;
+                        rec->length+=i;
+                        rec->input[l-1]=(i-1);
+                        }
+                EVP_Cipher(ds,rec->data,rec->input,l);
+                if ((bs != 1) && !send)
+                        {
+                        i=rec->data[l-1]+1;
+                        if (i > bs)
+                                {
+                                SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
+                                return(0);
+                                }
+                        rec->length-=i;
+                        }
+                }
+        return(1);
+        }
+void ssl3_init_finished_mac(s)
+SSL *s;
+        {
+        EVP_DigestInit(&(s->s3->finish_dgst1),s->ctx->md5);
+        EVP_DigestInit(&(s->s3->finish_dgst2),s->ctx->sha1);
+        }
+void ssl3_finish_mac(s,buf,len)
+SSL *s;
+unsigned char *buf;
+int len;
+        {
+        EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len);
+        EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len);
+        }
+int ssl3_cert_verify_mac(s,ctx,p)
+SSL *s;
+EVP_MD_CTX *ctx;
+unsigned char *p;
+        {
+        return(ssl3_handshake_mac(s,ctx,NULL,0,p));
+        }
+int ssl3_final_finish_mac(s,ctx1,ctx2,sender,len,p)
+SSL *s;
+EVP_MD_CTX *ctx1,*ctx2;
+unsigned char *sender;
+int len;
+unsigned char *p;
+        {
+        int ret;
+        ret=ssl3_handshake_mac(s,ctx1,sender,len,p);
+        p+=ret;
+        ret+=ssl3_handshake_mac(s,ctx2,sender,len,p);
+        return(ret);
+        }
+static int ssl3_handshake_mac(s,in_ctx,sender,len,p)
+SSL *s;
+EVP_MD_CTX *in_ctx;
+unsigned char *sender;
+int len;
+unsigned char *p;
+        {
+        unsigned int ret;
+        int npad,n;
+        unsigned int i;
+        unsigned char md_buf[EVP_MAX_MD_SIZE];
+        EVP_MD_CTX ctx;
+        memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
+        n=EVP_MD_CTX_size(&ctx);
+        npad=(48/n)*n;
+        if (sender != NULL)
+                EVP_DigestUpdate(&ctx,sender,len);
+        EVP_DigestUpdate(&ctx,s->session->master_key,
+                s->session->master_key_length);
+        EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
+        EVP_DigestFinal(&ctx,md_buf,&i);
+        EVP_DigestInit(&ctx,EVP_MD_CTX_type(&ctx));
+        EVP_DigestUpdate(&ctx,s->session->master_key,
+                s->session->master_key_length);
+        EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);
+        EVP_DigestUpdate(&ctx,md_buf,i);
+        EVP_DigestFinal(&ctx,p,&ret);
+        memset(&ctx,0,sizeof(EVP_MD_CTX));
+        return((int)ret);
+        }
+int ssl3_mac(ssl,md,send)
+SSL *ssl;
+unsigned char *md;
+int send;
+        {
+        SSL3_RECORD *rec;
+        unsigned char *mac_sec,*seq;
+        EVP_MD_CTX md_ctx;
+        EVP_MD *hash;
+        unsigned char *p,rec_char;
+        unsigned int md_size;
+        int npad,i;
+        if (send)
+                {
+                rec= &(ssl->s3->wrec);
+                mac_sec= &(ssl->s3->write_mac_secret[0]);
+                seq= &(ssl->s3->write_sequence[0]);
+                hash=ssl->write_hash;
+                }
+        else
+                {
+                rec= &(ssl->s3->rrec);
+                mac_sec= &(ssl->s3->read_mac_secret[0]);
+                seq= &(ssl->s3->read_sequence[0]);
+                hash=ssl->read_hash;
+                }
+        md_size=EVP_MD_size(hash);
+        npad=(48/md_size)*md_size;
+        /* Chop the digest off the end :-) */
+        EVP_DigestInit(  &md_ctx,hash);
+        EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+        EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
+        EVP_DigestUpdate(&md_ctx,seq,8);
+        rec_char=rec->type;
+        EVP_DigestUpdate(&md_ctx,&rec_char,1);
+        p=md;
+        s2n(rec->length,p);
+        EVP_DigestUpdate(&md_ctx,md,2);
+        EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
+        EVP_DigestFinal( &md_ctx,md,NULL);
+        EVP_DigestInit(  &md_ctx,hash);
+        EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+        EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
+        EVP_DigestUpdate(&md_ctx,md,md_size);
+        EVP_DigestFinal( &md_ctx,md,&md_size);
+        for (i=7; i>=0; i--)
+                if (++seq[i]) break; 
+        return(md_size);
+        }
+int ssl3_generate_master_secret(s,out,p,len)
+SSL *s;
+unsigned char *out;
+unsigned char *p;
+int len;
+        {
+        static unsigned char *salt[3]={
+                (unsigned char *)"A",
+                (unsigned char *)"BB",
+                (unsigned char *)"CCC",
+                };
+        unsigned char buf[EVP_MAX_MD_SIZE];
+        EVP_MD_CTX ctx;
+        int i,ret=0;
+        unsigned int n;
+        for (i=0; i<3; i++)
+                {
+                EVP_DigestInit(&ctx,s->ctx->sha1);
+                EVP_DigestUpdate(&ctx,salt[i],strlen((char *)salt[i]));
+                EVP_DigestUpdate(&ctx,p,len);
+                EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]),
+                        SSL3_RANDOM_SIZE);
+                EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]),
+                        SSL3_RANDOM_SIZE);
+                EVP_DigestFinal(&ctx,buf,&n);
+                EVP_DigestInit(&ctx,s->ctx->md5);
+                EVP_DigestUpdate(&ctx,p,len);
+                EVP_DigestUpdate(&ctx,buf,n);
+                EVP_DigestFinal(&ctx,out,&n);
+                out+=n;
+                ret+=n;
+                }
+        return(ret);
+        }
+int ssl3_alert_code(code)
+int code;
+        {
+        switch (code)
+                {
+        case SSL_AD_CLOSE_NOTIFY:       return(SSL3_AD_CLOSE_NOTIFY);
+        case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
+        case SSL_AD_BAD_RECORD_MAC:     return(SSL3_AD_BAD_RECORD_MAC);
+        case SSL_AD_DECRYPTION_FAILED:  return(SSL3_AD_BAD_RECORD_MAC);
+        case SSL_AD_RECORD_OVERFLOW:    return(SSL3_AD_BAD_RECORD_MAC);
+        case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
+        case SSL_AD_HANDSHAKE_FAILURE:  return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_NO_CERTIFICATE:     return(SSL3_AD_NO_CERTIFICATE);
+        case SSL_AD_BAD_CERTIFICATE:    return(SSL3_AD_BAD_CERTIFICATE);
+        case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
+        case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
+        case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
+        case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
+        case SSL_AD_ILLEGAL_PARAMETER:  return(SSL3_AD_ILLEGAL_PARAMETER);
+        case SSL_AD_UNKNOWN_CA:         return(SSL3_AD_BAD_CERTIFICATE);
+        case SSL_AD_ACCESS_DENIED:      return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_DECODE_ERROR:       return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_DECRYPT_ERROR:      return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_EXPORT_RESTRICION:  return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_PROTOCOL_VERSION:   return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_INTERNAL_ERROR:     return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_USER_CANCLED:       return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_NO_RENEGOTIATION:   return(-1); /* Don't send it :-) */
+        default:                        return(-1);
+                }
+        }
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
new file mode 100644
index 0000000000..0fd945025d
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -0,0 +1,961 @@
+/* ssl/s3_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "objects.h"
+#include "ssl_locl.h"
+char *ssl3_version_str="SSLv3 part of SSLeay 0.9.0b 29-Jun-1998";
+#define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
+#ifndef NOPROTO
+static long ssl3_default_timeout(void );
+#else
+static long ssl3_default_timeout();
+#endif
+SSL_CIPHER ssl3_ciphers[]={
+/* The RSA ciphers */
+/* Cipher 01 */
+        {
+        1,
+        SSL3_TXT_RSA_NULL_MD5,
+        SSL3_CK_RSA_NULL_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 02 */
+        {
+        1,
+        SSL3_TXT_RSA_NULL_SHA,
+        SSL3_CK_RSA_NULL_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* anon DH */
+/* Cipher 17 */
+        {
+        1,
+        SSL3_TXT_ADH_RC4_40_MD5,
+        SSL3_CK_ADH_RC4_40_MD5,
+        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 18 */
+        {
+        1,
+        SSL3_TXT_ADH_RC4_128_MD5,
+        SSL3_CK_ADH_RC4_128_MD5,
+        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 19 */
+        {
+        1,
+        SSL3_TXT_ADH_DES_40_CBC_SHA,
+        SSL3_CK_ADH_DES_40_CBC_SHA,
+        SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 1A */
+        {
+        1,
+        SSL3_TXT_ADH_DES_64_CBC_SHA,
+        SSL3_CK_ADH_DES_64_CBC_SHA,
+        SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 1B */
+        {
+        1,
+        SSL3_TXT_ADH_DES_192_CBC_SHA,
+        SSL3_CK_ADH_DES_192_CBC_SHA,
+        SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* RSA again */
+/* Cipher 03 */
+        {
+        1,
+        SSL3_TXT_RSA_RC4_40_MD5,
+        SSL3_CK_RSA_RC4_40_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 04 */
+        {
+        1,
+        SSL3_TXT_RSA_RC4_128_MD5,
+        SSL3_CK_RSA_RC4_128_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 05 */
+        {
+        1,
+        SSL3_TXT_RSA_RC4_128_SHA,
+        SSL3_CK_RSA_RC4_128_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 06 */
+        {
+        1,
+        SSL3_TXT_RSA_RC2_40_MD5,
+        SSL3_CK_RSA_RC2_40_MD5,
+        SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 07 */
+        {
+        1,
+        SSL3_TXT_RSA_IDEA_128_SHA,
+        SSL3_CK_RSA_IDEA_128_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 08 */
+        {
+        1,
+        SSL3_TXT_RSA_DES_40_CBC_SHA,
+        SSL3_CK_RSA_DES_40_CBC_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 09 */
+        {
+        1,
+        SSL3_TXT_RSA_DES_64_CBC_SHA,
+        SSL3_CK_RSA_DES_64_CBC_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 0A */
+        {
+        1,
+        SSL3_TXT_RSA_DES_192_CBC3_SHA,
+        SSL3_CK_RSA_DES_192_CBC3_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/*  The DH ciphers */
+/* Cipher 0B */
+        {
+        0,
+        SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
+        SSL3_CK_DH_DSS_DES_40_CBC_SHA,
+        SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 0C */
+        {
+        0,
+        SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
+        SSL3_CK_DH_DSS_DES_64_CBC_SHA,
+        SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 0D */
+        {
+        0,
+        SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
+        SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
+        SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 0E */
+        {
+        0,
+        SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
+        SSL3_CK_DH_RSA_DES_40_CBC_SHA,
+        SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 0F */
+        {
+        0,
+        SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
+        SSL3_CK_DH_RSA_DES_64_CBC_SHA,
+        SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 10 */
+        {
+        0,
+        SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
+        SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
+        SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* The Ephemeral DH ciphers */
+/* Cipher 11 */
+        {
+        1,
+        SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
+        SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
+        SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 12 */
+        {
+        1,
+        SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
+        SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
+        SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 13 */
+        {
+        1,
+        SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
+        SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
+        SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 14 */
+        {
+        1,
+        SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
+        SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
+        SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 15 */
+        {
+        1,
+        SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
+        SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
+        SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 16 */
+        {
+        1,
+        SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
+        SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
+        SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Fortezza */
+/* Cipher 1C */
+        {
+        0,
+        SSL3_TXT_FZA_DMS_NULL_SHA,
+        SSL3_CK_FZA_DMS_NULL_SHA,
+        SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 1D */
+        {
+        0,
+        SSL3_TXT_FZA_DMS_FZA_SHA,
+        SSL3_CK_FZA_DMS_FZA_SHA,
+        SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* Cipher 1E */
+        {
+        0,
+        SSL3_TXT_FZA_DMS_RC4_SHA,
+        SSL3_CK_FZA_DMS_RC4_SHA,
+        SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+        0,
+        SSL_ALL_CIPHERS,
+        },
+/* end of list */
+        };
+static SSL3_ENC_METHOD SSLv3_enc_data={
+        ssl3_enc,
+        ssl3_mac,
+        ssl3_setup_key_block,
+        ssl3_generate_master_secret,
+        ssl3_change_cipher_state,
+        ssl3_final_finish_mac,
+        MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
+        ssl3_cert_verify_mac,
+        SSL3_MD_CLIENT_FINISHED_CONST,4,
+        SSL3_MD_SERVER_FINISHED_CONST,4,
+        ssl3_alert_code,
+        };
+static SSL_METHOD SSLv3_data= {
+        SSL3_VERSION,
+        ssl3_new,
+        ssl3_clear,
+        ssl3_free,
+        ssl_undefined_function,
+        ssl_undefined_function,
+        ssl3_read,
+        ssl3_peek,
+        ssl3_write,
+        ssl3_shutdown,
+        ssl3_renegotiate,
+        ssl3_ctrl,
+        ssl3_ctx_ctrl,
+        ssl3_get_cipher_by_char,
+        ssl3_put_cipher_by_char,
+        ssl3_pending,
+        ssl3_num_ciphers,
+        ssl3_get_cipher,
+        ssl_bad_method,
+        ssl3_default_timeout,
+        &SSLv3_enc_data,
+        };
+static long ssl3_default_timeout()
+        {
+        /* 2 hours, the 24 hours mentioned in the SSLv3 spec
+         * is way too long for http, the cache would over fill */
+        return(60*60*2);
+        }
+SSL_METHOD *sslv3_base_method()
+        {
+        return(&SSLv3_data);
+        }
+int ssl3_num_ciphers()
+        {
+        return(SSL3_NUM_CIPHERS);
+        }
+SSL_CIPHER *ssl3_get_cipher(u)
+unsigned int u;
+        {
+        if (u < SSL3_NUM_CIPHERS)
+                return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
+        else
+                return(NULL);
+        }
+/* The problem is that it may not be the correct record type */
+int ssl3_pending(s)
+SSL *s;
+        {
+        return(s->s3->rrec.length);
+        }
+int ssl3_new(s)
+SSL *s;
+        {
+        SSL3_CTX *s3;
+        if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err;
+        memset(s3,0,sizeof(SSL3_CTX));
+        s->s3=s3;
+        /*
+        s->s3->tmp.ca_names=NULL;
+        s->s3->tmp.key_block=NULL;
+        s->s3->tmp.key_block_length=0;
+        s->s3->rbuf.buf=NULL;
+        s->s3->wbuf.buf=NULL;
+        */
+        s->method->ssl_clear(s);
+        return(1);
+err:
+        return(0);
+        }
+void ssl3_free(s)
+SSL *s;
+        {
+        ssl3_cleanup_key_block(s);
+        if (s->s3->rbuf.buf != NULL)
+                Free(s->s3->rbuf.buf);
+        if (s->s3->wbuf.buf != NULL)
+                Free(s->s3->wbuf.buf);
+#ifndef NO_DH
+        if (s->s3->tmp.dh != NULL)
+                DH_free(s->s3->tmp.dh);
+#endif
+        if (s->s3->tmp.ca_names != NULL)
+                sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+        memset(s->s3,0,sizeof(SSL3_CTX));
+        Free(s->s3);
+        s->s3=NULL;
+        }
+void ssl3_clear(s)
+SSL *s;
+        {
+        unsigned char *rp,*wp;
+        ssl3_cleanup_key_block(s);
+        if (s->s3->tmp.ca_names != NULL)
+                sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+        rp=s->s3->rbuf.buf;
+        wp=s->s3->wbuf.buf;
+        memset(s->s3,0,sizeof(SSL3_CTX));
+        if (rp != NULL) s->s3->rbuf.buf=rp;
+        if (wp != NULL) s->s3->wbuf.buf=wp;
+        s->packet_length=0;
+        s->s3->renegotiate=0;
+        s->s3->total_renegotiations=0;
+        s->s3->num_renegotiations=0;
+        s->s3->in_read_app_data=0;
+        s->version=SSL3_VERSION;
+        }
+long ssl3_ctrl(s,cmd,larg,parg)
+SSL *s;
+int cmd;
+long larg;
+char *parg;
+        {
+        int ret=0;
+        switch (cmd)
+                {
+        case SSL_CTRL_GET_SESSION_REUSED:
+                ret=s->hit;
+                break;
+        case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
+                break;
+        case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
+                ret=s->s3->num_renegotiations;
+                break;
+        case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
+                ret=s->s3->num_renegotiations;
+                s->s3->num_renegotiations=0;
+                break;
+        case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
+                ret=s->s3->total_renegotiations;
+                break;
+        default:
+                break;
+                }
+        return(ret);
+        }
+long ssl3_ctx_ctrl(ctx,cmd,larg,parg)
+SSL_CTX *ctx;
+int cmd;
+long larg;
+char *parg;
+        {
+        CERT *cert;
+        cert=ctx->default_cert;
+        switch (cmd)
+                {
+#ifndef NO_RSA
+        case SSL_CTRL_NEED_TMP_RSA:
+                if (    (cert->rsa_tmp == NULL) &&
+                        ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+                         (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
+                        )
+                        return(1);
+                else
+                        return(0);
+                break;
+        case SSL_CTRL_SET_TMP_RSA:
+                {
+                RSA *rsa;
+                int i;
+                rsa=(RSA *)parg;
+                i=1;
+                if (rsa == NULL)
+                        i=0;
+                else
+                        {
+                        if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
+                                i=0;
+                        }
+                if (!i)
+                        {
+                        SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
+                        return(0);
+                        }
+                else
+                        {
+                        if (cert->rsa_tmp != NULL)
+                                RSA_free(cert->rsa_tmp);
+                        cert->rsa_tmp=rsa;
+                        return(1);
+                        }
+                }
+                break;
+        case SSL_CTRL_SET_TMP_RSA_CB:
+                cert->rsa_tmp_cb=(RSA *(*)())parg;
+                break;
+#endif
+#ifndef NO_DH
+        case SSL_CTRL_SET_TMP_DH:
+                {
+                DH *new=NULL,*dh;
+                dh=(DH *)parg;
+                if (    ((new=DHparams_dup(dh)) == NULL) ||
+                        (!DH_generate_key(new)))
+                        {
+                        SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
+                        if (new != NULL) DH_free(new);
+                        return(0);
+                        }
+                else
+                        {
+                        if (cert->dh_tmp != NULL)
+                                DH_free(cert->dh_tmp);
+                        cert->dh_tmp=new;
+                        return(1);
+                        }
+                }
+                break;
+        case SSL_CTRL_SET_TMP_DH_CB:
+                cert->dh_tmp_cb=(DH *(*)())parg;
+                break;
+#endif
+        default:
+                return(0);
+                }
+        return(1);
+        }
+/* This function needs to check if the ciphers required are actually
+ * available */
+SSL_CIPHER *ssl3_get_cipher_by_char(p)
+unsigned char *p;
+        {
+        static int init=1;
+        static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
+        SSL_CIPHER c,*cp= &c,**cpp;
+        unsigned long id;
+        int i;
+        if (init)
+                {
+                init=0;
+                for (i=0; i<SSL3_NUM_CIPHERS; i++)
+                        sorted[i]= &(ssl3_ciphers[i]);
+                qsort(  (char *)sorted,
+                        SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+                        FP_ICC ssl_cipher_ptr_id_cmp);
+                }
+        id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
+        c.id=id;
+        cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
+                (char *)sorted,
+                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+                (int (*)())ssl_cipher_ptr_id_cmp);
+        if ((cpp == NULL) || !(*cpp)->valid)
+                return(NULL);
+        else
+                return(*cpp);
+        }
+int ssl3_put_cipher_by_char(c,p)
+SSL_CIPHER *c;
+unsigned char *p;
+        {
+        long l;
+        if (p != NULL)
+                {
+                l=c->id;
+                if ((l & 0xff000000) != 0x03000000) return(0);
+                p[0]=((unsigned char)(l>> 8L))&0xFF;
+                p[1]=((unsigned char)(l     ))&0xFF;
+                }
+        return(2);
+        }
+int ssl3_part_read(s,i)
+SSL *s;
+int i;
+        {
+        s->rwstate=SSL_READING;
+        if (i < 0)
+                {
+                return(i);
+                }
+        else
+                {
+                s->init_num+=i;
+                return(0);
+                }
+        }
+SSL_CIPHER *ssl3_choose_cipher(s,have,pref)
+SSL *s;
+STACK *have,*pref;
+        {
+        SSL_CIPHER *c,*ret=NULL;
+        int i,j,ok;
+        CERT *cert;
+        unsigned long alg,mask,emask;
+        /* Lets see which ciphers we can supported */
+        if (s->cert != NULL)
+                cert=s->cert;
+        else
+                cert=s->ctx->default_cert;
+        ssl_set_cert_masks(cert);
+        mask=cert->mask;
+        emask=cert->export_mask;
+                        
+        sk_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
+        for (i=0; i<sk_num(have); i++)
+                {
+                c=(SSL_CIPHER *)sk_value(have,i);
+                alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+                if (alg & SSL_EXPORT)
+                        {
+                        ok=((alg & emask) == alg)?1:0;
+#ifdef CIPHER_DEBUG
+                        printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name);
+#endif
+                        }
+                else
+                        {
+                        ok=((alg & mask) == alg)?1:0;
+#ifdef CIPHER_DEBUG
+                        printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name);
+#endif
+                        }
+                if (!ok) continue;
+        
+                j=sk_find(pref,(char *)c);
+                if (j >= 0)
+                        {
+                        ret=(SSL_CIPHER *)sk_value(pref,j);
+                        break;
+                        }
+                }
+        return(ret);
+        }
+int ssl3_get_req_cert_type(s,p)
+SSL *s;
+unsigned char *p;
+        {
+        int ret=0;
+        unsigned long alg;
+        alg=s->s3->tmp.new_cipher->algorithms;
+#ifndef NO_DH
+        if (alg & (SSL_kDHr|SSL_kEDH))
+                {
+#ifndef NO_RSA
+                p[ret++]=SSL3_CT_RSA_FIXED_DH;
+#endif
+#ifndef NO_DSA
+                p[ret++]=SSL3_CT_DSS_FIXED_DH;
+#endif
+                }
+        if ((s->version == SSL3_VERSION) &&
+                (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
+                {
+#ifndef NO_RSA
+                p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
+#endif
+#ifndef NO_DSA
+                p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
+#endif
+                }
+#endif /* !NO_DH */
+#ifndef NO_RSA
+        p[ret++]=SSL3_CT_RSA_SIGN;
+#endif
+        p[ret++]=SSL3_CT_DSS_SIGN;
+        return(ret);
+        }
+int ssl3_shutdown(s)
+SSL *s;
+        {
+        /* Don't do anything much if we have not done the handshake or
+         * we don't want to send messages :-) */
+        if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
+                {
+                s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+                return(1);
+                }
+        if (!(s->shutdown & SSL_SENT_SHUTDOWN))
+                {
+                s->shutdown|=SSL_SENT_SHUTDOWN;
+#if 1
+                ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
+#endif
+                /* our shutdown alert has been sent now, and if it still needs
+                 * to be written, s->s3->alert_dispatch will be true */
+                }
+        else if (s->s3->alert_dispatch)
+                {
+                /* resend it if not sent */
+#if 1
+                ssl3_dispatch_alert(s);
+#endif
+                }
+        else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
+                {
+                /* If we are waiting for a close from our peer, we are closed */
+                ssl3_read_bytes(s,0,NULL,0);
+                }
+        if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
+                !s->s3->alert_dispatch)
+                return(1);
+        else
+                return(0);
+        }
+int ssl3_write(s,buf,len)
+SSL *s;
+char *buf;
+int len;
+        {
+        int ret,n;
+        BIO *under;
+#if 0
+        if (s->shutdown & SSL_SEND_SHUTDOWN)
+                {
+                s->rwstate=SSL_NOTHING;
+                return(0);
+                }
+#endif
+        clear_sys_error();
+        if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+        /* This is an experimental flag that sends the
+         * last handshake message in the same packet as the first
+         * use data - used to see if it helps the TCP protocol during
+         * session-id reuse */
+        /* The second test is because the buffer may have been removed */
+        if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
+                {
+                /* First time through, we write into the buffer */
+                if (s->s3->delay_buf_pop_ret == 0)
+                        {
+                        ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
+                                (char *)buf,len);
+                        if (ret <= 0) return(ret);
+                        s->s3->delay_buf_pop_ret=ret;
+                        }
+                s->rwstate=SSL_WRITING;
+                n=BIO_flush(s->wbio);
+                if (n <= 0) return(n);
+                s->rwstate=SSL_NOTHING;
+                /* We have flushed the buffer */
+                under=BIO_pop(s->wbio);
+                s->wbio=under;
+                BIO_free(s->bbio);
+                s->bbio=NULL;
+                ret=s->s3->delay_buf_pop_ret;
+                s->s3->delay_buf_pop_ret=0;
+                s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
+                }
+        else
+                {
+                ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
+                        (char *)buf,len);
+                if (ret <= 0) return(ret);
+                }
+        return(ret);
+        }
+int ssl3_read(s,buf,len)
+SSL *s;
+char *buf;
+int len;
+        {
+        int ret;
+        
+        clear_sys_error();
+        if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+        s->s3->in_read_app_data=1;
+        ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
+        if ((ret == -1) && (s->s3->in_read_app_data == 0))
+                {
+                ERR_get_error(); /* clear the error */
+                s->s3->in_read_app_data=0;
+                s->in_handshake++;
+                ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
+                s->in_handshake--;
+                }
+        else
+                s->s3->in_read_app_data=0;
+        return(ret);
+        }
+int ssl3_peek(s,buf,len)
+SSL *s;
+char *buf;
+int len;
+        {
+        SSL3_RECORD *rr;
+        int n;
+        rr= &(s->s3->rrec);
+        if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
+                {
+                n=ssl3_read(s,buf,1);
+                if (n <= 0) return(n);
+                rr->length++;
+                rr->off--;
+                }
+        if ((unsigned int)len > rr->length)
+                n=rr->length;
+        else
+                n=len;
+        memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
+        return(n);
+        }
+int ssl3_renegotiate(s)
+SSL *s;
+        {
+        if (s->handshake_func == NULL)
+                return(1);
+        if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+                return(0);
+        s->s3->renegotiate=1;
+        return(1);
+        }
+int ssl3_renegotiate_check(s)
+SSL *s;
+        {
+        int ret=0;
+        if (s->s3->renegotiate)
+                {
+                if (    (s->s3->rbuf.left == 0) &&
+                        (s->s3->wbuf.left == 0) &&
+                        !SSL_in_init(s))
+                        {
+/*
+if we are the server, and we have sent a 'RENEGOTIATE' message, we
+need to go to SSL_ST_ACCEPT.
+*/
+                        /* SSL_ST_ACCEPT */
+                        s->state=SSL_ST_RENEGOTIATE;
+                        s->s3->renegotiate=0;
+                        s->s3->num_renegotiations++;
+                        s->s3->total_renegotiations++;
+                        ret=1;
+                        }
+                }
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/ssl/s3_meth.c b/src/lib/libssl/src/ssl/s3_meth.c
new file mode 100644
index 0000000000..3d66b4643a
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s3_meth.c
@@ -0,0 +1,88 @@
+/* ssl/s3_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "objects.h"
+#include "ssl_locl.h"
+static SSL_METHOD *ssl3_get_method(ver)
+int ver;
+        {
+        if (ver == SSL3_VERSION)
+                return(SSLv3_method());
+        else 
+                return(NULL);
+        }
+SSL_METHOD *SSLv3_method()
+        {
+        static int init=1;
+        static SSL_METHOD SSLv3_data;
+        if (init)
+                {
+                init=0;
+                memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
+                        sizeof(SSL_METHOD));
+                SSLv3_data.ssl_connect=ssl3_connect;
+                SSLv3_data.ssl_accept=ssl3_accept;
+                SSLv3_data.get_ssl_method=ssl3_get_method;
+                }
+        return(&SSLv3_data);
+        }
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
new file mode 100644
index 0000000000..2385080347
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -0,0 +1,1061 @@
+/* ssl/s3_pkt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "evp.h"
+#include "buffer.h"
+#include "ssl_locl.h"
+/* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_RECORD_MAC);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_NO_CERTIFICATE);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_CERTIFICATE);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER);
+ */
+#ifndef NOPROTO
+static int do_ssl3_write(SSL *s, int type, char *buf, unsigned int len);
+static int ssl3_write_pending(SSL *s, int type, char *buf, unsigned int len);
+static int ssl3_get_record(SSL *s);
+static int do_compress(SSL *ssl);
+static int do_uncompress(SSL *ssl);
+static int do_change_cipher_spec(SSL *ssl);
+#else
+static int do_ssl3_write();
+static int ssl3_write_pending();
+static int ssl3_get_record();
+static int do_compress();
+static int do_uncompress();
+static int do_change_cipher_spec();
+#endif
+static int ssl3_read_n(s,n,max,extend)
+SSL *s;
+int n;
+int max;
+int extend;
+        {
+        int i,off,newb;
+        /* if there is stuff still in the buffer from a previous read,
+         * and there is more than we want, take some. */
+        if (s->s3->rbuf.left >= (int)n)
+                {
+                if (extend)
+                        s->packet_length+=n;
+                else
+                        {
+                        s->packet= &(s->s3->rbuf.buf[s->s3->rbuf.offset]);
+                        s->packet_length=n;
+                        }
+                s->s3->rbuf.left-=n;
+                s->s3->rbuf.offset+=n;
+                return(n);
+                }
+        /* else we need to read more data */
+        if (!s->read_ahead) max=n;
+        if (max > SSL3_RT_MAX_PACKET_SIZE)
+                max=SSL3_RT_MAX_PACKET_SIZE;
+        /* First check if there is some left or we want to extend */
+        off=0;
+        if (    (s->s3->rbuf.left != 0) ||
+                ((s->packet_length != 0) && extend))
+                {
+                newb=s->s3->rbuf.left;
+                if (extend)
+                        {
+                        /* Copy bytes back to the front of the buffer 
+                         * Take the bytes already pointed to by 'packet'
+                         * and take the extra ones on the end. */
+                        off=s->packet_length;
+                        if (s->packet != s->s3->rbuf.buf)
+                                memcpy(s->s3->rbuf.buf,s->packet,newb+off);
+                        }
+                else if (s->s3->rbuf.offset != 0)
+                        { /* so the data is not at the start of the buffer */
+                        memcpy(s->s3->rbuf.buf,
+                                &(s->s3->rbuf.buf[s->s3->rbuf.offset]),newb);
+                        s->s3->rbuf.offset=0;
+                        }
+                s->s3->rbuf.left=0;
+                }
+        else
+                newb=0;
+        /* So we now have 'newb' bytes at the front of 
+         * s->s3->rbuf.buf and need to read some more in on the end
+         * We start reading into the buffer at 's->s3->rbuf.offset'
+         */
+        s->packet=s->s3->rbuf.buf;
+        while (newb < n)
+                {
+                clear_sys_error();
+                if (s->rbio != NULL)
+                        {
+                        s->rwstate=SSL_READING;
+                        i=BIO_read(s->rbio,
+                                (char *)&(s->s3->rbuf.buf[off+newb]),
+                                max-newb);
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
+                        i= -1;
+                        }
+                if (i <= 0)
+                        {
+                        s->s3->rbuf.left+=newb;
+                        return(i);
+                        }
+                newb+=i;
+                }
+        /* record used data read */
+        if (newb > n)
+                {
+                s->s3->rbuf.offset=n+off;
+                s->s3->rbuf.left=newb-n;
+                }
+        else
+                {
+                s->s3->rbuf.offset=0;
+                s->s3->rbuf.left=0;
+                }
+        if (extend)
+                s->packet_length+=n;
+        else
+                s->packet_length+=n;
+        return(n);
+        }
+/* Call this to get a new input record.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, one packet has been decoded and can be found in
+ * ssl->s3->rrec.type   - is the type of record
+ * ssl->s3->rrec.data,  - data
+ * ssl->s3->rrec.length, - number of bytes
+ */
+static int ssl3_get_record(s)
+SSL *s;
+        {
+        char tmp_buf[512];
+        int ssl_major,ssl_minor,al;
+        int n,i,ret= -1;
+        SSL3_BUFFER *rb;
+        SSL3_RECORD *rr;
+        SSL_SESSION *sess;
+        unsigned char *p;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        short version;
+        unsigned int mac_size;
+        int clear=0,extra;
+        rr= &(s->s3->rrec);
+        rb= &(s->s3->rbuf);
+        sess=s->session;
+        if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+                extra=SSL3_RT_MAX_EXTRA;
+        else
+                extra=0;
+again:
+        /* check if we have the header */
+        if (    (s->rstate != SSL_ST_READ_BODY) ||
+                (s->packet_length < SSL3_RT_HEADER_LENGTH)) 
+                {
+                n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH,
+                        SSL3_RT_MAX_PACKET_SIZE,0);
+                if (n <= 0) return(n); /* error or non-blocking */
+                s->rstate=SSL_ST_READ_BODY;
+                p=s->packet;
+                /* Pull apart the header into the SSL3_RECORD */
+                rr->type= *(p++);
+                ssl_major= *(p++);
+                ssl_minor= *(p++);
+                version=(ssl_major<<8)|ssl_minor;
+                n2s(p,rr->length);
+                /* Lets check version */
+                if (s->first_packet)
+                        {
+                        s->first_packet=0;
+                        }
+                else
+                        {
+                        if (version != s->version)
+                                {
+                                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+                                /* Send back error using their
+                                 * version number :-) */
+                                s->version=version;
+                                al=SSL_AD_PROTOCOL_VERSION;
+                                goto f_err;
+                                }
+                        }
+                if ((version>>8) != SSL3_VERSION_MAJOR)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+                        goto err;
+                        }
+                if (rr->length > 
+                        (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+                        {
+                        al=SSL_AD_RECORD_OVERFLOW;
+                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
+                        goto f_err;
+                        }
+                s->rstate=SSL_ST_READ_BODY;
+                }
+        /* get and decode the data */
+        if (s->rstate == SSL_ST_READ_BODY)
+                {
+                if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH))
+                        {
+                        i=rr->length;
+                        /*-(s->packet_length-SSL3_RT_HEADER_LENGTH); */
+                        n=ssl3_read_n(s,i,i,1);
+                        if (n <= 0) return(n); /* error or non-blocking io */
+                        }
+                s->rstate=SSL_ST_READ_HEADER;
+                }
+        /* At this point, we have the data in s->packet and there should be
+         * s->packet_length bytes, we must not 'overrun' this buffer :-)
+         * One of the following functions will copy the data from the
+         * s->packet buffer */
+        rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
+        /* ok, we can now read from 's->packet' data into 'rr'
+         * rr->input points at rr->length bytes, which
+         * need to be copied into rr->data by either
+         * the decryption or by the decompression
+         * When the data is 'copied' into the rr->data buffer,
+         * rr->input will be pointed at the new buffer */ 
+        /* Set the state for the following operations */
+        s->rstate=SSL_ST_READ_HEADER;
+        /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
+         * rr->length bytes of encrypted compressed stuff. */
+        /* check is not needed I belive */
+        if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+                {
+                al=SSL_AD_RECORD_OVERFLOW;
+                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+                goto f_err;
+                }
+        /* decrypt in place in 'rr->input' */
+        rr->data=rr->input;
+        memcpy(tmp_buf,rr->input,(rr->length > 512)?512:rr->length);
+        if (!s->method->ssl3_enc->enc(s,0))
+                {
+                al=SSL_AD_DECRYPT_ERROR;
+                goto f_err;
+                }
+#ifdef TLS_DEBUG
+printf("dec %d\n",rr->length);
+{ int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
+printf("\n");
+#endif
+        /* r->length is now the compressed data plus mac */
+        if (    (sess == NULL) ||
+                (s->enc_read_ctx == NULL) ||
+                (s->read_hash == NULL))
+                clear=1;
+        if (!clear)
+                {
+                mac_size=EVP_MD_size(s->read_hash);
+                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
+                        {
+                        al=SSL_AD_RECORD_OVERFLOW;
+                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+                        goto f_err;
+                        }
+                /* check MAC for rr->input' */
+                if (rr->length < mac_size)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+                        goto f_err;
+                        }
+                rr->length-=mac_size;
+                i=s->method->ssl3_enc->mac(s,md,0);
+                if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+                        {
+                        al=SSL_AD_BAD_RECORD_MAC;
+                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE);
+                        ret= -1;
+                        goto f_err;
+                        }
+                }
+        /* r->length is now just compressed */
+        if ((sess != NULL) && (sess->read_compression != NULL))
+                {
+                if (rr->length > 
+                        (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
+                        {
+                        al=SSL_AD_RECORD_OVERFLOW;
+                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+                        goto f_err;
+                        }
+                if (!do_uncompress(s))
+                        {
+                        al=SSL_AD_DECOMPRESSION_FAILURE;
+                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
+                        goto f_err;
+                        }
+                }
+        if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra)
+                {
+                al=SSL_AD_RECORD_OVERFLOW;
+                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
+                goto f_err;
+                }
+        rr->off=0;
+        /* So at this point the following is true
+         * ssl->s3->rrec.type   is the type of record
+         * ssl->s3->rrec.length == number of bytes in record
+         * ssl->s3->rrec.off    == offset to first valid byte
+         * ssl->s3->rrec.data   == where to take bytes from, increment
+         *                         after use :-).
+         */
+        /* we have pulled in a full packet so zero things */
+        s->packet_length=0;
+        /* just read a 0 length packet */
+        if (rr->length == 0) goto again;
+        return(1);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        return(ret);
+        }
+static int do_uncompress(ssl)
+SSL *ssl;
+        {
+        return(1);
+        }
+static int do_compress(ssl)
+SSL *ssl;
+        {
+        return(1);
+        }
+/* Call this to write data
+ * It will return <= 0 if not all data has been sent or non-blocking IO.
+ */
+int ssl3_write_bytes(s,type,buf,len)
+SSL *s;
+int type;
+char *buf;
+int len;
+        {
+        unsigned int tot,n,nw;
+        int i;
+        s->rwstate=SSL_NOTHING;
+        tot=s->s3->wnum;
+        s->s3->wnum=0;
+        if (SSL_in_init(s) && !s->in_handshake)
+                {
+                i=s->handshake_func(s);
+                if (i < 0) return(i);
+                if (i == 0)
+                        {
+                        SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return(-1);
+                        }
+                }
+        n=(len-tot);
+        for (;;)
+                {
+                if (n > SSL3_RT_MAX_PLAIN_LENGTH)
+                        nw=SSL3_RT_MAX_PLAIN_LENGTH;
+                else
+                        nw=n;
+                        
+                i=do_ssl3_write(s,type,&(buf[tot]),nw);
+                if (i <= 0)
+                        {
+                        s->s3->wnum=tot;
+                        return(i);
+                        }
+                if (type == SSL3_RT_HANDSHAKE)
+                        ssl3_finish_mac(s,(unsigned char *)&(buf[tot]),i);
+                if (i == (int)n) return(tot+i);
+                n-=i;
+                tot+=i;
+                }
+        }
+static int do_ssl3_write(s,type,buf,len)
+SSL *s;
+int type;
+char *buf;
+unsigned int len;
+        {
+        unsigned char *p,*plen;
+        int i,mac_size,clear=0;
+        SSL3_RECORD *wr;
+        SSL3_BUFFER *wb;
+        SSL_SESSION *sess;
+        /* first check is there is a SSL3_RECORD still being written
+         * out.  This will happen with non blocking IO */
+        if (s->s3->wbuf.left != 0)
+                return(ssl3_write_pending(s,type,buf,len));
+        /* If we have an alert to send, lets send it */
+        if (s->s3->alert_dispatch)
+                {
+                i=ssl3_dispatch_alert(s);
+                if (i <= 0)
+                        return(i);
+                /* if it went, fall through and send more stuff */
+                }
+        if (len <= 0) return(len);
+        
+        wr= &(s->s3->wrec);
+        wb= &(s->s3->wbuf);
+        sess=s->session;
+        if (    (sess == NULL) ||
+                (s->enc_write_ctx == NULL) ||
+                (s->write_hash == NULL))
+                clear=1;
+        if (clear)
+                mac_size=0;
+        else
+                mac_size=EVP_MD_size(s->write_hash);
+        p=wb->buf;
+        /* write the header */
+        *(p++)=type&0xff;
+        wr->type=type;
+        *(p++)=(s->version>>8);
+        *(p++)=s->version&0xff;
+        
+        /* record where we are to write out packet length */
+        plen=p; 
+        p+=2;
+        
+        /* lets setup the record stuff. */
+        wr->data=p;
+        wr->length=(int)len;
+        wr->input=(unsigned char *)buf;
+        /* we now 'read' from wr->input, wr->length bytes into
+         * wr->data */
+        /* first we compress */
+        if ((sess != NULL) && (sess->write_compression != NULL))
+                {
+                if (!do_compress(s))
+                        {
+                        SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
+                        goto err;
+                        }
+                }
+        else
+                {
+                memcpy(wr->data,wr->input,wr->length);
+                wr->input=wr->data;
+                }
+        /* we should still have the output to wr->data and the input
+         * from wr->input.  Length should be wr->length.
+         * wr->data still points in the wb->buf */
+        if (mac_size != 0)
+                {
+                s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
+                wr->length+=mac_size;
+                wr->input=p;
+                wr->data=p;
+                }
+        /* ssl3_enc can only have an error on read */
+        s->method->ssl3_enc->enc(s,1);
+        /* record length after mac and block padding */
+        s2n(wr->length,plen);
+        /* we should now have
+         * wr->data pointing to the encrypted data, which is
+         * wr->length long */
+        wr->type=type; /* not needed but helps for debugging */
+        wr->length+=SSL3_RT_HEADER_LENGTH;
+        /* Now lets setup wb */
+        wb->left=wr->length;
+        wb->offset=0;
+        s->s3->wpend_tot=len;
+        s->s3->wpend_buf=buf;
+        s->s3->wpend_type=type;
+        s->s3->wpend_ret=len;
+        /* we now just need to write the buffer */
+        return(ssl3_write_pending(s,type,buf,len));
+err:
+        return(-1);
+        }
+/* if s->s3->wbuf.left != 0, we need to call this */
+static int ssl3_write_pending(s,type,buf,len)
+SSL *s;
+int type;
+char *buf;
+unsigned int len;
+        {
+        int i;
+/* XXXX */
+        if ((s->s3->wpend_tot > (int)len) || (s->s3->wpend_buf != buf)
+                || (s->s3->wpend_type != type))
+                {
+                SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
+                return(-1);
+                }
+        for (;;)
+                {
+                clear_sys_error();
+                if (s->wbio != NULL)
+                        {
+                        s->rwstate=SSL_WRITING;
+                        i=BIO_write(s->wbio,
+                                (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
+                                (unsigned int)s->s3->wbuf.left);
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
+                        i= -1;
+                        }
+                if (i == s->s3->wbuf.left)
+                        {
+                        s->s3->wbuf.left=0;
+                        s->rwstate=SSL_NOTHING;
+                        return(s->s3->wpend_ret);
+                        }
+                else if (i <= 0)
+                        return(i);
+                s->s3->wbuf.offset+=i;
+                s->s3->wbuf.left-=i;
+                }
+        }
+int ssl3_read_bytes(s,type,buf,len)
+SSL *s;
+int type;
+char *buf;
+int len;
+        {
+        int al,i,j,n,ret;
+        SSL3_RECORD *rr;
+        void (*cb)()=NULL;
+        BIO *bio;
+        if (s->s3->rbuf.buf == NULL) /* Not initalised yet */
+                if (!ssl3_setup_buffers(s))
+                        return(-1);
+        if (!s->in_handshake && SSL_in_init(s))
+                {
+                i=s->handshake_func(s);
+                if (i < 0) return(i);
+                if (i == 0)
+                        {
+                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return(-1);
+                        }
+                }
+start:
+        s->rwstate=SSL_NOTHING;
+        /* s->s3->rrec.type     - is the type of record
+         * s->s3->rrec.data,    - data
+         * s->s3->rrec.off,     - ofset into 'data' for next read
+         * s->s3->rrec.length,  - number of bytes. */
+        rr= &(s->s3->rrec);
+        /* get new packet */
+        if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
+                {
+                ret=ssl3_get_record(s);
+                if (ret <= 0) return(ret);
+                }
+        /* we now have a packet which can be read and processed */
+        if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE))
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+                goto err;
+                }
+        /* If the other end has shutdown, throw anything we read away */
+        if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
+                {
+                rr->length=0;
+                s->rwstate=SSL_NOTHING;
+                return(0);
+                }
+        /* Check for an incoming 'Client Request' message */
+        if ((rr->type == SSL3_RT_HANDSHAKE) && (rr->length == 4) &&
+                (rr->data[0] == SSL3_MT_CLIENT_REQUEST) &&
+                (s->session != NULL) && (s->session->cipher != NULL))
+                {
+                if ((rr->data[1] != 0) || (rr->data[2] != 0) ||
+                        (rr->data[3] != 0))
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CLIENT_REQUEST);
+                        goto err;
+                        }
+                if (SSL_is_init_finished(s) &&
+                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+                        !s->s3->renegotiate)
+                        {
+                        ssl3_renegotiate(s);
+                        if (ssl3_renegotiate_check(s))
+                                {
+                                n=s->handshake_func(s);
+                                if (n < 0) return(n);
+                                if (n == 0)
+                                        {
+                                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                                        return(-1);
+                                        }
+                                }
+                        }
+                rr->length=0;
+/* ZZZ */       goto start;
+                }
+        /* if it is not the type we want, or we have shutdown and want
+         * the peer shutdown */
+        if ((rr->type != type) || (s->shutdown & SSL_SENT_SHUTDOWN))
+                {
+                if (rr->type == SSL3_RT_ALERT)
+                        {
+                        if ((rr->length != 2) || (rr->off != 0))
+                                {
+                                al=SSL_AD_DECODE_ERROR;
+                                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_ALERT_RECORD);
+                                goto f_err;
+                                }
+                        i=rr->data[0];
+                        n=rr->data[1];
+                        /* clear from buffer */
+                        rr->length=0;
+                        if (s->info_callback != NULL)
+                                cb=s->info_callback;
+                        else if (s->ctx->info_callback != NULL)
+                                cb=s->ctx->info_callback;
+                        if (cb != NULL)
+                                {
+                                j=(i<<8)|n;
+                                cb(s,SSL_CB_READ_ALERT,j);
+                                }
+                        if (i == 1)
+                                {
+                                s->s3->warn_alert=n;
+                                if (n == SSL_AD_CLOSE_NOTIFY)
+                                        {
+                                        s->shutdown|=SSL_RECEIVED_SHUTDOWN;
+                                        return(0);
+                                        }
+                                }
+                        else if (i == 2)
+                                {
+                                char tmp[16];
+                                s->rwstate=SSL_NOTHING;
+                                s->s3->fatal_alert=n;
+                                SSLerr(SSL_F_SSL3_READ_BYTES,1000+n);
+                                sprintf(tmp,"%d",n);
+                                ERR_add_error_data(2,"SSL alert number ",tmp);
+                                s->shutdown|=SSL_RECEIVED_SHUTDOWN;
+                                SSL_CTX_remove_session(s->ctx,s->session);
+                                return(0);
+                                }
+                        else
+                                {
+                                al=SSL_AD_ILLEGAL_PARAMETER;
+                                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
+                                goto f_err;
+                                }
+                        rr->length=0;
+                        goto start;
+                        }
+                if (s->shutdown & SSL_SENT_SHUTDOWN)
+                        {
+                        s->rwstate=SSL_NOTHING;
+                        rr->length=0;
+                        return(0);
+                        }
+                if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
+                        {
+                        if (    (rr->length != 1) || (rr->off != 0) ||
+                                (rr->data[0] != SSL3_MT_CCS))
+                                {
+                                i=SSL_AD_ILLEGAL_PARAMETER;
+                                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
+                                goto err;
+                                }
+                        rr->length=0;
+                        s->s3->change_cipher_spec=1;
+                        if (!do_change_cipher_spec(s))
+                                goto err;
+                        else
+                                goto start;
+                        }
+                /* else we have a handshake */
+                if ((rr->type == SSL3_RT_HANDSHAKE) &&
+                        !s->in_handshake)
+                        {
+                        if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
+                                !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+                                {
+                                s->state=SSL_ST_BEFORE;
+                                s->new_session=1;
+                                }
+                        n=s->handshake_func(s);
+                        if (n < 0) return(n);
+                        if (n == 0)
+                                {
+                                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                                return(-1);
+                                }
+                        /* In the case where we try to read application data
+                         * the first time, but we trigger an SSL handshake, we
+                         * return -1 with the retry option set.  I do this
+                         * otherwise renegotiation can cause nasty problems 
+                         * in the non-blocking world */
+                        s->rwstate=SSL_READING;
+                        bio=SSL_get_rbio(s);
+                        BIO_clear_retry_flags(bio);
+                        BIO_set_retry_read(bio);
+                        return(-1);
+                        }
+                switch (rr->type)
+                        {
+                default:
+#ifndef NO_TLS
+                        /* TLS just ignores unknown message types */
+                        if (s->version == TLS1_VERSION)
+                                {
+                                goto start;
+                                }
+#endif
+                case SSL3_RT_CHANGE_CIPHER_SPEC:
+                case SSL3_RT_ALERT:
+                case SSL3_RT_HANDSHAKE:
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+                        goto f_err;
+                case SSL3_RT_APPLICATION_DATA:
+                        /* At this point, we were expecting something else,
+                         * but have application data.  What we do is set the
+                         * error, and return -1.  On the way out, if the
+                         * library was running inside ssl3_read() and it makes
+                         * sense to read application data at this point, we
+                         * will indulge it.  This will mostly happen during
+                         * session renegotiation.
+                         */
+                        if (s->s3->in_read_app_data &&
+                                (s->s3->total_renegotiations != 0) &&
+                                ((
+                                  (s->state & SSL_ST_CONNECT) &&
+                                  (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+                                  (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
+                                 ) || (
+                                  (s->state & SSL_ST_ACCEPT) &&
+                                  (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
+                                  (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
+                                 )
+                                ))
+                                {
+                                s->s3->in_read_app_data=0;
+                                return(-1);
+                                }
+                        else
+                                {
+                                al=SSL_AD_UNEXPECTED_MESSAGE;
+                                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+                                goto f_err;
+                                }
+                        }
+                }
+        /* make sure that we are not getting application data when we
+         * are doing a handshake for the first time */
+        if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+                (s->enc_read_ctx == NULL))
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
+                goto f_err;
+                }
+        if (len <= 0) return(len);
+        if ((unsigned int)len > rr->length)
+                n=rr->length;
+        else
+                n=len;
+        memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
+        rr->length-=n;
+        rr->off+=n;
+        if (rr->length <= 0)
+                {
+                s->rstate=SSL_ST_READ_HEADER;
+                rr->off=0;
+                }
+        if (type == SSL3_RT_HANDSHAKE)
+                ssl3_finish_mac(s,(unsigned char *)buf,n);
+        return(n);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        return(-1);
+        }
+static int do_change_cipher_spec(s)
+SSL *s;
+        {
+        int i;
+        unsigned char *sender;
+        int slen;
+        if (s->state & SSL_ST_ACCEPT)
+                i=SSL3_CHANGE_CIPHER_SERVER_READ;
+        else
+                i=SSL3_CHANGE_CIPHER_CLIENT_READ;
+        if (s->s3->tmp.key_block == NULL)
+                {
+                s->session->cipher=s->s3->tmp.new_cipher;
+                if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
+                }
+        if (!s->method->ssl3_enc->change_cipher_state(s,i))
+                return(0);
+        /* we have to record the message digest at
+         * this point so we can get it before we read
+         * the finished message */
+        if (s->state & SSL_ST_CONNECT)
+                {
+                sender=s->method->ssl3_enc->server_finished;
+                slen=s->method->ssl3_enc->server_finished_len;
+                }
+        else
+                {
+                sender=s->method->ssl3_enc->client_finished;
+                slen=s->method->ssl3_enc->client_finished_len;
+                }
+        s->method->ssl3_enc->final_finish_mac(s,
+                &(s->s3->finish_dgst1),
+                &(s->s3->finish_dgst2),
+                sender,slen,&(s->s3->tmp.finish_md[0]));
+        return(1);
+        }
+int ssl3_do_write(s,type)
+SSL *s;
+int type;
+        {
+        int ret;
+        ret=ssl3_write_bytes(s,type,(char *)
+                &(s->init_buf->data[s->init_off]),s->init_num);
+        if (ret == s->init_num)
+                return(1);
+        if (ret < 0) return(-1);
+        s->init_off+=ret;
+        s->init_num-=ret;
+        return(0);
+        }
+void ssl3_send_alert(s,level,desc)
+SSL *s;
+int level;
+int desc;
+        {
+        /* Map tls/ssl alert value to correct one */
+        desc=s->method->ssl3_enc->alert_value(desc);
+        if (desc < 0) return;
+        /* If a fatal one, remove from cache */
+        if ((level == 2) && (s->session != NULL))
+                SSL_CTX_remove_session(s->ctx,s->session);
+        s->s3->alert_dispatch=1;
+        s->s3->send_alert[0]=level;
+        s->s3->send_alert[1]=desc;
+        if (s->s3->wbuf.left == 0) /* data still being written out */
+                ssl3_dispatch_alert(s);
+        /* else data is still being written out, we will get written
+         * some time in the future */
+        }
+int ssl3_dispatch_alert(s)
+SSL *s;
+        {
+        int i,j;
+        void (*cb)()=NULL;
+        s->s3->alert_dispatch=0;
+        i=do_ssl3_write(s,SSL3_RT_ALERT,&(s->s3->send_alert[0]),2);
+        if (i <= 0)
+                {
+                s->s3->alert_dispatch=1;
+                }
+        else
+                {
+                /* If it is important, send it now.  If the message
+                 * does not get sent due to non-blocking IO, we will
+                 * not worry too much. */
+                if (s->s3->send_alert[0] == SSL3_AL_FATAL)
+                        BIO_flush(s->wbio);
+                if (s->info_callback != NULL)
+                        cb=s->info_callback;
+                else if (s->ctx->info_callback != NULL)
+                        cb=s->ctx->info_callback;
+                
+                if (cb != NULL)
+                        {
+                        j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
+                        cb(s,SSL_CB_WRITE_ALERT,j);
+                        }
+                }
+        return(i);
+        }
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
new file mode 100644
index 0000000000..64903af151
--- /dev/null
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -0,0 +1,1675 @@
+/* ssl/s3_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#define REUSE_CIPHER_BUG
+#include <stdio.h>
+#include "buffer.h"
+#include "rand.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+#include "ssl_locl.h"
+#define BREAK   break
+/* SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_MALLOC_FAILURE);
+ * SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
+ * SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+ * SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_MALLOC_FAILURE);
+ * SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+ */
+#ifndef NOPROTO
+static int ssl3_get_client_hello(SSL *s);
+static int ssl3_send_server_hello(SSL *s);
+static int ssl3_send_server_key_exchange(SSL *s);
+static int ssl3_send_certificate_request(SSL *s);
+static int ssl3_send_server_done(SSL *s);
+static int ssl3_get_cert_verify(SSL *s);
+static int ssl3_get_client_key_exchange(SSL *s);
+static int ssl3_get_client_certificate(SSL *s);
+static int ssl3_send_hello_request(SSL *s);
+#else
+static int ssl3_get_client_hello();
+static int ssl3_send_server_hello();
+static int ssl3_send_server_key_exchange();
+static int ssl3_send_certificate_request();
+static int ssl3_send_server_done();
+static int ssl3_get_cert_verify();
+static int ssl3_get_client_key_exchange();
+static int ssl3_get_client_certificate();
+static int ssl3_send_hello_request();
+#endif
+static SSL_METHOD *ssl3_get_server_method(ver)
+int ver;
+        {
+        if (ver == SSL3_VERSION)
+                return(SSLv3_server_method());
+        else
+                return(NULL);
+        }
+SSL_METHOD *SSLv3_server_method()
+        {
+        static int init=1;
+        static SSL_METHOD SSLv3_server_data;
+        if (init)
+                {
+                init=0;
+                memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+                        sizeof(SSL_METHOD));
+                SSLv3_server_data.ssl_accept=ssl3_accept;
+                SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+                }
+        return(&SSLv3_server_data);
+        }
+int ssl3_accept(s)
+SSL *s;
+        {
+        BUF_MEM *buf;
+        unsigned long l,Time=time(NULL);
+        void (*cb)()=NULL;
+        long num1;
+        int ret= -1;
+        CERT *ct;
+        BIO *under;
+        int new_state,state,skip=0;
+        RAND_seed((unsigned char *)&Time,sizeof(Time));
+        ERR_clear_error();
+        clear_sys_error();
+        if (s->info_callback != NULL)
+                cb=s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+                cb=s->ctx->info_callback;
+        /* init things to blank */
+        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+        s->in_handshake++;
+#ifdef undef
+        /* FIX THIS EAY EAY EAY */
+        /* we don't actually need a cert, we just need a cert or a DH_tmp */
+        if (((s->session == NULL) || (s->session->cert == NULL)) &&
+                (s->cert == NULL))
+                {
+                SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
+                ret= -1;
+                goto end;
+                }
+#endif
+        for (;;)
+                {
+                state=s->state;
+                switch (s->state)
+                        {
+                case SSL_ST_RENEGOTIATE:
+                        s->new_session=1;
+                        /* s->state=SSL_ST_ACCEPT; */
+                case SSL_ST_BEFORE:
+                case SSL_ST_ACCEPT:
+                case SSL_ST_BEFORE|SSL_ST_ACCEPT:
+                case SSL_ST_OK|SSL_ST_ACCEPT:
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+                        if ((s->version>>8) != 3)
+                                abort();
+                        /* s->version=SSL3_VERSION; */
+                        s->type=SSL_ST_ACCEPT;
+                        if (s->init_buf == NULL)
+                                {
+                                if ((buf=BUF_MEM_new()) == NULL)
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                s->init_buf=buf;
+                                }
+                        if (!ssl3_setup_buffers(s))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+                        /* Ok, we now need to push on a buffering BIO so that
+                         * the output is sent in a way that TCP likes :-)
+                         */
+                        if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+                        s->init_num=0;
+                        if (s->state != SSL_ST_RENEGOTIATE)
+                                {
+                                s->state=SSL3_ST_SR_CLNT_HELLO_A;
+                                ssl3_init_finished_mac(s);
+                                s->ctx->sess_accept++;
+                                }
+                        else
+                                {
+                                s->ctx->sess_accept_renegotiate++;
+                                s->state=SSL3_ST_SW_HELLO_REQ_A;
+                                }
+                        break;
+                case SSL3_ST_SW_HELLO_REQ_A:
+                case SSL3_ST_SW_HELLO_REQ_B:
+                        s->shutdown=0;
+                        ret=ssl3_send_hello_request(s);
+                        if (ret <= 0) goto end;
+                        s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
+                        s->state=SSL3_ST_SW_FLUSH;
+                        s->init_num=0;
+                        ssl3_init_finished_mac(s);
+                        break;
+                case SSL3_ST_SW_HELLO_REQ_C:
+                        /* remove buffering on output */
+                        under=BIO_pop(s->wbio);
+                        if (under != NULL)
+                                s->wbio=under;
+                        else
+                                abort(); /* ok */
+                        BIO_free(s->bbio);
+                        s->bbio=NULL;
+                        s->state=SSL_ST_OK;
+                        ret=1;
+                        goto end;
+                        /* break; */
+                case SSL3_ST_SR_CLNT_HELLO_A:
+                case SSL3_ST_SR_CLNT_HELLO_B:
+                case SSL3_ST_SR_CLNT_HELLO_C:
+                        s->shutdown=0;
+                        ret=ssl3_get_client_hello(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_SW_SRVR_HELLO_A;
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_SW_SRVR_HELLO_A:
+                case SSL3_ST_SW_SRVR_HELLO_B:
+                        ret=ssl3_send_server_hello(s);
+                        if (ret <= 0) goto end;
+                        if (s->hit)
+                                s->state=SSL3_ST_SW_CHANGE_A;
+                        else
+                                s->state=SSL3_ST_SW_CERT_A;
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_SW_CERT_A:
+                case SSL3_ST_SW_CERT_B:
+                        /* Check if it is anon DH */
+                        if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+                                {
+                                ret=ssl3_send_server_certificate(s);
+                                if (ret <= 0) goto end;
+                                }
+                        else
+                                skip=1;
+                        s->state=SSL3_ST_SW_KEY_EXCH_A;
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_SW_KEY_EXCH_A:
+                case SSL3_ST_SW_KEY_EXCH_B:
+                        l=s->s3->tmp.new_cipher->algorithms;
+                        if (s->session->cert == NULL)
+                                {
+                                if (s->cert != NULL)
+                                        {
+                                        CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
+                                        s->session->cert=s->cert;
+                                        }
+                                else
+                                        {
+                                        CRYPTO_add(&s->ctx->default_cert->references,1,CRYPTO_LOCK_SSL_CERT);
+                                        s->session->cert=s->ctx->default_cert;
+                                        }
+                                }
+                        ct=s->session->cert;
+                        /* clear this, it may get reset by
+                         * send_server_key_exchange */
+                        if (s->options & SSL_OP_EPHEMERAL_RSA)
+                                s->s3->tmp.use_rsa_tmp=1;
+                        else
+                                s->s3->tmp.use_rsa_tmp=0;
+                        /* only send if a DH key exchange, fortezza or
+                         * RSA but we have a sign only certificate */
+                        if ( s->s3->tmp.use_rsa_tmp ||
+                            (l & (SSL_DH|SSL_kFZA)) ||
+                            ((l & SSL_kRSA) &&
+                             ((ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)||
+                              ((l & SSL_EXPORT) &&
+                               (EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > 512)
+                              )
+                             )
+                            )
+                           )
+                                {
+                                ret=ssl3_send_server_key_exchange(s);
+                                if (ret <= 0) goto end;
+                                }
+                        else
+                                skip=1;
+                        s->state=SSL3_ST_SW_CERT_REQ_A;
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_SW_CERT_REQ_A:
+                case SSL3_ST_SW_CERT_REQ_B:
+                        if (!(s->verify_mode & SSL_VERIFY_PEER) ||
+                                ((s->session->peer != NULL) &&
+                                 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
+                                {
+                                /* no cert request */
+                                skip=1;
+                                s->s3->tmp.cert_request=0;
+                                s->state=SSL3_ST_SW_SRVR_DONE_A;
+                                }
+                        else
+                                {
+                                s->s3->tmp.cert_request=1;
+                                ret=ssl3_send_certificate_request(s);
+                                if (ret <= 0) goto end;
+                                s->state=SSL3_ST_SW_SRVR_DONE_A;
+                                s->init_num=0;
+                                }
+                        break;
+                case SSL3_ST_SW_SRVR_DONE_A:
+                case SSL3_ST_SW_SRVR_DONE_B:
+                        ret=ssl3_send_server_done(s);
+                        if (ret <= 0) goto end;
+                        s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
+                        s->state=SSL3_ST_SW_FLUSH;
+                        s->init_num=0;
+                        break;
+                
+                case SSL3_ST_SW_FLUSH:
+                        /* number of bytes to be flushed */
+                        num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+                        if (num1 > 0)
+                                {
+                                s->rwstate=SSL_WRITING;
+                                num1=BIO_flush(s->wbio);
+                                if (num1 <= 0) { ret= -1; goto end; }
+                                s->rwstate=SSL_NOTHING;
+                                }
+                        s->state=s->s3->tmp.next_state;
+                        break;
+                case SSL3_ST_SR_CERT_A:
+                case SSL3_ST_SR_CERT_B:
+                        /* could be sent for a DH cert, even if we
+                         * have not asked for it :-) */
+                        ret=ssl3_get_client_certificate(s);
+                        if (ret <= 0) goto end;
+                        s->init_num=0;
+                        s->state=SSL3_ST_SR_KEY_EXCH_A;
+                        break;
+                case SSL3_ST_SR_KEY_EXCH_A:
+                case SSL3_ST_SR_KEY_EXCH_B:
+                        ret=ssl3_get_client_key_exchange(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_SR_CERT_VRFY_A;
+                        s->init_num=0;
+                        /* We need to get hashes here so if there is
+                         * a client cert, it can be verified */ 
+                        s->method->ssl3_enc->cert_verify_mac(s,
+                                &(s->s3->finish_dgst1),
+                                &(s->s3->tmp.finish_md[0]));
+                        s->method->ssl3_enc->cert_verify_mac(s,
+                                &(s->s3->finish_dgst2),
+                                &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]));
+                        break;
+                case SSL3_ST_SR_CERT_VRFY_A:
+                case SSL3_ST_SR_CERT_VRFY_B:
+                        /* we should decide if we expected this one */
+                        ret=ssl3_get_cert_verify(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_SR_FINISHED_A;
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_SR_FINISHED_A:
+                case SSL3_ST_SR_FINISHED_B:
+                        ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
+                                SSL3_ST_SR_FINISHED_B);
+                        if (ret <= 0) goto end;
+                        if (s->hit)
+                                s->state=SSL_ST_OK;
+                        else
+                                s->state=SSL3_ST_SW_CHANGE_A;
+                        s->init_num=0;
+                        break;
+                case SSL3_ST_SW_CHANGE_A:
+                case SSL3_ST_SW_CHANGE_B:
+                        s->session->cipher=s->s3->tmp.new_cipher;
+                        if (!s->method->ssl3_enc->setup_key_block(s))
+                                { ret= -1; goto end; }
+                        ret=ssl3_send_change_cipher_spec(s,
+                                SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_SW_FINISHED_A;
+                        s->init_num=0;
+                        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                SSL3_CHANGE_CIPHER_SERVER_WRITE))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+                        break;
+                case SSL3_ST_SW_FINISHED_A:
+                case SSL3_ST_SW_FINISHED_B:
+                        ret=ssl3_send_finished(s,
+                                SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
+                                s->method->ssl3_enc->server_finished,
+                                s->method->ssl3_enc->server_finished_len);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_SW_FLUSH;
+                        if (s->hit)
+                                s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+                        else
+                                s->s3->tmp.next_state=SSL_ST_OK;
+                        s->init_num=0;
+                        break;
+                case SSL_ST_OK:
+                        /* clean a few things up */
+                        ssl3_cleanup_key_block(s);
+                        BUF_MEM_free(s->init_buf);
+                        s->init_buf=NULL;
+                        /* remove buffering on output */
+                        under=BIO_pop(s->wbio);
+                        if (under != NULL)
+                                s->wbio=under;
+                        else
+                                abort(); /* ok */
+                        BIO_free(s->bbio);
+                        s->bbio=NULL;
+                        s->new_session=0;
+                        s->init_num=0;
+                        ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+                        s->ctx->sess_accept_good++;
+                        /* s->server=1; */
+                        s->handshake_func=ssl3_accept;
+                        ret=1;
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+                        goto end;
+                        /* break; */
+                default:
+                        SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
+                        ret= -1;
+                        goto end;
+                        /* break; */
+                        }
+                
+                if (!s->s3->tmp.reuse_message && !skip)
+                        {
+                        if (s->debug)
+                                {
+                                if ((ret=BIO_flush(s->wbio)) <= 0)
+                                        goto end;
+                                }
+                        if ((cb != NULL) && (s->state != state))
+                                {
+                                new_state=s->state;
+                                s->state=state;
+                                cb(s,SSL_CB_ACCEPT_LOOP,1);
+                                s->state=new_state;
+                                }
+                        }
+                skip=0;
+                }
+end:
+        /* BIO_flush(s->wbio); */
+        if (cb != NULL)
+                cb(s,SSL_CB_ACCEPT_EXIT,ret);
+        s->in_handshake--;
+        return(ret);
+        }
+static int ssl3_send_hello_request(s)
+SSL *s;
+        {
+        unsigned char *p;
+        if (s->state == SSL3_ST_SW_HELLO_REQ_A)
+                {
+                p=(unsigned char *)s->init_buf->data;
+                *(p++)=SSL3_MT_CLIENT_REQUEST;
+                *(p++)=0;
+                *(p++)=0;
+                *(p++)=0;
+                s->state=SSL3_ST_SW_HELLO_REQ_B;
+                /* number of bytes to write */
+                s->init_num=4;
+                s->init_off=0;
+                }
+        /* SSL3_ST_SW_HELLO_REQ_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+static int ssl3_get_client_hello(s)
+SSL *s;
+        {
+        int i,j,ok,al,ret= -1;
+        long n;
+        unsigned long id;
+        unsigned char *p,*d;
+        SSL_CIPHER *c;
+        STACK *ciphers=NULL;
+        /* We do this so that we will respond with our native type.
+         * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
+         * This down switching should be handled by a different method.
+         * If we are SSLv3, we will respond with SSLv3, even if prompted with
+         * TLSv1.
+         */
+        if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
+                {
+                s->first_packet=1;
+                s->state=SSL3_ST_SR_CLNT_HELLO_B;
+                }
+        n=ssl3_get_message(s,
+                SSL3_ST_SR_CLNT_HELLO_B,
+                SSL3_ST_SR_CLNT_HELLO_C,
+                SSL3_MT_CLIENT_HELLO,
+                SSL3_RT_MAX_PLAIN_LENGTH,
+                &ok);
+        if (!ok) return((int)n);
+        d=p=(unsigned char *)s->init_buf->data;
+        /* The version number has already been checked in ssl3_get_message.
+         * I a native TLSv1/SSLv3 method, the match must be correct except
+         * perhaps for the first message */
+        p+=2;
+        /* load the client random */
+        memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
+        p+=SSL3_RANDOM_SIZE;
+        /* get the session-id */
+        j= *(p++);
+        s->hit=0;
+        if (j == 0)
+                {
+                if (!ssl_get_new_session(s,1))
+                        goto err;
+                }
+        else
+                {
+                i=ssl_get_prev_session(s,p,j);
+                if (i == 1)
+                        { /* previous session */
+                        s->hit=1;
+                        }
+                else
+                        {
+                        if (!ssl_get_new_session(s,1))
+                                goto err;
+                        }
+                }
+        p+=j;
+        n2s(p,i);
+        if ((i == 0) && (j != 0))
+                {
+                /* we need a cipher if we are not resuming a session */
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
+                goto f_err;
+                }
+        if ((i+p) > (d+n))
+                {
+                /* not enough data */
+                al=SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
+                goto f_err;
+                }
+        if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
+                == NULL))
+                {
+                goto err;
+                }
+        p+=i;
+        /* If it is a hit, check that the cipher is in the list */
+        if ((s->hit) && (i > 0))
+                {
+                j=0;
+                id=s->session->cipher->id;
+                for (i=0; i<sk_num(ciphers); i++)
+                        {
+                        c=(SSL_CIPHER *)sk_value(ciphers,i);
+                        if (c->id == id)
+                                {
+                                j=1;
+                                break;
+                                }
+                        }
+                if (j == 0)
+                        {
+                        if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_num(ciphers) == 1))
+                                {
+                                /* Very bad for multi-threading.... */
+                                s->session->cipher=
+                                        (SSL_CIPHER *)sk_value(ciphers,0);
+                                }
+                        else
+                                {
+                                /* we need to have the cipher in the cipher
+                                 * list if we are asked to reuse it */
+                                al=SSL_AD_ILLEGAL_PARAMETER;
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
+                                goto f_err;
+                                }
+                        }
+                }
+        /* compression */
+        i= *(p++);
+        for (j=0; j<i; j++)
+                if (p[j] == 0) break;
+        p+=i;
+        if (j >= i)
+                {
+                /* no compress */
+                al=SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
+                goto f_err;
+                }
+        /* TLS does not mind if there is extra stuff */
+        if (s->version == SSL3_VERSION)
+                {
+                if (p > (d+n))
+                        {
+                        /* wrong number of bytes,
+                         * there could be more to follow */
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
+                        goto f_err;
+                        }
+                }
+        /* do nothing with compression */
+        /* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
+         * pick a cipher */
+        if (!s->hit)
+                {
+                if (s->session->ciphers != NULL)
+                        sk_free(s->session->ciphers);
+                s->session->ciphers=ciphers;
+                if (ciphers == NULL)
+                        {
+                        al=SSL_AD_ILLEGAL_PARAMETER;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
+                        goto f_err;
+                        }
+                ciphers=NULL;
+                c=ssl3_choose_cipher(s,s->session->ciphers,
+                        ssl_get_ciphers_by_id(s));
+                if (c == NULL)
+                        {
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
+                        goto f_err;
+                        }
+                s->s3->tmp.new_cipher=c;
+                }
+        else
+                {
+                /* Session-id reuse */
+#ifdef REUSE_CIPHER_BUG
+                STACK *sk;
+                SSL_CIPHER *nc=NULL;
+                SSL_CIPHER *ec=NULL;
+                if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
+                        {
+                        sk=s->session->ciphers;
+                        for (i=0; i<sk_num(sk); i++)
+                                {
+                                c=(SSL_CIPHER *)sk_value(sk,i);
+                                if (c->algorithms & SSL_eNULL)
+                                        nc=c;
+                                if (c->algorithms & SSL_EXP)
+                                        ec=c;
+                                }
+                        if (nc != NULL)
+                                s->s3->tmp.new_cipher=nc;
+                        else if (ec != NULL)
+                                s->s3->tmp.new_cipher=ec;
+                        else
+                                s->s3->tmp.new_cipher=s->session->cipher;
+                        }
+                else
+#endif
+                s->s3->tmp.new_cipher=s->session->cipher;
+                }
+        
+        /* we now have the following setup. 
+         * client_random
+         * cipher_list          - our prefered list of ciphers
+         * ciphers              - the clients prefered list of ciphers
+         * compression          - basically ignored right now
+         * ssl version is set   - sslv3
+         * s->session           - The ssl session has been setup.
+         * s->hit               - sesson reuse flag
+         * s->tmp.new_cipher    - the new cipher to use.
+         */
+        ret=1;
+        if (0)
+                {
+f_err:
+                ssl3_send_alert(s,SSL3_AL_FATAL,al);
+                }
+err:
+        if (ciphers != NULL) sk_free(ciphers);
+        return(ret);
+        }
+static int ssl3_send_server_hello(s)
+SSL *s;
+        {
+        unsigned char *buf;
+        unsigned char *p,*d;
+        int i,sl;
+        unsigned long l,Time;
+        if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
+                {
+                buf=(unsigned char *)s->init_buf->data;
+                p=s->s3->server_random;
+                Time=time(NULL);                        /* Time */
+                l2n(Time,p);
+                RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+                /* Do the message type and length last */
+                d=p= &(buf[4]);
+                *(p++)=s->version>>8;
+                *(p++)=s->version&0xff;
+                /* Random stuff */
+                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+                p+=SSL3_RANDOM_SIZE;
+                /* now in theory we have 3 options to sending back the
+                 * session id.  If it is a re-use, we send back the
+                 * old session-id, if it is a new session, we send
+                 * back the new session-id or we send back a 0 length
+                 * session-id if we want it to be single use.
+                 * Currently I will not implement the '0' length session-id
+                 * 12-Jan-98 - I'll now support the '0' length stuff.
+                 */
+                if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
+                        s->session->session_id_length=0;
+                sl=s->session->session_id_length;
+                *(p++)=sl;
+                memcpy(p,s->session->session_id,sl);
+                p+=sl;
+                /* put the cipher */
+                i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
+                p+=i;
+                /* put the compression method */
+                *(p++)=0;
+                /* do the header */
+                l=(p-d);
+                d=buf;
+                *(d++)=SSL3_MT_SERVER_HELLO;
+                l2n3(l,d);
+                s->state=SSL3_ST_CW_CLNT_HELLO_B;
+                /* number of bytes to write */
+                s->init_num=p-buf;
+                s->init_off=0;
+                }
+        /* SSL3_ST_CW_CLNT_HELLO_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+static int ssl3_send_server_done(s)
+SSL *s;
+        {
+        unsigned char *p;
+        if (s->state == SSL3_ST_SW_SRVR_DONE_A)
+                {
+                p=(unsigned char *)s->init_buf->data;
+                /* do the header */
+                *(p++)=SSL3_MT_SERVER_DONE;
+                *(p++)=0;
+                *(p++)=0;
+                *(p++)=0;
+                s->state=SSL3_ST_SW_SRVR_DONE_B;
+                /* number of bytes to write */
+                s->init_num=4;
+                s->init_off=0;
+                }
+        /* SSL3_ST_CW_CLNT_HELLO_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+static int ssl3_send_server_key_exchange(s)
+SSL *s;
+        {
+#ifndef NO_RSA
+        unsigned char *q;
+        int j,num;
+        RSA *rsa;
+        unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+#endif
+#ifndef NO_DH
+        DH *dh,*dhp;
+#endif
+        EVP_PKEY *pkey;
+        unsigned char *p,*d;
+        int al,i;
+        unsigned long type;
+        int n;
+        CERT *cert;
+        BIGNUM *r[4];
+        int nr[4],kn;
+        BUF_MEM *buf;
+        EVP_MD_CTX md_ctx;
+        if (s->state == SSL3_ST_SW_KEY_EXCH_A)
+                {
+                type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
+                cert=s->session->cert;
+                buf=s->init_buf;
+                r[0]=r[1]=r[2]=r[3]=NULL;
+                n=0;
+#ifndef NO_RSA
+                if (type & SSL_kRSA)
+                        {
+                        rsa=cert->rsa_tmp;
+                        if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL))
+                                {
+                                rsa=s->ctx->default_cert->rsa_tmp_cb(s,
+                                        (s->s3->tmp.new_cipher->algorithms|
+                                        SSL_NOT_EXP)?0:1);
+                                CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+                                cert->rsa_tmp=rsa;
+                                }
+                        if (rsa == NULL)
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
+                                goto f_err;
+                                }
+                        r[0]=rsa->n;
+                        r[1]=rsa->e;
+                        s->s3->tmp.use_rsa_tmp=1;
+                        }
+                else
+#endif
+#ifndef NO_DH
+                        if (type & SSL_kEDH)
+                        {
+                        dhp=cert->dh_tmp;
+                        if ((dhp == NULL) && (cert->dh_tmp_cb != NULL))
+                                dhp=cert->dh_tmp_cb(s,
+                                        (s->s3->tmp.new_cipher->algorithms|
+                                        SSL_NOT_EXP)?0:1);
+                        if (dhp == NULL)
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
+                                goto f_err;
+                                }
+                        if ((dh=DHparams_dup(dhp)) == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                goto err;
+                                }
+                        s->s3->tmp.dh=dh;
+                        if (((dhp->pub_key == NULL) ||
+                             (dhp->priv_key == NULL) ||
+                             (s->options & SSL_OP_SINGLE_DH_USE)) &&
+                            (!DH_generate_key(dh)))
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                goto err;
+                                }
+                        else
+                                {
+                                dh->pub_key=BN_dup(dhp->pub_key);
+                                dh->priv_key=BN_dup(dhp->priv_key);
+                                if ((dh->pub_key == NULL) ||
+                                        (dh->priv_key == NULL))
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                        goto err;
+                                        }
+                                }
+                        r[0]=dh->p;
+                        r[1]=dh->g;
+                        r[2]=dh->pub_key;
+                        }
+                else 
+#endif
+                        {
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+                        goto f_err;
+                        }
+                for (i=0; r[i] != NULL; i++)
+                        {
+                        nr[i]=BN_num_bytes(r[i]);
+                        n+=2+nr[i];
+                        }
+                if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+                        {
+                        if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
+                                == NULL)
+                                {
+                                al=SSL_AD_DECODE_ERROR;
+                                goto f_err;
+                                }
+                        kn=EVP_PKEY_size(pkey);
+                        }
+                else
+                        {
+                        pkey=NULL;
+                        kn=0;
+                        }
+                if (!BUF_MEM_grow(buf,n+4+kn))
+                        {
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
+                        goto err;
+                        }
+                d=(unsigned char *)s->init_buf->data;
+                p= &(d[4]);
+                for (i=0; r[i] != NULL; i++)
+                        {
+                        s2n(nr[i],p);
+                        BN_bn2bin(r[i],p);
+                        p+=nr[i];
+                        }
+                /* not anonymous */
+                if (pkey != NULL)
+                        {
+                        /* n is the length of the params, they start at &(d[4])
+                         * and p points to the space at the end. */
+#ifndef NO_RSA
+                        if (pkey->type == EVP_PKEY_RSA)
+                                {
+                                q=md_buf;
+                                j=0;
+                                for (num=2; num > 0; num--)
+                                        {
+                                        EVP_DigestInit(&md_ctx,(num == 2)
+                                                ?s->ctx->md5:s->ctx->sha1);
+                                        EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+                                        EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+                                        EVP_DigestUpdate(&md_ctx,&(d[4]),n);
+                                        EVP_DigestFinal(&md_ctx,q,
+                                                (unsigned int *)&i);
+                                        q+=i;
+                                        j+=i;
+                                        }
+                                i=RSA_private_encrypt(j,md_buf,&(p[2]),
+                                        pkey->pkey.rsa,RSA_PKCS1_PADDING);
+                                if (i <= 0)
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
+                                        goto err;
+                                        }
+                                s2n(i,p);
+                                n+=i+2;
+                                }
+                        else
+#endif
+#if !defined(NO_DSA)
+                                if (pkey->type == EVP_PKEY_DSA)
+                                {
+                                /* lets do DSS */
+                                EVP_SignInit(&md_ctx,EVP_dss1());
+                                EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+                                EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+                                EVP_SignUpdate(&md_ctx,&(d[4]),n);
+                                if (!EVP_SignFinal(&md_ctx,&(p[2]),
+                                        (unsigned int *)&i,pkey))
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
+                                        goto err;
+                                        }
+                                s2n(i,p);
+                                n+=i+2;
+                                }
+                        else
+#endif
+                                {
+                                /* Is this error check actually needed? */
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
+                                goto f_err;
+                                }
+                        }
+                *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
+                l2n3(n,d);
+                /* we should now have things packed up, so lets send
+                 * it off */
+                s->init_num=n+4;
+                s->init_off=0;
+                }
+        /* SSL3_ST_SW_KEY_EXCH_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        return(-1);
+        }
+static int ssl3_send_certificate_request(s)
+SSL *s;
+        {
+        unsigned char *p,*d;
+        int i,j,nl,off,n;
+        STACK *sk=NULL;
+        X509_NAME *name;
+        BUF_MEM *buf;
+        if (s->state == SSL3_ST_SW_CERT_REQ_A)
+                {
+                buf=s->init_buf;
+                d=p=(unsigned char *)&(buf->data[4]);
+                /* get the list of acceptable cert types */
+                p++;
+                n=ssl3_get_req_cert_type(s,p);
+                d[0]=n;
+                p+=n;
+                n++;
+                off=n;
+                p+=2;
+                n+=2;
+                sk=SSL_get_client_CA_list(s);
+                nl=0;
+                if (sk != NULL)
+                        {
+                        for (i=0; i<sk_num(sk); i++)
+                                {
+                                name=(X509_NAME *)sk_value(sk,i);
+                                j=i2d_X509_NAME(name,NULL);
+                                if (!BUF_MEM_grow(buf,4+n+j+2))
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
+                                        goto err;
+                                        }
+                                p=(unsigned char *)&(buf->data[4+n]);
+                                if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
+                                        {
+                                        s2n(j,p);
+                                        i2d_X509_NAME(name,&p);
+                                        n+=2+j;
+                                        nl+=2+j;
+                                        }
+                                else
+                                        {
+                                        d=p;
+                                        i2d_X509_NAME(name,&p);
+                                        j-=2; s2n(j,d); j+=2;
+                                        n+=j;
+                                        nl+=j;
+                                        }
+                                }
+                        }
+                /* else no CA names */
+                p=(unsigned char *)&(buf->data[4+off]);
+                s2n(nl,p);
+                d=(unsigned char *)buf->data;
+                *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
+                l2n3(n,d);
+                /* we should now have things packed up, so lets send
+                 * it off */
+                s->init_num=n+4;
+                s->init_off=0;
+                }
+        /* SSL3_ST_SW_CERT_REQ_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+        return(-1);
+        }
+static int ssl3_get_client_key_exchange(s)
+SSL *s;
+        {
+        int i,al,ok;
+        long n;
+        unsigned long l;
+        unsigned char *p;
+        RSA *rsa=NULL;
+        EVP_PKEY *pkey=NULL;
+#ifndef NO_DH
+        BIGNUM *pub=NULL;
+        DH *dh_srvr;
+#endif
+        n=ssl3_get_message(s,
+                SSL3_ST_SR_KEY_EXCH_A,
+                SSL3_ST_SR_KEY_EXCH_B,
+                SSL3_MT_CLIENT_KEY_EXCHANGE,
+                400, /* ???? */
+                &ok);
+        if (!ok) return((int)n);
+        p=(unsigned char *)s->init_buf->data;
+        l=s->s3->tmp.new_cipher->algorithms;
+#ifndef NO_RSA
+        if (l & SSL_kRSA)
+                {
+                /* FIX THIS UP EAY EAY EAY EAY */
+                if (s->s3->tmp.use_rsa_tmp)
+                        {
+                        if ((s->session->cert != NULL) &&
+                                (s->session->cert->rsa_tmp != NULL))
+                                rsa=s->session->cert->rsa_tmp;
+                        else if ((s->ctx->default_cert != NULL) &&
+                                (s->ctx->default_cert->rsa_tmp != NULL))
+                                rsa=s->ctx->default_cert->rsa_tmp;
+                        /* Don't do a callback because rsa_tmp should
+                         * be sent already */
+                        if (rsa == NULL)
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
+                                goto f_err;
+                                }
+                        }
+                else
+                        {
+                        pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
+                        if (    (pkey == NULL) ||
+                                (pkey->type != EVP_PKEY_RSA) ||
+                                (pkey->pkey.rsa == NULL))
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
+                                goto f_err;
+                                }
+                        rsa=pkey->pkey.rsa;
+                        }
+                /* TLS */
+                if (s->version > SSL3_VERSION)
+                        {
+                        n2s(p,i);
+                        if (n != i+2)
+                                {
+                                if (!(s->options & SSL_OP_TLS_D5_BUG))
+                                        {
+                                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
+                                        goto err;
+                                        }
+                                else
+                                        p-=2;
+                                }
+                        else
+                                n=i;
+                        }
+                i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
+#if 1
+                /* If a bad decrypt, use a dud master key */
+                if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
+                        ((p[0] != (s->version>>8)) ||
+                         (p[1] != (s->version & 0xff))))
+                        {
+                        p[0]=(s->version>>8);
+                        p[1]=(s->version & 0xff);
+                        RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
+                        i=SSL_MAX_MASTER_KEY_LENGTH;
+                        }
+#else
+                if (i != SSL_MAX_MASTER_KEY_LENGTH)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
+                        goto f_err;
+                        }
+                if ((p[0] != (s->version>>8)) || (p[1] != (s->version & 0xff)))
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+                        goto f_err;
+                        }
+#endif
+                s->session->master_key_length=
+                        s->method->ssl3_enc->generate_master_secret(s,
+                                s->session->master_key,
+                                p,i);
+                memset(p,0,i);
+                }
+        else
+#endif
+#ifndef NO_DH
+                if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+                {
+                n2s(p,i);
+                if (n != i+2)
+                        {
+                        if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+                                goto err;
+                                }
+                        else
+                                {
+                                p-=2;
+                                i=(int)n;
+                                }
+                        }
+                if (n == 0L) /* the parameters are in the cert */
+                        {
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
+                        goto f_err;
+                        }
+                else
+                        {
+                        if (s->s3->tmp.dh == NULL)
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
+                                goto f_err;
+                                }
+                        else
+                                dh_srvr=s->s3->tmp.dh;
+                        }
+                pub=BN_bin2bn(p,i,NULL);
+                if (pub == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
+                        goto err;
+                        }
+                i=DH_compute_key(p,pub,dh_srvr);
+                if (i <= 0)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                        goto err;
+                        }
+                DH_free(s->s3->tmp.dh);
+                s->s3->tmp.dh=NULL;
+                BN_clear_free(pub);
+                pub=NULL;
+                s->session->master_key_length=
+                        s->method->ssl3_enc->generate_master_secret(s,
+                                s->session->master_key,p,i);
+                }
+        else
+#endif
+                {
+                al=SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNKNOWN_CIPHER_TYPE);
+                goto f_err;
+                }
+        return(1);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+#if !defined(NO_DH) || !defined(NO_RSA)
+err:
+#endif
+        return(-1);
+        }
+static int ssl3_get_cert_verify(s)
+SSL *s;
+        {
+        EVP_PKEY *pkey=NULL;
+        unsigned char *p;
+        int al,ok,ret=0;
+        long n;
+        int type=0,i,j;
+        X509 *peer;
+        n=ssl3_get_message(s,
+                SSL3_ST_SR_CERT_VRFY_A,
+                SSL3_ST_SR_CERT_VRFY_B,
+                -1,
+                512, /* 512? */
+                &ok);
+        if (!ok) return((int)n);
+        if (s->session->peer != NULL)
+                {
+                peer=s->session->peer;
+                pkey=X509_get_pubkey(peer);
+                type=X509_certificate_type(peer,pkey);
+                }
+        else
+                {
+                peer=NULL;
+                pkey=NULL;
+                }
+        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
+                {
+                s->s3->tmp.reuse_message=1;
+                if ((peer != NULL) && (type | EVP_PKT_SIGN))
+                        {
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
+                        goto f_err;
+                        }
+                ret=1;
+                goto end;
+                }
+        if (peer == NULL)
+                {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                goto f_err;
+                }
+        if (!(type & EVP_PKT_SIGN))
+                {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                goto f_err;
+                }
+        if (s->s3->change_cipher_spec)
+                {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                goto f_err;
+                }
+        /* we now have a signature that we need to verify */
+        p=(unsigned char *)s->init_buf->data;
+        n2s(p,i);
+        n-=2;
+        if (i > n)
+                {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
+                al=SSL_AD_DECODE_ERROR;
+                goto f_err;
+                }
+        j=EVP_PKEY_size(pkey);
+        if ((i > j) || (n > j) || (n <= 0))
+                {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
+                al=SSL_AD_DECODE_ERROR;
+                goto f_err;
+                }
+#ifndef NO_RSA 
+        if (pkey->type == EVP_PKEY_RSA)
+                {
+                i=RSA_public_decrypt(i,p,p,pkey->pkey.rsa,RSA_PKCS1_PADDING);
+                if (i < 0)
+                        {
+                        al=SSL_AD_DECRYPT_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
+                        goto f_err;
+                        }
+                if ((i != (MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH)) ||
+                        memcmp(&(s->s3->tmp.finish_md[0]),p,
+                                MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH))
+                        {
+                        al=SSL_AD_DECRYPT_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
+                        goto f_err;
+                        }
+                }
+        else
+#endif
+#ifndef NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                {
+                j=DSA_verify(pkey->save_type,
+                        &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]),
+                        SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
+                if (j <= 0)
+                        {
+                        /* bad signature */
+                        al=SSL_AD_DECRYPT_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
+                        goto f_err;
+                        }
+                }
+        else
+#endif
+                {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_INTERNAL_ERROR);
+                al=SSL_AD_UNSUPPORTED_CERTIFICATE;
+                goto f_err;
+                }
+        ret=1;
+        if (0)
+                {
+f_err:
+                ssl3_send_alert(s,SSL3_AL_FATAL,al);
+                }
+end:
+        return(ret);
+        }
+static int ssl3_get_client_certificate(s)
+SSL *s;
+        {
+        int i,ok,al,ret= -1;
+        X509 *x=NULL;
+        unsigned long l,nc,llen,n;
+        unsigned char *p,*d,*q;
+        STACK *sk=NULL;
+        n=ssl3_get_message(s,
+                SSL3_ST_SR_CERT_A,
+                SSL3_ST_SR_CERT_B,
+                -1,
+#if defined(MSDOS) && !defined(WIN32)
+                1024*30, /* 30k max cert list :-) */
+#else
+                1024*100, /* 100k max cert list :-) */
+#endif
+                &ok);
+        if (!ok) return((int)n);
+        if      (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
+                {
+                if (    (s->verify_mode & SSL_VERIFY_PEER) &&
+                        (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        goto f_err;
+                        }
+                /* If tls asked for a client cert we must return a 0 list */
+                if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        goto f_err;
+                        }
+                s->s3->tmp.reuse_message=1;
+                return(1);
+                }
+        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
+                goto f_err;
+                }
+        d=p=(unsigned char *)s->init_buf->data;
+        if ((sk=sk_new_null()) == NULL)
+                {
+                SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        n2l3(p,llen);
+        if (llen+3 != n)
+                {
+                al=SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
+                goto f_err;
+                }
+        for (nc=0; nc<llen; )
+                {
+                n2l3(p,l);
+                if ((l+nc+3) > llen)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
+                        goto f_err;
+                        }
+                q=p;
+                x=d2i_X509(NULL,&p,l);
+                if (x == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                if (p != (q+l))
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
+                        goto f_err;
+                        }
+                if (!sk_push(sk,(char *)x))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                x=NULL;
+                nc+=l+3;
+                }
+        if (sk_num(sk) <= 0)
+                {
+                /* TLS does not mind 0 certs returned */
+                if (s->version == SSL3_VERSION)
+                        {
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
+                        goto f_err;
+                        }
+                /* Fail for TLS only if we required a certificate */
+                else if ((s->verify_mode & SSL_VERIFY_PEER) &&
+                         (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        goto f_err;
+                        }
+                }
+        else
+                {
+                i=ssl_verify_cert_chain(s,sk);
+                if (!i)
+                        {
+                        al=ssl_verify_alarm_type(s->verify_result);
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
+                        goto f_err;
+                        }
+                }
+        /* This should not be needed */
+        if (s->session->peer != NULL)
+                X509_free(s->session->peer);
+        s->session->peer=(X509 *)sk_shift(sk);
+        ret=1;
+        if (0)
+                {
+f_err:
+                ssl3_send_alert(s,SSL3_AL_FATAL,al);
+                }
+err:
+        if (x != NULL) X509_free(x);
+        if (sk != NULL) sk_pop_free(sk,X509_free);
+        return(ret);
+        }
+int ssl3_send_server_certificate(s)
+SSL *s;
+        {
+        unsigned long l;
+        X509 *x;
+        if (s->state == SSL3_ST_SW_CERT_A)
+                {
+                x=ssl_get_server_send_cert(s);
+                if (x == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,SSL_R_INTERNAL_ERROR);
+                        return(0);
+                        }
+                l=ssl3_output_cert_chain(s,x);
+                s->state=SSL3_ST_SW_CERT_B;
+                s->init_num=(int)l;
+                s->init_off=0;
+                }
+        /* SSL3_ST_SW_CERT_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
new file mode 100644
index 0000000000..cf8f9651b2
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -0,0 +1,1453 @@
+/* ssl/ssl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_SSL_H 
+#define HEADER_SSL_H 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+/* SSLeay version number for ASN.1 encoding of the session information */
+/* Version 0 - initial version
+ * Version 1 - added the optional peer certificate
+ */
+#define SSL_SESSION_ASN1_VERSION 0x0001
+/* text strings for the ciphers */
+#define SSL_TXT_NULL_WITH_MD5           SSL2_TXT_NULL_WITH_MD5                  
+#define SSL_TXT_RC4_128_WITH_MD5        SSL2_TXT_RC4_128_WITH_MD5               
+#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5    
+#define SSL_TXT_RC2_128_CBC_WITH_MD5    SSL2_TXT_RC2_128_CBC_WITH_MD5           
+#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5    
+#define SSL_TXT_IDEA_128_CBC_WITH_MD5   SSL2_TXT_IDEA_128_CBC_WITH_MD5          
+#define SSL_TXT_DES_64_CBC_WITH_MD5     SSL2_TXT_DES_64_CBC_WITH_MD5            
+#define SSL_TXT_DES_64_CBC_WITH_SHA     SSL2_TXT_DES_64_CBC_WITH_SHA            
+#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5    
+#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA    
+#define SSL_MAX_SSL_SESSION_ID_LENGTH           32
+#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
+#define SSL_MAX_KEY_ARG_LENGTH                  8
+#define SSL_MAX_MASTER_KEY_LENGTH               48
+/* These are used to specify which ciphers to use and not to use */
+#define SSL_TXT_LOW             "LOW"
+#define SSL_TXT_MEDIUM          "MEDIUM"
+#define SSL_TXT_HIGH            "HIGH"
+#define SSL_TXT_kFZA            "kFZA"
+#define SSL_TXT_aFZA            "aFZA"
+#define SSL_TXT_eFZA            "eFZA"
+#define SSL_TXT_FZA             "FZA"
+#define SSL_TXT_aNULL           "aNULL"
+#define SSL_TXT_eNULL           "eNULL"
+#define SSL_TXT_NULL            "NULL"
+#define SSL_TXT_kRSA            "kRSA"
+#define SSL_TXT_kDHr            "kDHr"
+#define SSL_TXT_kDHd            "kDHd"
+#define SSL_TXT_kEDH            "kEDH"
+#define SSL_TXT_aRSA            "aRSA"
+#define SSL_TXT_aDSS            "aDSS"
+#define SSL_TXT_aDH             "aDH"
+#define SSL_TXT_DSS             "DSS"
+#define SSL_TXT_DH              "DH"
+#define SSL_TXT_EDH             "EDH"
+#define SSL_TXT_ADH             "ADH"
+#define SSL_TXT_RSA             "RSA"
+#define SSL_TXT_DES             "DES"
+#define SSL_TXT_3DES            "3DES"
+#define SSL_TXT_RC4             "RC4"
+#define SSL_TXT_RC2             "RC2"
+#define SSL_TXT_IDEA            "IDEA"
+#define SSL_TXT_MD5             "MD5"
+#define SSL_TXT_SHA1            "SHA1"
+#define SSL_TXT_SHA             "SHA"
+#define SSL_TXT_EXP             "EXP"
+#define SSL_TXT_EXPORT          "EXPORT"
+#define SSL_TXT_SSLV2           "SSLv2"
+#define SSL_TXT_SSLV3           "SSLv3"
+#define SSL_TXT_ALL             "ALL"
+/* 'DEFAULT' at the start of the cipher list insert the following string
+ * in addition to this being the default cipher string */
+#ifndef NO_RSA
+#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
+#else
+#define SSL_ALLOW_ADH
+#define SSL_DEFAULT_CIPHER_LIST "HIGH:MEDIUM:LOW:ADH+3DES:ADH+RC4:ADH+DES:+EXP"
+#endif
+/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+#define SSL_SENT_SHUTDOWN       1
+#define SSL_RECEIVED_SHUTDOWN   2
+#include "crypto.h"
+#include "lhash.h"
+#include "buffer.h"
+#include "bio.h"
+#include "x509.h"
+#define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
+#define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
+/* This is needed to stop compilers complaining about the
+ * 'struct ssl_st *' function parameters used to prototype callbacks
+ * in SSL_CTX. */
+typedef struct ssl_st *ssl_crock_st;
+/* used to hold info on the particular ciphers used */
+typedef struct ssl_cipher_st
+        {
+        int valid;
+        char *name;                     /* text name */
+        unsigned long id;               /* id, 4 bytes, first is version */
+        unsigned long algorithms;       /* what ciphers are used */
+        unsigned long algorithm2;       /* Extra flags */
+        unsigned long mask;             /* used for matching */
+        } SSL_CIPHER;
+/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+typedef struct ssl_method_st
+        {
+        int version;
+        int (*ssl_new)();
+        void (*ssl_clear)();
+        void (*ssl_free)();
+        int (*ssl_accept)();
+        int (*ssl_connect)();
+        int (*ssl_read)();
+        int (*ssl_peek)();
+        int (*ssl_write)();
+        int (*ssl_shutdown)();
+        int (*ssl_renegotiate)();
+        long (*ssl_ctrl)();
+        long (*ssl_ctx_ctrl)();
+        SSL_CIPHER *(*get_cipher_by_char)();
+        int (*put_cipher_by_char)();
+        int (*ssl_pending)();
+        int (*num_ciphers)();
+        SSL_CIPHER *(*get_cipher)();
+        struct ssl_method_st *(*get_ssl_method)();
+        long (*get_timeout)();
+        struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+        } SSL_METHOD;
+typedef struct ssl_compression_st
+        {
+        char *stuff;
+        } SSL_COMPRESSION;
+/* Lets make this into an ASN.1 type structure as follows
+ * SSL_SESSION_ID ::= SEQUENCE {
+ *      version                 INTEGER,        -- structure version number
+ *      SSLversion              INTEGER,        -- SSL version number
+ *      Cipher                  OCTET_STRING,   -- the 3 byte cipher ID
+ *      Session_ID              OCTET_STRING,   -- the Session ID
+ *      Master_key              OCTET_STRING,   -- the master key
+ *      Key_Arg [ 0 ] IMPLICIT  OCTET_STRING,   -- the optional Key argument
+ *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
+ *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
+ *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
+ *      }
+ * Look in ssl/ssl_asn1.c for more details
+ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
+ */
+typedef struct ssl_session_st
+        {
+        int ssl_version;        /* what ssl version session info is
+                                 * being kept in here? */
+        /* only really used in SSLv2 */
+        unsigned int key_arg_length;
+        unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
+        int master_key_length;
+        unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+        /* session_id - valid? */
+        unsigned int session_id_length;
+        unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+        int not_resumable;
+        /* The cert is the certificate used to establish this connection */
+        struct cert_st /* CERT */ *cert;
+        /* This is the cert for the other end.  On servers, it will be
+         * the same as cert->x509 */
+        X509 *peer;
+        int references;
+        long timeout;
+        long time;
+        SSL_COMPRESSION *read_compression;
+        SSL_COMPRESSION *write_compression;
+        SSL_CIPHER *cipher;
+        unsigned long cipher_id;        /* when ASN.1 loaded, this
+                                         * needs to be used to load
+                                         * the 'cipher' structure */
+        STACK /* SSL_CIPHER */ *ciphers; /* shared ciphers? */
+        CRYPTO_EX_DATA ex_data; /* application specific data */
+        /* These are used to make removal of session-ids more
+         * efficient and to implement a maximum cache size. */
+        struct ssl_session_st *prev,*next;
+        } SSL_SESSION;
+#define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x00000001L
+#define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x00000002L
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x00000008L
+#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x00000010L
+#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020L
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x00000040L
+#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080L
+#define SSL_OP_TLS_D5_BUG                               0x00000100L
+#define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x00000200L
+/* If set, only use tmp_dh parameters once */
+#define SSL_OP_SINGLE_DH_USE                            0x00100000L
+/* Set to also use the tmp_rsa key when doing RSA operations. */
+#define SSL_OP_EPHEMERAL_RSA                            0x00200000L
+#define SSL_OP_NETSCAPE_CA_DN_BUG                       0x20000000L
+#define SSL_OP_NON_EXPORT_FIRST                         0x40000000L
+#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x80000000L
+#define SSL_OP_ALL                                      0x000FFFFFL
+#define SSL_CTX_set_options(ctx,op)     ((ctx)->options|=(op))
+#define SSL_set_options(ssl,op)         ((ssl)->options|=(op))
+#define SSL_OP_NO_SSLv2                                 0x01000000L
+#define SSL_OP_NO_SSLv3                                 0x02000000L
+#define SSL_OP_NO_TLSv1                                 0x04000000L
+/* Normally you will only use these if your application wants to use
+ * the certificate store in other places, perhaps PKCS7 */
+#define SSL_CTX_get_cert_store(ctx)     ((ctx)->cert_store)
+#define SSL_CTX_set_cert_store(ctx,cs) \
+                (X509_STORE_free((ctx)->cert_store),(ctx)->cert_store=(cs))
+#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
+typedef struct ssl_ctx_st
+        {
+        SSL_METHOD *method;
+        unsigned long options;
+        STACK /* SSL_CIPHER */ *cipher_list;
+        /* same as above but sorted for lookup */
+        STACK /* SSL_CIPHER */ *cipher_list_by_id;
+        struct x509_store_st /* X509_STORE */ *cert_store;
+        struct lhash_st /* LHASH */ *sessions;  /* a set of SSL_SESSION's */
+        /* Most session-ids that will be cached, default is
+         * SSL_SESSION_CACHE_SIZE_DEFAULT. 0 is unlimited. */
+        unsigned long session_cache_size;
+        struct ssl_session_st *session_cache_head;
+        struct ssl_session_st *session_cache_tail;
+        /* This can have one of 2 values, ored together,
+         * SSL_SESS_CACHE_CLIENT,
+         * SSL_SESS_CACHE_SERVER,
+         * Default is SSL_SESSION_CACHE_SERVER, which means only
+         * SSL_accept which cache SSL_SESSIONS. */
+        int session_cache_mode;
+        /* If timeout is not 0, it is the default timeout value set
+         * when SSL_new() is called.  This has been put in to make
+         * life easier to set things up */
+        long session_timeout;
+        /* If this callback is not null, it will be called each
+         * time a session id is added to the cache.  If this function
+         * returns 1, it means that the callback will do a
+         * SSL_SESSION_free() when it has finished using it.  Otherwise,
+         * on 0, it means the callback has finished with it.
+         * If remove_session_cb is not null, it will be called when
+         * a session-id is removed from the cache.  Again, a return
+         * of 0 mens that SSLeay should not SSL_SESSION_free() since
+         * the application is doing something with it. */
+#ifndef NOPROTO
+        int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
+        void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
+        SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
+                unsigned char *data,int len,int *copy);
+#else
+        int (*new_session_cb)();
+        void (*remove_session_cb)();
+        SSL_SESSION *(*get_session_cb)();
+#endif
+        int sess_connect;       /* SSL new connection - started */
+        int sess_connect_renegotiate;/* SSL renegotiatene  - requested */
+        int sess_connect_good;  /* SSL new connection/renegotiate - finished */
+        int sess_accept;        /* SSL new accept - started */
+        int sess_accept_renegotiate;/* SSL renegotiatene - requested */
+        int sess_accept_good;   /* SSL accept/renegotiate - finished */
+        int sess_miss;          /* session lookup misses  */
+        int sess_timeout;       /* session reuse attempt on timeouted session */
+        int sess_cache_full;    /* session removed due to full cache */
+        int sess_hit;           /* session reuse actually done */
+        int sess_cb_hit;        /* session-id that was not in the cache was
+                                 * passed back via the callback.  This
+                                 * indicates that the application is supplying
+                                 * session-id's from other processes -
+                                 * spooky :-) */
+        int references;
+        void (*info_callback)();
+        /* if defined, these override the X509_verify_cert() calls */
+        int (*app_verify_callback)();
+        char *app_verify_arg;
+        /* default values to use in SSL structures */
+        struct cert_st /* CERT */ *default_cert;
+        int default_read_ahead;
+        int default_verify_mode;
+        int (*default_verify_callback)();
+        /* Default password callback. */
+        int (*default_passwd_callback)();
+        /* get client cert callback */
+        int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
+        /* what we put in client requests */
+        STACK *client_CA;
+        int quiet_shutdown;
+        CRYPTO_EX_DATA ex_data;
+        EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
+        EVP_MD *md5;    /* For SSLv3/TLSv1 'ssl3-md5' */
+        EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
+        } SSL_CTX;
+#define SSL_SESS_CACHE_OFF                      0x0000
+#define SSL_SESS_CACHE_CLIENT                   0x0001
+#define SSL_SESS_CACHE_SERVER                   0x0002
+#define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+#define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
+/* This one, when set, makes the server session-id lookup not look
+ * in the cache.  If there is an application get_session callback
+ * defined, this will still get called. */
+#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
+#define SSL_CTX_sessions(ctx)           ((ctx)->sessions)
+/* You will need to include lhash.h to access the following #define */
+#define SSL_CTX_sess_number(ctx)        ((ctx)->sessions->num_items)
+#define SSL_CTX_sess_connect(ctx)       ((ctx)->sess_connect)
+#define SSL_CTX_sess_connect_good(ctx)  ((ctx)->sess_connect_good)
+#define SSL_CTX_sess_accept(ctx)        ((ctx)->sess_accept)
+#define SSL_CTX_sess_accept_renegotiate(ctx)    ((ctx)->sess_accept_renegotiate)
+#define SSL_CTX_sess_connect_renegotiate(ctx)   ((ctx)->sess_connect_renegotiate)
+#define SSL_CTX_sess_accept_good(ctx)   ((ctx)->sess_accept_good)
+#define SSL_CTX_sess_hits(ctx)          ((ctx)->sess_hit)
+#define SSL_CTX_sess_cb_hits(ctx)       ((ctx)->sess_cb_hit)
+#define SSL_CTX_sess_misses(ctx)        ((ctx)->sess_miss)
+#define SSL_CTX_sess_timeouts(ctx)      ((ctx)->sess_timeout)
+#define SSL_CTX_sess_cache_full(ctx)    ((ctx)->sess_cache_full)
+#define SSL_CTX_sess_set_cache_size(ctx,t) ((ctx)->session_cache_size=(t))
+#define SSL_CTX_sess_get_cache_size(ctx)   ((ctx)->session_cache_size)
+#define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
+#define SSL_CTX_sess_get_new_cb(ctx)    ((ctx)->new_session_cb)
+#define SSL_CTX_sess_set_remove_cb(ctx,cb)      ((ctx)->remove_session_cb=(cb))
+#define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
+#define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
+#define SSL_CTX_sess_get_get_cb(ctx)    ((ctx)->get_session_cb)
+#define SSL_CTX_set_session_cache_mode(ctx,m)   ((ctx)->session_cache_mode=(m))
+#define SSL_CTX_get_session_cache_mode(ctx)     ((ctx)->session_cache_mode)
+#define SSL_CTX_set_timeout(ctx,t)      ((ctx)->session_timeout=(t))
+#define SSL_CTX_get_timeout(ctx)        ((ctx)->session_timeout)
+#define SSL_CTX_set_info_callback(ctx,cb)       ((ctx)->info_callback=(cb))
+#define SSL_CTX_get_info_callback(ctx)          ((ctx)->info_callback)
+#define SSL_CTX_set_default_read_ahead(ctx,m) (((ctx)->default_read_ahead)=(m))
+#define SSL_CTX_set_client_cert_cb(ctx,cb)      ((ctx)->client_cert_cb=(cb))
+#define SSL_CTX_get_client_cert_cb(ctx)         ((ctx)->client_cert_cb)
+#define SSL_NOTHING     1
+#define SSL_WRITING     2
+#define SSL_READING     3
+#define SSL_X509_LOOKUP 4
+/* These will only be used when doing non-blocking IO */
+#define SSL_want(s)             ((s)->rwstate)
+#define SSL_want_nothing(s)     ((s)->rwstate == SSL_NOTHING)
+#define SSL_want_read(s)        ((s)->rwstate == SSL_READING)
+#define SSL_want_write(s)       ((s)->rwstate == SSL_WRITING)
+#define SSL_want_x509_lookup(s) ((s)->rwstate == SSL_X509_LOOKUP)
+typedef struct ssl_st
+        {
+        /* procol version
+         * 2 for SSLv2
+         * 3 for SSLv3
+         * -3 for SSLv3 but accept SSLv2 */
+        int version;
+        int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
+        SSL_METHOD *method; /* SSLv3 */
+        /* There are 2 BIO's even though they are normally both the
+         * same.  This is so data can be read and written to different
+         * handlers */
+#ifdef HEADER_BIO_H
+        BIO *rbio; /* used by SSL_read */
+        BIO *wbio; /* used by SSL_write */
+        BIO *bbio; /* used during session-id reuse to concatinate
+                    * messages */
+#else
+        char *rbio; /* used by SSL_read */
+        char *wbio; /* used by SSL_write */
+        char *bbio;
+#endif
+        /* This holds a variable that indicates what we were doing
+         * when a 0 or -1 is returned.  This is needed for
+         * non-blocking IO so we know what request needs re-doing when
+         * in SSL_accept or SSL_connect */
+        int rwstate;
+        /* true when we are actually in SSL_accept() or SSL_connect() */
+        int in_handshake;
+        int (*handshake_func)();
+/*      int server;*/   /* are we the server side? */
+        int new_session;/* 1 if we are to use a new session */
+        int quiet_shutdown;/* don't send shutdown packets */
+        int shutdown;   /* we have shut things down, 0x01 sent, 0x02
+                         * for received */
+        int state;      /* where we are */
+        int rstate;     /* where we are when reading */
+        BUF_MEM *init_buf;      /* buffer used during init */
+        int init_num;           /* amount read/written */
+        int init_off;           /* amount read/written */
+        /* used internally to point at a raw packet */
+        unsigned char *packet;
+        unsigned int packet_length;
+        struct ssl2_ctx_st *s2; /* SSLv2 variables */
+        struct ssl3_ctx_st *s3; /* SSLv3 variables */
+        int read_ahead;         /* Read as many input bytes as possible */
+        int hit;                /* reusing a previous session */
+        /* crypto */
+        STACK /* SSL_CIPHER */ *cipher_list;
+        STACK /* SSL_CIPHER */ *cipher_list_by_id;
+        /* These are the ones being used, the ones is SSL_SESSION are
+         * the ones to be 'copied' into these ones */
+        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
+        EVP_MD *read_hash;                      /* used for mac generation */
+        SSL_COMPRESSION *read_compression;      /* compression */
+        EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
+        EVP_MD *write_hash;                     /* used for mac generation */
+        SSL_COMPRESSION *write_compression;     /* compression */
+        /* session info */
+        /* client cert? */
+        /* This is used to hold the server certificate used */
+        struct cert_st /* CERT */ *cert;
+        /* This can also be in the session once a session is established */
+        SSL_SESSION *session;
+        /* Used in SSL2 and SSL3 */
+        int verify_mode;        /* 0 don't care about verify failure.
+                                 * 1 fail if verify fails */
+        int (*verify_callback)(); /* fail if callback returns 0 */
+        void (*info_callback)(); /* optional informational callback */
+        int error;              /* error bytes to be written */
+        int error_code;         /* actual code */
+        SSL_CTX *ctx;
+        /* set this flag to 1 and a sleep(1) is put into all SSL_read()
+         * and SSL_write() calls, good for nbio debuging :-) */
+        int debug;      
+        /* extra application data */
+        long verify_result;
+        CRYPTO_EX_DATA ex_data;
+        /* for server side, keep the list of CA_dn we can use */
+        STACK /* X509_NAME */ *client_CA;
+        int references;
+        unsigned long options;
+        int first_packet;
+        } SSL;
+#include "ssl2.h"
+#include "ssl3.h"
+#include "tls1.h" /* This is mostly sslv3 with a few tweaks */
+#include "ssl23.h"
+/* compatablity */
+#define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
+#define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
+#define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0,(char *)a))
+#define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
+#define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
+#define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
+/* The following are the possible values for ssl->state are are
+ * used to indicate where we are upto in the SSL connection establishment.
+ * The macros that follow are about the only things you should need to use
+ * and even then, only when using non-blocking IO.
+ * It can also be useful to work out where you were when the connection
+ * failed */
+#define SSL_ST_CONNECT                  0x1000
+#define SSL_ST_ACCEPT                   0x2000
+#define SSL_ST_MASK                     0x0FFF
+#define SSL_ST_INIT                     (SSL_ST_CONNECT|SSL_ST_ACCEPT)
+#define SSL_ST_BEFORE                   0x4000
+#define SSL_ST_OK                       0x03
+#define SSL_ST_RENEGOTIATE              (0x04|SSL_ST_INIT)
+#define SSL_CB_LOOP                     0x01
+#define SSL_CB_EXIT                     0x02
+#define SSL_CB_READ                     0x04
+#define SSL_CB_WRITE                    0x08
+#define SSL_CB_ALERT                    0x4000 /* used in callback */
+#define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
+#define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
+#define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
+#define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
+#define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
+#define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
+#define SSL_CB_HANDSHAKE_START          0x10
+#define SSL_CB_HANDSHAKE_DONE           0x20
+/* Is the SSL_connection established? */
+#define SSL_get_state(a)                SSL_state(a)
+#define SSL_is_init_finished(a)         (SSL_state(a) == SSL_ST_OK)
+#define SSL_in_init(a)                  (SSL_state(a)&SSL_ST_INIT)
+#define SSL_in_before(a)                (SSL_state(a)&SSL_ST_BEFORE)
+#define SSL_in_connect_init(a)          (SSL_state(a)&SSL_ST_CONNECT)
+#define SSL_in_accept_init(a)           (SSL_state(a)&SSL_ST_ACCEPT)
+/* The following 2 states are kept in ssl->rstate when reads fail,
+ * you should not need these */
+#define SSL_ST_READ_HEADER                      0xF0
+#define SSL_ST_READ_BODY                        0xF1
+#define SSL_ST_READ_DONE                        0xF2
+/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
+ * are 'ored' with SSL_VERIFY_PEER if they are desired */
+#define SSL_VERIFY_NONE                 0x00
+#define SSL_VERIFY_PEER                 0x01
+#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
+#define SSL_VERIFY_CLIENT_ONCE          0x04
+/* this is for backward compatablility */
+#if 0 /* NEW_SSLEAY */
+#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
+#define SSL_set_pref_cipher(c,n)        SSL_set_cipher_list(c,n)
+#define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))
+#define SSL_remove_session(a,b)         SSL_CTX_remove_session((a),(b))
+#define SSL_flush_sessions(a,b)         SSL_CTX_flush_sessions((a),(b))
+#endif
+/* More backward compatablity */
+#define SSL_get_cipher(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+#define SSL_get_cipher_bits(s,np) \
+                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+#define SSL_get_cipher_version(s) \
+                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
+#define SSL_get_cipher_name(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+#define SSL_get_time(a)         SSL_SESSION_get_time(a)
+#define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
+#define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
+#define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
+/* VMS linker has a 31 char name limit */
+#define SSL_CTX_set_cert_verify_callback(a,b,c) \
+                SSL_CTX_set_cert_verify_cb((a),(b),(c))
+#if 1 /*SSLEAY_MACROS*/
+#define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \
+        (char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \
+        (bp),(unsigned char **)(s_id))
+#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \
+        bp,(unsigned char *)s_id)
+#define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \
+        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb)
+#define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb)
+#define PEM_write_SSL_SESSION(fp,x) \
+        PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
+                PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL)
+#define PEM_write_bio_SSL_SESSION(bp,x) \
+        PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
+                PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
+#endif
+/* These alert types are for SSLv3 and TLSv1 */
+#define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
+#define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
+#define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC     /* fatal */
+#define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
+#define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
+#define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
+#define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE/* fatal */
+#define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE /* Not for TLS */
+#define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
+#define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
+#define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
+#define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
+#define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
+#define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
+#define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA      /* fatal */
+#define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED   /* fatal */
+#define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR    /* fatal */
+#define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
+#define SSL_AD_EXPORT_RESTRICION        TLS1_AD_EXPORT_RESTRICION/* fatal */
+#define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION /* fatal */
+#define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
+#define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR  /* fatal */
+#define SSL_AD_USER_CANCLED             TLS1_AD_USER_CANCLED
+#define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
+#define SSL_ERROR_NONE                  0
+#define SSL_ERROR_SSL                   1
+#define SSL_ERROR_WANT_READ             2
+#define SSL_ERROR_WANT_WRITE            3
+#define SSL_ERROR_WANT_X509_LOOKUP      4
+#define SSL_ERROR_SYSCALL               5 /* look at errno */
+#define SSL_ERROR_ZERO_RETURN           6
+#define SSL_ERROR_WANT_CONNECT          7
+#define SSL_CTRL_NEED_TMP_RSA                   1
+#define SSL_CTRL_SET_TMP_RSA                    2
+#define SSL_CTRL_SET_TMP_DH                     3
+#define SSL_CTRL_SET_TMP_RSA_CB                 4
+#define SSL_CTRL_SET_TMP_DH_CB                  5
+/* Add these ones */
+#define SSL_CTRL_GET_SESSION_REUSED             6
+#define SSL_CTRL_GET_CLIENT_CERT_REQUEST        7
+#define SSL_CTRL_GET_NUM_RENEGOTIATIONS         8
+#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       9
+#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       10
+#define SSL_session_reused(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
+#define SSL_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
+#define SSL_clear_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
+#define SSL_total_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
+#define SSL_CTX_need_tmp_RSA(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
+#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
+#define SSL_CTX_set_tmp_dh(ctx,dh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+/* For the next 2, the callbacks are 
+ * RSA *tmp_rsa_cb(int export)
+ * DH *tmp_dh_cb(int export)
+ */
+#define SSL_CTX_set_tmp_rsa_callback(ctx,cb) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb)
+#define SSL_CTX_set_tmp_dh_callback(ctx,dh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh)
+#ifndef NOPROTO
+#ifdef HEADER_BIO_H
+BIO_METHOD *BIO_f_ssl(void);
+BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+int BIO_ssl_copy_session_id(BIO *to,BIO *from);
+void BIO_ssl_shutdown(BIO *ssl_bio);
+#endif
+int     SSL_CTX_set_cipher_list(SSL_CTX *,char *str);
+SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
+void    SSL_CTX_free(SSL_CTX *);
+void    SSL_clear(SSL *s);
+void    SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
+SSL_CIPHER *SSL_get_current_cipher(SSL *s);
+int     SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits);
+char *  SSL_CIPHER_get_version(SSL_CIPHER *c);
+char *  SSL_CIPHER_get_name(SSL_CIPHER *c);
+int     SSL_get_fd(SSL *s);
+char  * SSL_get_cipher_list(SSL *s,int n);
+char *  SSL_get_shared_ciphers(SSL *s, char *buf, int len);
+int     SSL_get_read_ahead(SSL * s);
+int     SSL_pending(SSL *s);
+#ifndef NO_SOCK
+int     SSL_set_fd(SSL *s, int fd);
+int     SSL_set_rfd(SSL *s, int fd);
+int     SSL_set_wfd(SSL *s, int fd);
+#endif
+#ifdef HEADER_BIO_H
+void    SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
+BIO *   SSL_get_rbio(SSL *s);
+BIO *   SSL_get_wbio(SSL *s);
+#endif
+int     SSL_set_cipher_list(SSL *s, char *str);
+void    SSL_set_read_ahead(SSL *s, int yes);
+int     SSL_get_verify_mode(SSL *s);
+int     (*SSL_get_verify_callback(SSL *s))();
+void    SSL_set_verify(SSL *s, int mode, int (*callback) ());
+int     SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+int     SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+int     SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+int     SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
+int     SSL_use_certificate(SSL *ssl, X509 *x);
+int     SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);
+#ifndef NO_STDIO
+int     SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);
+int     SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);
+int     SSL_use_certificate_file(SSL *ssl, char *file, int type);
+int     SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);
+int     SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);
+int     SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);
+STACK * SSL_load_client_CA_file(char *file);
+#endif
+void    ERR_load_SSL_strings(void );
+void    SSL_load_error_strings(void );
+char *  SSL_state_string(SSL *s);
+char *  SSL_rstate_string(SSL *s);
+char *  SSL_state_string_long(SSL *s);
+char *  SSL_rstate_string_long(SSL *s);
+long    SSL_SESSION_get_time(SSL_SESSION *s);
+long    SSL_SESSION_set_time(SSL_SESSION *s, long t);
+long    SSL_SESSION_get_timeout(SSL_SESSION *s);
+long    SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+void    SSL_copy_session_id(SSL *to,SSL *from);
+SSL_SESSION *SSL_SESSION_new(void);
+unsigned long SSL_SESSION_hash(SSL_SESSION *a);
+int     SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b);
+#ifndef NO_FP_API
+int     SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses);
+#endif
+#ifdef HEADER_BIO_H
+int     SSL_SESSION_print(BIO *fp,SSL_SESSION *ses);
+#endif
+void    SSL_SESSION_free(SSL_SESSION *ses);
+int     i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
+int     SSL_set_session(SSL *to, SSL_SESSION *session);
+int     SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
+int     SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
+#ifdef HEADER_X509_H
+X509 *  SSL_get_peer_certificate(SSL *s);
+#endif
+STACK * SSL_get_peer_cert_chain(SSL *s);
+int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
+int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))();
+void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)());
+void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
+        unsigned char *d, long len);
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
+int SSL_CTX_check_private_key(SSL_CTX *ctx);
+int SSL_check_private_key(SSL *ctx);
+SSL *   SSL_new(SSL_CTX *ctx);
+void    SSL_clear(SSL *s);
+void    SSL_free(SSL *ssl);
+int     SSL_accept(SSL *ssl);
+int     SSL_connect(SSL *ssl);
+int     SSL_read(SSL *ssl,char *buf,int num);
+int     SSL_peek(SSL *ssl,char *buf,int num);
+int     SSL_write(SSL *ssl,char *buf,int num);
+long    SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
+long    SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
+int     SSL_get_error(SSL *s,int ret_code);
+char *  SSL_get_version(SSL *s);
+/* This sets the 'default' SSL version that SSL_new() will create */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
+SSL_METHOD *SSLv2_method(void);         /* SSLv2 */
+SSL_METHOD *SSLv2_server_method(void);  /* SSLv2 */
+SSL_METHOD *SSLv2_client_method(void);  /* SSLv2 */
+SSL_METHOD *SSLv3_method(void);         /* SSLv3 */
+SSL_METHOD *SSLv3_server_method(void);  /* SSLv3 */
+SSL_METHOD *SSLv3_client_method(void);  /* SSLv3 */
+SSL_METHOD *SSLv23_method(void);        /* SSLv3 but can rollback to v2 */
+SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
+SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
+SSL_METHOD *TLSv1_method(void);         /* TLSv1.0 */
+SSL_METHOD *TLSv1_server_method(void);  /* TLSv1.0 */
+SSL_METHOD *TLSv1_client_method(void);  /* TLSv1.0 */
+STACK *SSL_get_ciphers(SSL *s);
+int SSL_do_handshake(SSL *s);
+int SSL_renegotiate(SSL *s);
+int SSL_shutdown(SSL *s);
+SSL_METHOD *SSL_get_ssl_method(SSL *s);
+int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
+char *SSL_alert_type_string_long(int value);
+char *SSL_alert_type_string(int value);
+char *SSL_alert_desc_string_long(int value);
+char *SSL_alert_desc_string(int value);
+void SSL_set_client_CA_list(SSL *s, STACK *list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);
+STACK *SSL_get_client_CA_list(SSL *s);
+STACK *SSL_CTX_get_client_CA_list(SSL_CTX *s);
+int SSL_add_client_CA(SSL *ssl,X509 *x);
+int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
+void SSL_set_connect_state(SSL *s);
+void SSL_set_accept_state(SSL *s);
+long SSL_get_default_timeout(SSL *s);
+void SSLeay_add_ssl_algorithms(void );
+char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
+STACK *SSL_dup_CA_list(STACK *sk);
+SSL *SSL_dup(SSL *ssl);
+X509 *SSL_get_certificate(SSL *ssl);
+/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
+int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);
+void SSL_set_quiet_shutdown(SSL *ssl,int mode);
+int SSL_get_quiet_shutdown(SSL *ssl);
+void SSL_set_shutdown(SSL *ssl,int mode);
+int SSL_get_shutdown(SSL *ssl);
+int SSL_version(SSL *ssl);
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx,char *CAfile,char *CApath);
+SSL_SESSION *SSL_get_session(SSL *ssl);
+SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
+void SSL_set_info_callback(SSL *ssl,void (*cb)());
+void (*SSL_get_info_callback(SSL *ssl))();
+int SSL_state(SSL *ssl);
+void SSL_set_verify_result(SSL *ssl,long v);
+long SSL_get_verify_result(SSL *ssl);
+int SSL_set_ex_data(SSL *ssl,int idx,char *data);
+char *SSL_get_ex_data(SSL *ssl,int idx);
+int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+        int (*dup_func)(), void (*free_func)());
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,char *data);
+char *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
+int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+        int (*dup_func)(), void (*free_func)());
+int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,char *data);
+char *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
+int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+        int (*dup_func)(), void (*free_func)());
+#else
+BIO_METHOD *BIO_f_ssl();
+BIO *BIO_new_ssl();
+BIO *BIO_new_ssl_connect();
+BIO *BIO_new_buffer_ssl_connect();
+int BIO_ssl_copy_session_id();
+void BIO_ssl_shutdown();
+int     SSL_CTX_set_cipher_list();
+SSL_CTX *SSL_CTX_new();
+void    SSL_CTX_free();
+void    SSL_clear();
+void    SSL_CTX_flush_sessions();
+SSL_CIPHER *SSL_get_current_cipher();
+int     SSL_CIPHER_get_bits();
+char *  SSL_CIPHER_get_version();
+char *  SSL_CIPHER_get_name();
+int     SSL_get_fd();
+char  * SSL_get_cipher_list();
+char *  SSL_get_shared_ciphers();
+int     SSL_get_read_ahead();
+int     SSL_pending();
+#ifndef NO_SOCK
+int     SSL_set_fd();
+int     SSL_set_rfd();
+int     SSL_set_wfd();
+#endif
+#ifdef HEADER_BIO_H
+void    SSL_set_bio();
+BIO *   SSL_get_rbio();
+BIO *   SSL_get_wbio();
+#endif
+int     SSL_set_cipher_list();
+void    SSL_set_read_ahead();
+int     SSL_get_verify_mode();
+void    SSL_set_verify();
+int     SSL_use_RSAPrivateKey();
+int     SSL_use_RSAPrivateKey_ASN1();
+int     SSL_use_PrivateKey();
+int     SSL_use_PrivateKey_ASN1();
+int     SSL_use_certificate();
+int     SSL_use_certificate_ASN1();
+#ifndef NO_STDIO
+int     SSL_use_RSAPrivateKey_file();
+int     SSL_use_PrivateKey_file();
+int     SSL_use_certificate_file();
+int     SSL_CTX_use_RSAPrivateKey_file();
+int     SSL_CTX_use_PrivateKey_file();
+int     SSL_CTX_use_certificate_file();
+STACK * SSL_load_client_CA_file();
+#endif
+void    ERR_load_SSL_strings();
+void    SSL_load_error_strings();
+char *  SSL_state_string();
+char *  SSL_rstate_string();
+char *  SSL_state_string_long();
+char *  SSL_rstate_string_long();
+long    SSL_SESSION_get_time();
+long    SSL_SESSION_set_time();
+long    SSL_SESSION_get_timeout();
+long    SSL_SESSION_set_timeout();
+void    SSL_copy_session_id();
+SSL_SESSION *SSL_SESSION_new();
+unsigned long SSL_SESSION_hash();
+int     SSL_SESSION_cmp();
+#ifndef NO_FP_API
+int     SSL_SESSION_print_fp();
+#endif
+#ifdef HEADER_BIO_H
+int     SSL_SESSION_print();
+#endif
+void    SSL_SESSION_free();
+int     i2d_SSL_SESSION();
+int     SSL_set_session();
+int     SSL_CTX_add_session();
+int     SSL_CTX_remove_session();
+SSL_SESSION *d2i_SSL_SESSION();
+#ifdef HEADER_X509_H
+X509 *  SSL_get_peer_certificate();
+#endif
+STACK * SSL_get_peer_cert_chain();
+int SSL_CTX_get_verify_mode();
+int (*SSL_CTX_get_verify_callback())();
+void SSL_CTX_set_verify();
+void SSL_CTX_set_cert_verify_cb();
+int SSL_CTX_use_RSAPrivateKey();
+int SSL_CTX_use_RSAPrivateKey_ASN1();
+int SSL_CTX_use_PrivateKey();
+int SSL_CTX_use_PrivateKey_ASN1();
+int SSL_CTX_use_certificate();
+int SSL_CTX_use_certificate_ASN1();
+void SSL_CTX_set_default_passwd_cb();
+int SSL_CTX_check_private_key();
+int SSL_check_private_key();
+SSL *   SSL_new();
+void    SSL_clear();
+void    SSL_free();
+int     SSL_accept();
+int     SSL_connect();
+int     SSL_read();
+int     SSL_peek();
+int     SSL_write();
+long    SSL_ctrl();
+long    SSL_CTX_ctrl();
+int     SSL_get_error();
+char *  SSL_get_version();
+int SSL_CTX_set_ssl_version();
+SSL_METHOD *SSLv2_method();
+SSL_METHOD *SSLv2_server_method();
+SSL_METHOD *SSLv2_client_method();
+SSL_METHOD *SSLv3_method();
+SSL_METHOD *SSLv3_server_method();
+SSL_METHOD *SSLv3_client_method();
+SSL_METHOD *SSLv23_method();
+SSL_METHOD *SSLv23_server_method();
+SSL_METHOD *SSLv23_client_method();
+SSL_METHOD *TLSv1_method();
+SSL_METHOD *TLSv1_server_method();
+SSL_METHOD *TLSv1_client_method();
+STACK *SSL_get_ciphers();
+int SSL_do_handshake();
+int SSL_renegotiate();
+int SSL_shutdown();
+SSL_METHOD *SSL_get_ssl_method();
+int SSL_set_ssl_method();
+char *SSL_alert_type_string_long();
+char *SSL_alert_type_string();
+char *SSL_alert_desc_string_long();
+char *SSL_alert_desc_string();
+void SSL_set_client_CA_list();
+void SSL_CTX_set_client_CA_list();
+STACK *SSL_get_client_CA_list();
+STACK *SSL_CTX_get_client_CA_list();
+int SSL_add_client_CA();
+int SSL_CTX_add_client_CA();
+void SSL_set_connect_state();
+void SSL_set_accept_state();
+long SSL_get_default_timeout();
+void SSLeay_add_ssl_algorithms();
+char *SSL_CIPHER_description();
+STACK *SSL_dup_CA_list();
+SSL *SSL_dup();
+X509 *SSL_get_certificate();
+/* EVP * */ struct evp_pkey_st *SSL_get_privatekey();
+#ifdef this_is_for_mk1mf_pl
+EVP *SSL_get_privatekey();
+void SSL_CTX_set_quiet_shutdown();
+int SSL_CTX_get_quiet_shutdown();
+void SSL_set_quiet_shutdown();
+int SSL_get_quiet_shutdown();
+void SSL_set_shutdown();
+int SSL_get_shutdown();
+int SSL_version();
+int SSL_CTX_set_default_verify_paths();
+int SSL_CTX_load_verify_locations();
+SSL_SESSION *SSL_get_session();
+SSL_CTX *SSL_get_SSL_CTX();
+void SSL_set_info_callback();
+int (*SSL_get_info_callback())();
+int SSL_state();
+void SSL_set_verify_result();
+long SSL_get_verify_result();
+int SSL_set_ex_data();
+char *SSL_get_ex_data();
+int SSL_get_ex_new_index();
+int SSL_SESSION_set_ex_data();
+char *SSL_SESSION_get_ex_data();
+int SSL_SESSION_get_ex_new_index();
+int SSL_CTX_set_ex_data();
+char *SSL_CTX_get_ex_data();
+int SSL_CTX_get_ex_new_index();
+#endif
+#endif
+/* BEGIN ERROR CODES */
+/* Error codes for the SSL functions. */
+/* Function codes. */
+#define SSL_F_CLIENT_CERTIFICATE                         100
+#define SSL_F_CLIENT_HELLO                               101
+#define SSL_F_CLIENT_MASTER_KEY                          102
+#define SSL_F_D2I_SSL_SESSION                            103
+#define SSL_F_DO_SSL3_WRITE                              104
+#define SSL_F_GET_CLIENT_FINISHED                        105
+#define SSL_F_GET_CLIENT_HELLO                           106
+#define SSL_F_GET_CLIENT_MASTER_KEY                      107
+#define SSL_F_GET_SERVER_FINISHED                        108
+#define SSL_F_GET_SERVER_HELLO                           109
+#define SSL_F_GET_SERVER_VERIFY                          110
+#define SSL_F_I2D_SSL_SESSION                            111
+#define SSL_F_READ_N                                     112
+#define SSL_F_REQUEST_CERTIFICATE                        113
+#define SSL_F_SERVER_HELLO                               114
+#define SSL_F_SSL23_ACCEPT                               115
+#define SSL_F_SSL23_CLIENT_HELLO                         116
+#define SSL_F_SSL23_CONNECT                              117
+#define SSL_F_SSL23_GET_CLIENT_HELLO                     118
+#define SSL_F_SSL23_GET_SERVER_HELLO                     119
+#define SSL_F_SSL23_READ                                 120
+#define SSL_F_SSL23_WRITE                                121
+#define SSL_F_SSL2_ACCEPT                                122
+#define SSL_F_SSL2_CONNECT                               123
+#define SSL_F_SSL2_ENC_INIT                              124
+#define SSL_F_SSL2_READ                                  125
+#define SSL_F_SSL2_SET_CERTIFICATE                       126
+#define SSL_F_SSL2_WRITE                                 127
+#define SSL_F_SSL3_ACCEPT                                128
+#define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
+#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
+#define SSL_F_SSL3_CLIENT_HELLO                          131
+#define SSL_F_SSL3_CONNECT                               132
+#define SSL_F_SSL3_CTX_CTRL                              133
+#define SSL_F_SSL3_ENC                                   134
+#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST               135
+#define SSL_F_SSL3_GET_CERT_VERIFY                       136
+#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE                137
+#define SSL_F_SSL3_GET_CLIENT_HELLO                      138
+#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE               139
+#define SSL_F_SSL3_GET_FINISHED                          140
+#define SSL_F_SSL3_GET_KEY_EXCHANGE                      141
+#define SSL_F_SSL3_GET_MESSAGE                           142
+#define SSL_F_SSL3_GET_RECORD                            143
+#define SSL_F_SSL3_GET_SERVER_CERTIFICATE                144
+#define SSL_F_SSL3_GET_SERVER_DONE                       145
+#define SSL_F_SSL3_GET_SERVER_HELLO                      146
+#define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
+#define SSL_F_SSL3_READ_BYTES                            148
+#define SSL_F_SSL3_READ_N                                149
+#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST              150
+#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE               151
+#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE              152
+#define SSL_F_SSL3_SEND_CLIENT_VERIFY                    153
+#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
+#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
+#define SSL_F_SSL3_SETUP_BUFFERS                         156
+#define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
+#define SSL_F_SSL3_WRITE_BYTES                           158
+#define SSL_F_SSL3_WRITE_PENDING                         159
+#define SSL_F_SSL_BAD_METHOD                             160
+#define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
+#define SSL_F_SSL_CERT_NEW                               162
+#define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
+#define SSL_F_SSL_CREATE_CIPHER_LIST                     164
+#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  165
+#define SSL_F_SSL_CTX_NEW                                166
+#define SSL_F_SSL_CTX_SET_SSL_VERSION                    167
+#define SSL_F_SSL_CTX_USE_CERTIFICATE                    168
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               169
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               170
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY                     171
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                172
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                173
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  174
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             175
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             176
+#define SSL_F_SSL_DO_HANDSHAKE                           177
+#define SSL_F_SSL_GET_NEW_SESSION                        178
+#define SSL_F_SSL_GET_SERVER_SEND_CERT                   179
+#define SSL_F_SSL_GET_SIGN_PKEY                          180
+#define SSL_F_SSL_INIT_WBIO_BUFFER                       181
+#define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    182
+#define SSL_F_SSL_NEW                                    183
+#define SSL_F_SSL_RSA_PRIVATE_DECRYPT                    184
+#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                     185
+#define SSL_F_SSL_SESSION_NEW                            186
+#define SSL_F_SSL_SESSION_PRINT_FP                       187
+#define SSL_F_SSL_SET_CERT                               188
+#define SSL_F_SSL_SET_FD                                 189
+#define SSL_F_SSL_SET_PKEY                               190
+#define SSL_F_SSL_SET_RFD                                191
+#define SSL_F_SSL_SET_SESSION                            192
+#define SSL_F_SSL_SET_WFD                                193
+#define SSL_F_SSL_UNDEFINED_FUNCTION                     194
+#define SSL_F_SSL_USE_CERTIFICATE                        195
+#define SSL_F_SSL_USE_CERTIFICATE_ASN1                   196
+#define SSL_F_SSL_USE_CERTIFICATE_FILE                   197
+#define SSL_F_SSL_USE_PRIVATEKEY                         198
+#define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    199
+#define SSL_F_SSL_USE_PRIVATEKEY_FILE                    200
+#define SSL_F_SSL_USE_RSAPRIVATEKEY                      201
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 202
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 203
+#define SSL_F_SSL_WRITE                                  204
+#define SSL_F_TLS1_CHANGE_CIPHER_STATE                   205
+#define SSL_F_TLS1_ENC                                   206
+#define SSL_F_TLS1_SETUP_KEY_BLOCK                       207
+#define SSL_F_WRITE_PENDING                              208
+/* Reason codes. */
+#define SSL_R_APP_DATA_IN_HANDSHAKE                      100
+#define SSL_R_BAD_ALERT_RECORD                           101
+#define SSL_R_BAD_AUTHENTICATION_TYPE                    102
+#define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
+#define SSL_R_BAD_CHECKSUM                               104
+#define SSL_R_BAD_CLIENT_REQUEST                         105
+#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
+#define SSL_R_BAD_DECOMPRESSION                          107
+#define SSL_R_BAD_DH_G_LENGTH                            108
+#define SSL_R_BAD_DH_PUB_KEY_LENGTH                      109
+#define SSL_R_BAD_DH_P_LENGTH                            110
+#define SSL_R_BAD_DIGEST_LENGTH                          111
+#define SSL_R_BAD_DSA_SIGNATURE                          112
+#define SSL_R_BAD_MAC_DECODE                             113
+#define SSL_R_BAD_MESSAGE_TYPE                           114
+#define SSL_R_BAD_PACKET_LENGTH                          115
+#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
+#define SSL_R_BAD_RESPONSE_ARGUMENT                      117
+#define SSL_R_BAD_RSA_DECRYPT                            118
+#define SSL_R_BAD_RSA_ENCRYPT                            119
+#define SSL_R_BAD_RSA_E_LENGTH                           120
+#define SSL_R_BAD_RSA_MODULUS_LENGTH                     121
+#define SSL_R_BAD_RSA_SIGNATURE                          122
+#define SSL_R_BAD_SIGNATURE                              123
+#define SSL_R_BAD_SSL_FILETYPE                           124
+#define SSL_R_BAD_SSL_SESSION_ID_LENGTH                  125
+#define SSL_R_BAD_STATE                                  126
+#define SSL_R_BAD_WRITE_RETRY                            127
+#define SSL_R_BIO_NOT_SET                                128
+#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
+#define SSL_R_BN_LIB                                     130
+#define SSL_R_CA_DN_LENGTH_MISMATCH                      131
+#define SSL_R_CA_DN_TOO_LONG                             132
+#define SSL_R_CCS_RECEIVED_EARLY                         133
+#define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
+#define SSL_R_CERT_LENGTH_MISMATCH                       135
+#define SSL_R_CHALLENGE_IS_DIFFERENT                     136
+#define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
+#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
+#define SSL_R_CIPHER_TABLE_SRC_ERROR                     139
+#define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
+#define SSL_R_COMPRESSION_FAILURE                        141
+#define SSL_R_CONNECTION_ID_IS_DIFFERENT                 142
+#define SSL_R_CONNECTION_TYPE_NOT_SET                    143
+#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              144
+#define SSL_R_DATA_LENGTH_TOO_LONG                       145
+#define SSL_R_DECRYPTION_FAILED                          146
+#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            147
+#define SSL_R_DIGEST_CHECK_FAILED                        148
+#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  149
+#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              150
+#define SSL_R_EXCESSIVE_MESSAGE_SIZE                     151
+#define SSL_R_EXTRA_DATA_IN_MESSAGE                      152
+#define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     153
+#define SSL_R_HTTPS_PROXY_REQUEST                        154
+#define SSL_R_HTTP_REQUEST                               155
+#define SSL_R_INTERNAL_ERROR                             156
+#define SSL_R_INVALID_CHALLENGE_LENGTH                   157
+#define SSL_R_LENGTH_MISMATCH                            158
+#define SSL_R_LENGTH_TOO_SHORT                           159
+#define SSL_R_LIBRARY_HAS_NO_CIPHERS                     160
+#define SSL_R_MISSING_DH_DSA_CERT                        161
+#define SSL_R_MISSING_DH_KEY                             162
+#define SSL_R_MISSING_DH_RSA_CERT                        163
+#define SSL_R_MISSING_DSA_SIGNING_CERT                   164
+#define SSL_R_MISSING_EXPORT_TMP_DH_KEY                  165
+#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY                 166
+#define SSL_R_MISSING_RSA_CERTIFICATE                    167
+#define SSL_R_MISSING_RSA_ENCRYPTING_CERT                168
+#define SSL_R_MISSING_RSA_SIGNING_CERT                   169
+#define SSL_R_MISSING_TMP_DH_KEY                         170
+#define SSL_R_MISSING_TMP_RSA_KEY                        171
+#define SSL_R_MISSING_TMP_RSA_PKEY                       172
+#define SSL_R_MISSING_VERIFY_MESSAGE                     173
+#define SSL_R_NON_SSLV2_INITIAL_PACKET                   174
+#define SSL_R_NO_CERTIFICATES_RETURNED                   175
+#define SSL_R_NO_CERTIFICATE_ASSIGNED                    176
+#define SSL_R_NO_CERTIFICATE_RETURNED                    177
+#define SSL_R_NO_CERTIFICATE_SET                         178
+#define SSL_R_NO_CERTIFICATE_SPECIFIED                   179
+#define SSL_R_NO_CIPHERS_AVAILABLE                       180
+#define SSL_R_NO_CIPHERS_PASSED                          181
+#define SSL_R_NO_CIPHERS_SPECIFIED                       182
+#define SSL_R_NO_CIPHER_LIST                             183
+#define SSL_R_NO_CIPHER_MATCH                            184
+#define SSL_R_NO_CLIENT_CERT_RECEIVED                    185
+#define SSL_R_NO_COMPRESSION_SPECIFIED                   186
+#define SSL_R_NO_PRIVATEKEY                              187
+#define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    188
+#define SSL_R_NO_PROTOCOLS_AVAILABLE                     189
+#define SSL_R_NO_PUBLICKEY                               190
+#define SSL_R_NO_SHARED_CIPHER                           191
+#define SSL_R_NULL_SSL_CTX                               192
+#define SSL_R_NULL_SSL_METHOD_PASSED                     193
+#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            194
+#define SSL_R_PACKET_LENGTH_TOO_LONG                     195
+#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          196
+#define SSL_R_PEER_ERROR                                 197
+#define SSL_R_PEER_ERROR_CERTIFICATE                     198
+#define SSL_R_PEER_ERROR_NO_CERTIFICATE                  199
+#define SSL_R_PEER_ERROR_NO_CIPHER                       200
+#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE    201
+#define SSL_R_PRE_MAC_LENGTH_TOO_LONG                    202
+#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS          203
+#define SSL_R_PROTOCOL_IS_SHUTDOWN                       204
+#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR                   205
+#define SSL_R_PUBLIC_KEY_IS_NOT_RSA                      206
+#define SSL_R_PUBLIC_KEY_NOT_RSA                         207
+#define SSL_R_READ_BIO_NOT_SET                           208
+#define SSL_R_READ_WRONG_PACKET_TYPE                     209
+#define SSL_R_RECORD_LENGTH_MISMATCH                     210
+#define SSL_R_RECORD_TOO_LARGE                           211
+#define SSL_R_REQUIRED_CIPHER_MISSING                    212
+#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                 213
+#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                   214
+#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                 215
+#define SSL_R_SHORT_READ                                 216
+#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      217
+#define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  218
+#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
+#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
+#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
+#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
+#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
+#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE         219
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE      220
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER           221
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 222
+#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
+#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE      223
+#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
+#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         224
+#define SSL_R_SSL_HANDSHAKE_FAILURE                      225
+#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 226
+#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT                227
+#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER       228
+#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 229
+#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    230
+#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            231
+#define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  232
+#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY               233
+#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               234
+#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       235
+#define SSL_R_UNABLE_TO_FIND_SSL_METHOD                  236
+#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES           237
+#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           238
+#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          239
+#define SSL_R_UNEXPECTED_MESSAGE                         240
+#define SSL_R_UNEXPECTED_RECORD                          241
+#define SSL_R_UNKNOWN_ALERT_TYPE                         242
+#define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   243
+#define SSL_R_UNKNOWN_CIPHER_RETURNED                    244
+#define SSL_R_UNKNOWN_CIPHER_TYPE                        245
+#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  246
+#define SSL_R_UNKNOWN_PKEY_TYPE                          247
+#define SSL_R_UNKNOWN_PROTOCOL                           248
+#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE                  249
+#define SSL_R_UNKNOWN_SSL_VERSION                        250
+#define SSL_R_UNKNOWN_STATE                              251
+#define SSL_R_UNSUPPORTED_CIPHER                         252
+#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          253
+#define SSL_R_UNSUPPORTED_PROTOCOL                       254
+#define SSL_R_UNSUPPORTED_SSL_VERSION                    255
+#define SSL_R_WRITE_BIO_NOT_SET                          256
+#define SSL_R_WRONG_CIPHER_RETURNED                      257
+#define SSL_R_WRONG_MESSAGE_TYPE                         258
+#define SSL_R_WRONG_NUMBER_OF_KEY_BITS                   259
+#define SSL_R_WRONG_SIGNATURE_LENGTH                     260
+#define SSL_R_WRONG_SIGNATURE_SIZE                       261
+#define SSL_R_WRONG_SSL_VERSION                          262
+#define SSL_R_WRONG_VERSION_NUMBER                       263
+#define SSL_R_X509_LIB                                   264
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/ssl/ssl2.h b/src/lib/libssl/src/ssl/ssl2.h
new file mode 100644
index 0000000000..3dc94e520b
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl2.h
@@ -0,0 +1,265 @@
+/* ssl/ssl2.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_SSL2_H 
+#define HEADER_SSL2_H 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+/* Protocol Version Codes */
+#define SSL2_VERSION            0x0002
+#define SSL2_VERSION_MAJOR      0x00
+#define SSL2_VERSION_MINOR      0x02
+#define SSL2_CLIENT_VERSION     0x0002
+#define SSL2_SERVER_VERSION     0x0002
+/* Protocol Message Codes */
+#define SSL2_MT_ERROR                   0
+#define SSL2_MT_CLIENT_HELLO            1
+#define SSL2_MT_CLIENT_MASTER_KEY       2
+#define SSL2_MT_CLIENT_FINISHED         3
+#define SSL2_MT_SERVER_HELLO            4
+#define SSL2_MT_SERVER_VERIFY           5
+#define SSL2_MT_SERVER_FINISHED         6
+#define SSL2_MT_REQUEST_CERTIFICATE     7
+#define SSL2_MT_CLIENT_CERTIFICATE      8
+/* Error Message Codes */
+#define SSL2_PE_UNDEFINED_ERROR         0x0000
+#define SSL2_PE_NO_CIPHER               0x0001
+#define SSL2_PE_NO_CERTIFICATE          0x0002
+#define SSL2_PE_BAD_CERTIFICATE         0x0004
+#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
+/* Cipher Kind Values */
+#define SSL2_CK_NULL_WITH_MD5                   0x02000000 /* v3 */
+#define SSL2_CK_RC4_128_WITH_MD5                0x02010080
+#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5       0x02020080
+#define SSL2_CK_RC2_128_CBC_WITH_MD5            0x02030080
+#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5   0x02040080
+#define SSL2_CK_IDEA_128_CBC_WITH_MD5           0x02050080
+#define SSL2_CK_DES_64_CBC_WITH_MD5             0x02060040
+#define SSL2_CK_DES_64_CBC_WITH_SHA             0x02060140 /* v3 */
+#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5       0x020700c0
+#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA       0x020701c0 /* v3 */
+#define SSL2_CK_RC4_64_WITH_MD5                 0x02080080 /* MS hack */
+ 
+#define SSL2_CK_DES_64_CFB64_WITH_MD5_1         0x02ff0800 /* SSLeay */
+#define SSL2_CK_NULL                            0x02ff0810 /* SSLeay */
+#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1        "DES-CFB-M1"
+#define SSL2_TXT_NULL_WITH_MD5                  "NULL-MD5"
+#define SSL2_TXT_RC4_128_WITH_MD5               "RC4-MD5"
+#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5      "EXP-RC4-MD5"
+#define SSL2_TXT_RC2_128_CBC_WITH_MD5           "RC2-CBC-MD5"
+#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5  "EXP-RC2-CBC-MD5"
+#define SSL2_TXT_IDEA_128_CBC_WITH_MD5          "IDEA-CBC-MD5"
+#define SSL2_TXT_DES_64_CBC_WITH_MD5            "DES-CBC-MD5"
+#define SSL2_TXT_DES_64_CBC_WITH_SHA            "DES-CBC-SHA"
+#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5      "DES-CBC3-MD5"
+#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA      "DES-CBC3-SHA"
+#define SSL2_TXT_RC4_64_WITH_MD5                "RC4-64-MD5"
+#define SSL2_TXT_NULL                           "NULL"
+/* Flags for the SSL_CIPHER.algorithm2 field */
+#define SSL2_CF_5_BYTE_ENC                      0x01
+#define SSL2_CF_8_BYTE_ENC                      0x02
+/* Certificate Type Codes */
+#define SSL2_CT_X509_CERTIFICATE                0x01
+/* Authentication Type Code */
+#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION         0x01
+#define SSL2_MAX_SSL_SESSION_ID_LENGTH          32
+/* Upper/Lower Bounds */
+#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS      256
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    (unsigned int)32767 
+#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383 /**/
+#define SSL2_CHALLENGE_LENGTH   16
+/*#define SSL2_CHALLENGE_LENGTH 32 */
+#define SSL2_MIN_CHALLENGE_LENGTH       16
+#define SSL2_MAX_CHALLENGE_LENGTH       32
+#define SSL2_CONNECTION_ID_LENGTH       16
+#define SSL2_MAX_CONNECTION_ID_LENGTH   16
+#define SSL2_SSL_SESSION_ID_LENGTH      16
+#define SSL2_MAX_CERT_CHALLENGE_LENGTH  32
+#define SSL2_MIN_CERT_CHALLENGE_LENGTH  16
+#define SSL2_MAX_KEY_MATERIAL_LENGTH    24
+#ifndef HEADER_SSL_LOCL_H
+#define  CERT           char
+#endif
+typedef struct ssl2_ctx_st
+        {
+        int three_byte_header;
+        int clear_text;         /* clear text */
+        int escape;             /* not used in SSLv2 */
+        int ssl2_rollback;      /* used if SSLv23 rolled back to SSLv2 */
+        /* non-blocking io info, used to make sure the same
+         * args were passwd */
+        unsigned int wnum;      /* number of bytes sent so far */
+        int wpend_tot;
+        char *wpend_buf;
+        int wpend_off;  /* offset to data to write */
+        int wpend_len;  /* number of bytes passwd to write */
+        int wpend_ret;  /* number of bytes to return to caller */
+        /* buffer raw data */
+        int rbuf_left;
+        int rbuf_offs;
+        unsigned char *rbuf;
+        unsigned char *wbuf;
+        unsigned char *write_ptr;/* used to point to the start due to
+                                  * 2/3 byte header. */
+        unsigned int padding;
+        unsigned int rlength; /* passed to ssl2_enc */
+        int ract_data_length; /* Set when things are encrypted. */
+        unsigned int wlength; /* passed to ssl2_enc */
+        int wact_data_length; /* Set when things are decrypted. */
+        unsigned char *ract_data;
+        unsigned char *wact_data;
+        unsigned char *mac_data;
+        unsigned char *pad_data;
+        unsigned char *read_key;
+        unsigned char *write_key;
+                /* Stuff specifically to do with this SSL session */
+        unsigned int challenge_length;
+        unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
+        unsigned int conn_id_length;
+        unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
+        unsigned int key_material_length;
+        unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
+        unsigned long read_sequence;
+        unsigned long write_sequence;
+        struct  {
+                unsigned int conn_id_length;
+                unsigned int cert_type; 
+                unsigned int cert_length;
+                int csl; 
+                int clear;
+                unsigned int enc; 
+                unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
+                int cipher_spec_length;
+                unsigned int session_id_length;
+                unsigned int clen;
+                unsigned int rlen;
+                } tmp;
+        } SSL2_CTX;
+/* SSLv2 */
+/* client */
+#define SSL2_ST_SEND_CLIENT_HELLO_A             (0x10|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_HELLO_B             (0x11|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_HELLO_A              (0x20|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_HELLO_B              (0x21|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A        (0x30|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B        (0x31|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_FINISHED_A          (0x40|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_FINISHED_B          (0x41|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A       (0x50|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B       (0x51|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C       (0x52|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D       (0x53|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_VERIFY_A             (0x60|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_VERIFY_B             (0x61|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_FINISHED_A           (0x70|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_FINISHED_B           (0x71|SSL_ST_CONNECT)
+#define SSL2_ST_CLIENT_START_ENCRYPTION         (0x80|SSL_ST_CONNECT)
+#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE     (0x90|SSL_ST_CONNECT)
+/* server */
+#define SSL2_ST_GET_CLIENT_HELLO_A              (0x10|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_HELLO_B              (0x11|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_HELLO_C              (0x12|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_HELLO_A             (0x20|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_HELLO_B             (0x21|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_MASTER_KEY_A         (0x30|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_MASTER_KEY_B         (0x31|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_VERIFY_A            (0x40|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_VERIFY_B            (0x41|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_VERIFY_C            (0x42|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_FINISHED_A           (0x50|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_FINISHED_B           (0x51|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_FINISHED_A          (0x60|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_FINISHED_B          (0x61|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A      (0x70|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B      (0x71|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C      (0x72|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D      (0x73|SSL_ST_ACCEPT)
+#define SSL2_ST_SERVER_START_ENCRYPTION         (0x80|SSL_ST_ACCEPT)
+#define SSL2_ST_X509_GET_SERVER_CERTIFICATE     (0x90|SSL_ST_ACCEPT)
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/ssl/ssl23.h b/src/lib/libssl/src/ssl/ssl23.h
new file mode 100644
index 0000000000..d3228983c7
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl23.h
@@ -0,0 +1,83 @@
+/* ssl/ssl23.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_SSL23_H 
+#define HEADER_SSL23_H 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+/*client */
+/* write to server */
+#define SSL23_ST_CW_CLNT_HELLO_A        (0x210|SSL_ST_CONNECT)
+#define SSL23_ST_CW_CLNT_HELLO_B        (0x211|SSL_ST_CONNECT)
+/* read from server */
+#define SSL23_ST_CR_SRVR_HELLO_A        (0x220|SSL_ST_CONNECT)
+#define SSL23_ST_CR_SRVR_HELLO_B        (0x221|SSL_ST_CONNECT)
+/* server */
+/* read from client */
+#define SSL23_ST_SR_CLNT_HELLO_A        (0x210|SSL_ST_ACCEPT)
+#define SSL23_ST_SR_CLNT_HELLO_B        (0x211|SSL_ST_ACCEPT)
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h
new file mode 100644
index 0000000000..95772eef60
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl3.h
@@ -0,0 +1,455 @@
+/* ssl/ssl3.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_SSL3_H 
+#define HEADER_SSL3_H 
+#include "buffer.h"
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#define SSL3_CK_RSA_NULL_MD5                    0x03000001
+#define SSL3_CK_RSA_NULL_SHA                    0x03000002
+#define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
+#define SSL3_CK_RSA_RC4_128_MD5                 0x03000004
+#define SSL3_CK_RSA_RC4_128_SHA                 0x03000005
+#define SSL3_CK_RSA_RC2_40_MD5                  0x03000006
+#define SSL3_CK_RSA_IDEA_128_SHA                0x03000007
+#define SSL3_CK_RSA_DES_40_CBC_SHA              0x03000008
+#define SSL3_CK_RSA_DES_64_CBC_SHA              0x03000009
+#define SSL3_CK_RSA_DES_192_CBC3_SHA            0x0300000A
+#define SSL3_CK_DH_DSS_DES_40_CBC_SHA           0x0300000B
+#define SSL3_CK_DH_DSS_DES_64_CBC_SHA           0x0300000C
+#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
+#define SSL3_CK_DH_RSA_DES_40_CBC_SHA           0x0300000E
+#define SSL3_CK_DH_RSA_DES_64_CBC_SHA           0x0300000F
+#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
+#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          0x03000011
+#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          0x03000012
+#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA        0x03000013
+#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          0x03000014
+#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          0x03000015
+#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        0x03000016
+#define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
+#define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
+#define SSL3_CK_ADH_DES_40_CBC_SHA              0x03000019
+#define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
+#define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
+#define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
+#define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
+#define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+#define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
+#define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
+#define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
+#define SSL3_TXT_RSA_RC4_128_MD5                "RC4-MD5"
+#define SSL3_TXT_RSA_RC4_128_SHA                "RC4-SHA"
+#define SSL3_TXT_RSA_RC2_40_MD5                 "EXP-RC2-CBC-MD5"
+#define SSL3_TXT_RSA_IDEA_128_SHA               "IDEA-CBC-SHA"
+#define SSL3_TXT_RSA_DES_40_CBC_SHA             "EXP-DES-CBC-SHA"
+#define SSL3_TXT_RSA_DES_64_CBC_SHA             "DES-CBC-SHA"
+#define SSL3_TXT_RSA_DES_192_CBC3_SHA           "DES-CBC3-SHA"
+#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA          "EXP-DH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA          "DH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
+#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA          "EXP-DH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
+#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA       "EDH-DSS-DES-CBC3-SHA"
+#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA         "EXP-EDH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA         "EDH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"
+#define SSL3_TXT_ADH_RC4_40_MD5                 "EXP-ADH-RC4-MD5"
+#define SSL3_TXT_ADH_RC4_128_MD5                "ADH-RC4-MD5"
+#define SSL3_TXT_ADH_DES_40_CBC_SHA             "EXP-ADH-DES-CBC-SHA"
+#define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
+#define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
+#define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
+#define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
+#define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
+#define SSL3_SSL_SESSION_ID_LENGTH              32
+#define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
+#define SSL3_MASTER_SECRET_SIZE                 48
+#define SSL3_RANDOM_SIZE                        32
+#define SSL3_SESSION_ID_SIZE                    32
+#define SSL3_RT_HEADER_LENGTH                   5
+/* Due to MS stuffing up, this can change.... */
+#if defined(WIN16) || (defined(MSDOS) && !defined(WIN32))
+#define SSL3_RT_MAX_EXTRA                       (14000)
+#else
+#define SSL3_RT_MAX_EXTRA                       (16384)
+#endif
+#define SSL3_RT_MAX_PLAIN_LENGTH                16384
+#define SSL3_RT_MAX_COMPRESSED_LENGTH   (1024+SSL3_RT_MAX_PLAIN_LENGTH)
+#define SSL3_RT_MAX_ENCRYPTED_LENGTH    (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
+#define SSL3_RT_MAX_PACKET_SIZE         (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+#define SSL3_RT_MAX_DATA_SIZE                   (1024*1024)
+/* the states that a SSL3_RECORD can be in
+ * For SSL_read it goes
+ * rbuf->ENCODED        -> read 
+ * ENCODED              -> we need to decode everything - call decode_record
+ */
+ 
+#define SSL3_RS_BLANK                   1
+#define SSL3_RS_DATA
+#define SSL3_RS_ENCODED                 2
+#define SSL3_RS_READ_MORE               3
+#define SSL3_RS_WRITE_MORE
+#define SSL3_RS_PLAIN                   3
+#define SSL3_RS_PART_READ               4
+#define SSL3_RS_PART_WRITE              5
+#define SSL3_MD_CLIENT_FINISHED_CONST   {0x43,0x4C,0x4E,0x54}
+#define SSL3_MD_SERVER_FINISHED_CONST   {0x53,0x52,0x56,0x52}
+#define SSL3_VERSION                    0x0300
+#define SSL3_VERSION_MAJOR              0x03
+#define SSL3_VERSION_MINOR              0x00
+#define SSL3_RT_CHANGE_CIPHER_SPEC      20
+#define SSL3_RT_ALERT                   21
+#define SSL3_RT_HANDSHAKE               22
+#define SSL3_RT_APPLICATION_DATA        23
+#define SSL3_AL_WARNING                 1
+#define SSL3_AL_FATAL                   2
+#define SSL3_AD_CLOSE_NOTIFY             0
+#define SSL3_AD_UNEXPECTED_MESSAGE      10      /* fatal */
+#define SSL3_AD_BAD_RECORD_MAC          20      /* fatal */
+#define SSL3_AD_DECOMPRESSION_FAILURE   30      /* fatal */
+#define SSL3_AD_HANDSHAKE_FAILURE       40      /* fatal */
+#define SSL3_AD_NO_CERTIFICATE          41
+#define SSL3_AD_BAD_CERTIFICATE         42
+#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
+#define SSL3_AD_CERTIFICATE_REVOKED     44
+#define SSL3_AD_CERTIFICATE_EXPIRED     45
+#define SSL3_AD_CERTIFICATE_UNKNOWN     46
+#define SSL3_AD_ILLEGAL_PARAMETER       47      /* fatal */
+typedef struct ssl3_record_st
+        {
+/*r */  int type;               /* type of record */
+/*  */  /*int state;*/          /* any data in it? */
+/*rw*/  unsigned int length;    /* How many bytes available */
+/*r */  unsigned int off;       /* read/write offset into 'buf' */
+/*rw*/  unsigned char *data;    /* pointer to the record data */
+/*rw*/  unsigned char *input;   /* where the decode bytes are */
+/*rw*/  unsigned char *comp;    /* only used with decompression */
+        } SSL3_RECORD;
+typedef struct ssl3_buffer_st
+        {
+/*r */  int total;              /* used in non-blocking writes */
+/*r */  int wanted;             /* how many more bytes we need */
+/*rw*/  int left;               /* how many bytes left */
+/*rw*/  int offset;             /* where to 'copy from' */
+/*rw*/  unsigned char *buf;     /* SSL3_RT_MAX_PACKET_SIZE bytes */
+        } SSL3_BUFFER;
+typedef struct ssl3_compression_st {
+        int nothing;
+        } SSL3_COMPRESSION;
+#define SSL3_CT_RSA_SIGN                        1
+#define SSL3_CT_DSS_SIGN                        2
+#define SSL3_CT_RSA_FIXED_DH                    3
+#define SSL3_CT_DSS_FIXED_DH                    4
+#define SSL3_CT_RSA_EPHEMERAL_DH                5
+#define SSL3_CT_DSS_EPHEMERAL_DH                6
+#define SSL3_CT_FORTEZZA_DMS                    20
+#define SSL3_CT_NUMBER                          7
+#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
+#define SSL3_FLAGS_DELAY_CLIENT_FINISHED        0x0002
+#define SSL3_FLAGS_POP_BUFFER                   0x0004
+#define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
+#if 0
+#define AD_CLOSE_NOTIFY                 0
+#define AD_UNEXPECTED_MESSAGE           1
+#define AD_BAD_RECORD_MAC               2
+#define AD_DECRYPTION_FAILED            3
+#define AD_RECORD_OVERFLOW              4
+#define AD_DECOMPRESSION_FAILURE        5       /* fatal */
+#define AD_HANDSHAKE_FAILURE            6       /* fatal */
+#define AD_NO_CERTIFICATE               7       /* Not under TLS */
+#define AD_BAD_CERTIFICATE              8
+#define AD_UNSUPPORTED_CERTIFICATE      9
+#define AD_CERTIFICATE_REVOKED          10      
+#define AD_CERTIFICATE_EXPIRED          11
+#define AD_CERTIFICATE_UNKNOWN          12
+#define AD_ILLEGAL_PARAMETER            13      /* fatal */
+#define AD_UNKNOWN_CA                   14      /* fatal */
+#define AD_ACCESS_DENIED                15      /* fatal */
+#define AD_DECODE_ERROR                 16      /* fatal */
+#define AD_DECRYPT_ERROR                17
+#define AD_EXPORT_RESTRICION            18      /* fatal */
+#define AD_PROTOCOL_VERSION             19      /* fatal */
+#define AD_INSUFFICIENT_SECURITY        20      /* fatal */
+#define AD_INTERNAL_ERROR               21      /* fatal */
+#define AD_USER_CANCLED                 22
+#define AD_NO_RENEGOTIATION             23
+#endif
+typedef struct ssl3_ctx_st
+        {
+        long flags;
+        int delay_buf_pop_ret;
+        unsigned char read_sequence[8];
+        unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
+        unsigned char write_sequence[8];
+        unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
+        unsigned char server_random[SSL3_RANDOM_SIZE];
+        unsigned char client_random[SSL3_RANDOM_SIZE];
+        SSL3_BUFFER rbuf;       /* read IO goes into here */
+        SSL3_BUFFER wbuf;       /* write IO goes into here */
+        SSL3_RECORD rrec;       /* each decoded record goes in here */
+        SSL3_RECORD wrec;       /* goes out from here */
+                                /* Used by ssl3_read_n to point
+                                 * to input data packet */
+        /* partial write - check the numbers match */
+        unsigned int wnum;      /* number of bytes sent so far */
+        int wpend_tot;          /* number bytes written */
+        int wpend_type;
+        int wpend_ret;          /* number of bytes submitted */
+        char *wpend_buf;
+        /* used during startup, digest all incoming/outgoing packets */
+        EVP_MD_CTX finish_dgst1;
+        EVP_MD_CTX finish_dgst2;
+        /* this is set whenerver we see a change_cipher_spec message
+         * come in when we are not looking for one */
+        int change_cipher_spec;
+        int warn_alert;
+        int fatal_alert;
+        /* we alow one fatal and one warning alert to be outstanding,
+         * send close alert via the warning alert */
+        int alert_dispatch;
+        char send_alert[2];
+        /* This flag is set when we should renegotiate ASAP, basically when
+         * there is no more data in the read or write buffers */
+        int renegotiate;
+        int total_renegotiations;
+        int num_renegotiations;
+        int in_read_app_data;
+        struct  {
+                /* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */
+                unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+                
+                unsigned long message_size;
+                int message_type;
+                /* used to hold the new cipher we are going to use */
+                SSL_CIPHER *new_cipher;
+                DH *dh;
+                /* used when SSL_ST_FLUSH_DATA is entered */
+                int next_state;                 
+                int reuse_message;
+                /* used for certificate requests */
+                int cert_req;
+                int ctype_num;
+                char ctype[SSL3_CT_NUMBER];
+                STACK *ca_names;
+                int use_rsa_tmp;
+                int key_block_length;
+                unsigned char *key_block;
+                EVP_CIPHER *new_sym_enc;
+                EVP_MD *new_hash;
+                SSL_COMPRESSION *new_compression;
+                int cert_request;
+                } tmp;
+        } SSL3_CTX;
+/* SSLv3 */
+/*client */
+/* extra state */
+#define SSL3_ST_CW_FLUSH                (0x100|SSL_ST_CONNECT)
+/* write to server */
+#define SSL3_ST_CW_CLNT_HELLO_A         (0x110|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CLNT_HELLO_B         (0x111|SSL_ST_CONNECT)
+/* read from server */
+#define SSL3_ST_CR_SRVR_HELLO_A         (0x120|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SRVR_HELLO_B         (0x121|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_A               (0x130|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_B               (0x131|SSL_ST_CONNECT)
+#define SSL3_ST_CR_KEY_EXCH_A           (0x140|SSL_ST_CONNECT)
+#define SSL3_ST_CR_KEY_EXCH_B           (0x141|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_REQ_A           (0x150|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_REQ_B           (0x151|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SRVR_DONE_A          (0x160|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SRVR_DONE_B          (0x161|SSL_ST_CONNECT)
+/* write to server */
+#define SSL3_ST_CW_CERT_A               (0x170|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_B               (0x171|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_C               (0x172|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_D               (0x173|SSL_ST_CONNECT)
+#define SSL3_ST_CW_KEY_EXCH_A           (0x180|SSL_ST_CONNECT)
+#define SSL3_ST_CW_KEY_EXCH_B           (0x181|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_VRFY_A          (0x190|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_VRFY_B          (0x191|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CHANGE_A             (0x1A0|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CHANGE_B             (0x1A1|SSL_ST_CONNECT)
+#define SSL3_ST_CW_FINISHED_A           (0x1B0|SSL_ST_CONNECT)
+#define SSL3_ST_CW_FINISHED_B           (0x1B1|SSL_ST_CONNECT)
+/* read from server */
+#define SSL3_ST_CR_CHANGE_A             (0x1C0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CHANGE_B             (0x1C1|SSL_ST_CONNECT)
+#define SSL3_ST_CR_FINISHED_A           (0x1D0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_FINISHED_B           (0x1D1|SSL_ST_CONNECT)
+/* server */
+/* extra state */
+#define SSL3_ST_SW_FLUSH                (0x100|SSL_ST_ACCEPT)
+/* read from client */
+/* Do not change the number values, they do matter */
+#define SSL3_ST_SR_CLNT_HELLO_A         (0x110|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CLNT_HELLO_B         (0x111|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CLNT_HELLO_C         (0x112|SSL_ST_ACCEPT)
+/* write to client */
+#define SSL3_ST_SW_HELLO_REQ_A          (0x120|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_HELLO_REQ_B          (0x121|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_HELLO_REQ_C          (0x122|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_HELLO_A         (0x130|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_HELLO_B         (0x131|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_A               (0x140|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_B               (0x141|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_KEY_EXCH_A           (0x150|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_KEY_EXCH_B           (0x151|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_REQ_A           (0x160|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_REQ_B           (0x161|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_DONE_A          (0x170|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_DONE_B          (0x171|SSL_ST_ACCEPT)
+/* read from client */
+#define SSL3_ST_SR_CERT_A               (0x180|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CERT_B               (0x181|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_KEY_EXCH_A           (0x190|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_KEY_EXCH_B           (0x191|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CERT_VRFY_A          (0x1A0|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CERT_VRFY_B          (0x1A1|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CHANGE_A             (0x1B0|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CHANGE_B             (0x1B1|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_FINISHED_A           (0x1C0|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_FINISHED_B           (0x1C1|SSL_ST_ACCEPT)
+/* write to client */
+#define SSL3_ST_SW_CHANGE_A             (0x1D0|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CHANGE_B             (0x1D1|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_FINISHED_A           (0x1E0|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_FINISHED_B           (0x1E1|SSL_ST_ACCEPT)
+#define SSL3_MT_CLIENT_REQUEST                  0
+#define SSL3_MT_CLIENT_HELLO                    1
+#define SSL3_MT_SERVER_HELLO                    2
+#define SSL3_MT_CERTIFICATE                     11
+#define SSL3_MT_SERVER_KEY_EXCHANGE             12
+#define SSL3_MT_CERTIFICATE_REQUEST             13
+#define SSL3_MT_SERVER_DONE                     14
+#define SSL3_MT_CERTIFICATE_VERIFY              15
+#define SSL3_MT_CLIENT_KEY_EXCHANGE             16
+#define SSL3_MT_FINISHED                        20
+#define SSL3_MT_CCS                             1
+/* These are used when changing over to a new cipher */
+#define SSL3_CC_READ            0x01
+#define SSL3_CC_WRITE           0x02
+#define SSL3_CC_CLIENT          0x10
+#define SSL3_CC_SERVER          0x20
+#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)  
+#define SSL3_CHANGE_CIPHER_SERVER_READ  (SSL3_CC_SERVER|SSL3_CC_READ)
+#define SSL3_CHANGE_CIPHER_CLIENT_READ  (SSL3_CC_CLIENT|SSL3_CC_READ)
+#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/ssl/ssl_algs.c b/src/lib/libssl/src/ssl/ssl_algs.c
new file mode 100644
index 0000000000..65f3a59386
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl_algs.c
@@ -0,0 +1,102 @@
+/* ssl/ssl_algs.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "objects.h"
+#include "lhash.h"
+#include "ssl_locl.h"
+void SSLeay_add_ssl_algorithms()
+        {
+#ifndef NO_DES
+        EVP_add_cipher(EVP_des_cbc());
+        EVP_add_cipher(EVP_des_ede3_cbc());
+#endif
+#ifndef NO_IDEA
+        EVP_add_cipher(EVP_idea_cbc());
+#endif
+#ifndef NO_RC4
+        EVP_add_cipher(EVP_rc4());
+#endif  
+#ifndef NO_RC2
+        EVP_add_cipher(EVP_rc2_cbc());
+#endif  
+#ifndef NO_MD2
+        EVP_add_digest(EVP_md2());
+#endif
+#ifndef NO_MD5
+        EVP_add_digest(EVP_md5());
+        EVP_add_alias(SN_md5,"ssl2-md5");
+        EVP_add_alias(SN_md5,"ssl3-md5");
+#endif
+#ifndef NO_SHA1
+        EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
+        EVP_add_alias(SN_sha1,"ssl3-sha1");
+#endif
+#if !defined(NO_SHA1) && !defined(NO_DSA)
+        EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
+#endif
+        /* If you want support for phased out ciphers, add the following */
+#if 0
+        EVP_add_digest(EVP_sha());
+        EVP_add_digest(EVP_dss());
+#endif
+        }
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
new file mode 100644
index 0000000000..116a83de64
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -0,0 +1,313 @@
+/* ssl/ssl_asn1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "asn1_mac.h"
+#include "objects.h"
+#include "ssl_locl.h"
+typedef struct ssl_session_asn1_st
+        {
+        ASN1_INTEGER version;
+        ASN1_INTEGER ssl_version;
+        ASN1_OCTET_STRING cipher;
+        ASN1_OCTET_STRING master_key;
+        ASN1_OCTET_STRING session_id;
+        ASN1_OCTET_STRING key_arg;
+        ASN1_INTEGER time;
+        ASN1_INTEGER timeout;
+        } SSL_SESSION_ASN1;
+/*
+ * SSLerr(SSL_F_I2D_SSL_SESSION,SSL_R_CIPHER_CODE_WRONG_LENGTH);
+ * SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNSUPPORTED_CIPHER);
+ */
+int i2d_SSL_SESSION(in,pp)
+SSL_SESSION *in;
+unsigned char **pp;
+        {
+#define LSIZE2 (sizeof(long)*2)
+        int v1=0,v2=0,v3=0;
+        unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
+        unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2];
+        long l;
+        SSL_SESSION_ASN1 a;
+        M_ASN1_I2D_vars(in);
+        if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
+                return(0);
+        /* Note that I cheat in the following 2 assignments.  I know
+         * that if the ASN1_INTERGER passed to ASN1_INTEGER_set
+         * is > sizeof(long)+1, the buffer will not be re-Malloc()ed.
+         * This is a bit evil but makes things simple, no dynamic allocation
+         * to clean up :-) */
+        a.version.length=LSIZE2;
+        a.version.type=V_ASN1_INTEGER;
+        a.version.data=ibuf1;
+        ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
+        a.ssl_version.length=LSIZE2;
+        a.ssl_version.type=V_ASN1_INTEGER;
+        a.ssl_version.data=ibuf2;
+        ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
+        a.cipher.type=V_ASN1_OCTET_STRING;
+        a.cipher.data=buf;
+        if (in->cipher == NULL)
+                l=in->cipher_id;
+        else
+                l=in->cipher->id;
+        if (in->ssl_version == SSL2_VERSION)
+                {
+                a.cipher.length=3;
+                buf[0]=((unsigned char)(l>>16L))&0xff;
+                buf[1]=((unsigned char)(l>> 8L))&0xff;
+                buf[2]=((unsigned char)(l     ))&0xff;
+                }
+        else
+                {
+                a.cipher.length=2;
+                buf[0]=((unsigned char)(l>>8L))&0xff;
+                buf[1]=((unsigned char)(l    ))&0xff;
+                }
+        a.master_key.length=in->master_key_length;
+        a.master_key.type=V_ASN1_OCTET_STRING;
+        a.master_key.data=in->master_key;
+        a.session_id.length=in->session_id_length;
+        a.session_id.type=V_ASN1_OCTET_STRING;
+        a.session_id.data=in->session_id;
+        a.key_arg.length=in->key_arg_length;
+        a.key_arg.type=V_ASN1_OCTET_STRING;
+        a.key_arg.data=in->key_arg;
+        if (in->time != 0L)
+                {
+                a.time.length=LSIZE2;
+                a.time.type=V_ASN1_INTEGER;
+                a.time.data=ibuf3;
+                ASN1_INTEGER_set(&(a.time),in->time);
+                }
+        if (in->timeout != 0L)
+                {
+                a.timeout.length=LSIZE2;
+                a.timeout.type=V_ASN1_INTEGER;
+                a.timeout.data=ibuf4;
+                ASN1_INTEGER_set(&(a.timeout),in->timeout);
+                }
+        M_ASN1_I2D_len(&(a.version),            i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(&(a.ssl_version),        i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(&(a.cipher),             i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(&(a.session_id),         i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(&(a.master_key),         i2d_ASN1_OCTET_STRING);
+        if (in->key_arg_length > 0)
+                M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
+        if (in->time != 0L)
+                M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
+        if (in->timeout != 0L)
+                M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
+        if (in->peer != NULL)
+                M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(&(a.version),            i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(&(a.ssl_version),        i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(&(a.cipher),             i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(&(a.session_id),         i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(&(a.master_key),         i2d_ASN1_OCTET_STRING);
+        if (in->key_arg_length > 0)
+                M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
+        if (in->time != 0L)
+                M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
+        if (in->timeout != 0L)
+                M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
+        if (in->peer != NULL)
+                M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
+        M_ASN1_I2D_finish();
+        }
+SSL_SESSION *d2i_SSL_SESSION(a,pp,length)
+SSL_SESSION **a;
+unsigned char **pp;
+long length;
+        {
+        int version,ssl_version=0,i;
+        long id;
+        ASN1_INTEGER ai,*aip;
+        ASN1_OCTET_STRING os,*osp;
+        M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
+        aip= &ai;
+        osp= &os;
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        ai.data=NULL; ai.length=0;
+        M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
+        version=(int)ASN1_INTEGER_get(aip);
+        if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
+        /* we don't care about the version right now :-) */
+        M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
+        ssl_version=(int)ASN1_INTEGER_get(aip);
+        ret->ssl_version=ssl_version;
+        if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
+        os.data=NULL; os.length=0;
+        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+        if (ssl_version == SSL2_VERSION)
+                {
+                if (os.length != 3)
+                        {
+                        c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
+                        goto err;
+                        }
+                id=0x02000000L|
+                        ((unsigned long)os.data[0]<<16L)|
+                        ((unsigned long)os.data[1]<< 8L)|
+                         (unsigned long)os.data[2];
+                }
+        else if ((ssl_version>>8) == 3)
+                {
+                if (os.length != 2)
+                        {
+                        c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
+                        goto err;
+                        }
+                id=0x03000000L|
+                        ((unsigned long)os.data[0]<<8L)|
+                         (unsigned long)os.data[1];
+                }
+        else
+                {
+                SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
+                return(NULL);
+                }
+        
+        ret->cipher=NULL;
+        ret->cipher_id=id;
+        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+        if ((ssl_version>>8) == SSL3_VERSION)
+                i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
+        else /* if (ssl_version == SSL2_VERSION) */
+                i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
+        if (os.length > i)
+                os.length=i;
+        ret->session_id_length=os.length;
+        memcpy(ret->session_id,os.data,os.length);
+        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+        if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
+                ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
+        else
+                ret->master_key_length=os.length;
+        memcpy(ret->master_key,os.data,ret->master_key_length);
+        os.length=0;
+        M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
+        if (os.length > SSL_MAX_KEY_ARG_LENGTH)
+                ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
+        else
+                ret->key_arg_length=os.length;
+        memcpy(ret->key_arg,os.data,ret->key_arg_length);
+        if (os.data != NULL) Free(os.data);
+        ai.length=0;
+        M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
+        if (ai.data != NULL)
+                {
+                ret->time=ASN1_INTEGER_get(aip);
+                Free(ai.data); ai.data=NULL; ai.length=0;
+                }
+        else
+                ret->time=time(NULL);
+        ai.length=0;
+        M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
+        if (ai.data != NULL)
+                {
+                ret->timeout=ASN1_INTEGER_get(aip);
+                Free(ai.data); ai.data=NULL; ai.length=0;
+                }
+        else
+                ret->timeout=3;
+        if (ret->peer != NULL)
+                {
+                X509_free(ret->peer);
+                ret->peer=NULL;
+                }
+        M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
+        M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
+        }
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
new file mode 100644
index 0000000000..c1cb86e1b7
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -0,0 +1,329 @@
+/* ssl/ssl_cert.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "objects.h"
+#include "bio.h"
+#include "pem.h"
+#include "ssl_locl.h"
+CERT *ssl_cert_new()
+        {
+        CERT *ret;
+        ret=(CERT *)Malloc(sizeof(CERT));
+        if (ret == NULL)
+                {
+                SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        memset(ret,0,sizeof(CERT));
+/*
+        ret->valid=0;
+        ret->mask=0;
+        ret->export_mask=0;
+        ret->cert_type=0;
+        ret->key->x509=NULL;
+        ret->key->publickey=NULL;
+        ret->key->privatekey=NULL; */
+        ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
+        ret->references=1;
+        return(ret);
+        }
+void ssl_cert_free(c)
+CERT *c;
+        {
+        int i;
+        i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
+#ifdef REF_PRINT
+        REF_PRINT("CERT",c);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"ssl_cert_free, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+#ifndef NO_RSA
+        if (c->rsa_tmp) RSA_free(c->rsa_tmp);
+#endif
+#ifndef NO_DH
+        if (c->dh_tmp) DH_free(c->dh_tmp);
+#endif
+        for (i=0; i<SSL_PKEY_NUM; i++)
+                {
+                if (c->pkeys[i].x509 != NULL)
+                        X509_free(c->pkeys[i].x509);
+                if (c->pkeys[i].privatekey != NULL)
+                        EVP_PKEY_free(c->pkeys[i].privatekey);
+#if 0
+                if (c->pkeys[i].publickey != NULL)
+                        EVP_PKEY_free(c->pkeys[i].publickey);
+#endif
+                }
+        if (c->cert_chain != NULL)
+                sk_pop_free(c->cert_chain,X509_free);
+        Free(c);
+        }
+int ssl_set_cert_type(c, type)
+CERT *c;
+int type;
+        {
+        c->cert_type=type;
+        return(1);
+        }
+int ssl_verify_cert_chain(s,sk)
+SSL *s;
+STACK *sk;
+        {
+        X509 *x;
+        int i;
+        X509_STORE_CTX ctx;
+        if ((sk == NULL) || (sk_num(sk) == 0))
+                return(0);
+        x=(X509 *)sk_value(sk,0);
+        X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
+        X509_STORE_CTX_set_app_data(&ctx,(char *)s);
+        if (s->ctx->app_verify_callback != NULL)
+                i=s->ctx->app_verify_callback(&ctx);
+        else
+                i=X509_verify_cert(&ctx);
+        X509_STORE_CTX_cleanup(&ctx);
+        s->verify_result=ctx.error;
+        return(i);
+        }
+static void set_client_CA_list(ca_list,list)
+STACK **ca_list;
+STACK *list;
+        {
+        if (*ca_list != NULL)
+                sk_pop_free(*ca_list,X509_NAME_free);
+        *ca_list=list;
+        }
+STACK *SSL_dup_CA_list(sk)
+STACK *sk;
+        {
+        int i;
+        STACK *ret;
+        X509_NAME *name;
+        ret=sk_new_null();
+        for (i=0; i<sk_num(sk); i++)
+                {
+                name=X509_NAME_dup((X509_NAME *)sk_value(sk,i));
+                if ((name == NULL) || !sk_push(ret,(char *)name))
+                        {
+                        sk_pop_free(ret,X509_NAME_free);
+                        return(NULL);
+                        }
+                }
+        return(ret);
+        }
+void SSL_set_client_CA_list(s,list)
+SSL *s;
+STACK *list;
+        {
+        set_client_CA_list(&(s->client_CA),list);
+        }
+void SSL_CTX_set_client_CA_list(ctx,list)
+SSL_CTX *ctx;
+STACK *list;
+        {
+        set_client_CA_list(&(ctx->client_CA),list);
+        }
+STACK *SSL_CTX_get_client_CA_list(ctx)
+SSL_CTX *ctx;
+        {
+        return(ctx->client_CA);
+        }
+STACK *SSL_get_client_CA_list(s)
+SSL *s;
+        {
+        if (s->type == SSL_ST_CONNECT)
+                { /* we are in the client */
+                if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
+                        (s->s3 != NULL))
+                        return(s->s3->tmp.ca_names);
+                else
+                        return(NULL);
+                }
+        else
+                {
+                if (s->client_CA != NULL)
+                        return(s->client_CA);
+                else
+                        return(s->ctx->client_CA);
+                }
+        }
+static int add_client_CA(sk,x)
+STACK **sk;
+X509 *x;
+        {
+        X509_NAME *name;
+        if (x == NULL) return(0);
+        if ((*sk == NULL) && ((*sk=sk_new_null()) == NULL))
+                return(0);
+                
+        if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
+                return(0);
+        if (!sk_push(*sk,(char *)name))
+                {
+                X509_NAME_free(name);
+                return(0);
+                }
+        return(1);
+        }
+int SSL_add_client_CA(ssl,x)
+SSL *ssl;
+X509 *x;
+        {
+        return(add_client_CA(&(ssl->client_CA),x));
+        }
+int SSL_CTX_add_client_CA(ctx,x)
+SSL_CTX *ctx;
+X509 *x;
+        {
+        return(add_client_CA(&(ctx->client_CA),x));
+        }
+static int name_cmp(a,b)
+X509_NAME **a,**b;
+        {
+        return(X509_NAME_cmp(*a,*b));
+        }
+#ifndef NO_STDIO
+STACK *SSL_load_client_CA_file(file)
+char *file;
+        {
+        BIO *in;
+        X509 *x=NULL;
+        X509_NAME *xn=NULL;
+        STACK *ret,*sk;
+        ret=sk_new(NULL);
+        sk=sk_new(name_cmp);
+        in=BIO_new(BIO_s_file_internal());
+        if ((ret == NULL) || (sk == NULL) || (in == NULL))
+                {
+                SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        
+        if (!BIO_read_filename(in,file))
+                goto err;
+        for (;;)
+                {
+                if (PEM_read_bio_X509(in,&x,NULL) == NULL)
+                        break;
+                if ((xn=X509_get_subject_name(x)) == NULL) goto err;
+                /* check for duplicates */
+                xn=X509_NAME_dup(xn);
+                if (xn == NULL) goto err;
+                if (sk_find(sk,(char *)xn) >= 0)
+                        X509_NAME_free(xn);
+                else
+                        {
+                        sk_push(sk,(char *)xn);
+                        sk_push(ret,(char *)xn);
+                        }
+                }
+        if (0)
+                {
+err:
+                if (ret != NULL) sk_pop_free(ret,X509_NAME_free);
+                ret=NULL;
+                }
+        if (sk != NULL) sk_free(sk);
+        if (in != NULL) BIO_free(in);
+        if (x != NULL) X509_free(x);
+        return(ret);
+        }
+#endif
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
new file mode 100644
index 0000000000..820994408b
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -0,0 +1,758 @@
+/* ssl/ssl_ciph.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "objects.h"
+#include "ssl_locl.h"
+#define SSL_ENC_DES_IDX         0
+#define SSL_ENC_3DES_IDX        1
+#define SSL_ENC_RC4_IDX         2
+#define SSL_ENC_RC2_IDX         3
+#define SSL_ENC_IDEA_IDX        4
+#define SSL_ENC_eFZA_IDX        5
+#define SSL_ENC_NULL_IDX        6
+#define SSL_ENC_NUM_IDX         7
+static EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
+        NULL,NULL,NULL,NULL,NULL,NULL,
+        };
+#define SSL_MD_MD5_IDX  0
+#define SSL_MD_SHA1_IDX 1
+#define SSL_MD_NUM_IDX  2
+static EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
+        NULL,NULL,
+        };
+typedef struct cipher_sort_st
+        {
+        SSL_CIPHER *cipher;
+        int pref;
+        } CIPHER_SORT;
+#define CIPHER_ADD      1
+#define CIPHER_KILL     2
+#define CIPHER_DEL      3
+#define CIPHER_ORD      4
+typedef struct cipher_choice_st
+        {
+        int type;
+        unsigned long algorithms;
+        unsigned long mask;
+        long top;
+        } CIPHER_CHOICE;
+typedef struct cipher_order_st
+        {
+        SSL_CIPHER *cipher;
+        int active;
+        int dead;
+        struct cipher_order_st *next,*prev;
+        } CIPHER_ORDER;
+static SSL_CIPHER cipher_aliases[]={
+        {0,SSL_TXT_ALL, 0,SSL_ALL,   0,SSL_ALL},        /* must be first */
+        {0,SSL_TXT_kRSA,0,SSL_kRSA,  0,SSL_MKEY_MASK},
+        {0,SSL_TXT_kDHr,0,SSL_kDHr,  0,SSL_MKEY_MASK},
+        {0,SSL_TXT_kDHd,0,SSL_kDHd,  0,SSL_MKEY_MASK},
+        {0,SSL_TXT_kEDH,0,SSL_kEDH,  0,SSL_MKEY_MASK},
+        {0,SSL_TXT_kFZA,0,SSL_kFZA,  0,SSL_MKEY_MASK},
+        {0,SSL_TXT_DH,  0,SSL_DH,    0,SSL_MKEY_MASK},
+        {0,SSL_TXT_EDH, 0,SSL_EDH,   0,SSL_MKEY_MASK|SSL_AUTH_MASK},
+        {0,SSL_TXT_aRSA,0,SSL_aRSA,  0,SSL_AUTH_MASK},
+        {0,SSL_TXT_aDSS,0,SSL_aDSS,  0,SSL_AUTH_MASK},
+        {0,SSL_TXT_aFZA,0,SSL_aFZA,  0,SSL_AUTH_MASK},
+        {0,SSL_TXT_aNULL,0,SSL_aNULL,0,SSL_AUTH_MASK},
+        {0,SSL_TXT_aDH, 0,SSL_aDH,   0,SSL_AUTH_MASK},
+        {0,SSL_TXT_DSS, 0,SSL_DSS,   0,SSL_AUTH_MASK},
+        {0,SSL_TXT_DES, 0,SSL_DES,   0,SSL_ENC_MASK},
+        {0,SSL_TXT_3DES,0,SSL_3DES,  0,SSL_ENC_MASK},
+        {0,SSL_TXT_RC4, 0,SSL_RC4,   0,SSL_ENC_MASK},
+        {0,SSL_TXT_RC2, 0,SSL_RC2,   0,SSL_ENC_MASK},
+        {0,SSL_TXT_IDEA,0,SSL_IDEA,  0,SSL_ENC_MASK},
+        {0,SSL_TXT_eNULL,0,SSL_eNULL,0,SSL_ENC_MASK},
+        {0,SSL_TXT_eFZA,0,SSL_eFZA,  0,SSL_ENC_MASK},
+        {0,SSL_TXT_MD5, 0,SSL_MD5,   0,SSL_MAC_MASK},
+        {0,SSL_TXT_SHA1,0,SSL_SHA1,  0,SSL_MAC_MASK},
+        {0,SSL_TXT_SHA, 0,SSL_SHA,   0,SSL_MAC_MASK},
+        {0,SSL_TXT_NULL,0,SSL_NULL,  0,SSL_ENC_MASK},
+        {0,SSL_TXT_RSA, 0,SSL_RSA,   0,SSL_AUTH_MASK|SSL_MKEY_MASK},
+        {0,SSL_TXT_ADH, 0,SSL_ADH,   0,SSL_AUTH_MASK|SSL_MKEY_MASK},
+        {0,SSL_TXT_FZA, 0,SSL_FZA,   0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK},
+        {0,SSL_TXT_EXP, 0,SSL_EXP,   0,SSL_EXP_MASK},
+        {0,SSL_TXT_EXPORT,0,SSL_EXPORT,0,SSL_EXP_MASK},
+        {0,SSL_TXT_SSLV2,0,SSL_SSLV2,0,SSL_SSL_MASK},
+        {0,SSL_TXT_SSLV3,0,SSL_SSLV3,0,SSL_SSL_MASK},
+        {0,SSL_TXT_LOW,  0,SSL_LOW,0,SSL_STRONG_MASK},
+        {0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK},
+        {0,SSL_TXT_HIGH, 0,SSL_HIGH,0,SSL_STRONG_MASK},
+        };
+static int init_ciphers=1;
+static void load_ciphers();
+static int cmp_by_name(a,b)
+SSL_CIPHER **a,**b;
+        {
+        return(strcmp((*a)->name,(*b)->name));
+        }
+static void load_ciphers()
+        {
+        init_ciphers=0;
+        ssl_cipher_methods[SSL_ENC_DES_IDX]= 
+                EVP_get_cipherbyname(SN_des_cbc);
+        ssl_cipher_methods[SSL_ENC_3DES_IDX]=
+                EVP_get_cipherbyname(SN_des_ede3_cbc);
+        ssl_cipher_methods[SSL_ENC_RC4_IDX]=
+                EVP_get_cipherbyname(SN_rc4);
+        ssl_cipher_methods[SSL_ENC_RC2_IDX]= 
+                EVP_get_cipherbyname(SN_rc2_cbc);
+        ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 
+                EVP_get_cipherbyname(SN_idea_cbc);
+        ssl_digest_methods[SSL_MD_MD5_IDX]=
+                EVP_get_digestbyname(SN_md5);
+        ssl_digest_methods[SSL_MD_SHA1_IDX]=
+                EVP_get_digestbyname(SN_sha1);
+        }
+int ssl_cipher_get_evp(c,enc,md)
+SSL_CIPHER *c;
+EVP_CIPHER **enc;
+EVP_MD **md;
+        {
+        int i;
+        if (c == NULL) return(0);
+        switch (c->algorithms & SSL_ENC_MASK)
+                {
+        case SSL_DES:
+                i=SSL_ENC_DES_IDX;
+                break;
+        case SSL_3DES:
+                i=SSL_ENC_3DES_IDX;
+                break;
+        case SSL_RC4:
+                i=SSL_ENC_RC4_IDX;
+                break;
+        case SSL_RC2:
+                i=SSL_ENC_RC2_IDX;
+                break;
+        case SSL_IDEA:
+                i=SSL_ENC_IDEA_IDX;
+                break;
+        case SSL_eNULL:
+                i=SSL_ENC_NULL_IDX;
+                break;
+                break;
+        default:
+                i= -1;
+                break;
+                }
+        if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+                *enc=NULL;
+        else
+                {
+                if (i == SSL_ENC_NULL_IDX)
+                        *enc=EVP_enc_null();
+                else
+                        *enc=ssl_cipher_methods[i];
+                }
+        switch (c->algorithms & SSL_MAC_MASK)
+                {
+        case SSL_MD5:
+                i=SSL_MD_MD5_IDX;
+                break;
+        case SSL_SHA1:
+                i=SSL_MD_SHA1_IDX;
+                break;
+        default:
+                i= -1;
+                break;
+                }
+        if ((i < 0) || (i > SSL_MD_NUM_IDX))
+                *md=NULL;
+        else
+                *md=ssl_digest_methods[i];
+        if ((*enc != NULL) && (*md != NULL))
+                return(1);
+        else
+                return(0);
+        }
+#define ITEM_SEP(a) \
+        (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
+static void ll_append_tail(head,curr,tail)
+CIPHER_ORDER **head,*curr,**tail;
+        {
+        if (curr == *tail) return;
+        if (curr == *head)
+                *head=curr->next;
+        if (curr->prev != NULL)
+                curr->prev->next=curr->next;
+        if (curr->next != NULL) /* should always be true */
+                curr->next->prev=curr->prev;
+        (*tail)->next=curr;
+        curr->prev= *tail;
+        curr->next=NULL;
+        *tail=curr;
+        }
+STACK *ssl_create_cipher_list(ssl_method,cipher_list,cipher_list_by_id,str)
+SSL_METHOD *ssl_method;
+STACK **cipher_list,**cipher_list_by_id;
+char *str;
+        {
+        SSL_CIPHER *c;
+        char *l;
+        STACK *ret=NULL,*ok=NULL;
+#define CL_BUF  40
+        char buf[CL_BUF];
+        char *tmp_str=NULL;
+        unsigned long mask,algorithms,ma;
+        char *start;
+        int i,j,k,num=0,ch,multi;
+        unsigned long al;
+        STACK *ca_list=NULL;
+        int current_x,num_x;
+        CIPHER_CHOICE *ops=NULL;
+        CIPHER_ORDER *list=NULL,*head=NULL,*tail=NULL,*curr,*tail2,*curr2;
+        int list_num;
+        int type;
+        SSL_CIPHER c_tmp,*cp;
+        if (str == NULL) return(NULL);
+        if (strncmp(str,"DEFAULT",7) == 0)
+                {
+                i=strlen(str)+2+strlen(SSL_DEFAULT_CIPHER_LIST);
+                if ((tmp_str=Malloc(i)) == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                strcpy(tmp_str,SSL_DEFAULT_CIPHER_LIST);
+                strcat(tmp_str,":");
+                strcat(tmp_str,&(str[7]));
+                str=tmp_str;
+                }
+        if (init_ciphers) load_ciphers();
+        num=ssl_method->num_ciphers();
+        if ((ret=(STACK *)sk_new(NULL)) == NULL) goto err;
+        if ((ca_list=(STACK *)sk_new(cmp_by_name)) == NULL) goto err;
+        mask =SSL_kFZA;
+#ifdef NO_RSA
+        mask|=SSL_aRSA|SSL_kRSA;
+#endif
+#ifdef NO_DSA
+        mask|=SSL_aDSS;
+#endif
+#ifdef NO_DH
+        mask|=SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
+#endif
+#ifndef SSL_ALLOW_ENULL
+        mask|=SSL_eNULL;
+#endif
+        mask|=(ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL)?SSL_DES :0;
+        mask|=(ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL)?SSL_3DES:0;
+        mask|=(ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL)?SSL_RC4 :0;
+        mask|=(ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL)?SSL_RC2 :0;
+        mask|=(ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL)?SSL_IDEA:0;
+        mask|=(ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL)?SSL_eFZA:0;
+        mask|=(ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL)?SSL_MD5 :0;
+        mask|=(ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL)?SSL_SHA1:0;
+        if ((list=(CIPHER_ORDER *)Malloc(sizeof(CIPHER_ORDER)*num)) == NULL)
+                goto err;
+        /* Get the initial list of ciphers */
+        list_num=0;
+        for (i=0; i<num; i++)
+                {
+                c=ssl_method->get_cipher((unsigned int)i);
+                /* drop those that use any of that is not available */
+                if ((c != NULL) && c->valid && !(c->algorithms & mask))
+                        {
+                        list[list_num].cipher=c;
+                        list[list_num].next=NULL;
+                        list[list_num].prev=NULL;
+                        list[list_num].active=0;
+                        list_num++;
+                        if (!sk_push(ca_list,(char *)c)) goto err;
+                        }
+                }
+        
+        for (i=1; i<list_num-1; i++)
+                {
+                list[i].prev= &(list[i-1]);
+                list[i].next= &(list[i+1]);
+                }
+        if (list_num > 0)
+                {
+                head= &(list[0]);
+                head->prev=NULL;
+                head->next= &(list[1]);
+                tail= &(list[list_num-1]);
+                tail->prev= &(list[list_num-2]);
+                tail->next=NULL;
+                }
+        /* special case */
+        cipher_aliases[0].algorithms= ~mask;
+        /* get the aliases */
+        k=sizeof(cipher_aliases)/sizeof(SSL_CIPHER);
+        for (j=0; j<k; j++)
+                {
+                al=cipher_aliases[j].algorithms;
+                /* Drop those that are not relevent */
+                if ((al & mask) == al) continue;
+                if (!sk_push(ca_list,(char *)&(cipher_aliases[j]))) goto err;
+                }
+        /* ca_list now holds a 'stack' of SSL_CIPHERS, some real, some
+         * 'aliases' */
+        /* how many parameters are there? */
+        num=1;
+        for (l=str; *l; l++)
+                if (ITEM_SEP(*l))
+                        num++;
+        ops=(CIPHER_CHOICE *)Malloc(sizeof(CIPHER_CHOICE)*num);
+        if (ops == NULL) goto err;
+        memset(ops,0,sizeof(CIPHER_CHOICE)*num);
+        /* we now parse the input string and create our operations */
+        l=str;
+        i=0;
+        current_x=0;
+        for (;;)
+                {
+                ch= *l;
+                if (ch == '\0') break;
+                if (ch == '-')
+                        { j=CIPHER_DEL; l++; }
+                else if (ch == '+')
+                        { j=CIPHER_ORD; l++; }
+                else if (ch == '!')
+                        { j=CIPHER_KILL; l++; }
+                else    
+                        { j=CIPHER_ADD; }
+                if (ITEM_SEP(ch))
+                        {
+                        l++;
+                        continue;
+                        }
+                ops[current_x].type=j;
+                ops[current_x].algorithms=0;
+                ops[current_x].mask=0;
+                start=l;
+                for (;;)
+                        {
+                        ch= *l;
+                        i=0;
+                        while ( ((ch >= 'A') && (ch <= 'Z')) ||
+                                ((ch >= '0') && (ch <= '9')) ||
+                                ((ch >= 'a') && (ch <= 'z')) ||
+                                 (ch == '-'))
+                                 {
+                                 buf[i]=ch;
+                                 ch= *(++l);
+                                 i++;
+                                 if (i >= (CL_BUF-2)) break;
+                                 }
+                        buf[i]='\0';
+                        /* check for multi-part specification */
+                        if (ch == '+')
+                                {
+                                multi=1;
+                                l++;
+                                }
+                        else
+                                multi=0;
+                        c_tmp.name=buf;
+                        j=sk_find(ca_list,(char *)&c_tmp);
+                        if (j < 0)
+                                goto end_loop;
+                        cp=(SSL_CIPHER *)sk_value(ca_list,j);
+                        ops[current_x].algorithms|=cp->algorithms;
+                        /* We add the SSL_SSL_MASK so we can match the
+                         * SSLv2 and SSLv3 versions of RC4-MD5 */
+                        ops[current_x].mask|=cp->mask;
+                        if (!multi) break;
+                        }
+                current_x++;
+                if (ch == '\0') break;
+end_loop:
+                /* Make sure we scan until the next valid start point */
+                while ((*l != '\0') && ITEM_SEP(*l))
+                        l++;
+                }
+        num_x=current_x;
+        current_x=0;
+        /* We will now process the list of ciphers, once for each category, to
+         * decide what we should do with it. */
+        for (j=0; j<num_x; j++)
+                {
+                algorithms=ops[j].algorithms;
+                type=ops[j].type;
+                mask=ops[j].mask;
+                curr=head;
+                curr2=head;
+                tail2=tail;
+                for (;;)
+                        {
+                        if ((curr == NULL) || (curr == tail2)) break;
+                        curr=curr2;
+                        curr2=curr->next;
+                        cp=curr->cipher;
+                        ma=mask & cp->algorithms;
+                        if ((ma == 0) || ((ma & algorithms) != ma))
+                                {
+                                /* does not apply */
+                                continue;
+                                }
+                        /* add the cipher if it has not been added yet. */
+                        if (type == CIPHER_ADD)
+                                {
+                                if (!curr->active)
+                                        {
+                                        ll_append_tail(&head,curr,&tail);
+                                        curr->active=1;
+                                        }
+                                }
+                        /* Move the added cipher to this location */
+                        else if (type == CIPHER_ORD)
+                                {
+                                if (curr->active)
+                                        {
+                                        ll_append_tail(&head,curr,&tail);
+                                        }
+                                }
+                        else if (type == CIPHER_DEL)
+                                curr->active=0;
+                        if (type == CIPHER_KILL)
+                                {
+                                if (head == curr)
+                                        head=curr->next;
+                                else
+                                        curr->prev->next=curr->next;
+                                if (tail == curr)
+                                        tail=curr->prev;
+                                curr->active=0;
+                                if (curr->next != NULL)
+                                        curr->next->prev=curr->prev;
+                                if (curr->prev != NULL)
+                                        curr->prev->next=curr->next;
+                                curr->next=NULL;
+                                curr->prev=NULL;
+                                }
+                        }
+                }
+        for (curr=head; curr != NULL; curr=curr->next)
+                {
+                if (curr->active)
+                        {
+                        sk_push(ret,(char *)curr->cipher);
+#ifdef CIPHER_DEBUG
+                        printf("<%s>\n",curr->cipher->name);
+#endif
+                        }
+                }
+        if (cipher_list != NULL)
+                {
+                if (*cipher_list != NULL)
+                        sk_free(*cipher_list);
+                *cipher_list=ret;
+                }
+        if (cipher_list_by_id != NULL)
+                {
+                if (*cipher_list_by_id != NULL)
+                        sk_free(*cipher_list_by_id);
+                *cipher_list_by_id=sk_dup(ret);
+                }
+        if (    (cipher_list_by_id == NULL) ||
+                (*cipher_list_by_id == NULL) ||
+                (cipher_list == NULL) ||
+                (*cipher_list == NULL))
+                goto err;
+        sk_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
+        ok=ret;
+        ret=NULL;
+err:
+        if (tmp_str) Free(tmp_str);
+        if (ops != NULL) Free(ops);
+        if (ret != NULL) sk_free(ret);
+        if (ca_list != NULL) sk_free(ca_list);
+        if (list != NULL) Free(list);
+        return(ok);
+        }
+char *SSL_CIPHER_description(cipher,buf,len)
+SSL_CIPHER *cipher;
+char *buf;
+int len;
+        {
+        int export;
+        char *ver,*exp;
+        char *kx,*au,*enc,*mac;
+        unsigned long alg,alg2;
+        static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
+        
+        alg=cipher->algorithms;
+        alg2=cipher->algorithm2;
+        export=(alg&SSL_EXP)?1:0;
+        exp=(export)?" export":"";
+        if (alg & SSL_SSLV2)
+                ver="SSLv2";
+        else if (alg & SSL_SSLV3)
+                ver="SSLv3";
+        else
+                ver="unknown";
+        switch (alg&SSL_MKEY_MASK)
+                {
+        case SSL_kRSA:
+                kx=(export)?"RSA(512)":"RSA";
+                break;
+        case SSL_kDHr:
+                kx="DH/RSA";
+                break;
+        case SSL_kDHd:
+                kx="DH/DSS";
+                break;
+        case SSL_kFZA:
+                kx="Fortezza";
+                break;
+        case SSL_kEDH:
+                kx=(export)?"DH(512)":"DH";
+                break;
+        default:
+                kx="unknown";
+                }
+        switch (alg&SSL_AUTH_MASK)
+                {
+        case SSL_aRSA:
+                au="RSA";
+                break;
+        case SSL_aDSS:
+                au="DSS";
+                break;
+        case SSL_aDH:
+                au="DH";
+                break;
+        case SSL_aFZA:
+        case SSL_aNULL:
+                au="None";
+                break;
+        default:
+                au="unknown";
+                break;
+                }
+        switch (alg&SSL_ENC_MASK)
+                {
+        case SSL_DES:
+                enc=export?"DES(40)":"DES(56)";
+                break;
+        case SSL_3DES:
+                enc="3DES(168)";
+                break;
+        case SSL_RC4:
+                enc=export?"RC4(40)":((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
+                break;
+        case SSL_RC2:
+                enc=export?"RC2(40)":"RC2(128)";
+                break;
+        case SSL_IDEA:
+                enc="IDEA(128)";
+                break;
+        case SSL_eFZA:
+                enc="Fortezza";
+                break;
+        case SSL_eNULL:
+                enc="None";
+                break;
+        default:
+                enc="unknown";
+                break;
+                }
+        switch (alg&SSL_MAC_MASK)
+                {
+        case SSL_MD5:
+                mac="MD5";
+                break;
+        case SSL_SHA1:
+                mac="SHA1";
+                break;
+        default:
+                mac="unknown";
+                break;
+                }
+        if (buf == NULL)
+                {
+                buf=Malloc(128);
+                if (buf == NULL) return("Malloc Error");
+                }
+        else if (len < 128)
+                return("Buffer too small");
+        sprintf(buf,format,cipher->name,ver,kx,au,enc,mac,exp);
+        return(buf);
+        }
+char *SSL_CIPHER_get_version(c)
+SSL_CIPHER *c;
+        {
+        int i;
+        if (c == NULL) return("(NONE)");
+        i=(int)(c->id>>24L);
+        if (i == 3)
+                return("TLSv1/SSLv3");
+        else if (i == 2)
+                return("SSLv2");
+        else
+                return("unknown");
+        }
+/* return the actual cipher being used */
+char *SSL_CIPHER_get_name(c)
+SSL_CIPHER *c;
+        {
+        if (c != NULL)
+                return(c->name);
+        return("(NONE)");
+        }
+/* number of bits for symetric cipher */
+int SSL_CIPHER_get_bits(c,alg_bits)
+SSL_CIPHER *c;
+int *alg_bits;
+        {
+        int ret=0,a=0;
+        EVP_CIPHER *enc;
+        EVP_MD *md;
+        if (c != NULL)
+                {
+                if (!ssl_cipher_get_evp(c,&enc,&md))
+                        return(0);
+                a=EVP_CIPHER_key_length(enc)*8;
+                if (c->algorithms & SSL_EXP)
+                        {
+                        ret=40;
+                        }
+                else
+                        {
+                        if (c->algorithm2 & SSL2_CF_8_BYTE_ENC)
+                                ret=64;
+                        else
+                                ret=a;
+                        }
+                }
+        if (alg_bits != NULL) *alg_bits=a;
+        
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
new file mode 100644
index 0000000000..bcbb98591f
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -0,0 +1,374 @@
+/* lib/ssl/ssl_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "ssl.h"
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA SSL_str_functs[]=
+        {
+{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0),        "CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_CLIENT_HELLO,0),      "CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
+{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0),   "d2i_SSL_SESSION"},
+{ERR_PACK(0,SSL_F_DO_SSL3_WRITE,0),     "DO_SSL3_WRITE"},
+{ERR_PACK(0,SSL_F_GET_CLIENT_FINISHED,0),       "GET_CLIENT_FINISHED"},
+{ERR_PACK(0,SSL_F_GET_CLIENT_HELLO,0),  "GET_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_GET_CLIENT_MASTER_KEY,0),     "GET_CLIENT_MASTER_KEY"},
+{ERR_PACK(0,SSL_F_GET_SERVER_FINISHED,0),       "GET_SERVER_FINISHED"},
+{ERR_PACK(0,SSL_F_GET_SERVER_HELLO,0),  "GET_SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_GET_SERVER_VERIFY,0), "GET_SERVER_VERIFY"},
+{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0),   "i2d_SSL_SESSION"},
+{ERR_PACK(0,SSL_F_READ_N,0),    "READ_N"},
+{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0),       "REQUEST_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SERVER_HELLO,0),      "SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0),      "SSL23_ACCEPT"},
+{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0),        "SSL23_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_SSL23_CONNECT,0),     "SSL23_CONNECT"},
+{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0),    "SSL23_GET_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0),    "SSL23_GET_SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SSL23_READ,0),        "SSL23_READ"},
+{ERR_PACK(0,SSL_F_SSL23_WRITE,0),       "SSL23_WRITE"},
+{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0),       "SSL2_ACCEPT"},
+{ERR_PACK(0,SSL_F_SSL2_CONNECT,0),      "SSL2_CONNECT"},
+{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0),     "SSL2_ENC_INIT"},
+{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
+{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0),      "SSL2_SET_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL2_WRITE,0),        "SSL2_WRITE"},
+{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0),       "SSL3_ACCEPT"},
+{ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0),  "SSL3_CHANGE_CIPHER_STATE"},
+{ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0),     "SSL3_CHECK_CERT_AND_ALGORITHM"},
+{ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0), "SSL3_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_SSL3_CONNECT,0),      "SSL3_CONNECT"},
+{ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0),     "SSL3_CTX_CTRL"},
+{ERR_PACK(0,SSL_F_SSL3_ENC,0),  "SSL3_ENC"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0),      "SSL3_GET_CERTIFICATE_REQUEST"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0),      "SSL3_GET_CERT_VERIFY"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0),       "SSL3_GET_CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_HELLO,0),     "SSL3_GET_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,0),      "SSL3_GET_CLIENT_KEY_EXCHANGE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_FINISHED,0), "SSL3_GET_FINISHED"},
+{ERR_PACK(0,SSL_F_SSL3_GET_KEY_EXCHANGE,0),     "SSL3_GET_KEY_EXCHANGE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_MESSAGE,0),  "SSL3_GET_MESSAGE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_RECORD,0),   "SSL3_GET_RECORD"},
+{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_CERTIFICATE,0),       "SSL3_GET_SERVER_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0),      "SSL3_GET_SERVER_DONE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0),     "SSL3_GET_SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0),    "SSL3_OUTPUT_CERT_CHAIN"},
+{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0),   "SSL3_READ_BYTES"},
+{ERR_PACK(0,SSL_F_SSL3_READ_N,0),       "SSL3_READ_N"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0),     "SSL3_SEND_CERTIFICATE_REQUEST"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,0),      "SSL3_SEND_CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0),     "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0),   "SSL3_SEND_CLIENT_VERIFY"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0),      "SSL3_SEND_SERVER_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0),     "SSL3_SEND_SERVER_KEY_EXCHANGE"},
+{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0),        "SSL3_SETUP_BUFFERS"},
+{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0),      "SSL3_SETUP_KEY_BLOCK"},
+{ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0),  "SSL3_WRITE_BYTES"},
+{ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0),        "SSL3_WRITE_PENDING"},
+{ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0),    "SSL_BAD_METHOD"},
+{ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0),  "SSL_BYTES_TO_CIPHER_LIST"},
+{ERR_PACK(0,SSL_F_SSL_CERT_NEW,0),      "SSL_CERT_NEW"},
+{ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0),     "SSL_check_private_key"},
+{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0),    "SSL_CREATE_CIPHER_LIST"},
+{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"},
+{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0),       "SSL_CTX_new"},
+{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0),   "SSL_CTX_set_ssl_version"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0),   "SSL_CTX_use_certificate"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0),      "SSL_CTX_use_certificate_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0),      "SSL_CTX_use_certificate_file"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0),    "SSL_CTX_use_PrivateKey"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0),       "SSL_CTX_use_PrivateKey_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,0),       "SSL_CTX_use_PrivateKey_file"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,0), "SSL_CTX_use_RSAPrivateKey"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,0),    "SSL_CTX_use_RSAPrivateKey_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0),    "SSL_CTX_use_RSAPrivateKey_file"},
+{ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0),  "SSL_do_handshake"},
+{ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0),       "SSL_GET_NEW_SESSION"},
+{ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0),  "SSL_GET_SERVER_SEND_CERT"},
+{ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0), "SSL_GET_SIGN_PKEY"},
+{ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0),      "SSL_INIT_WBIO_BUFFER"},
+{ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0),   "SSL_load_client_CA_file"},
+{ERR_PACK(0,SSL_F_SSL_NEW,0),   "SSL_new"},
+{ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0),   "SSL_RSA_PRIVATE_DECRYPT"},
+{ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0),    "SSL_RSA_PUBLIC_ENCRYPT"},
+{ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0),   "SSL_SESSION_new"},
+{ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0),      "SSL_SESSION_print_fp"},
+{ERR_PACK(0,SSL_F_SSL_SET_CERT,0),      "SSL_SET_CERT"},
+{ERR_PACK(0,SSL_F_SSL_SET_FD,0),        "SSL_set_fd"},
+{ERR_PACK(0,SSL_F_SSL_SET_PKEY,0),      "SSL_SET_PKEY"},
+{ERR_PACK(0,SSL_F_SSL_SET_RFD,0),       "SSL_set_rfd"},
+{ERR_PACK(0,SSL_F_SSL_SET_SESSION,0),   "SSL_set_session"},
+{ERR_PACK(0,SSL_F_SSL_SET_WFD,0),       "SSL_set_wfd"},
+{ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0),    "SSL_UNDEFINED_FUNCTION"},
+{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0),       "SSL_use_certificate"},
+{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0),  "SSL_use_certificate_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_FILE,0),  "SSL_use_certificate_file"},
+{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY,0),        "SSL_use_PrivateKey"},
+{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_ASN1,0),   "SSL_use_PrivateKey_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_FILE,0),   "SSL_use_PrivateKey_file"},
+{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0),     "SSL_use_RSAPrivateKey"},
+{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0),        "SSL_use_RSAPrivateKey_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0),        "SSL_use_RSAPrivateKey_file"},
+{ERR_PACK(0,SSL_F_SSL_WRITE,0), "SSL_write"},
+{ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0),  "TLS1_CHANGE_CIPHER_STATE"},
+{ERR_PACK(0,SSL_F_TLS1_ENC,0),  "TLS1_ENC"},
+{ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0),      "TLS1_SETUP_KEY_BLOCK"},
+{ERR_PACK(0,SSL_F_WRITE_PENDING,0),     "WRITE_PENDING"},
+{0,NULL},
+        };
+static ERR_STRING_DATA SSL_str_reasons[]=
+        {
+{SSL_R_APP_DATA_IN_HANDSHAKE             ,"app data in handshake"},
+{SSL_R_BAD_ALERT_RECORD                  ,"bad alert record"},
+{SSL_R_BAD_AUTHENTICATION_TYPE           ,"bad authentication type"},
+{SSL_R_BAD_CHANGE_CIPHER_SPEC            ,"bad change cipher spec"},
+{SSL_R_BAD_CHECKSUM                      ,"bad checksum"},
+{SSL_R_BAD_CLIENT_REQUEST                ,"bad client request"},
+{SSL_R_BAD_DATA_RETURNED_BY_CALLBACK     ,"bad data returned by callback"},
+{SSL_R_BAD_DECOMPRESSION                 ,"bad decompression"},
+{SSL_R_BAD_DH_G_LENGTH                   ,"bad dh g length"},
+{SSL_R_BAD_DH_PUB_KEY_LENGTH             ,"bad dh pub key length"},
+{SSL_R_BAD_DH_P_LENGTH                   ,"bad dh p length"},
+{SSL_R_BAD_DIGEST_LENGTH                 ,"bad digest length"},
+{SSL_R_BAD_DSA_SIGNATURE                 ,"bad dsa signature"},
+{SSL_R_BAD_MAC_DECODE                    ,"bad mac decode"},
+{SSL_R_BAD_MESSAGE_TYPE                  ,"bad message type"},
+{SSL_R_BAD_PACKET_LENGTH                 ,"bad packet length"},
+{SSL_R_BAD_PROTOCOL_VERSION_NUMBER       ,"bad protocol version number"},
+{SSL_R_BAD_RESPONSE_ARGUMENT             ,"bad response argument"},
+{SSL_R_BAD_RSA_DECRYPT                   ,"bad rsa decrypt"},
+{SSL_R_BAD_RSA_ENCRYPT                   ,"bad rsa encrypt"},
+{SSL_R_BAD_RSA_E_LENGTH                  ,"bad rsa e length"},
+{SSL_R_BAD_RSA_MODULUS_LENGTH            ,"bad rsa modulus length"},
+{SSL_R_BAD_RSA_SIGNATURE                 ,"bad rsa signature"},
+{SSL_R_BAD_SIGNATURE                     ,"bad signature"},
+{SSL_R_BAD_SSL_FILETYPE                  ,"bad ssl filetype"},
+{SSL_R_BAD_SSL_SESSION_ID_LENGTH         ,"bad ssl session id length"},
+{SSL_R_BAD_STATE                         ,"bad state"},
+{SSL_R_BAD_WRITE_RETRY                   ,"bad write retry"},
+{SSL_R_BIO_NOT_SET                       ,"bio not set"},
+{SSL_R_BLOCK_CIPHER_PAD_IS_WRONG         ,"block cipher pad is wrong"},
+{SSL_R_BN_LIB                            ,"bn lib"},
+{SSL_R_CA_DN_LENGTH_MISMATCH             ,"ca dn length mismatch"},
+{SSL_R_CA_DN_TOO_LONG                    ,"ca dn too long"},
+{SSL_R_CCS_RECEIVED_EARLY                ,"ccs received early"},
+{SSL_R_CERTIFICATE_VERIFY_FAILED         ,"certificate verify failed"},
+{SSL_R_CERT_LENGTH_MISMATCH              ,"cert length mismatch"},
+{SSL_R_CHALLENGE_IS_DIFFERENT            ,"challenge is different"},
+{SSL_R_CIPHER_CODE_WRONG_LENGTH          ,"cipher code wrong length"},
+{SSL_R_CIPHER_OR_HASH_UNAVAILABLE        ,"cipher or hash unavailable"},
+{SSL_R_CIPHER_TABLE_SRC_ERROR            ,"cipher table src error"},
+{SSL_R_COMPRESSED_LENGTH_TOO_LONG        ,"compressed length too long"},
+{SSL_R_COMPRESSION_FAILURE               ,"compression failure"},
+{SSL_R_CONNECTION_ID_IS_DIFFERENT        ,"connection id is different"},
+{SSL_R_CONNECTION_TYPE_NOT_SET           ,"connection type not set"},
+{SSL_R_DATA_BETWEEN_CCS_AND_FINISHED     ,"data between ccs and finished"},
+{SSL_R_DATA_LENGTH_TOO_LONG              ,"data length too long"},
+{SSL_R_DECRYPTION_FAILED                 ,"decryption failed"},
+{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
+{SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
+{SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
+{SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST     ,"error in received cipher list"},
+{SSL_R_EXCESSIVE_MESSAGE_SIZE            ,"excessive message size"},
+{SSL_R_EXTRA_DATA_IN_MESSAGE             ,"extra data in message"},
+{SSL_R_GOT_A_FIN_BEFORE_A_CCS            ,"got a fin before a ccs"},
+{SSL_R_HTTPS_PROXY_REQUEST               ,"https proxy request"},
+{SSL_R_HTTP_REQUEST                      ,"http request"},
+{SSL_R_INTERNAL_ERROR                    ,"internal error"},
+{SSL_R_INVALID_CHALLENGE_LENGTH          ,"invalid challenge length"},
+{SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},
+{SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},
+{SSL_R_LIBRARY_HAS_NO_CIPHERS            ,"library has no ciphers"},
+{SSL_R_MISSING_DH_DSA_CERT               ,"missing dh dsa cert"},
+{SSL_R_MISSING_DH_KEY                    ,"missing dh key"},
+{SSL_R_MISSING_DH_RSA_CERT               ,"missing dh rsa cert"},
+{SSL_R_MISSING_DSA_SIGNING_CERT          ,"missing dsa signing cert"},
+{SSL_R_MISSING_EXPORT_TMP_DH_KEY         ,"missing export tmp dh key"},
+{SSL_R_MISSING_EXPORT_TMP_RSA_KEY        ,"missing export tmp rsa key"},
+{SSL_R_MISSING_RSA_CERTIFICATE           ,"missing rsa certificate"},
+{SSL_R_MISSING_RSA_ENCRYPTING_CERT       ,"missing rsa encrypting cert"},
+{SSL_R_MISSING_RSA_SIGNING_CERT          ,"missing rsa signing cert"},
+{SSL_R_MISSING_TMP_DH_KEY                ,"missing tmp dh key"},
+{SSL_R_MISSING_TMP_RSA_KEY               ,"missing tmp rsa key"},
+{SSL_R_MISSING_TMP_RSA_PKEY              ,"missing tmp rsa pkey"},
+{SSL_R_MISSING_VERIFY_MESSAGE            ,"missing verify message"},
+{SSL_R_NON_SSLV2_INITIAL_PACKET          ,"non sslv2 initial packet"},
+{SSL_R_NO_CERTIFICATES_RETURNED          ,"no certificates returned"},
+{SSL_R_NO_CERTIFICATE_ASSIGNED           ,"no certificate assigned"},
+{SSL_R_NO_CERTIFICATE_RETURNED           ,"no certificate returned"},
+{SSL_R_NO_CERTIFICATE_SET                ,"no certificate set"},
+{SSL_R_NO_CERTIFICATE_SPECIFIED          ,"no certificate specified"},
+{SSL_R_NO_CIPHERS_AVAILABLE              ,"no ciphers available"},
+{SSL_R_NO_CIPHERS_PASSED                 ,"no ciphers passed"},
+{SSL_R_NO_CIPHERS_SPECIFIED              ,"no ciphers specified"},
+{SSL_R_NO_CIPHER_LIST                    ,"no cipher list"},
+{SSL_R_NO_CIPHER_MATCH                   ,"no cipher match"},
+{SSL_R_NO_CLIENT_CERT_RECEIVED           ,"no client cert received"},
+{SSL_R_NO_COMPRESSION_SPECIFIED          ,"no compression specified"},
+{SSL_R_NO_PRIVATEKEY                     ,"no privatekey"},
+{SSL_R_NO_PRIVATE_KEY_ASSIGNED           ,"no private key assigned"},
+{SSL_R_NO_PROTOCOLS_AVAILABLE            ,"no protocols available"},
+{SSL_R_NO_PUBLICKEY                      ,"no publickey"},
+{SSL_R_NO_SHARED_CIPHER                  ,"no shared cipher"},
+{SSL_R_NULL_SSL_CTX                      ,"null ssl ctx"},
+{SSL_R_NULL_SSL_METHOD_PASSED            ,"null ssl method passed"},
+{SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED   ,"old session cipher not returned"},
+{SSL_R_PACKET_LENGTH_TOO_LONG            ,"packet length too long"},
+{SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"},
+{SSL_R_PEER_ERROR                        ,"peer error"},
+{SSL_R_PEER_ERROR_CERTIFICATE            ,"peer error certificate"},
+{SSL_R_PEER_ERROR_NO_CERTIFICATE         ,"peer error no certificate"},
+{SSL_R_PEER_ERROR_NO_CIPHER              ,"peer error no cipher"},
+{SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"peer error unsupported certificate type"},
+{SSL_R_PRE_MAC_LENGTH_TOO_LONG           ,"pre mac length too long"},
+{SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS ,"problems mapping cipher functions"},
+{SSL_R_PROTOCOL_IS_SHUTDOWN              ,"protocol is shutdown"},
+{SSL_R_PUBLIC_KEY_ENCRYPT_ERROR          ,"public key encrypt error"},
+{SSL_R_PUBLIC_KEY_IS_NOT_RSA             ,"public key is not rsa"},
+{SSL_R_PUBLIC_KEY_NOT_RSA                ,"public key not rsa"},
+{SSL_R_READ_BIO_NOT_SET                  ,"read bio not set"},
+{SSL_R_READ_WRONG_PACKET_TYPE            ,"read wrong packet type"},
+{SSL_R_RECORD_LENGTH_MISMATCH            ,"record length mismatch"},
+{SSL_R_RECORD_TOO_LARGE                  ,"record too large"},
+{SSL_R_REQUIRED_CIPHER_MISSING           ,"required cipher missing"},
+{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO        ,"reuse cert length not zero"},
+{SSL_R_REUSE_CERT_TYPE_NOT_ZERO          ,"reuse cert type not zero"},
+{SSL_R_REUSE_CIPHER_LIST_NOT_ZERO        ,"reuse cipher list not zero"},
+{SSL_R_SHORT_READ                        ,"short read"},
+{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
+{SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
+{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
+{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},
+{SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED   ,"sslv3 alert certificate expired"},
+{SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED   ,"sslv3 alert certificate revoked"},
+{SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN   ,"sslv3 alert certificate unknown"},
+{SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE ,"sslv3 alert decompression failure"},
+{SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE     ,"sslv3 alert handshake failure"},
+{SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER     ,"sslv3 alert illegal parameter"},
+{SSL_R_SSLV3_ALERT_NO_CERTIFICATE        ,"sslv3 alert no certificate"},
+{SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE,"sslv3 alert peer error certificate"},
+{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE,"sslv3 alert peer error no certificate"},
+{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER  ,"sslv3 alert peer error no cipher"},
+{SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"sslv3 alert peer error unsupported certificate type"},
+{SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE    ,"sslv3 alert unexpected message"},
+{SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE,"sslv3 alert unknown remote error type"},
+{SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE,"sslv3 alert unsupported certificate"},
+{SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"},
+{SSL_R_SSL_HANDSHAKE_FAILURE             ,"ssl handshake failure"},
+{SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS        ,"ssl library has no ciphers"},
+{SSL_R_SSL_SESSION_ID_IS_DIFFERENT       ,"ssl session id is different"},
+{SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"},
+{SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"},
+{SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"},
+{SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER   ,"tried to use unsupported cipher"},
+{SSL_R_UNABLE_TO_DECODE_DH_CERTS         ,"unable to decode dh certs"},
+{SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY      ,"unable to extract public key"},
+{SSL_R_UNABLE_TO_FIND_DH_PARAMETERS      ,"unable to find dh parameters"},
+{SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS,"unable to find public key parameters"},
+{SSL_R_UNABLE_TO_FIND_SSL_METHOD         ,"unable to find ssl method"},
+{SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES  ,"unable to load ssl2 md5 routines"},
+{SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES  ,"unable to load ssl3 md5 routines"},
+{SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"},
+{SSL_R_UNEXPECTED_MESSAGE                ,"unexpected message"},
+{SSL_R_UNEXPECTED_RECORD                 ,"unexpected record"},
+{SSL_R_UNKNOWN_ALERT_TYPE                ,"unknown alert type"},
+{SSL_R_UNKNOWN_CERTIFICATE_TYPE          ,"unknown certificate type"},
+{SSL_R_UNKNOWN_CIPHER_RETURNED           ,"unknown cipher returned"},
+{SSL_R_UNKNOWN_CIPHER_TYPE               ,"unknown cipher type"},
+{SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE         ,"unknown key exchange type"},
+{SSL_R_UNKNOWN_PKEY_TYPE                 ,"unknown pkey type"},
+{SSL_R_UNKNOWN_PROTOCOL                  ,"unknown protocol"},
+{SSL_R_UNKNOWN_REMOTE_ERROR_TYPE         ,"unknown remote error type"},
+{SSL_R_UNKNOWN_SSL_VERSION               ,"unknown ssl version"},
+{SSL_R_UNKNOWN_STATE                     ,"unknown state"},
+{SSL_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
+{SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"},
+{SSL_R_UNSUPPORTED_PROTOCOL              ,"unsupported protocol"},
+{SSL_R_UNSUPPORTED_SSL_VERSION           ,"unsupported ssl version"},
+{SSL_R_WRITE_BIO_NOT_SET                 ,"write bio not set"},
+{SSL_R_WRONG_CIPHER_RETURNED             ,"wrong cipher returned"},
+{SSL_R_WRONG_MESSAGE_TYPE                ,"wrong message type"},
+{SSL_R_WRONG_NUMBER_OF_KEY_BITS          ,"wrong number of key bits"},
+{SSL_R_WRONG_SIGNATURE_LENGTH            ,"wrong signature length"},
+{SSL_R_WRONG_SIGNATURE_SIZE              ,"wrong signature size"},
+{SSL_R_WRONG_SSL_VERSION                 ,"wrong ssl version"},
+{SSL_R_WRONG_VERSION_NUMBER              ,"wrong version number"},
+{SSL_R_X509_LIB                          ,"x509 lib"},
+{0,NULL},
+        };
+#endif
+void ERR_load_SSL_strings()
+        {
+        static int init=1;
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_SSL,SSL_str_functs);
+                ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons);
+#endif
+                }
+        }
diff --git a/src/lib/libssl/src/ssl/ssl_err2.c b/src/lib/libssl/src/ssl/ssl_err2.c
new file mode 100644
index 0000000000..0b91f7b8d2
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl_err2.c
@@ -0,0 +1,70 @@
+/* ssl/ssl_err2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "ssl.h"
+void SSL_load_error_strings()
+        {
+#ifndef NO_ERR
+        ERR_load_crypto_strings();
+        ERR_load_SSL_strings();
+#endif
+        }
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
new file mode 100644
index 0000000000..f562ec6b14
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -0,0 +1,1721 @@
+/* ssl/ssl_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "objects.h"
+#include "lhash.h"
+#include "ssl_locl.h"
+char *SSL_version_str="SSLeay 0.9.0b 29-Jun-1998";
+static STACK *ssl_meth=NULL;
+static STACK *ssl_ctx_meth=NULL;
+static int ssl_meth_num=0;
+static int ssl_ctx_meth_num=0;
+SSL3_ENC_METHOD ssl3_undef_enc_method={
+        ssl_undefined_function,
+        ssl_undefined_function,
+        ssl_undefined_function,
+        ssl_undefined_function,
+        ssl_undefined_function,
+        ssl_undefined_function,
+        };
+void SSL_clear(s)
+SSL *s;
+        {
+        int state;
+        if (s->method == NULL) return;
+        s->error=0;
+        s->hit=0;
+        /* This is set if we are doing dynamic renegotiation so keep
+         * the old cipher.  It is sort of a SSL_clear_lite :-) */
+        if (s->new_session) return;
+        state=s->state; /* Keep to check if we throw away the session-id */
+        s->type=0;
+        s->version=s->method->version;
+        s->rwstate=SSL_NOTHING;
+        s->state=SSL_ST_BEFORE;
+        s->rstate=SSL_ST_READ_HEADER;
+        s->read_ahead=s->ctx->default_read_ahead;
+/*      s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); */
+        if (s->init_buf != NULL)
+                {
+                BUF_MEM_free(s->init_buf);
+                s->init_buf=NULL;
+                }
+        ssl_clear_cipher_ctx(s);
+        if (ssl_clear_bad_session(s))
+                {
+                SSL_SESSION_free(s->session);
+                s->session=NULL;
+                }
+        s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+        s->first_packet=0;
+        s->method->ssl_clear(s);
+        }
+/* Used to change an SSL_CTXs default SSL method type */
+int SSL_CTX_set_ssl_version(ctx,meth)
+SSL_CTX *ctx;
+SSL_METHOD *meth;
+        {
+        STACK *sk;
+        ctx->method=meth;
+        sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
+                &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
+        if ((sk == NULL) || (sk_num(sk) <= 0))
+                {
+                SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+                return(0);
+                }
+        return(1);
+        }
+SSL *SSL_new(ctx)
+SSL_CTX *ctx;
+        {
+        SSL *s;
+        if (ctx == NULL)
+                {
+                SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
+                return(NULL);
+                }
+        if (ctx->method == NULL)
+                {
+                SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
+                return(NULL);
+                }
+        s=(SSL *)Malloc(sizeof(SSL));
+        if (s == NULL) goto err;
+        memset(s,0,sizeof(SSL));
+        if (ctx->default_cert != NULL)
+                {
+                CRYPTO_add(&ctx->default_cert->references,1,
+                        CRYPTO_LOCK_SSL_CERT);
+                s->cert=ctx->default_cert;
+                }
+        else
+                s->cert=NULL;
+        s->verify_mode=ctx->default_verify_mode;
+        s->verify_callback=ctx->default_verify_callback;
+        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
+        s->ctx=ctx;
+        s->verify_result=X509_V_OK;
+        s->method=ctx->method;
+        if (!s->method->ssl_new(s))
+                {
+                SSL_CTX_free(ctx);
+                Free(s);
+                goto err;
+                }
+        s->quiet_shutdown=ctx->quiet_shutdown;
+        s->references=1;
+        s->options=ctx->options;
+        SSL_clear(s);
+        CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data);
+        return(s);
+err:
+        SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
+        return(NULL);
+        }
+void SSL_free(s)
+SSL *s;
+        {
+        int i;
+        i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
+#ifdef REF_PRINT
+        REF_PRINT("SSL",s);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"SSL_free, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+        CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
+        if (s->bbio != NULL)
+                {
+                /* If the buffering BIO is in place, pop it off */
+                if (s->bbio == s->wbio)
+                        {
+                        s->wbio=BIO_pop(s->wbio);
+                        }
+                BIO_free(s->bbio);
+                s->bbio=NULL;
+                }
+        if (s->rbio != NULL)
+                BIO_free_all(s->rbio);
+        if ((s->wbio != NULL) && (s->wbio != s->rbio))
+                BIO_free_all(s->wbio);
+        if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
+        /* add extra stuff */
+        if (s->cipher_list != NULL) sk_free(s->cipher_list);
+        if (s->cipher_list_by_id != NULL) sk_free(s->cipher_list_by_id);
+        /* Make the next call work :-) */
+        if (s->session != NULL)
+                {
+                ssl_clear_bad_session(s);
+                SSL_SESSION_free(s->session);
+                }
+        ssl_clear_cipher_ctx(s);
+        if (s->cert != NULL) ssl_cert_free(s->cert);
+        /* Free up if allocated */
+        if (s->ctx) SSL_CTX_free(s->ctx);
+        if (s->client_CA != NULL)
+                sk_pop_free(s->client_CA,X509_NAME_free);
+        if (s->method != NULL) s->method->ssl_free(s);
+        Free((char *)s);
+        }
+void SSL_set_bio(s, rbio,wbio)
+SSL *s;
+BIO *rbio;
+BIO *wbio;
+        {
+        /* If the output buffering BIO is still in place, remove it
+         */
+        if (s->bbio != NULL)
+                {
+                if (s->wbio == s->bbio)
+                        {
+                        s->wbio=s->wbio->next_bio;
+                        s->bbio->next_bio=NULL;
+                        }
+                }
+        if ((s->rbio != NULL) && (s->rbio != rbio))
+                BIO_free_all(s->rbio);
+        if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
+                BIO_free_all(s->wbio);
+        s->rbio=rbio;
+        s->wbio=wbio;
+        }
+BIO *SSL_get_rbio(s)
+SSL *s;
+        { return(s->rbio); }
+BIO *SSL_get_wbio(s)
+SSL *s;
+        { return(s->wbio); }
+int SSL_get_fd(s)
+SSL *s;
+        {
+        int ret= -1;
+        BIO *b,*r;
+        b=SSL_get_rbio(s);
+        r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
+        if (r != NULL)
+                BIO_get_fd(r,&ret);
+        return(ret);
+        }
+#ifndef NO_SOCK
+int SSL_set_fd(s, fd)
+SSL *s;
+int fd;
+        {
+        int ret=0;
+        BIO *bio=NULL;
+        bio=BIO_new(BIO_s_socket());
+        if (bio == NULL)
+                {
+                SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
+                goto err;
+                }
+        BIO_set_fd(bio,fd,BIO_NOCLOSE);
+        SSL_set_bio(s,bio,bio);
+        ret=1;
+err:
+        return(ret);
+        }
+int SSL_set_wfd(s, fd)
+SSL *s;
+int fd;
+        {
+        int ret=0;
+        BIO *bio=NULL;
+        if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
+                || ((int)BIO_get_fd(s->rbio,NULL) != fd))
+                {
+                bio=BIO_new(BIO_s_socket());
+                if (bio == NULL)
+                        { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
+                BIO_set_fd(bio,fd,BIO_NOCLOSE);
+                SSL_set_bio(s,SSL_get_rbio(s),bio);
+                }
+        else
+                SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
+        ret=1;
+err:
+        return(ret);
+        }
+int SSL_set_rfd(s, fd)
+SSL *s;
+int fd;
+        {
+        int ret=0;
+        BIO *bio=NULL;
+        if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
+                || ((int)BIO_get_fd(s->wbio,NULL) != fd))
+                {
+                bio=BIO_new(BIO_s_socket());
+                if (bio == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
+                        goto err;
+                        }
+                BIO_set_fd(bio,fd,BIO_NOCLOSE);
+                SSL_set_bio(s,bio,SSL_get_wbio(s));
+                }
+        else
+                SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
+        ret=1;
+err:
+        return(ret);
+        }
+#endif
+int SSL_get_verify_mode(s)
+SSL *s;
+        {
+        return(s->verify_mode);
+        }
+int (*SSL_get_verify_callback(s))()
+SSL *s;
+        {
+        return(s->verify_callback);
+        }
+int SSL_CTX_get_verify_mode(ctx)
+SSL_CTX *ctx;
+        {
+        return(ctx->default_verify_mode);
+        }
+int (*SSL_CTX_get_verify_callback(ctx))()
+SSL_CTX *ctx;
+        {
+        return(ctx->default_verify_callback);
+        }
+void SSL_set_verify(s, mode, callback)
+SSL *s;
+int mode;
+int (*callback)();
+        {
+        s->verify_mode=mode;
+        if (callback != NULL)
+                s->verify_callback=callback;
+        }
+void SSL_set_read_ahead(s, yes)
+SSL *s;
+int yes;
+        {
+        s->read_ahead=yes;
+        }
+int SSL_get_read_ahead(s)
+SSL *s;
+        {
+        return(s->read_ahead);
+        }
+int SSL_pending(s)
+SSL *s;
+        {
+        return(s->method->ssl_pending(s));
+        }
+X509 *SSL_get_peer_certificate(s)
+SSL *s;
+        {
+        X509 *r;
+        
+        if ((s == NULL) || (s->session == NULL))
+                r=NULL;
+        else
+                r=s->session->peer;
+        if (r == NULL) return(r);
+        CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
+        return(r);
+        }
+STACK *SSL_get_peer_cert_chain(s)
+SSL *s;
+        {
+        STACK *r;
+        
+        if ((s == NULL) || (s->session == NULL) || (s->session->cert == NULL))
+                r=NULL;
+        else
+                r=s->session->cert->cert_chain;
+        return(r);
+        }
+/* Now in theory, since the calling process own 't' it should be safe to
+ * modify.  We need to be able to read f without being hassled */
+void SSL_copy_session_id(t,f)
+SSL *t,*f;
+        {
+        CERT *tmp;
+        /* Do we need to to SSL locking? */
+        SSL_set_session(t,SSL_get_session(f));
+        /* what if we are setup as SSLv2 but want to talk SSLv3 or
+         * vice-versa */
+        if (t->method != f->method)
+                {
+                t->method->ssl_free(t); /* cleanup current */
+                t->method=f->method;    /* change method */
+                t->method->ssl_new(t);  /* setup new */
+                }
+        tmp=t->cert;
+        if (f->cert != NULL)
+                {
+                CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
+                t->cert=f->cert;
+                }
+        else
+                t->cert=NULL;
+        if (tmp != NULL) ssl_cert_free(tmp);
+        }
+/* Fix this so it checks all the valid key/cert options */
+int SSL_CTX_check_private_key(ctx)
+SSL_CTX *ctx;
+        {
+        if (    (ctx == NULL) ||
+                (ctx->default_cert == NULL) ||
+                (ctx->default_cert->key->x509 == NULL))
+                {
+                SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
+                return(0);
+                }
+        if      (ctx->default_cert->key->privatekey == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+                return(0);
+                }
+        return(X509_check_private_key(ctx->default_cert->key->x509, ctx->default_cert->key->privatekey));
+        }
+/* Fix this function so that it takes an optional type parameter */
+int SSL_check_private_key(ssl)
+SSL *ssl;
+        {
+        if (ssl == NULL)
+                {
+                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if (ssl->cert == NULL)
+                return(SSL_CTX_check_private_key(ssl->ctx));
+        if (ssl->cert->key->x509 == NULL)
+                {
+                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
+                return(0);
+                }
+        if (ssl->cert->key->privatekey == NULL)
+                {
+                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+                return(0);
+                }
+        return(X509_check_private_key(ssl->cert->key->x509,
+                ssl->cert->key->privatekey));
+        }
+int SSL_accept(s)
+SSL *s;
+        {
+        return(s->method->ssl_accept(s));
+        }
+int SSL_connect(s)
+SSL *s;
+        {
+        return(s->method->ssl_connect(s));
+        }
+long SSL_get_default_timeout(s)
+SSL *s;
+        {
+        return(s->method->get_timeout());
+        }
+int SSL_read(s,buf,num)
+SSL *s;
+char *buf;
+int num;
+        {
+        if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
+                {
+                s->rwstate=SSL_NOTHING;
+                return(0);
+                }
+        return(s->method->ssl_read(s,buf,num));
+        }
+int SSL_peek(s,buf,num)
+SSL *s;
+char *buf;
+int num;
+        {
+        if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
+                {
+                return(0);
+                }
+        return(s->method->ssl_peek(s,buf,num));
+        }
+int SSL_write(s,buf,num)
+SSL *s;
+char *buf;
+int num;
+        {
+        if (s->shutdown & SSL_SENT_SHUTDOWN)
+                {
+                s->rwstate=SSL_NOTHING;
+                SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
+                return(-1);
+                }
+        return(s->method->ssl_write(s,buf,num));
+        }
+int SSL_shutdown(s)
+SSL *s;
+        {
+        if ((s != NULL) && !SSL_in_init(s))
+                return(s->method->ssl_shutdown(s));
+        else
+                return(1);
+        }
+int SSL_renegotiate(s)
+SSL *s;
+        {
+        s->new_session=1;
+        return(s->method->ssl_renegotiate(s));
+        }
+long SSL_ctrl(s,cmd,larg,parg)
+SSL *s;
+int cmd;
+long larg;
+char *parg;
+        {
+        return(s->method->ssl_ctrl(s,cmd,larg,parg));
+        }
+long SSL_CTX_ctrl(ctx,cmd,larg,parg)
+SSL_CTX *ctx;
+int cmd;
+long larg;
+char *parg;
+        {
+        return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
+        }
+int ssl_cipher_id_cmp(a,b)
+SSL_CIPHER *a,*b;
+        {
+        long l;
+        l=a->id-b->id;
+        if (l == 0L)
+                return(0);
+        else
+                return((l > 0)?1:-1);
+        }
+int ssl_cipher_ptr_id_cmp(ap,bp)
+SSL_CIPHER **ap,**bp;
+        {
+        long l;
+        l=(*ap)->id-(*bp)->id;
+        if (l == 0L)
+                return(0);
+        else
+                return((l > 0)?1:-1);
+        }
+/* return a STACK of the ciphers available for the SSL and in order of
+ * preference */
+STACK *SSL_get_ciphers(s)
+SSL *s;
+        {
+        if ((s != NULL) && (s->cipher_list != NULL))
+                {
+                return(s->cipher_list);
+                }
+        else if ((s->ctx != NULL) &&
+                (s->ctx->cipher_list != NULL))
+                {
+                return(s->ctx->cipher_list);
+                }
+        return(NULL);
+        }
+/* return a STACK of the ciphers available for the SSL and in order of
+ * algorithm id */
+STACK *ssl_get_ciphers_by_id(s)
+SSL *s;
+        {
+        if ((s != NULL) && (s->cipher_list_by_id != NULL))
+                {
+                return(s->cipher_list_by_id);
+                }
+        else if ((s != NULL) && (s->ctx != NULL) &&
+                (s->ctx->cipher_list_by_id != NULL))
+                {
+                return(s->ctx->cipher_list_by_id);
+                }
+        return(NULL);
+        }
+/* The old interface to get the same thing as SSL_get_ciphers() */
+char *SSL_get_cipher_list(s,n)
+SSL *s;
+int n;
+        {
+        SSL_CIPHER *c;
+        STACK *sk;
+        if (s == NULL) return(NULL);
+        sk=SSL_get_ciphers(s);
+        if ((sk == NULL) || (sk_num(sk) <= n))
+                return(NULL);
+        c=(SSL_CIPHER *)sk_value(sk,n);
+        if (c == NULL) return(NULL);
+        return(c->name);
+        }
+/* specify the ciphers to be used by defaut by the SSL_CTX */
+int SSL_CTX_set_cipher_list(ctx,str)
+SSL_CTX *ctx;
+char *str;
+        {
+        STACK *sk;
+        
+        sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
+                &ctx->cipher_list_by_id,str);
+/* XXXX */
+        return((sk == NULL)?0:1);
+        }
+/* specify the ciphers to be used by the SSL */
+int SSL_set_cipher_list(s, str)
+SSL *s;
+char *str;
+        {
+        STACK *sk;
+        
+        sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
+                &s->cipher_list_by_id,str);
+/* XXXX */
+        return((sk == NULL)?0:1);
+        }
+/* works well for SSLv2, not so good for SSLv3 */
+char *SSL_get_shared_ciphers(s,buf,len)
+SSL *s;
+char *buf;
+int len;
+        {
+        char *p,*cp;
+        STACK *sk;
+        SSL_CIPHER *c;
+        int i;
+        if ((s->session == NULL) || (s->session->ciphers == NULL) ||
+                (len < 2))
+                return(NULL);
+        p=buf;
+        sk=s->session->ciphers;
+        for (i=0; i<sk_num(sk); i++)
+                {
+                /* Decrement for either the ':' or a '\0' */
+                len--;
+                c=(SSL_CIPHER *)sk_value(sk,i);
+                for (cp=c->name; *cp; )
+                        {
+                        if (len-- == 0)
+                                {
+                                *p='\0';
+                                return(buf);
+                                }
+                        else
+                                *(p++)= *(cp++);
+                        }
+                *(p++)=':';
+                }
+        p[-1]='\0';
+        return(buf);
+        }
+int ssl_cipher_list_to_bytes(s,sk,p)
+SSL *s;
+STACK *sk;
+unsigned char *p;
+        {
+        int i,j=0;
+        SSL_CIPHER *c;
+        unsigned char *q;
+        if (sk == NULL) return(0);
+        q=p;
+        for (i=0; i<sk_num(sk); i++)
+                {
+                c=(SSL_CIPHER *)sk_value(sk,i);
+                j=ssl_put_cipher_by_char(s,c,p);
+                p+=j;
+                }
+        return(p-q);
+        }
+STACK *ssl_bytes_to_cipher_list(s,p,num,skp)
+SSL *s;
+unsigned char *p;
+int num;
+STACK **skp;
+        {
+        SSL_CIPHER *c;
+        STACK *sk;
+        int i,n;
+        n=ssl_put_cipher_by_char(s,NULL,NULL);
+        if ((num%n) != 0)
+                {
+                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+                return(NULL);
+                }
+        if ((skp == NULL) || (*skp == NULL))
+                sk=sk_new(NULL); /* change perhaps later */
+        else
+                {
+                sk= *skp;
+                sk_zero(sk);
+                }
+        for (i=0; i<num; i+=n)
+                {
+                c=ssl_get_cipher_by_char(s,p);
+                p+=n;
+                if (c != NULL)
+                        {
+                        if (!sk_push(sk,(char *)c))
+                                {
+                                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        }
+                }
+        if (skp != NULL)
+                *skp=sk;
+        return(sk);
+err:
+        if ((skp == NULL) || (*skp == NULL))
+                sk_free(sk);
+        return(NULL);
+        }
+unsigned long SSL_SESSION_hash(a)
+SSL_SESSION *a;
+        {
+        unsigned long l;
+        l=      (a->session_id[0]     )|(a->session_id[1]<< 8L)|
+                (a->session_id[2]<<16L)|(a->session_id[3]<<24L);
+        return(l);
+        }
+int SSL_SESSION_cmp(a, b)
+SSL_SESSION *a;
+SSL_SESSION *b;
+        {
+        if (a->ssl_version != b->ssl_version)
+                return(1);
+        if (a->session_id_length != b->session_id_length)
+                return(1);
+        return(memcmp(a->session_id,b->session_id,a->session_id_length));
+        }
+SSL_CTX *SSL_CTX_new(meth)
+SSL_METHOD *meth;
+        {
+        SSL_CTX *ret;
+        
+        if (meth == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
+                return(NULL);
+                }
+        ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX));
+        if (ret == NULL)
+                goto err;
+        memset(ret,0,sizeof(SSL_CTX));
+        ret->method=meth;
+        ret->cert_store=NULL;
+        ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
+        ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
+        ret->session_cache_head=NULL;
+        ret->session_cache_tail=NULL;
+        /* We take the system default */
+        ret->session_timeout=meth->get_timeout();
+        ret->new_session_cb=NULL;
+        ret->remove_session_cb=NULL;
+        ret->get_session_cb=NULL;
+        ret->sess_connect=0;
+        ret->sess_connect_good=0;
+        ret->sess_accept=0;
+        ret->sess_accept_renegotiate=0;
+        ret->sess_connect_renegotiate=0;
+        ret->sess_accept_good=0;
+        ret->sess_miss=0;
+        ret->sess_timeout=0;
+        ret->sess_cache_full=0;
+        ret->sess_hit=0;
+        ret->sess_cb_hit=0;
+        ret->references=1;
+        ret->quiet_shutdown=0;
+/*      ret->cipher=NULL;*/
+/*      ret->s2->challenge=NULL;
+        ret->master_key=NULL;
+        ret->key_arg=NULL;
+        ret->s2->conn_id=NULL; */
+        ret->info_callback=NULL;
+        ret->app_verify_callback=NULL;
+        ret->app_verify_arg=NULL;
+        ret->default_read_ahead=0;
+        ret->default_verify_mode=SSL_VERIFY_NONE;
+        ret->default_verify_callback=NULL;
+        if ((ret->default_cert=ssl_cert_new()) == NULL)
+                goto err;
+        ret->default_passwd_callback=NULL;
+        ret->client_cert_cb=NULL;
+        ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp);
+        if (ret->sessions == NULL) goto err;
+        ret->cert_store=X509_STORE_new();
+        if (ret->cert_store == NULL) goto err;
+        ssl_create_cipher_list(ret->method,
+                &ret->cipher_list,&ret->cipher_list_by_id,
+                SSL_DEFAULT_CIPHER_LIST);
+        if ((ret->cipher_list == NULL) || (sk_num(ret->cipher_list) <= 0))
+                {
+                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
+                goto err2;
+                }
+        if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
+                goto err2;
+                }
+        if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
+                goto err2;
+                }
+        if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
+                goto err2;
+                }
+        if ((ret->client_CA=sk_new_null()) == NULL)
+                goto err;
+        CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
+        return(ret);
+err:
+        SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
+err2:
+        if (ret != NULL) SSL_CTX_free(ret);
+        return(NULL);
+        }
+void SSL_CTX_free(a)
+SSL_CTX *a;
+        {
+        int i;
+        if (a == NULL) return;
+        i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
+#ifdef REF_PRINT
+        REF_PRINT("SSL_CTX",a);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"SSL_CTX_free, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+        CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+        if (a->sessions != NULL)
+                {
+                SSL_CTX_flush_sessions(a,0);
+                lh_free(a->sessions);
+                }
+        if (a->cert_store != NULL)
+                X509_STORE_free(a->cert_store);
+        if (a->cipher_list != NULL)
+                sk_free(a->cipher_list);
+        if (a->cipher_list_by_id != NULL)
+                sk_free(a->cipher_list_by_id);
+        if (a->default_cert != NULL)
+                ssl_cert_free(a->default_cert);
+        if (a->client_CA != NULL)
+                sk_pop_free(a->client_CA,X509_NAME_free);
+        Free((char *)a);
+        }
+void SSL_CTX_set_default_passwd_cb(ctx,cb)
+SSL_CTX *ctx;
+int (*cb)();
+        {
+        ctx->default_passwd_callback=cb;
+        }
+void SSL_CTX_set_cert_verify_cb(ctx,cb,arg)
+SSL_CTX *ctx;
+int (*cb)();
+char *arg;
+        {
+        ctx->app_verify_callback=cb;
+        ctx->app_verify_arg=arg;
+        }
+void SSL_CTX_set_verify(ctx,mode,cb)
+SSL_CTX *ctx;
+int mode;
+int (*cb)();
+        {
+        ctx->default_verify_mode=mode;
+        ctx->default_verify_callback=cb;
+        /* This needs cleaning up EAY EAY EAY */
+        X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
+        }
+void ssl_set_cert_masks(c)
+CERT *c;
+        {
+        CERT_PKEY *cpk;
+        int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
+        int rsa_enc_export,dh_rsa_export,dh_dsa_export;
+        int rsa_tmp_export,dh_tmp_export;
+        unsigned long mask,emask;
+        if ((c == NULL) || (c->valid)) return;
+#ifndef NO_RSA
+        rsa_tmp=((c->rsa_tmp != NULL) || (c->rsa_tmp_cb != NULL))?1:0;
+        rsa_tmp_export=((c->rsa_tmp_cb != NULL) ||
+                (rsa_tmp && (RSA_size(c->rsa_tmp)*8 <= 512)))?1:0;
+#else
+        rsa_tmp=rsa_tmp_export=0;
+#endif
+#ifndef NO_DH
+        dh_tmp=((c->dh_tmp != NULL) || (c->dh_tmp_cb != NULL))?1:0;
+        dh_tmp_export=((c->dh_tmp_cb != NULL) ||
+                (dh_tmp && (DH_size(c->dh_tmp)*8 <= 512)))?1:0;
+#else
+        dh_tmp=dh_tmp_export=0;
+#endif
+        cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
+        rsa_enc= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
+        rsa_enc_export=(rsa_enc && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+        cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
+        rsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
+        cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
+        dsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
+        cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
+        dh_rsa=  ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
+        dh_rsa_export=(dh_rsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+        cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
+/* FIX THIS EAY EAY EAY */
+        dh_dsa=  ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
+        dh_dsa_export=(dh_dsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+        mask=0;
+        emask=0;
+#ifdef CIPHER_DEBUG
+        printf("rt=%d dht=%d re=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+                rsa_tmp,dh_tmp,
+                rsa_enc,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
+#endif
+        if (rsa_enc || (rsa_tmp && rsa_sign))
+                mask|=SSL_kRSA;
+        if (rsa_enc_export || (rsa_tmp_export && rsa_sign))
+                emask|=SSL_kRSA;
+#if 0
+        /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
+        if (    (dh_tmp || dh_rsa || dh_dsa) && 
+                (rsa_enc || rsa_sign || dsa_sign))
+                mask|=SSL_kEDH;
+        if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
+                (rsa_enc || rsa_sign || dsa_sign))
+                emask|=SSL_kEDH;
+#endif
+        if (dh_tmp_export) 
+                emask|=SSL_kEDH;
+        if (dh_tmp)
+                mask|=SSL_kEDH;
+        if (dh_rsa) mask|=SSL_kDHr;
+        if (dh_rsa_export) emask|=SSL_kDHr;
+        if (dh_dsa) mask|=SSL_kDHd;
+        if (dh_dsa_export) emask|=SSL_kDHd;
+        if (rsa_enc || rsa_sign)
+                {
+                mask|=SSL_aRSA;
+                emask|=SSL_aRSA;
+                }
+        if (dsa_sign)
+                {
+                mask|=SSL_aDSS;
+                emask|=SSL_aDSS;
+                }
+#ifdef SSL_ALLOW_ADH
+        mask|=SSL_aNULL;
+        emask|=SSL_aNULL;
+#endif
+        c->mask=mask;
+        c->export_mask=emask;
+        c->valid=1;
+        }
+/* THIS NEEDS CLEANING UP */
+X509 *ssl_get_server_send_cert(s)
+SSL *s;
+        {
+        unsigned long alg,mask,kalg;
+        CERT *c;
+        int i,export;
+        c=s->cert;
+        ssl_set_cert_masks(c);
+        alg=s->s3->tmp.new_cipher->algorithms;
+        export=(alg & SSL_EXPORT)?1:0;
+        mask=(export)?c->export_mask:c->mask;
+        kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+        if      (kalg & SSL_kDHr)
+                i=SSL_PKEY_DH_RSA;
+        else if (kalg & SSL_kDHd)
+                i=SSL_PKEY_DH_DSA;
+        else if (kalg & SSL_aDSS)
+                i=SSL_PKEY_DSA_SIGN;
+        else if (kalg & SSL_aRSA)
+                {
+                if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
+                        i=SSL_PKEY_RSA_SIGN;
+                else
+                        i=SSL_PKEY_RSA_ENC;
+                }
+        else /* if (kalg & SSL_aNULL) */
+                {
+                SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR);
+                return(NULL);
+                }
+        if (c->pkeys[i].x509 == NULL) return(NULL);
+        return(c->pkeys[i].x509);
+        }
+EVP_PKEY *ssl_get_sign_pkey(s,cipher)
+SSL *s;
+SSL_CIPHER *cipher;
+        {
+        unsigned long alg;
+        CERT *c;
+        alg=cipher->algorithms;
+        c=s->cert;
+        if ((alg & SSL_aDSS) &&
+                (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
+                return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
+        else if (alg & SSL_aRSA)
+                {
+                if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
+                        return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
+                else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
+                        return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
+                else
+                        return(NULL);
+                }
+        else /* if (alg & SSL_aNULL) */
+                {
+                SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR);
+                return(NULL);
+                }
+        }
+void ssl_update_cache(s,mode)
+SSL *s;
+int mode;
+        {
+        int i;
+        /* If the session_id_length is 0, we are not supposed to cache it,
+         * and it would be rather hard to do anyway :-) */
+        if (s->session->session_id_length == 0) return;
+        if ((s->ctx->session_cache_mode & mode)
+                && (!s->hit)
+                && SSL_CTX_add_session(s->ctx,s->session)
+                && (s->ctx->new_session_cb != NULL))
+                {
+                CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
+                if (!s->ctx->new_session_cb(s,s->session))
+                        SSL_SESSION_free(s->session);
+                }
+        /* auto flush every 255 connections */
+        i=s->ctx->session_cache_mode;
+        if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
+                ((i & mode) == mode))
+                {
+                if (  (((mode & SSL_SESS_CACHE_CLIENT)
+                        ?s->ctx->sess_connect_good
+                        :s->ctx->sess_accept_good) & 0xff) == 0xff)
+                        {
+                        SSL_CTX_flush_sessions(s->ctx,time(NULL));
+                        }
+                }
+        }
+SSL_METHOD *SSL_get_ssl_method(s)
+SSL *s;
+        {
+        return(s->method);
+        }
+int SSL_set_ssl_method(s,meth)
+SSL *s;
+SSL_METHOD *meth;
+        {
+        int conn= -1;
+        int ret=1;
+        if (s->method != meth)
+                {
+                if (s->handshake_func != NULL)
+                        conn=(s->handshake_func == s->method->ssl_connect);
+                if (s->method->version == meth->version)
+                        s->method=meth;
+                else
+                        {
+                        s->method->ssl_free(s);
+                        s->method=meth;
+                        ret=s->method->ssl_new(s);
+                        }
+                if (conn == 1)
+                        s->handshake_func=meth->ssl_connect;
+                else if (conn == 0)
+                        s->handshake_func=meth->ssl_accept;
+                }
+        return(ret);
+        }
+int SSL_get_error(s,i)
+SSL *s;
+int i;
+        {
+        int reason;
+        BIO *bio;
+        if (i > 0) return(SSL_ERROR_NONE);
+        if (ERR_peek_error() != 0)
+                return(SSL_ERROR_SSL);
+        if ((i < 0) && SSL_want_read(s))
+                {
+                bio=SSL_get_rbio(s);
+                if (BIO_should_read(bio))
+                        return(SSL_ERROR_WANT_READ);
+                else if (BIO_should_write(bio))
+                        return(SSL_ERROR_WANT_WRITE);
+                else if (BIO_should_io_special(bio))
+                        {
+                        reason=BIO_get_retry_reason(bio);
+                        if (reason == BIO_RR_CONNECT)
+                                return(SSL_ERROR_WANT_CONNECT);
+                        else
+                                return(SSL_ERROR_SYSCALL); /* unknown */
+                        }
+                }
+        if ((i < 0) && SSL_want_write(s))
+                {
+                bio=SSL_get_wbio(s);
+                if (BIO_should_write(bio))
+                        return(SSL_ERROR_WANT_WRITE);
+                else if (BIO_should_read(bio))
+                        return(SSL_ERROR_WANT_READ);
+                else if (BIO_should_io_special(bio))
+                        {
+                        reason=BIO_get_retry_reason(bio);
+                        if (reason == BIO_RR_CONNECT)
+                                return(SSL_ERROR_WANT_CONNECT);
+                        else
+                                return(SSL_ERROR_SYSCALL);
+                        }
+                }
+        if ((i < 0) && SSL_want_x509_lookup(s))
+                {
+                return(SSL_ERROR_WANT_X509_LOOKUP);
+                }
+        if (i == 0)
+                {
+                if (s->version == SSL2_VERSION)
+                        {
+                        /* assume it is the socket being closed */
+                        return(SSL_ERROR_ZERO_RETURN);
+                        }
+                else
+                        {
+                        if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+                                (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+                                return(SSL_ERROR_ZERO_RETURN);
+                        }
+                }
+        return(SSL_ERROR_SYSCALL);
+        }
+int SSL_do_handshake(s)
+SSL *s;
+        {
+        int ret=1;
+        if (s->handshake_func == NULL)
+                {
+                SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
+                return(-1);
+                }
+        if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+        if (SSL_in_init(s) || SSL_in_before(s))
+                {
+                ret=s->handshake_func(s);
+                }
+        return(ret);
+        }
+/* For the next 2 functions, SSL_clear() sets shutdown and so
+ * one of these calls will reset it */
+void SSL_set_accept_state(s)
+SSL *s;
+        {
+        s->shutdown=0;
+        s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
+        s->handshake_func=s->method->ssl_accept;
+        /* clear the current cipher */
+        ssl_clear_cipher_ctx(s);
+        }
+void SSL_set_connect_state(s)
+SSL *s;
+        {
+        s->shutdown=0;
+        s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
+        s->handshake_func=s->method->ssl_connect;
+        /* clear the current cipher */
+        ssl_clear_cipher_ctx(s);
+        }
+int ssl_undefined_function(s)
+SSL *s;
+        {
+        SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return(0);
+        }
+SSL_METHOD *ssl_bad_method(ver)
+int ver;
+        {
+        SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return(NULL);
+        }
+char *SSL_get_version(s)
+SSL *s;
+        {
+        if (s->version == TLS1_VERSION)
+                return("TLSv1");
+        else if (s->version == SSL3_VERSION)
+                return("SSLv3");
+        else if (s->version == SSL2_VERSION)
+                return("SSLv2");
+        else
+                return("unknown");
+        }
+SSL *SSL_dup(s)
+SSL *s;
+        {
+        STACK *sk;
+        X509_NAME *xn;
+        SSL *ret;
+        int i;
+                 
+        if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) return(NULL);
+                          
+        /* This copies version, session-id, SSL_METHOD and 'cert' */
+        SSL_copy_session_id(ret,s);
+        SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
+        SSL_set_verify(ret,SSL_get_verify_mode(s),
+                SSL_get_verify_callback(s));
+        SSL_set_info_callback(ret,SSL_get_info_callback(s));
+        
+        ret->debug=s->debug;
+        ret->options=s->options;
+        /* copy app data, a little dangerous perhaps */
+        if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
+                goto err;
+        /* setup rbio, and wbio */
+        if (s->rbio != NULL)
+                {
+                if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
+                        goto err;
+                }
+        if (s->wbio != NULL)
+                {
+                if (s->wbio != s->rbio)
+                        {
+                        if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
+                                goto err;
+                        }
+                else
+                        ret->wbio=ret->rbio;
+                }
+        /* dup the cipher_list and cipher_list_by_id stacks */
+        if (s->cipher_list != NULL)
+                {
+                if ((ret->cipher_list=sk_dup(s->cipher_list)) == NULL)
+                        goto err;
+                }
+        if (s->cipher_list_by_id != NULL)
+                if ((ret->cipher_list_by_id=sk_dup(s->cipher_list_by_id))
+                        == NULL)
+                        goto err;
+        /* Dup the client_CA list */
+        if (s->client_CA != NULL)
+                {
+                if ((sk=sk_dup(s->client_CA)) == NULL) goto err;
+                ret->client_CA=sk;
+                for (i=0; i<sk_num(sk); i++)
+                        {
+                        xn=(X509_NAME *)sk_value(sk,i);
+                        if ((sk_value(sk,i)=(char *)X509_NAME_dup(xn)) == NULL)
+                                {
+                                X509_NAME_free(xn);
+                                goto err;
+                                }
+                        }
+                }
+        ret->shutdown=s->shutdown;
+        ret->state=s->state;
+        ret->handshake_func=s->handshake_func;
+        if (0)
+                {
+err:
+                if (ret != NULL) SSL_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+void ssl_clear_cipher_ctx(s)
+SSL *s;
+        {
+        if (s->enc_read_ctx != NULL)
+                {
+                EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
+                Free(s->enc_read_ctx);
+                s->enc_read_ctx=NULL;
+                }
+        if (s->enc_write_ctx != NULL)
+                {
+                EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
+                Free(s->enc_write_ctx);
+                s->enc_write_ctx=NULL;
+                }
+        }
+/* Fix this function so that it takes an optional type parameter */
+X509 *SSL_get_certificate(s)
+SSL *s;
+        {
+        if (s->cert != NULL)
+                return(s->cert->key->x509);
+        else
+                return(NULL);
+        }
+/* Fix this function so that it takes an optional type parameter */
+EVP_PKEY *SSL_get_privatekey(s)
+SSL *s;
+        {
+        if (s->cert != NULL)
+                return(s->cert->key->privatekey);
+        else
+                return(NULL);
+        }
+SSL_CIPHER *SSL_get_current_cipher(s)
+SSL *s;
+        {
+        if ((s->session != NULL) && (s->session->cipher != NULL))
+                return(s->session->cipher);
+        return(NULL);
+        }
+int ssl_init_wbio_buffer(s,push)
+SSL *s;
+int push;
+        {
+        BIO *bbio;
+        if (s->bbio == NULL)
+                {
+                bbio=BIO_new(BIO_f_buffer());
+                if (bbio == NULL) return(0);
+                s->bbio=bbio;
+                }
+        else
+                {
+                bbio=s->bbio;
+                if (s->bbio == s->wbio)
+                        s->wbio=BIO_pop(s->wbio);
+                }
+        BIO_reset(bbio);
+/*      if (!BIO_set_write_buffer_size(bbio,16*1024)) */
+        if (!BIO_set_read_buffer_size(bbio,1))
+                {
+                SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
+                return(0);
+                }
+        if (push)
+                {
+                if (s->wbio != bbio)
+                        s->wbio=BIO_push(bbio,s->wbio);
+                }
+        else
+                {
+                if (s->wbio == bbio)
+                        s->wbio=BIO_pop(bbio);
+                }
+        return(1);
+        }
+        
+void SSL_CTX_set_quiet_shutdown(ctx,mode)
+SSL_CTX *ctx;
+int mode;
+        {
+        ctx->quiet_shutdown=mode;
+        }
+int SSL_CTX_get_quiet_shutdown(ctx)
+SSL_CTX *ctx;
+        {
+        return(ctx->quiet_shutdown);
+        }
+void SSL_set_quiet_shutdown(s,mode)
+SSL *s;
+int mode;
+        {
+        s->quiet_shutdown=mode;
+        }
+int SSL_get_quiet_shutdown(s)
+SSL *s;
+        {
+        return(s->quiet_shutdown);
+        }
+void SSL_set_shutdown(s,mode)
+SSL *s;
+int mode;
+        {
+        s->shutdown=mode;
+        }
+int SSL_get_shutdown(s)
+SSL *s;
+        {
+        return(s->shutdown);
+        }
+int SSL_version(s)
+SSL *s;
+        {
+        return(s->version);
+        }
+SSL_CTX *SSL_get_SSL_CTX(ssl)
+SSL *ssl;
+        {
+        return(ssl->ctx);
+        }
+int SSL_CTX_set_default_verify_paths(ctx)
+SSL_CTX *ctx;
+        {
+        return(X509_STORE_set_default_paths(ctx->cert_store));
+        }
+int SSL_CTX_load_verify_locations(ctx,CAfile,CApath)
+SSL_CTX *ctx;
+char *CAfile;
+char *CApath;
+        {
+        return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
+        }
+void SSL_set_info_callback(ssl,cb)
+SSL *ssl;
+void (*cb)();
+        {
+        ssl->info_callback=cb;
+        }
+void (*SSL_get_info_callback(ssl))()
+SSL *ssl;
+        {
+        return(ssl->info_callback);
+        }
+int SSL_state(ssl)
+SSL *ssl;
+        {
+        return(ssl->state);
+        }
+void SSL_set_verify_result(ssl,arg)
+SSL *ssl;
+long arg;
+        {
+        ssl->verify_result=arg;
+        }
+long SSL_get_verify_result(ssl)
+SSL *ssl;
+        {
+        return(ssl->verify_result);
+        }
+int SSL_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+        ssl_meth_num++;
+        return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
+                &ssl_meth,argl,argp,new_func,dup_func,free_func));
+        }
+int SSL_set_ex_data(s,idx,arg)
+SSL *s;
+int idx;
+char *arg;
+        {
+        return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
+        }
+char *SSL_get_ex_data(s,idx)
+SSL *s;
+int idx;
+        {
+        return(CRYPTO_get_ex_data(&s->ex_data,idx));
+        }
+int SSL_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+        ssl_ctx_meth_num++;
+        return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
+                &ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
+        }
+int SSL_CTX_set_ex_data(s,idx,arg)
+SSL_CTX *s;
+int idx;
+char *arg;
+        {
+        return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
+        }
+char *SSL_CTX_get_ex_data(s,idx)
+SSL_CTX *s;
+int idx;
+        {
+        return(CRYPTO_get_ex_data(&s->ex_data,idx));
+        }
+#if defined(_WINDLL) && defined(WIN16)
+#include "../crypto/bio/bss_file.c"
+#endif
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
new file mode 100644
index 0000000000..b29517081b
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -0,0 +1,558 @@
+/* ssl/ssl_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_SSL_LOCL_H
+#define HEADER_SSL_LOCL_H
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <errno.h>
+#include "e_os.h"
+#include "buffer.h"
+#include "bio.h"
+#include "crypto.h"
+#include "evp.h"
+#include "stack.h"
+#include "x509.h"
+#include "err.h"
+#include "ssl.h"
+#define c2l(c,l)        (l = ((unsigned long)(*((c)++)))     , \
+                         l|=(((unsigned long)(*((c)++)))<< 8), \
+                         l|=(((unsigned long)(*((c)++)))<<16), \
+                         l|=(((unsigned long)(*((c)++)))<<24))
+/* NOTE - c is not incremented as per c2l */
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)    )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff))
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24, \
+                         l|=((unsigned long)(*((c)++)))<<16, \
+                         l|=((unsigned long)(*((c)++)))<< 8, \
+                         l|=((unsigned long)(*((c)++))))
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+/* NOTE - c is not incremented as per l2c */
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                                } \
+                        }
+#define n2s(c,s)        (s =((unsigned int)(*((c)++)))<< 8, \
+                         s|=((unsigned int)(*((c)++))))
+#define s2n(s,c)        (*((c)++)=(unsigned char)(((s)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((s)    )&0xff))
+#define n2l3(c,l)       (l =((unsigned long)(*((c)++)))<<16, \
+                         l|=((unsigned long)(*((c)++)))<< 8, \
+                         l|=((unsigned long)(*((c)++))))
+#define l2n3(l,c)       (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+/* LOCAL STUFF */
+#define SSL_DECRYPT     0
+#define SSL_ENCRYPT     1
+#define TWO_BYTE_BIT    0x80
+#define SEC_ESC_BIT     0x40
+#define TWO_BYTE_MASK   0x7fff
+#define THREE_BYTE_MASK 0x3fff
+#define INC32(a)        ((a)=((a)+1)&0xffffffffL)
+#define DEC32(a)        ((a)=((a)-1)&0xffffffffL)
+#define MAX_MAC_SIZE    20 /* up from 16 for SSLv3 */
+#define SSL_MKEY_MASK           0x0000001FL
+#define SSL_kRSA                0x00000001L /* RSA key exchange */
+#define SSL_kDHr                0x00000002L /* DH cert RSA CA cert */
+#define SSL_kDHd                0x00000004L /* DH cert DSA CA cert */
+#define SSL_kFZA                0x00000008L
+#define SSL_kEDH                0x00000010L /* tmp DH key no DH cert */
+#define SSL_EDH                 (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
+#define SSL_AUTH_MASK           0x000003e0L
+#define SSL_aRSA                0x00000020L /* Authenticate with RSA */
+#define SSL_aDSS                0x00000040L /* Authenticate with DSS */
+#define SSL_DSS                 SSL_aDSS
+#define SSL_aFZA                0x00000080L
+#define SSL_aNULL               0x00000100L /* no Authenticate, ADH */
+#define SSL_aDH                 0x00000200L /* no Authenticate, ADH */
+#define SSL_NULL                (SSL_eNULL)
+#define SSL_ADH                 (SSL_kEDH|SSL_aNULL)
+#define SSL_RSA                 (SSL_kRSA|SSL_aRSA)
+#define SSL_DH                  (SSL_kDHr|SSL_kDHd|SSL_kEDH)
+#define SSL_FZA                 (SSL_aFZA|SSL_kFZA|SSL_eFZA)
+#define SSL_ENC_MASK            0x0001Fc00L
+#define SSL_DES                 0x00000400L
+#define SSL_3DES                0x00000800L
+#define SSL_RC4                 0x00001000L
+#define SSL_RC2                 0x00002000L
+#define SSL_IDEA                0x00004000L
+#define SSL_eFZA                0x00008000L
+#define SSL_eNULL               0x00010000L
+#define SSL_MAC_MASK            0x00060000L
+#define SSL_MD5                 0x00020000L
+#define SSL_SHA1                0x00040000L
+#define SSL_SHA                 (SSL_SHA1)
+#define SSL_EXP_MASK            0x00300000L
+#define SSL_EXP                 0x00100000L
+#define SSL_NOT_EXP             0x00200000L
+#define SSL_EXPORT              SSL_EXP
+#define SSL_SSL_MASK            0x00c00000L
+#define SSL_SSLV2               0x00400000L
+#define SSL_SSLV3               0x00800000L
+#define SSL_STRONG_MASK         0x07000000L
+#define SSL_LOW                 0x01000000L
+#define SSL_MEDIUM              0x02000000L
+#define SSL_HIGH                0x04000000L
+/* we have used 0fffffff - 4 bits left to go */
+#define SSL_ALL                 0xffffffffL
+#define SSL_ALL_CIPHERS         (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
+                                SSL_MAC_MASK|SSL_EXP_MASK)
+/* Mostly for SSLv3 */
+#define SSL_PKEY_RSA_ENC        0
+#define SSL_PKEY_RSA_SIGN       1
+#define SSL_PKEY_DSA_SIGN       2
+#define SSL_PKEY_DH_RSA         3
+#define SSL_PKEY_DH_DSA         4
+#define SSL_PKEY_NUM            5
+/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
+ *          <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
+ * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
+ * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_aRSA <- RSA_ENC | RSA_SIGN
+ * SSL_aDSS <- DSA_SIGN
+ */
+/*
+#define CERT_INVALID            0
+#define CERT_PUBLIC_KEY         1
+#define CERT_PRIVATE_KEY        2
+*/
+typedef struct cert_pkey_st
+        {
+        X509 *x509;
+/*      EVP_PKEY *publickey; *//* when extracted */
+        EVP_PKEY *privatekey;
+        } CERT_PKEY;
+typedef struct cert_st
+        {
+        int cert_type;
+#ifdef undef
+        X509 *x509;
+        EVP_PKEY *publickey; /* when extracted */
+        EVP_PKEY *privatekey;
+        pkeys[SSL_PKEY_RSA_ENC].x509
+/*      pkeys[SSL_PKEY_RSA_ENC].publickey */
+        pkeys[SSL_PKEY_RSA_ENC].privatekey
+#endif
+        /* Current active set */
+        CERT_PKEY *key;
+        /* The following masks are for the key and auth
+         * algorithms that are supported by the certs below */
+        int valid;
+        unsigned long mask;
+        unsigned long export_mask;
+        RSA *rsa_tmp;
+        DH *dh_tmp;
+        RSA *(*rsa_tmp_cb)();
+        DH *(*dh_tmp_cb)();
+        CERT_PKEY pkeys[SSL_PKEY_NUM];
+        STACK *cert_chain;
+        int references;
+        } CERT;
+/*#define MAC_DEBUG     */
+/*#define ERR_DEBUG     */
+/*#define ABORT_DEBUG   */
+/*#define PKT_DEBUG 1   */
+/*#define DES_DEBUG     */
+/*#define DES_OFB_DEBUG */
+/*#define SSL_DEBUG     */
+/*#define RSA_DEBUG     */ 
+/*#define IDEA_DEBUG    */ 
+#ifndef NOPROTO
+#define FP_ICC  (int (*)(const void *,const void *))
+#else
+#define FP_ICC
+#endif
+#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
+                ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
+#define ssl_get_cipher_by_char(ssl,ptr) \
+                ((ssl)->method->get_cipher_by_char(ptr))
+/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
+ * It is a bit of a mess of functions, but hell, think of it as
+ * an opaque strucute :-) */
+typedef struct ssl3_enc_method
+        {
+        int (*enc)();
+        int (*mac)();
+        int (*setup_key_block)();
+        int (*generate_master_secret)();
+        int (*change_cipher_state)();
+        int (*final_finish_mac)();
+        int finish_mac_length;
+        int (*cert_verify_mac)();
+        unsigned char client_finished[20];
+        int client_finished_len;
+        unsigned char server_finished[20];
+        int server_finished_len;
+        int (*alert_value)();
+        } SSL3_ENC_METHOD;
+extern SSL3_ENC_METHOD ssl3_undef_enc_method;
+extern SSL_CIPHER ssl2_ciphers[];
+extern SSL_CIPHER ssl3_ciphers[];
+#ifndef NOPROTO
+SSL_METHOD *ssl_bad_method(int ver);
+SSL_METHOD *sslv2_base_method(void);
+SSL_METHOD *sslv23_base_method(void);
+SSL_METHOD *sslv3_base_method(void);
+void ssl_clear_cipher_ctx(SSL *s);
+int ssl_clear_bad_session(SSL *s);
+CERT *ssl_cert_new(void);
+void ssl_cert_free(CERT *c);
+int ssl_set_cert_type(CERT *c, int type);
+int ssl_get_new_session(SSL *s, int session);
+int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
+int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b);
+int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp);
+STACK *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,STACK **skp);
+int ssl_cipher_list_to_bytes(SSL *s,STACK *sk,unsigned char *p);
+STACK *ssl_create_cipher_list(SSL_METHOD *meth,STACK **pref,
+        STACK **sorted,char *str);
+void ssl_update_cache(SSL *s, int mode);
+int ssl_cipher_get_evp(SSL_CIPHER *c, EVP_CIPHER **enc, EVP_MD **md);
+int ssl_verify_cert_chain(SSL *s,STACK *sk);
+int ssl_undefined_function(SSL *s);
+X509 *ssl_get_server_send_cert(SSL *);
+EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
+int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
+void ssl_set_cert_masks(CERT *c);
+STACK *ssl_get_ciphers_by_id(SSL *s);
+int ssl_verify_alarm_type(long type);
+int ssl2_enc_init(SSL *s, int client);
+void ssl2_generate_key_material(SSL *s);
+void ssl2_enc(SSL *s,int send_data);
+void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
+SSL_CIPHER *ssl2_get_cipher_by_char(unsigned char *p);
+int ssl2_put_cipher_by_char(SSL_CIPHER *c,unsigned char *p);
+int ssl2_part_read(SSL *s, unsigned long f, int i);
+int ssl2_do_write(SSL *s);
+int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data);
+void ssl2_return_error(SSL *s,int reason);
+void ssl2_write_error(SSL *s);
+int ssl2_num_ciphers(void);
+SSL_CIPHER *ssl2_get_cipher(unsigned int u);
+int     ssl2_new(SSL *s);
+void    ssl2_free(SSL *s);
+int     ssl2_accept(SSL *s);
+int     ssl2_connect(SSL *s);
+int     ssl2_read(SSL *s, char *buf, int len);
+int     ssl2_peek(SSL *s, char *buf, int len);
+int     ssl2_write(SSL *s, char *buf, int len);
+int     ssl2_shutdown(SSL *s);
+void    ssl2_clear(SSL *s);
+long    ssl2_ctrl(SSL *s,int cmd, long larg, char *parg);
+long    ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
+int     ssl2_pending(SSL *s);
+SSL_CIPHER *ssl3_get_cipher_by_char(unsigned char *p);
+int ssl3_put_cipher_by_char(SSL_CIPHER *c,unsigned char *p);
+void ssl3_init_finished_mac(SSL *s);
+int ssl3_send_server_certificate(SSL *s);
+int ssl3_get_finished(SSL *s,int state_a,int state_b);
+int ssl3_setup_key_block(SSL *s);
+int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
+int ssl3_change_cipher_state(SSL *s,int which);
+void ssl3_cleanup_key_block(SSL *s);
+int ssl3_do_write(SSL *s,int type);
+void ssl3_send_alert(SSL *s,int level, int desc);
+int ssl3_generate_master_secret(SSL *s, unsigned char *out,
+        unsigned char *p, int len);
+int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
+long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
+int ssl3_send_finished(SSL *s, int a, int b, unsigned char *sender,int slen);
+int ssl3_num_ciphers(void);
+SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+int ssl3_renegotiate(SSL *ssl); 
+int ssl3_renegotiate_check(SSL *ssl); 
+int ssl3_dispatch_alert(SSL *s);
+int ssl3_read_bytes(SSL *s, int type, char *buf, int len);
+int ssl3_part_read(SSL *s, int i);
+int ssl3_write_bytes(SSL *s, int type, char *buf, int len);
+int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1,EVP_MD_CTX *ctx2,
+        unsigned char *sender, int slen,unsigned char *p);
+int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
+void ssl3_finish_mac(SSL *s, unsigned char *buf, int len);
+int ssl3_enc(SSL *s, int send_data);
+int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
+unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
+SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK *have,STACK *pref);
+int     ssl3_setup_buffers(SSL *s);
+int     ssl3_new(SSL *s);
+void    ssl3_free(SSL *s);
+int     ssl3_accept(SSL *s);
+int     ssl3_connect(SSL *s);
+int     ssl3_read(SSL *s, char *buf, int len);
+int     ssl3_peek(SSL *s,char *buf, int len);
+int     ssl3_write(SSL *s, char *buf, int len);
+int     ssl3_shutdown(SSL *s);
+void    ssl3_clear(SSL *s);
+long    ssl3_ctrl(SSL *s,int cmd, long larg, char *parg);
+long    ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
+int     ssl3_pending(SSL *s);
+int ssl23_accept(SSL *s);
+int ssl23_connect(SSL *s);
+int ssl23_read_bytes(SSL *s, int n);
+int ssl23_write_bytes(SSL *s);
+int tls1_new(SSL *s);
+void tls1_free(SSL *s);
+void tls1_clear(SSL *s);
+long tls1_ctrl(SSL *s,int cmd, long larg, char *parg);
+SSL_METHOD *tlsv1_base_method(void );
+int ssl_init_wbio_buffer(SSL *s, int push);
+int tls1_change_cipher_state(SSL *s, int which);
+int tls1_setup_key_block(SSL *s);
+int tls1_enc(SSL *s, int snd);
+int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+        unsigned char *str, int slen, unsigned char *p);
+int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
+int tls1_mac(SSL *ssl, unsigned char *md, int snd);
+int tls1_generate_master_secret(SSL *s, unsigned char *out,
+        unsigned char *p, int len);
+int tls1_alert_code(int code);
+int ssl3_alert_code(int code);
+#else
+SSL_METHOD *ssl_bad_method();
+SSL_METHOD *sslv2_base_method();
+SSL_METHOD *sslv23_base_method();
+SSL_METHOD *sslv3_base_method();
+void ssl_clear_cipher_ctx();
+int ssl_clear_bad_session();
+CERT *ssl_cert_new();
+void ssl_cert_free();
+int ssl_set_cert_type();
+int ssl_get_new_session();
+int ssl_get_prev_session();
+int ssl_cipher_id_cmp();
+int ssl_cipher_ptr_id_cmp();
+STACK *ssl_bytes_to_cipher_list();
+int ssl_cipher_list_to_bytes();
+STACK *ssl_create_cipher_list();
+void ssl_update_cache();
+int ssl_session_get_ciphers();
+int ssl_verify_cert_chain();
+int ssl_undefined_function();
+X509 *ssl_get_server_send_cert();
+EVP_PKEY *ssl_get_sign_pkey();
+int ssl_cert_type();
+void ssl_set_cert_masks();
+STACK *ssl_get_ciphers_by_id();
+int ssl_verify_alarm_type();
+int ssl2_enc_init();
+void ssl2_generate_key_material();
+void ssl2_enc();
+void ssl2_mac();
+SSL_CIPHER *ssl2_get_cipher_by_char();
+int ssl2_put_cipher_by_char();
+int ssl2_part_read();
+int ssl2_do_write();
+int ssl2_set_certificate();
+void ssl2_return_error();
+void ssl2_write_error();
+int ssl2_num_ciphers();
+SSL_CIPHER *ssl2_get_cipher();
+int     ssl2_new();
+void    ssl2_free();
+int     ssl2_accept();
+int     ssl2_connect();
+int     ssl2_read();
+int     ssl2_peek();
+int     ssl2_write();
+int     ssl2_shutdown();
+void    ssl2_clear();
+long    ssl2_ctrl();
+long    ssl2_ctx_ctrl();
+int     ssl2_pending();
+SSL_CIPHER *ssl3_get_cipher_by_char();
+int ssl3_put_cipher_by_char();
+void ssl3_init_finished_mac();
+int ssl3_send_server_certificate();
+int ssl3_get_finished();
+int ssl3_setup_key_block();
+int ssl3_send_change_cipher_spec();
+int ssl3_change_cipher_state();
+void ssl3_cleanup_key_block();
+int ssl3_do_write();
+void ssl3_send_alert();
+int ssl3_generate_master_secret();
+int ssl3_get_req_cert_type();
+long ssl3_get_message();
+int ssl3_send_finished();
+int ssl3_num_ciphers();
+SSL_CIPHER *ssl3_get_cipher();
+int ssl3_renegotiate();
+int ssl3_renegotiate_check();
+int ssl3_dispatch_alert();
+int ssl3_read_bytes();
+int ssl3_part_read();
+int ssl3_write_bytes();
+int ssl3_final_finish_mac();
+void ssl3_finish_mac();
+int ssl3_enc();
+int ssl3_mac();
+unsigned long ssl3_output_cert_chain();
+SSL_CIPHER *ssl3_choose_cipher();
+int     ssl3_setup_buffers();
+int     ssl3_new();
+void    ssl3_free();
+int     ssl3_accept();
+int     ssl3_connect();
+int     ssl3_read();
+int     ssl3_peek();
+int     ssl3_write();
+int     ssl3_shutdown();
+void    ssl3_clear();
+long    ssl3_ctrl();
+long    ssl3_ctx_ctrl();
+int     ssl3_pending();
+int ssl23_accept();
+int ssl23_connect();
+int ssl23_read_bytes();
+int ssl23_write_bytes();
+int ssl_init_wbio_buffer();
+#endif
+#endif
diff --git a/src/lib/libssl/src/ssl/ssl_rsa.c b/src/lib/libssl/src/ssl/ssl_rsa.c
new file mode 100644
index 0000000000..140475e5fb
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl_rsa.c
@@ -0,0 +1,831 @@
+/* ssl/ssl_rsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bio.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+#include "ssl_locl.h"
+#ifndef NOPROTO
+static int ssl_set_cert(CERT *c, X509 *x509);
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
+#else
+static int ssl_set_cert();
+static int ssl_set_pkey();
+#endif
+int SSL_use_certificate(ssl, x)
+SSL *ssl;
+X509 *x;
+        {
+        CERT *c;
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
+                {
+                c=ssl_cert_new();
+                if (c == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
+                ssl->cert=c;
+                }
+        c=ssl->cert;
+        return(ssl_set_cert(c,x));
+        }
+#ifndef NO_STDIO
+int SSL_use_certificate_file(ssl, file, type)
+SSL *ssl;
+char *file;
+int type;
+        {
+        int j;
+        BIO *in;
+        int ret=0;
+        X509 *x=NULL;
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if (type == SSL_FILETYPE_ASN1)
+                {
+                j=ERR_R_ASN1_LIB;
+                x=d2i_X509_bio(in,NULL);
+                }
+        else if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
+                goto end;
+                }
+        ret=SSL_use_certificate(ssl,x);
+end:
+        if (x != NULL) X509_free(x);
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+int SSL_use_certificate_ASN1(ssl, len, d)
+SSL *ssl;
+int len;
+unsigned char *d;
+        {
+        X509 *x;
+        int ret;
+        x=d2i_X509(NULL,&d,(long)len);
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+        ret=SSL_use_certificate(ssl,x);
+        X509_free(x);
+        return(ret);
+        }
+#ifndef NO_RSA
+int SSL_use_RSAPrivateKey(ssl, rsa)
+SSL *ssl;
+RSA *rsa;
+        {
+        CERT *c;
+        EVP_PKEY *pkey;
+        int ret;
+        if (rsa == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
+                {
+                c=ssl_cert_new();
+                if (c == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
+                ssl->cert=c;
+                }
+        c=ssl->cert;
+        if ((pkey=EVP_PKEY_new()) == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
+                return(0);
+                }
+        CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+        EVP_PKEY_assign_RSA(pkey,rsa);
+        ret=ssl_set_pkey(c,pkey);
+        EVP_PKEY_free(pkey);
+        return(ret);
+        }
+#endif
+static int ssl_set_pkey(c,pkey)
+CERT *c;
+EVP_PKEY *pkey;
+        {
+        int i,ok=0,bad=0;
+        i=ssl_cert_type(NULL,pkey);
+        if (i < 0)
+                {
+                SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+                return(0);
+                }
+        if (c->pkeys[i].x509 != NULL)
+                {
+#ifndef NO_RSA
+                /* Don't check the public/private key, this is mostly
+                 * for smart cards. */
+                if ((pkey->type == EVP_PKEY_RSA) &&
+                        (RSA_flags(pkey->pkey.rsa) &
+                         RSA_METHOD_FLAG_NO_CHECK))
+                         ok=1;
+                else
+#endif
+                        if (!X509_check_private_key(c->pkeys[i].x509,pkey))
+                        {
+                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
+                                {
+                                i=(i == SSL_PKEY_DH_RSA)?
+                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
+                                if (c->pkeys[i].x509 == NULL)
+                                        ok=1;
+                                else
+                                        {
+                                        if (!X509_check_private_key(
+                                                c->pkeys[i].x509,pkey))
+                                                bad=1;
+                                        else
+                                                ok=1;
+                                        }
+                                }
+                        else
+                                bad=1;
+                        }
+                else
+                        ok=1;
+                }
+        else
+                ok=1;
+        if (bad)
+                {
+                X509_free(c->pkeys[i].x509);
+                c->pkeys[i].x509=NULL;
+                return(0);
+                }
+        if (c->pkeys[i].privatekey != NULL)
+                EVP_PKEY_free(c->pkeys[i].privatekey);
+        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+        c->pkeys[i].privatekey=pkey;
+        c->key= &(c->pkeys[i]);
+        c->valid=0;
+        return(1);
+        }
+#ifndef NO_RSA
+#ifndef NO_STDIO
+int SSL_use_RSAPrivateKey_file(ssl, file, type)
+SSL *ssl;
+char *file;
+int type;
+        {
+        int j,ret=0;
+        BIO *in;
+        RSA *rsa=NULL;
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if      (type == SSL_FILETYPE_ASN1)
+                {
+                j=ERR_R_ASN1_LIB;
+                rsa=d2i_RSAPrivateKey_bio(in,NULL);
+                }
+        else if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
+                        ssl->ctx->default_passwd_callback);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (rsa == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
+                goto end;
+                }
+        ret=SSL_use_RSAPrivateKey(ssl,rsa);
+        RSA_free(rsa);
+end:
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+int SSL_use_RSAPrivateKey_ASN1(ssl,d,len)
+SSL *ssl;
+unsigned char *d;
+long len;
+        {
+        int ret;
+        unsigned char *p;
+        RSA *rsa;
+        p=d;
+        if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+        ret=SSL_use_RSAPrivateKey(ssl,rsa);
+        RSA_free(rsa);
+        return(ret);
+        }
+#endif /* !NO_RSA */
+int SSL_use_PrivateKey(ssl, pkey)
+SSL *ssl;
+EVP_PKEY *pkey;
+        {
+        CERT *c;
+        int ret;
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
+                {
+                c=ssl_cert_new();
+                if (c == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
+                ssl->cert=c;
+                }
+        c=ssl->cert;
+        ret=ssl_set_pkey(c,pkey);
+        return(ret);
+        }
+#ifndef NO_STDIO
+int SSL_use_PrivateKey_file(ssl, file, type)
+SSL *ssl;
+char *file;
+int type;
+        {
+        int j,ret=0;
+        BIO *in;
+        EVP_PKEY *pkey=NULL;
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                pkey=PEM_read_bio_PrivateKey(in,NULL,
+                        ssl->ctx->default_passwd_callback);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
+                goto end;
+                }
+        ret=SSL_use_PrivateKey(ssl,pkey);
+        EVP_PKEY_free(pkey);
+end:
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+int SSL_use_PrivateKey_ASN1(type,ssl,d,len)
+int type;
+SSL *ssl;
+unsigned char *d;
+long len;
+        {
+        int ret;
+        unsigned char *p;
+        EVP_PKEY *pkey;
+        p=d;
+        if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+        ret=SSL_use_PrivateKey(ssl,pkey);
+        EVP_PKEY_free(pkey);
+        return(ret);
+        }
+int SSL_CTX_use_certificate(ctx, x)
+SSL_CTX *ctx;
+X509 *x;
+        {
+        CERT *c;
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if (ctx->default_cert == NULL)
+                {
+                c=ssl_cert_new();
+                if (c == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                ctx->default_cert=c;
+                }
+        c=ctx->default_cert;
+        return(ssl_set_cert(c,x));
+        }
+static int ssl_set_cert(c,x)
+CERT *c;
+X509 *x;
+        {
+        EVP_PKEY *pkey;
+        int i,ok=0,bad=0;
+        pkey=X509_get_pubkey(x);
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
+                return(0);
+                }
+        i=ssl_cert_type(x,pkey);
+        if (i < 0)
+                {
+                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+                return(0);
+                }
+        if (c->pkeys[i].privatekey != NULL)
+                {
+                if (!X509_check_private_key(x,c->pkeys[i].privatekey))
+                        {
+                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
+                                {
+                                i=(i == SSL_PKEY_DH_RSA)?
+                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
+                                if (c->pkeys[i].privatekey == NULL)
+                                        ok=1;
+                                else
+                                        {
+                                        if (!X509_check_private_key(x,
+                                                c->pkeys[i].privatekey))
+                                                bad=1;
+                                        else
+                                                ok=1;
+                                        }
+                                }
+                        else
+                                bad=1;
+                        }
+                else
+                        ok=1;
+                }
+        else
+                ok=1;
+        if (bad)
+                {
+                EVP_PKEY_free(c->pkeys[i].privatekey);
+                c->pkeys[i].privatekey=NULL;
+                }
+        if (c->pkeys[i].x509 != NULL)
+                X509_free(c->pkeys[i].x509);
+        CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+        c->pkeys[i].x509=x;
+        c->key= &(c->pkeys[i]);
+        c->valid=0;
+        return(1);
+        }
+#ifndef NO_STDIO
+int SSL_CTX_use_certificate_file(ctx, file, type)
+SSL_CTX *ctx;
+char *file;
+int type;
+        {
+        int j;
+        BIO *in;
+        int ret=0;
+        X509 *x=NULL;
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if (type == SSL_FILETYPE_ASN1)
+                {
+                j=ERR_R_ASN1_LIB;
+                x=d2i_X509_bio(in,NULL);
+                }
+        else if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
+                goto end;
+                }
+        ret=SSL_CTX_use_certificate(ctx,x);
+end:
+        if (x != NULL) X509_free(x);
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+int SSL_CTX_use_certificate_ASN1(ctx, len, d)
+SSL_CTX *ctx;
+int len;
+unsigned char *d;
+        {
+        X509 *x;
+        int ret;
+        x=d2i_X509(NULL,&d,(long)len);
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+        ret=SSL_CTX_use_certificate(ctx,x);
+        X509_free(x);
+        return(ret);
+        }
+#ifndef NO_RSA
+int SSL_CTX_use_RSAPrivateKey(ctx, rsa)
+SSL_CTX *ctx;
+RSA *rsa;
+        {
+        int ret;
+        CERT *c;
+        EVP_PKEY *pkey;
+        if (rsa == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if (ctx->default_cert == NULL)
+                {
+                c=ssl_cert_new();
+                if (c == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                ctx->default_cert=c;
+                }
+        c=ctx->default_cert;
+        if ((pkey=EVP_PKEY_new()) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
+                return(0);
+                }
+        CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+        EVP_PKEY_assign_RSA(pkey,rsa);
+        ret=ssl_set_pkey(c,pkey);
+        EVP_PKEY_free(pkey);
+        return(ret);
+        }
+#ifndef NO_STDIO
+int SSL_CTX_use_RSAPrivateKey_file(ctx, file, type)
+SSL_CTX *ctx;
+char *file;
+int type;
+        {
+        int j,ret=0;
+        BIO *in;
+        RSA *rsa=NULL;
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if      (type == SSL_FILETYPE_ASN1)
+                {
+                j=ERR_R_ASN1_LIB;
+                rsa=d2i_RSAPrivateKey_bio(in,NULL);
+                }
+        else if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
+                        ctx->default_passwd_callback);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (rsa == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
+                goto end;
+                }
+        ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
+        RSA_free(rsa);
+end:
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+int SSL_CTX_use_RSAPrivateKey_ASN1(ctx,d,len)
+SSL_CTX *ctx;
+unsigned char *d;
+long len;
+        {
+        int ret;
+        unsigned char *p;
+        RSA *rsa;
+        p=d;
+        if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+        ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
+        RSA_free(rsa);
+        return(ret);
+        }
+#endif /* !NO_RSA */
+int SSL_CTX_use_PrivateKey(ctx, pkey)
+SSL_CTX *ctx;
+EVP_PKEY *pkey;
+        {
+        CERT *c;
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+                
+        if (ctx->default_cert == NULL)
+                {
+                c=ssl_cert_new();
+                if (c == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                ctx->default_cert=c;
+                }
+        c=ctx->default_cert;
+        return(ssl_set_pkey(c,pkey));
+        }
+#ifndef NO_STDIO
+int SSL_CTX_use_PrivateKey_file(ctx, file, type)
+SSL_CTX *ctx;
+char *file;
+int type;
+        {
+        int j,ret=0;
+        BIO *in;
+        EVP_PKEY *pkey=NULL;
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                pkey=PEM_read_bio_PrivateKey(in,NULL,
+                        ctx->default_passwd_callback);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
+                goto end;
+                }
+        ret=SSL_CTX_use_PrivateKey(ctx,pkey);
+        EVP_PKEY_free(pkey);
+end:
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+int SSL_CTX_use_PrivateKey_ASN1(type,ctx,d,len)
+int type;
+SSL_CTX *ctx;
+unsigned char *d;
+long len;
+        {
+        int ret;
+        unsigned char *p;
+        EVP_PKEY *pkey;
+        p=d;
+        if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+        ret=SSL_CTX_use_PrivateKey(ctx,pkey);
+        EVP_PKEY_free(pkey);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
new file mode 100644
index 0000000000..8212600e40
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -0,0 +1,582 @@
+/* ssl/ssl_sess.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "lhash.h"
+#include "rand.h"
+#include "ssl_locl.h"
+#ifndef NOPROTO
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
+static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
+#else
+static void SSL_SESSION_list_remove();
+static void SSL_SESSION_list_add();
+#endif
+static ssl_session_num=0;
+static STACK *ssl_session_meth=NULL;
+SSL_SESSION *SSL_get_session(ssl)
+SSL *ssl;
+        {
+        return(ssl->session);
+        }
+int SSL_SESSION_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+        ssl_session_num++;
+        return(CRYPTO_get_ex_new_index(ssl_session_num-1,
+                &ssl_session_meth,
+                argl,argp,new_func,dup_func,free_func));
+        }
+int SSL_SESSION_set_ex_data(s,idx,arg)
+SSL_SESSION *s;
+int idx;
+char *arg;
+        {
+        return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
+        }
+char *SSL_SESSION_get_ex_data(s,idx)
+SSL_SESSION *s;
+int idx;
+        {
+        return(CRYPTO_get_ex_data(&s->ex_data,idx));
+        }
+SSL_SESSION *SSL_SESSION_new()
+        {
+        SSL_SESSION *ss;
+        ss=(SSL_SESSION *)Malloc(sizeof(SSL_SESSION));
+        if (ss == NULL)
+                {
+                SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        memset(ss,0,sizeof(SSL_SESSION));
+        ss->references=1;
+        ss->timeout=60*5+4; /* 5 minute timeout by default */
+        ss->time=time(NULL);
+        ss->prev=NULL;
+        ss->next=NULL;
+        CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
+        return(ss);
+        }
+int ssl_get_new_session(s, session)
+SSL *s;
+int session;
+        {
+        SSL_SESSION *ss=NULL;
+        if ((ss=SSL_SESSION_new()) == NULL) return(0);
+        /* If the context has a default timeout, use it */
+        if (s->ctx->session_timeout != 0)
+                ss->timeout=SSL_get_default_timeout(s);
+        if (s->session != NULL)
+                {
+                SSL_SESSION_free(s->session);
+                s->session=NULL;
+                }
+        if (session)
+                {
+                if (s->version == SSL2_CLIENT_VERSION)
+                        {
+                        ss->ssl_version=SSL2_VERSION;
+                        ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
+                        }
+                else if (s->version == SSL3_VERSION)
+                        {
+                        ss->ssl_version=SSL3_VERSION;
+                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+                        }
+                else if (s->version == TLS1_VERSION)
+                        {
+                        ss->ssl_version=TLS1_VERSION;
+                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
+                        SSL_SESSION_free(ss);
+                        return(0);
+                        }
+                for (;;)
+                        {
+                        SSL_SESSION *r;
+                        RAND_bytes(ss->session_id,ss->session_id_length);
+                        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+                        r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,
+                                (char *)ss);
+                        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+                        if (r == NULL) break;
+                        /* else - woops a session_id match */
+                        }
+                }
+        else
+                {
+                ss->session_id_length=0;
+                }
+        s->session=ss;
+        ss->ssl_version=s->version;
+        return(1);
+        }
+int ssl_get_prev_session(s,session_id,len)
+SSL *s;
+unsigned char *session_id;
+int len;
+        {
+        SSL_SESSION *ret=NULL,data;
+        /* conn_init();*/
+        data.ssl_version=s->version;
+        data.session_id_length=len;
+        if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
+                return(0);
+        memcpy(data.session_id,session_id,len);;
+        if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+                {
+                CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+                ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data);
+                CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+                }
+        if (ret == NULL)
+                {
+                int copy=1;
+                s->ctx->sess_miss++;
+                ret=NULL;
+                if ((s->ctx->get_session_cb != NULL) &&
+                        ((ret=s->ctx->get_session_cb(s,session_id,len,&copy))
+                                != NULL))
+                        {
+                        s->ctx->sess_cb_hit++;
+                        /* The following should not return 1, otherwise,
+                         * things are very strange */
+                        SSL_CTX_add_session(s->ctx,ret);
+                        /* auto free it */
+                        if (!copy)
+                                SSL_SESSION_free(ret);
+                        }
+                if (ret == NULL) return(0);
+                }
+        if (ret->cipher == NULL)
+                {
+                char buf[5],*p;
+                unsigned long l;
+                p=buf;
+                l=ret->cipher_id;
+                l2n(l,p);
+                if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
+                        ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
+                else 
+                        ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
+                if (ret->cipher == NULL)
+                        return(0);
+                }
+        /* If a thread got the session, then 'swaped', and another got
+         * it and then due to a time-out decided to 'Free' it we could
+         * be in trouble.  So I'll increment it now, then double decrement
+         * later - am I speaking rubbish?. */
+        CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+        if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
+                {
+                s->ctx->sess_timeout++;
+                /* remove it from the cache */
+                SSL_CTX_remove_session(s->ctx,ret);
+                SSL_SESSION_free(ret);          /* again to actually Free it */
+                return(0);
+                }
+        s->ctx->sess_hit++;
+        /* ret->time=time(NULL); */ /* rezero timeout? */
+        /* again, just leave the session 
+         * if it is the same session, we have just incremented and
+         * then decremented the reference count :-) */
+        if (s->session != NULL)
+                SSL_SESSION_free(s->session);
+        s->session=ret;
+        return(1);
+        }
+int SSL_CTX_add_session(ctx,c)
+SSL_CTX *ctx;
+SSL_SESSION *c;
+        {
+        int ret=0;
+        SSL_SESSION *s;
+        /* conn_init(); */
+        CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
+        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+        s=(SSL_SESSION *)lh_insert(ctx->sessions,(char *)c);
+        
+        /* Put on the end of the queue unless it is already in the cache */
+        if (s == NULL)
+                SSL_SESSION_list_add(ctx,c);
+        /* If the same session if is being 're-added', Free the old
+         * one when the last person stops using it.
+         * This will also work if it is alread in the cache.
+         * The references will go up and then down :-) */
+        if (s != NULL)
+                {
+                SSL_SESSION_free(s);
+                ret=0;
+                }
+        else
+                {
+                ret=1;
+                if (SSL_CTX_sess_get_cache_size(ctx) > 0)
+                        {
+                        while (SSL_CTX_sess_number(ctx) >
+                                SSL_CTX_sess_get_cache_size(ctx))
+                                {
+                                if (!SSL_CTX_remove_session(ctx,
+                                        ctx->session_cache_tail))
+                                        break;
+                                else
+                                        ctx->sess_cache_full++;
+                                }
+                        }
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+        return(ret);
+        }
+int SSL_CTX_remove_session(ctx,c)
+SSL_CTX *ctx;
+SSL_SESSION *c;
+        {
+        SSL_SESSION *r;
+        int ret=0;
+        if ((c != NULL) && (c->session_id_length != 0))
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+                r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c);
+                if (r != NULL)
+                        {
+                        ret=1;
+                        SSL_SESSION_list_remove(ctx,c);
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+                if (ret)
+                        {
+                        r->not_resumable=1;
+                        if (ctx->remove_session_cb != NULL)
+                                ctx->remove_session_cb(ctx,r);
+                        SSL_SESSION_free(r);
+                        }
+                }
+        else
+                ret=0;
+        return(ret);
+        }
+void SSL_SESSION_free(ss)
+SSL_SESSION *ss;
+        {
+        int i;
+        i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
+#ifdef REF_PRINT
+        REF_PRINT("SSL_SESSION",ss);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+        CRYPTO_free_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
+        memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
+        memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
+        memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
+        if (ss->cert != NULL) ssl_cert_free(ss->cert);
+        if (ss->peer != NULL) X509_free(ss->peer);
+        if (ss->ciphers != NULL) sk_free(ss->ciphers);
+        memset(ss,0,sizeof(*ss));
+        Free(ss);
+        }
+int SSL_set_session(s, session)
+SSL *s;
+SSL_SESSION *session;
+        {
+        int ret=0;
+        SSL_METHOD *meth;
+        if (session != NULL)
+                {
+                meth=s->ctx->method->get_ssl_method(session->ssl_version);
+                if (meth == NULL)
+                        meth=s->method->get_ssl_method(session->ssl_version);
+                if (meth == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
+                        return(0);
+                        }
+                if (meth != s->method)
+                        {
+                        if (!SSL_set_ssl_method(s,meth))
+                                return(0);
+                        session->timeout=SSL_get_default_timeout(s);
+                        }
+                /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
+                CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
+                if (s->session != NULL)
+                        SSL_SESSION_free(s->session);
+                s->session=session;
+                /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
+                ret=1;
+                }
+        else
+                {
+                if (s->session != NULL)
+                        {
+                        SSL_SESSION_free(s->session);
+                        s->session=NULL;
+                        }
+                }
+        return(ret);
+        }
+long SSL_SESSION_set_timeout(s,t)
+SSL_SESSION *s;
+long t;
+        {
+        if (s == NULL) return(0);
+        s->timeout=t;
+        return(1);
+        }
+long SSL_SESSION_get_timeout(s)
+SSL_SESSION *s;
+        {
+        if (s == NULL) return(0);
+        return(s->timeout);
+        }
+long SSL_SESSION_get_time(s)
+SSL_SESSION *s;
+        {
+        if (s == NULL) return(0);
+        return(s->time);
+        }
+long SSL_SESSION_set_time(s,t)
+SSL_SESSION *s;
+long t;
+        {
+        if (s == NULL) return(0);
+        s->time=t;
+        return(t);
+        }
+typedef struct timeout_param_st
+        {
+        SSL_CTX *ctx;
+        long time;
+        LHASH *cache;
+        } TIMEOUT_PARAM;
+static void timeout(s,p)
+SSL_SESSION *s;
+TIMEOUT_PARAM *p;
+        {
+        if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
+                {
+                /* The reason we don't call SSL_CTX_remove_session() is to
+                 * save on locking overhead */
+                lh_delete(p->cache,(char *)s);
+                SSL_SESSION_list_remove(p->ctx,s);
+                s->not_resumable=1;
+                if (p->ctx->remove_session_cb != NULL)
+                        p->ctx->remove_session_cb(p->ctx,s);
+                SSL_SESSION_free(s);
+                }
+        }
+void SSL_CTX_flush_sessions(s,t)
+SSL_CTX *s;
+long t;
+        {
+        unsigned long i;
+        TIMEOUT_PARAM tp;
+        tp.ctx=s;
+        tp.cache=SSL_CTX_sessions(s);
+        if (tp.cache == NULL) return;
+        tp.time=t;
+        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+        i=tp.cache->down_load;
+        tp.cache->down_load=0;
+        lh_doall_arg(tp.cache,(void (*)())timeout,(char *)&tp);
+        tp.cache->down_load=i;
+        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+        }
+int ssl_clear_bad_session(s)
+SSL *s;
+        {
+        if (    (s->session != NULL) &&
+                !(s->shutdown & SSL_SENT_SHUTDOWN) &&
+                !(SSL_in_init(s) || SSL_in_before(s)))
+                {
+                SSL_CTX_remove_session(s->ctx,s->session);
+                return(1);
+                }
+        else
+                return(0);
+        }
+/* locked by SSL_CTX in the calling function */
+static void SSL_SESSION_list_remove(ctx,s)
+SSL_CTX *ctx;
+SSL_SESSION *s;
+        {
+        if ((s->next == NULL) || (s->prev == NULL)) return;
+        if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
+                { /* last element in list */
+                if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
+                        { /* only one element in list */
+                        ctx->session_cache_head=NULL;
+                        ctx->session_cache_tail=NULL;
+                        }
+                else
+                        {
+                        ctx->session_cache_tail=s->prev;
+                        s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
+                        }
+                }
+        else
+                {
+                if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
+                        { /* first element in list */
+                        ctx->session_cache_head=s->next;
+                        s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
+                        }
+                else
+                        { /* middle of list */
+                        s->next->prev=s->prev;
+                        s->prev->next=s->next;
+                        }
+                }
+        s->prev=s->next=NULL;
+        }
+static void SSL_SESSION_list_add(ctx,s)
+SSL_CTX *ctx;
+SSL_SESSION *s;
+        {
+        if ((s->next != NULL) && (s->prev != NULL))
+                SSL_SESSION_list_remove(ctx,s);
+        if (ctx->session_cache_head == NULL)
+                {
+                ctx->session_cache_head=s;
+                ctx->session_cache_tail=s;
+                s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
+                s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
+                }
+        else
+                {
+                s->next=ctx->session_cache_head;
+                s->next->prev=s;
+                s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
+                ctx->session_cache_head=s;
+                }
+        }
diff --git a/src/lib/libssl/src/ssl/ssl_stat.c b/src/lib/libssl/src/ssl/ssl_stat.c
new file mode 100644
index 0000000000..a1daf25dd4
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl_stat.c
@@ -0,0 +1,458 @@
+/* ssl/ssl_stat.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "ssl_locl.h"
+char *SSL_state_string_long(s)
+SSL *s;
+        {
+        char *str;
+        switch (s->state)
+                {
+case SSL_ST_BEFORE: str="before SSL initalisation"; break;
+case SSL_ST_ACCEPT: str="before accept initalisation"; break;
+case SSL_ST_CONNECT: str="before connect initalisation"; break;
+case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
+case SSL_ST_RENEGOTIATE:        str="SSL renegotiate ciphers"; break;
+case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initalisation"; break;
+case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initalisation"; break;
+case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initalisation"; break;
+case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initalisation"; break;
+#ifndef NO_SSL2
+case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
+case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
+case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
+case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
+case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
+case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
+case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
+case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
+case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
+case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
+case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
+case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
+case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
+case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
+case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
+case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
+case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
+case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
+case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
+case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
+case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
+case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
+case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
+case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
+case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
+case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
+case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
+#endif
+#ifndef NO_SSL3
+/* SSLv3 additions */
+case SSL3_ST_CW_CLNT_HELLO_A:   str="SSLv3 write client hello A"; break;
+case SSL3_ST_CW_CLNT_HELLO_B:   str="SSLv3 write client hello B"; break;
+case SSL3_ST_CR_SRVR_HELLO_A:   str="SSLv3 read server hello A"; break;
+case SSL3_ST_CR_SRVR_HELLO_B:   str="SSLv3 read server hello B"; break;
+case SSL3_ST_CR_CERT_A:         str="SSLv3 read server certificate A"; break;
+case SSL3_ST_CR_CERT_B:         str="SSLv3 read server certificate B"; break;
+case SSL3_ST_CR_KEY_EXCH_A:     str="SSLv3 read server key exchange A"; break;
+case SSL3_ST_CR_KEY_EXCH_B:     str="SSLv3 read server key exchange B"; break;
+case SSL3_ST_CR_CERT_REQ_A:     str="SSLv3 read server certificate request A"; break;
+case SSL3_ST_CR_CERT_REQ_B:     str="SSLv3 read server certificate request B"; break;
+case SSL3_ST_CR_SRVR_DONE_A:    str="SSLv3 read server done A"; break;
+case SSL3_ST_CR_SRVR_DONE_B:    str="SSLv3 read server done B"; break;
+case SSL3_ST_CW_CERT_A:         str="SSLv3 write client certificate A"; break;
+case SSL3_ST_CW_CERT_B:         str="SSLv3 write client certificate B"; break;
+case SSL3_ST_CW_KEY_EXCH_A:     str="SSLv3 write client key exchange A"; break;
+case SSL3_ST_CW_KEY_EXCH_B:     str="SSLv3 write client key exchange B"; break;
+case SSL3_ST_CW_CERT_VRFY_A:    str="SSLv3 write certificate verify A"; break;
+case SSL3_ST_CW_CERT_VRFY_B:    str="SSLv3 write certificate verify A"; break;
+case SSL3_ST_CW_CHANGE_A:
+case SSL3_ST_SW_CHANGE_A:       str="SSLv3 write change cipher spec A"; break;
+case SSL3_ST_CW_CHANGE_B:       
+case SSL3_ST_SW_CHANGE_B:       str="SSLv3 write change cipher spec B"; break;
+case SSL3_ST_CW_FINISHED_A:     
+case SSL3_ST_SW_FINISHED_A:     str="SSLv3 write finished A"; break;
+case SSL3_ST_CW_FINISHED_B:     
+case SSL3_ST_SW_FINISHED_B:     str="SSLv3 write finished A"; break;
+case SSL3_ST_CR_CHANGE_A:       
+case SSL3_ST_SR_CHANGE_A:       str="SSLv3 read change cipher spec A"; break;
+case SSL3_ST_CR_CHANGE_B:       
+case SSL3_ST_SR_CHANGE_B:       str="SSLv3 read change cipher spec B"; break;
+case SSL3_ST_CR_FINISHED_A:     
+case SSL3_ST_SR_FINISHED_A:     str="SSLv3 read finished A"; break;
+case SSL3_ST_CR_FINISHED_B:     
+case SSL3_ST_SR_FINISHED_B:     str="SSLv3 read finished B"; break;
+case SSL3_ST_CW_FLUSH:
+case SSL3_ST_SW_FLUSH:          str="SSLv3 flush data"; break;
+case SSL3_ST_SR_CLNT_HELLO_A:   str="SSLv3 read client hello A"; break;
+case SSL3_ST_SR_CLNT_HELLO_B:   str="SSLv3 read client hello B"; break;
+case SSL3_ST_SR_CLNT_HELLO_C:   str="SSLv3 read client hello C"; break;
+case SSL3_ST_SW_HELLO_REQ_A:    str="SSLv3 write hello request A"; break;
+case SSL3_ST_SW_HELLO_REQ_B:    str="SSLv3 write hello request B"; break;
+case SSL3_ST_SW_HELLO_REQ_C:    str="SSLv3 write hello request C"; break;
+case SSL3_ST_SW_SRVR_HELLO_A:   str="SSLv3 write server hello A"; break;
+case SSL3_ST_SW_SRVR_HELLO_B:   str="SSLv3 write server hello B"; break;
+case SSL3_ST_SW_CERT_A:         str="SSLv3 write certificate A"; break;
+case SSL3_ST_SW_CERT_B:         str="SSLv3 write certificate B"; break;
+case SSL3_ST_SW_KEY_EXCH_A:     str="SSLv3 write key exchange A"; break;
+case SSL3_ST_SW_KEY_EXCH_B:     str="SSLv3 write key exchange B"; break;
+case SSL3_ST_SW_CERT_REQ_A:     str="SSLv3 write certificate request A"; break;
+case SSL3_ST_SW_CERT_REQ_B:     str="SSLv3 write certificate request B"; break;
+case SSL3_ST_SW_SRVR_DONE_A:    str="SSLv3 write server done A"; break;
+case SSL3_ST_SW_SRVR_DONE_B:    str="SSLv3 write server done B"; break;
+case SSL3_ST_SR_CERT_A:         str="SSLv3 read client certificate A"; break;
+case SSL3_ST_SR_CERT_B:         str="SSLv3 read client certificate B"; break;
+case SSL3_ST_SR_KEY_EXCH_A:     str="SSLv3 read client key exchange A"; break;
+case SSL3_ST_SR_KEY_EXCH_B:     str="SSLv3 read client key exchange B"; break;
+case SSL3_ST_SR_CERT_VRFY_A:    str="SSLv3 read certificate verify A"; break;
+case SSL3_ST_SR_CERT_VRFY_B:    str="SSLv3 read certificate verify B"; break;
+#endif
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+/* SSLv2/v3 compatablitity states */
+/* client */
+case SSL23_ST_CW_CLNT_HELLO_A:  str="SSLv2/v3 write client hello A"; break;
+case SSL23_ST_CW_CLNT_HELLO_B:  str="SSLv2/v3 write client hello B"; break;
+case SSL23_ST_CR_SRVR_HELLO_A:  str="SSLv2/v3 read server hello A"; break;
+case SSL23_ST_CR_SRVR_HELLO_B:  str="SSLv2/v3 read server hello B"; break;
+/* server */
+case SSL23_ST_SR_CLNT_HELLO_A:  str="SSLv2/v3 read client hello A"; break;
+case SSL23_ST_SR_CLNT_HELLO_B:  str="SSLv2/v3 read client hello B"; break;
+#endif
+default:        str="unknown state"; break;
+                }
+        return(str);
+        }
+char *SSL_rstate_string_long(s)
+SSL *s;
+        {
+        char *str;
+        switch (s->rstate)
+                {
+        case SSL_ST_READ_HEADER: str="read header"; break;
+        case SSL_ST_READ_BODY: str="read body"; break;
+        case SSL_ST_READ_DONE: str="read done"; break;
+        default: str="unknown"; break;
+                }
+        return(str);
+        }
+char *SSL_state_string(s)
+SSL *s;
+        {
+        char *str;
+        switch (s->state)
+                {
+case SSL_ST_BEFORE:                             str="PINIT "; break;
+case SSL_ST_ACCEPT:                             str="AINIT "; break;
+case SSL_ST_CONNECT:                            str="CINIT "; break;
+case SSL_ST_OK:                                 str="SSLOK "; break;
+#ifndef NO_SSL2
+case SSL2_ST_CLIENT_START_ENCRYPTION:           str="2CSENC"; break;
+case SSL2_ST_SERVER_START_ENCRYPTION:           str="2SSENC"; break;
+case SSL2_ST_SEND_CLIENT_HELLO_A:               str="2SCH_A"; break;
+case SSL2_ST_SEND_CLIENT_HELLO_B:               str="2SCH_B"; break;
+case SSL2_ST_GET_SERVER_HELLO_A:                str="2GSH_A"; break;
+case SSL2_ST_GET_SERVER_HELLO_B:                str="2GSH_B"; break;
+case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:          str="2SCMKA"; break;
+case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:          str="2SCMKB"; break;
+case SSL2_ST_SEND_CLIENT_FINISHED_A:            str="2SCF_A"; break;
+case SSL2_ST_SEND_CLIENT_FINISHED_B:            str="2SCF_B"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:         str="2SCC_A"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:         str="2SCC_B"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:         str="2SCC_C"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:         str="2SCC_D"; break;
+case SSL2_ST_GET_SERVER_VERIFY_A:               str="2GSV_A"; break;
+case SSL2_ST_GET_SERVER_VERIFY_B:               str="2GSV_B"; break;
+case SSL2_ST_GET_SERVER_FINISHED_A:             str="2GSF_A"; break;
+case SSL2_ST_GET_SERVER_FINISHED_B:             str="2GSF_B"; break;
+case SSL2_ST_GET_CLIENT_HELLO_A:                str="2GCH_A"; break;
+case SSL2_ST_GET_CLIENT_HELLO_B:                str="2GCH_B"; break;
+case SSL2_ST_GET_CLIENT_HELLO_C:                str="2GCH_C"; break;
+case SSL2_ST_SEND_SERVER_HELLO_A:               str="2SSH_A"; break;
+case SSL2_ST_SEND_SERVER_HELLO_B:               str="2SSH_B"; break;
+case SSL2_ST_GET_CLIENT_MASTER_KEY_A:           str="2GCMKA"; break;
+case SSL2_ST_GET_CLIENT_MASTER_KEY_B:           str="2GCMKA"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_A:              str="2SSV_A"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_B:              str="2SSV_B"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_C:              str="2SSV_C"; break;
+case SSL2_ST_GET_CLIENT_FINISHED_A:             str="2GCF_A"; break;
+case SSL2_ST_GET_CLIENT_FINISHED_B:             str="2GCF_B"; break;
+case SSL2_ST_SEND_SERVER_FINISHED_A:            str="2SSF_A"; break;
+case SSL2_ST_SEND_SERVER_FINISHED_B:            str="2SSF_B"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:        str="2SRC_A"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:        str="2SRC_B"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:        str="2SRC_C"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:        str="2SRC_D"; break;
+case SSL2_ST_X509_GET_SERVER_CERTIFICATE:       str="2X9GSC"; break;
+case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:       str="2X9GCC"; break;
+#endif
+#ifndef NO_SSL3
+/* SSLv3 additions */
+case SSL3_ST_SW_FLUSH:
+case SSL3_ST_CW_FLUSH:                          str="3FLUSH"; break;
+case SSL3_ST_CW_CLNT_HELLO_A:                   str="3WCH_A"; break;
+case SSL3_ST_CW_CLNT_HELLO_B:                   str="3WCH_B"; break;
+case SSL3_ST_CR_SRVR_HELLO_A:                   str="3RSH_A"; break;
+case SSL3_ST_CR_SRVR_HELLO_B:                   str="3RSH_B"; break;
+case SSL3_ST_CR_CERT_A:                         str="3RSC_A"; break;
+case SSL3_ST_CR_CERT_B:                         str="3RSC_B"; break;
+case SSL3_ST_CR_KEY_EXCH_A:                     str="3RSKEA"; break;
+case SSL3_ST_CR_KEY_EXCH_B:                     str="3RSKEB"; break;
+case SSL3_ST_CR_CERT_REQ_A:                     str="3RCR_A"; break;
+case SSL3_ST_CR_CERT_REQ_B:                     str="3RCR_B"; break;
+case SSL3_ST_CR_SRVR_DONE_A:                    str="3RSD_A"; break;
+case SSL3_ST_CR_SRVR_DONE_B:                    str="3RSD_B"; break;
+case SSL3_ST_CW_CERT_A:                         str="3WCC_A"; break;
+case SSL3_ST_CW_CERT_B:                         str="3WCC_B"; break;
+case SSL3_ST_CW_KEY_EXCH_A:                     str="3WCKEA"; break;
+case SSL3_ST_CW_KEY_EXCH_B:                     str="3WCKEB"; break;
+case SSL3_ST_CW_CERT_VRFY_A:                    str="3WCV_A"; break;
+case SSL3_ST_CW_CERT_VRFY_B:                    str="3WCV_B"; break;
+case SSL3_ST_SW_CHANGE_A:
+case SSL3_ST_CW_CHANGE_A:                       str="3WCCSA"; break;
+case SSL3_ST_SW_CHANGE_B:
+case SSL3_ST_CW_CHANGE_B:                       str="3WCCSB"; break;
+case SSL3_ST_SW_FINISHED_A:
+case SSL3_ST_CW_FINISHED_A:                     str="3WFINA"; break;
+case SSL3_ST_SW_FINISHED_B:
+case SSL3_ST_CW_FINISHED_B:                     str="3WFINB"; break;
+case SSL3_ST_SR_CHANGE_A:
+case SSL3_ST_CR_CHANGE_A:                       str="3RCCSA"; break;
+case SSL3_ST_SR_CHANGE_B:
+case SSL3_ST_CR_CHANGE_B:                       str="3RCCSB"; break;
+case SSL3_ST_SR_FINISHED_A:
+case SSL3_ST_CR_FINISHED_A:                     str="3RFINA"; break;
+case SSL3_ST_SR_FINISHED_B:
+case SSL3_ST_CR_FINISHED_B:                     str="3RFINB"; break;
+case SSL3_ST_SW_HELLO_REQ_A:                    str="3WHR_A"; break;
+case SSL3_ST_SW_HELLO_REQ_B:                    str="3WHR_B"; break;
+case SSL3_ST_SW_HELLO_REQ_C:                    str="3WHR_C"; break;
+case SSL3_ST_SR_CLNT_HELLO_A:                   str="3RCH_A"; break;
+case SSL3_ST_SR_CLNT_HELLO_B:                   str="3RCH_B"; break;
+case SSL3_ST_SR_CLNT_HELLO_C:                   str="3RCH_C"; break;
+case SSL3_ST_SW_SRVR_HELLO_A:                   str="3WSH_A"; break;
+case SSL3_ST_SW_SRVR_HELLO_B:                   str="3WSH_B"; break;
+case SSL3_ST_SW_CERT_A:                         str="3WSC_A"; break;
+case SSL3_ST_SW_CERT_B:                         str="3WSC_B"; break;
+case SSL3_ST_SW_KEY_EXCH_A:                     str="3WSKEA"; break;
+case SSL3_ST_SW_KEY_EXCH_B:                     str="3WSKEB"; break;
+case SSL3_ST_SW_CERT_REQ_A:                     str="3WCR_A"; break;
+case SSL3_ST_SW_CERT_REQ_B:                     str="3WCR_B"; break;
+case SSL3_ST_SW_SRVR_DONE_A:                    str="3WSD_A"; break;
+case SSL3_ST_SW_SRVR_DONE_B:                    str="3WSD_B"; break;
+case SSL3_ST_SR_CERT_A:                         str="3RCC_A"; break;
+case SSL3_ST_SR_CERT_B:                         str="3RCC_B"; break;
+case SSL3_ST_SR_KEY_EXCH_A:                     str="3RCKEA"; break;
+case SSL3_ST_SR_KEY_EXCH_B:                     str="3RCKEB"; break;
+case SSL3_ST_SR_CERT_VRFY_A:                    str="3RCV_A"; break;
+case SSL3_ST_SR_CERT_VRFY_B:                    str="3RCV_B"; break;
+#endif
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+/* SSLv2/v3 compatablitity states */
+/* client */
+case SSL23_ST_CW_CLNT_HELLO_A:                  str="23WCHA"; break;
+case SSL23_ST_CW_CLNT_HELLO_B:                  str="23WCHB"; break;
+case SSL23_ST_CR_SRVR_HELLO_A:                  str="23RSHA"; break;
+case SSL23_ST_CR_SRVR_HELLO_B:                  str="23RSHA"; break;
+/* server */
+case SSL23_ST_SR_CLNT_HELLO_A:                  str="23RCHA"; break;
+case SSL23_ST_SR_CLNT_HELLO_B:                  str="23RCHB"; break;
+#endif
+default:                                        str="UNKWN "; break;
+                }
+        return(str);
+        }
+char *SSL_alert_type_string_long(value)
+int value;
+        {
+        value>>=8;
+        if (value == SSL3_AL_WARNING)
+                return("warning");
+        else if (value == SSL3_AL_FATAL)
+                return("fatal");
+        else
+                return("unknown");
+        }
+char *SSL_alert_type_string(value)
+int value;
+        {
+        value>>=8;
+        if (value == SSL3_AL_WARNING)
+                return("W");
+        else if (value == SSL3_AL_FATAL)
+                return("F");
+        else
+                return("U");
+        }
+char *SSL_alert_desc_string(value)
+int value;
+        {
+        char *str;
+        switch (value & 0xff)
+                {
+        case SSL3_AD_CLOSE_NOTIFY:              str="CN"; break;
+        case SSL3_AD_UNEXPECTED_MESSAGE:        str="UM"; break;
+        case SSL3_AD_BAD_RECORD_MAC:            str="BM"; break;
+        case SSL3_AD_DECOMPRESSION_FAILURE:     str="DF"; break;
+        case SSL3_AD_HANDSHAKE_FAILURE:         str="HF"; break;
+        case SSL3_AD_NO_CERTIFICATE:            str="NC"; break;
+        case SSL3_AD_BAD_CERTIFICATE:           str="BC"; break;
+        case SSL3_AD_UNSUPPORTED_CERTIFICATE:   str="UC"; break;
+        case SSL3_AD_CERTIFICATE_REVOKED:       str="CR"; break;
+        case SSL3_AD_CERTIFICATE_EXPIRED:       str="CE"; break;
+        case SSL3_AD_CERTIFICATE_UNKNOWN:       str="CU"; break;
+        case SSL3_AD_ILLEGAL_PARAMETER:         str="IP"; break;
+        default:                                str="UK"; break;
+                }
+        return(str);
+        }
+char *SSL_alert_desc_string_long(value)
+int value;
+        {
+        char *str;
+        switch (value & 0xff)
+                {
+        case SSL3_AD_CLOSE_NOTIFY:
+                str="close notify";
+                break;
+        case SSL3_AD_UNEXPECTED_MESSAGE:
+                str="unexected_message";
+                break;
+        case SSL3_AD_BAD_RECORD_MAC:
+                str="bad record mac";
+                break;
+        case SSL3_AD_DECOMPRESSION_FAILURE:
+                str="decompression failure";
+                break;
+        case SSL3_AD_HANDSHAKE_FAILURE:
+                str="handshake failure";
+                break;
+        case SSL3_AD_NO_CERTIFICATE:
+                str="no certificate";
+                break;
+        case SSL3_AD_BAD_CERTIFICATE:
+                str="bad certificate";
+                break;
+        case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+                str="unsupported certificate";
+                break;
+        case SSL3_AD_CERTIFICATE_REVOKED:
+                str="certificate revoked";
+                break;
+        case SSL3_AD_CERTIFICATE_EXPIRED:
+                str="certificate expired";
+                break;
+        case SSL3_AD_CERTIFICATE_UNKNOWN:
+                str="certifcate unknown";
+                break;
+        case SSL3_AD_ILLEGAL_PARAMETER:
+                str="illegal parameter";
+                break;
+        default: str="unknown"; break;
+                }
+        return(str);
+        }
+char *SSL_rstate_string(s)
+SSL *s;
+        {
+        char *str;
+        switch (s->rstate)
+                {
+        case SSL_ST_READ_HEADER:str="RH"; break;
+        case SSL_ST_READ_BODY:  str="RB"; break;
+        case SSL_ST_READ_DONE:  str="RD"; break;
+        default: str="unknown"; break;
+                }
+        return(str);
+        }
diff --git a/src/lib/libssl/src/ssl/ssl_task.c b/src/lib/libssl/src/ssl/ssl_task.c
new file mode 100644
index 0000000000..ab72166665
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl_task.c
@@ -0,0 +1,359 @@
+/* ssl/ssl_task.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* VMS */
+/*
+ * DECnet object for servicing SSL.  We accept the inbound and speak a
+ * simple protocol for multiplexing the 2 data streams (application and
+ * ssl data) over this logical link.
+ *
+ * Logical names:
+ *    SSL_CIPHER        Defines a list of cipher specifications the server
+ *                      will support in order of preference.
+ *    SSL_SERVER_CERTIFICATE
+ *                      Points to PEM (privacy enhanced mail) file that
+ *                      contains the server certificate and private password.
+ *    SYS$NET           Logical created by netserver.exe as hook for completing
+ *                      DECnet logical link.
+ *
+ * Each NSP message sent over the DECnet link has the following structure:
+ *    struct rpc_msg { 
+ *      char channel;
+ *      char function;
+ *      short length;
+ *      char data[MAX_DATA];
+ *    } msg;
+ *
+ * The channel field designates the virtual data stream this message applies
+ * to and is one of:
+ *   A - Application data (payload).
+ *   R - Remote client connection that initiated the SSL connection.  Encrypted
+ *       data is sent over this connection.
+ *   G - General data, reserved for future use.
+ *
+ * The data streams are half-duplex read/write and have following functions:
+ *   G - Get, requests that up to msg.length bytes of data be returned.  The
+ *       data is returned in the next 'C' function response that matches the
+ *       requesting channel.
+ *   P - Put, requests that the first msg.length bytes of msg.data be appended
+ *       to the designated stream.
+ *   C - Confirms a get or put.  Every get and put will get a confirm response,
+ *       you cannot initiate another function on a channel until the previous
+ *       operation has been confirmed.
+ *
+ *  The 2 channels may interleave their operations, for example:
+ *        Server msg           Client msg
+ *         A, Get, 4092          ---->
+ *                               <----  R, get, 4092
+ *         R, Confirm, {hello}   ---->
+ *                               <----  R, put, {srv hello}
+ *         R, Confirm, 0         ---->
+ *                               .              (SSL handshake completed)
+ *                               .              (read first app data).
+ *                               <----  A, confirm, {http data}
+ *         A, Put, {http data}   ---->
+ *                               <----  A, confirm, 0
+ *
+ *  The length field is not permitted to be larger that 4092 bytes.
+ *
+ * Author: Dave Jones
+ * Date:   22-JUL-1996
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <iodef.h>              /* VMS IO$_ definitions */
+#include <descrip.h>            /* VMS string descriptors */
+extern int SYS$QIOW(), SYS$ASSIGN();
+int LIB$INIT_TIMER(), LIB$SHOW_TIMER();
+#include <string.h>             /* from ssltest.c */
+#include <errno.h>
+#include "buffer.h"
+#include "../e_os.h"
+#include "x509.h"
+#include "ssl.h"
+#include "err.h"
+int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
+        int error);
+BIO *bio_err=NULL;
+BIO *bio_stdout=NULL;
+BIO_METHOD *BIO_s_rtcp();
+static char *cipher=NULL;
+int verbose=1;
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+#define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE"
+/*************************************************************************/
+struct rpc_msg {                /* Should have member alignment inhibited */
+   char channel;                /* 'A'-app data. 'R'-remote client 'G'-global */
+   char function;               /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+   unsigned short int length;   /* Amount of data returned or max to return */
+   char data[4092];             /* variable data */
+};
+#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
+static $DESCRIPTOR(sysnet, "SYS$NET");
+typedef unsigned short io_channel;
+struct io_status {
+    unsigned short status;
+    unsigned short count;
+    unsigned long stsval;
+};
+int doit(io_channel chan, SSL_CTX *s_ctx );
+/*****************************************************************************/
+/* Decnet I/O routines.
+ */
+static int get ( io_channel chan, char *buffer, int maxlen, int *length )
+{
+    int status;
+    struct io_status iosb;
+    status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
+        buffer, maxlen, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    if ( (status&1) == 1 ) *length = iosb.count;
+    return status;
+}
+static int put ( io_channel chan, char *buffer, int length )
+{
+    int status;
+    struct io_status iosb;
+    status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
+        buffer, length, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    return status;
+}
+/***************************************************************************/
+/* Handle operations on the 'G' channel.
+ */
+static int general_request ( io_channel chan, struct rpc_msg *msg, int length )
+{
+    return 48;
+}
+/***************************************************************************/
+int main ( int argc, char **argv )
+{
+    int status, length;
+    io_channel chan;
+    struct rpc_msg msg;
+        char *CApath=NULL,*CAfile=NULL;
+        int badop=0;
+        int ret=1;
+        int client_auth=0;
+        int server_auth=0;
+        SSL_CTX *s_ctx=NULL;
+    /*
+     * Confirm logical link with initiating client.
+     */
+    LIB$INIT_TIMER();
+    status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 );
+    printf("status of assign to SYS$NET: %d\n", status );
+    /*
+     * Initialize standard out and error files.
+     */
+        if (bio_err == NULL)
+                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+        if (bio_stdout == NULL)
+                if ((bio_stdout=BIO_new(BIO_s_file())) != NULL)
+                        BIO_set_fp(bio_stdout,stdout,BIO_NOCLOSE);
+    /*
+     * get the preferred cipher list and other initialization
+     */
+        if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+        printf("cipher list: %s\n", cipher ? cipher : "{undefined}" );
+        SSL_load_error_strings();
+        s_ctx=SSL_CTX_new(SSLv2());
+        if (s_ctx == NULL) goto end;
+        SSL_CTX_use_certificate_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);
+        SSL_CTX_use_RSAPrivateKey_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);
+        printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT );
+    /*
+     * Take commands from client until bad status.
+     */
+    LIB$SHOW_TIMER();
+    status = doit ( chan, s_ctx );
+    LIB$SHOW_TIMER();
+    /*
+     * do final cleanup and exit.
+     */
+end:
+        if (s_ctx != NULL) SSL_CTX_free(s_ctx);
+    LIB$SHOW_TIMER();
+    return 1;
+}
+int doit(io_channel chan, SSL_CTX *s_ctx )
+{
+    int status, length, link_state;
+     struct rpc_msg msg;
+        static char cbuf[200],sbuf[200];
+        SSL *s_ssl=NULL;
+        BIO *c_to_s=NULL;
+        BIO *s_to_c=NULL;
+        BIO *c_bio=NULL;
+        BIO *s_bio=NULL;
+        int i;
+        int done=0;
+        s_ssl=SSL_new(s_ctx);
+        if (s_ssl == NULL) goto err;
+        c_to_s=BIO_new(BIO_s_rtcp());
+        s_to_c=BIO_new(BIO_s_rtcp());
+        if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
+        BIO_set_fd ( c_to_s, "", chan );
+        BIO_set_fd ( s_to_c, "", chan );
+        c_bio=BIO_new(BIO_f_ssl());
+        s_bio=BIO_new(BIO_f_ssl());
+        if ((c_bio == NULL) || (s_bio == NULL)) goto err;
+        SSL_set_accept_state(s_ssl);
+        SSL_set_bio(s_ssl,c_to_s,s_to_c);
+        BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE);
+        /* We can always do writes */
+        printf("Begin doit main loop\n");
+        /*
+         * Link states: 0-idle, 1-read pending, 2-write pending, 3-closed.
+         */
+        for (link_state = 0; link_state < 3; ) {
+            /*
+             * Wait for remote end to request data action on A channel.
+             */
+            while ( link_state == 0 ) {
+                status = get ( chan, (char *) &msg, sizeof(msg), &length );
+                if ( (status&1) == 0 ) {
+                    printf("Error in main loop get: %d\n", status );
+                    link_state = 3;
+                    break;
+                }
+                if ( length < RPC_HDR_SIZE ) {
+                    printf("Error in main loop get size: %d\n", length );
+                    break;
+                    link_state = 3;
+                }
+                if ( msg.channel != 'A' ) {
+                    printf("Error in main loop, unexpected channel: %c\n", 
+                        msg.channel );
+                    break;
+                    link_state = 3;
+                }
+                if ( msg.function == 'G' ) {
+                    link_state = 1;
+                } else if ( msg.function == 'P' ) {
+                    link_state = 2;     /* write pending */
+                } else if ( msg.function == 'X' ) {
+                    link_state = 3;
+                } else {
+                    link_state = 3;
+                }
+            }
+            if ( link_state == 1 ) {
+                i = BIO_read ( s_bio, msg.data, msg.length );
+                if ( i < 0 ) link_state = 3;
+                else {
+                    msg.channel = 'A';
+                    msg.function = 'C';         /* confirm */
+                    msg.length = i;
+                    status = put ( chan, (char *) &msg, i+RPC_HDR_SIZE );
+                    if ( (status&1) == 0 ) break;
+                    link_state = 0;
+                }
+            } else if ( link_state == 2 ) {
+                i = BIO_write ( s_bio, msg.data, msg.length );
+                if ( i < 0 ) link_state = 3;
+                else {
+                    msg.channel = 'A';
+                    msg.function = 'C';         /* confirm */
+                    msg.length = 0;
+                    status = put ( chan, (char *) &msg, RPC_HDR_SIZE );
+                    if ( (status&1) == 0 ) break;
+                    link_state = 0;
+                }
+            }
+        }
+        fprintf(stdout,"DONE\n");
+err:
+        /* We have to set the BIO's to NULL otherwise they will be
+         * free()ed twice.  Once when th s_ssl is SSL_free()ed and
+         * again when c_ssl is SSL_free()ed.
+         * This is a hack required because s_ssl and c_ssl are sharing the same
+         * BIO structure and SSL_set_bio() and SSL_free() automatically
+         * BIO_free non NULL entries.
+         * You should not normally do this or be required to do this */
+        s_ssl->rbio=NULL;
+        s_ssl->wbio=NULL;
+        if (c_to_s != NULL) BIO_free(c_to_s);
+        if (s_to_c != NULL) BIO_free(s_to_c);
+        if (c_bio != NULL) BIO_free(c_bio);
+        if (s_bio != NULL) BIO_free(s_bio);
+        return(0);
+}
diff --git a/src/lib/libssl/src/ssl/ssl_txt.c b/src/lib/libssl/src/ssl/ssl_txt.c
new file mode 100644
index 0000000000..ce60e1a6dd
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssl_txt.c
@@ -0,0 +1,152 @@
+/* ssl/ssl_txt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "buffer.h"
+#include "ssl_locl.h"
+#ifndef NO_FP_API
+int SSL_SESSION_print_fp(fp, x)
+FILE *fp;
+SSL_SESSION *x;
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file_internal())) == NULL)
+                {
+                SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=SSL_SESSION_print(b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int SSL_SESSION_print(bp,x)
+BIO *bp;
+SSL_SESSION *x;
+        {
+        int i;
+        char str[128],*s;
+        if (x == NULL) goto err;
+        if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
+        if (x->ssl_version == SSL2_VERSION)
+                s="SSLv2";
+        else if (x->ssl_version == SSL3_VERSION)
+                s="SSLv3";
+        else if (x->ssl_version == TLS1_VERSION)
+                s="TLSv1";
+        else
+                s="unknown";
+        sprintf(str,"    Protocol  : %s\n",s);
+        if (BIO_puts(bp,str) <= 0) goto err;
+        if (x->cipher == NULL)
+                {
+                if (((x->cipher_id) & 0xff000000) == 0x02000000)
+                        sprintf(str,"    Cipher    : %06lX\n",x->cipher_id&0xffffff);
+                else
+                        sprintf(str,"    Cipher    : %04lX\n",x->cipher_id&0xffff);
+                }
+        else
+                sprintf(str,"    Cipher    : %s\n",(x->cipher == NULL)?"unknown":x->cipher->name);
+        if (BIO_puts(bp,str) <= 0) goto err;
+        if (BIO_puts(bp,"    Session-ID: ") <= 0) goto err;
+        for (i=0; i<(int)x->session_id_length; i++)
+                {
+                sprintf(str,"%02X",x->session_id[i]);
+                if (BIO_puts(bp,str) <= 0) goto err;
+                }
+        if (BIO_puts(bp,"\n    Master-Key: ") <= 0) goto err;
+        for (i=0; i<(int)x->master_key_length; i++)
+                {
+                sprintf(str,"%02X",x->master_key[i]);
+                if (BIO_puts(bp,str) <= 0) goto err;
+                }
+        if (BIO_puts(bp,"\n    Key-Arg   : ") <= 0) goto err;
+        if (x->key_arg_length == 0)
+                {
+                if (BIO_puts(bp,"None") <= 0) goto err;
+                }
+        else
+                for (i=0; i<(int)x->key_arg_length; i++)
+                        {
+                        sprintf(str,"%02X",x->key_arg[i]);
+                        if (BIO_puts(bp,str) <= 0) goto err;
+                        }
+        if (x->time != 0L)
+                {
+                sprintf(str,"\n    Start Time: %ld",x->time);
+                if (BIO_puts(bp,str) <= 0) goto err;
+                }
+        if (x->timeout != 0L)
+                {
+                sprintf(str,"\n    Timeout   : %ld (sec)",x->timeout);
+                if (BIO_puts(bp,str) <= 0) goto err;
+                }
+        if (BIO_puts(bp,"\n") <= 0) goto err;
+                
+        return(1);
+err:
+        return(0);
+        }
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
new file mode 100644
index 0000000000..f9dca4e3ef
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -0,0 +1,751 @@
+/* ssl/ssltest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include "e_os.h"
+#include "bio.h"
+#include "crypto.h"
+#include "x509.h"
+#include "ssl.h"
+#include "err.h"
+#ifdef WINDOWS
+#include "../crypto/bio/bss_file.c"
+#endif
+#define TEST_SERVER_CERT "../apps/server.pem"
+#define TEST_CLIENT_CERT "../apps/client.pem"
+#ifndef NOPROTO
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
+#ifndef NO_DSA
+static DH *get_dh512(void);
+#endif
+#else
+int MS_CALLBACK verify_callback();
+static RSA MS_CALLBACK *tmp_rsa_cb();
+#ifndef NO_DSA
+static DH *get_dh512();
+#endif
+#endif
+BIO *bio_err=NULL;
+BIO *bio_stdout=NULL;
+static char *cipher=NULL;
+int verbose=0;
+int debug=0;
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+#ifndef  NOPROTO
+int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
+#else
+int doit();
+#endif
+static void sv_usage()
+        {
+        fprintf(stderr,"usage: ssltest [args ...]\n");
+        fprintf(stderr,"\n");
+        fprintf(stderr," -server_auth  - check server certificate\n");
+        fprintf(stderr," -client_auth  - do client authentication\n");
+        fprintf(stderr," -v            - more output\n");
+        fprintf(stderr," -d            - debug output\n");
+        fprintf(stderr," -reuse        - use session-id reuse\n");
+        fprintf(stderr," -num <val>    - number of connections to perform\n");
+        fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");
+#ifndef NO_SSL2
+        fprintf(stderr," -ssl2         - use SSLv2\n");
+#endif
+#ifndef NO_SSL3
+        fprintf(stderr," -ssl3         - use SSLv3\n");
+#endif
+#ifndef NO_TLS1
+        fprintf(stderr," -tls1         - use TLSv1\n");
+#endif
+        fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
+        fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
+        fprintf(stderr," -cert arg     - Certificate file\n");
+        fprintf(stderr," -s_cert arg   - Just the server certificate file\n");
+        fprintf(stderr," -c_cert arg   - Just the client certificate file\n");
+        fprintf(stderr," -cipher arg   - The cipher list\n");
+        }
+int main(argc, argv)
+int argc;
+char *argv[];
+        {
+        char *CApath=NULL,*CAfile=NULL;
+        int badop=0;
+        int tls1=0,ssl2=0,ssl3=0,ret=1;
+        int client_auth=0;
+        int server_auth=0,i;
+        char *server_cert=TEST_SERVER_CERT;
+        char *client_cert=TEST_CLIENT_CERT;
+        SSL_CTX *s_ctx=NULL;
+        SSL_CTX *c_ctx=NULL;
+        SSL_METHOD *meth=NULL;
+        SSL *c_ssl,*s_ssl;
+        int number=1,reuse=0;
+        long bytes=1L;
+        SSL_CIPHER *ciph;
+#ifndef NO_DH
+        DH *dh;
+#endif
+        bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-server_auth") == 0)
+                        server_auth=1;
+                else if (strcmp(*argv,"-client_auth") == 0)
+                        client_auth=1;
+                else if (strcmp(*argv,"-v") == 0)
+                        verbose=1;
+                else if (strcmp(*argv,"-d") == 0)
+                        debug=1;
+                else if (strcmp(*argv,"-reuse") == 0)
+                        reuse=1;
+                else if (strcmp(*argv,"-ssl2") == 0)
+                        ssl2=1;
+                else if (strcmp(*argv,"-tls1") == 0)
+                        tls1=1;
+                else if (strcmp(*argv,"-ssl3") == 0)
+                        ssl3=1;
+                else if (strncmp(*argv,"-num",4) == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        number= atoi(*(++argv));
+                        if (number == 0) number=1;
+                        }
+                else if (strcmp(*argv,"-bytes") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        bytes= atol(*(++argv));
+                        if (bytes == 0L) bytes=1L;
+                        i=strlen(argv[0]);
+                        if (argv[0][i-1] == 'k') bytes*=1024L;
+                        if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
+                        }
+                else if (strcmp(*argv,"-cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        server_cert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-s_cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        server_cert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-c_cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        client_cert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-cipher") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        cipher= *(++argv);
+                        }
+                else if (strcmp(*argv,"-CApath") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CApath= *(++argv);
+                        }
+                else if (strcmp(*argv,"-CAfile") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CAfile= *(++argv);
+                        }
+                else
+                        {
+                        fprintf(stderr,"unknown option %s\n",*argv);
+                        badop=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badop)
+                {
+bad:
+                sv_usage();
+                goto end;
+                }
+/*      if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
+        SSLeay_add_ssl_algorithms();
+        SSL_load_error_strings();
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+        if (ssl2)
+                meth=SSLv2_method();
+        else 
+        if (tls1)
+                meth=TLSv1_method();
+        else
+        if (ssl3)
+                meth=SSLv3_method();
+        else
+                meth=SSLv23_method();
+#else
+#ifdef NO_SSL2
+        meth=SSLv3_method();
+#else
+        meth=SSLv2_method();
+#endif
+#endif
+        c_ctx=SSL_CTX_new(meth);
+        s_ctx=SSL_CTX_new(meth);
+        if ((c_ctx == NULL) || (s_ctx == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (cipher != NULL)
+                {
+                SSL_CTX_set_cipher_list(c_ctx,cipher);
+                SSL_CTX_set_cipher_list(s_ctx,cipher);
+                }
+#ifndef NO_DH
+        dh=get_dh512();
+        SSL_CTX_set_tmp_dh(s_ctx,dh);
+        DH_free(dh);
+#endif
+#ifndef NO_RSA
+        SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
+#endif
+        if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
+                {
+                ERR_print_errors(bio_err);
+                }
+        else if (!SSL_CTX_use_PrivateKey_file(s_ctx,server_cert,
+                SSL_FILETYPE_PEM))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (client_auth)
+                {
+                SSL_CTX_use_certificate_file(c_ctx,client_cert,
+                        SSL_FILETYPE_PEM);
+                SSL_CTX_use_PrivateKey_file(c_ctx,client_cert,
+                        SSL_FILETYPE_PEM);
+                }
+        if (    (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+                (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(c_ctx)))
+                {
+                /* fprintf(stderr,"SSL_load_verify_locations\n"); */
+                ERR_print_errors(bio_err);
+                /* goto end; */
+                }
+        if (client_auth)
+                {
+                fprintf(stderr,"client authentication\n");
+                SSL_CTX_set_verify(s_ctx,
+                        SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+                        verify_callback);
+                }
+        if (server_auth)
+                {
+                fprintf(stderr,"server authentication\n");
+                SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
+                        verify_callback);
+                }
+        c_ssl=SSL_new(c_ctx);
+        s_ssl=SSL_new(s_ctx);
+        for (i=0; i<number; i++)
+                {
+                if (!reuse) SSL_set_session(c_ssl,NULL);
+                ret=doit(s_ssl,c_ssl,bytes);
+                }
+        if (!verbose)
+                {
+                ciph=SSL_get_current_cipher(c_ssl);
+                fprintf(stdout,"Protocol %s, cipher %s, %s\n",
+                        SSL_get_version(c_ssl),
+                        SSL_CIPHER_get_version(ciph),
+                        SSL_CIPHER_get_name(ciph));
+                }
+        if ((number > 1) || (bytes > 1L))
+                printf("%d handshakes of %ld bytes done\n",number,bytes);
+        SSL_free(s_ssl);
+        SSL_free(c_ssl);
+end:
+        if (s_ctx != NULL) SSL_CTX_free(s_ctx);
+        if (c_ctx != NULL) SSL_CTX_free(c_ctx);
+        if (bio_stdout != NULL) BIO_free(bio_stdout);
+        ERR_remove_state(0);
+        EVP_cleanup();
+        CRYPTO_mem_leaks(bio_err);
+        EXIT(ret);
+        }
+#define W_READ  1
+#define W_WRITE 2
+#define C_DONE  1
+#define S_DONE  2
+int doit(s_ssl,c_ssl,count)
+SSL *s_ssl,*c_ssl;
+long count;
+        {
+        MS_STATIC char cbuf[1024*8],sbuf[1024*8];
+        long cw_num=count,cr_num=count;
+        long sw_num=count,sr_num=count;
+        int ret=1;
+        BIO *c_to_s=NULL;
+        BIO *s_to_c=NULL;
+        BIO *c_bio=NULL;
+        BIO *s_bio=NULL;
+        int c_r,c_w,s_r,s_w;
+        int c_want,s_want;
+        int i,j;
+        int done=0;
+        int c_write,s_write;
+        int do_server=0,do_client=0;
+        SSL_CIPHER *ciph;
+        c_to_s=BIO_new(BIO_s_mem());
+        s_to_c=BIO_new(BIO_s_mem());
+        if ((s_to_c == NULL) || (c_to_s == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto err;
+                }
+        c_bio=BIO_new(BIO_f_ssl());
+        s_bio=BIO_new(BIO_f_ssl());
+        if ((c_bio == NULL) || (s_bio == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto err;
+                }
+        SSL_set_connect_state(c_ssl);
+        SSL_set_bio(c_ssl,s_to_c,c_to_s);
+        BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
+        SSL_set_accept_state(s_ssl);
+        SSL_set_bio(s_ssl,c_to_s,s_to_c);
+        BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
+        c_r=0; s_r=1;
+        c_w=1; s_w=0;
+        c_want=W_WRITE;
+        s_want=0;
+        c_write=1,s_write=0;
+        /* We can always do writes */
+        for (;;)
+                {
+                do_server=0;
+                do_client=0;
+                i=(int)BIO_pending(s_bio);
+                if ((i && s_r) || s_w) do_server=1;
+                i=(int)BIO_pending(c_bio);
+                if ((i && c_r) || c_w) do_client=1;
+                if (do_server && debug)
+                        {
+                        if (SSL_in_init(s_ssl))
+                                printf("server waiting in SSL_accept - %s\n",
+                                        SSL_state_string_long(s_ssl));
+/*                      else if (s_write)
+                                printf("server:SSL_write()\n");
+                        else
+                                printf("server:SSL_read()\n"); */
+                        }
+                if (do_client && debug)
+                        {
+                        if (SSL_in_init(c_ssl))
+                                printf("client waiting in SSL_connect - %s\n",
+                                        SSL_state_string_long(c_ssl));
+/*                      else if (c_write)
+                                printf("client:SSL_write()\n");
+                        else
+                                printf("client:SSL_read()\n"); */
+                        }
+                if (!do_client && !do_server)
+                        {
+                        fprintf(stdout,"ERROR IN STARTUP\n");
+                        ERR_print_errors(bio_err);
+                        break;
+                        }
+                if (do_client && !(done & C_DONE))
+                        {
+                        if (c_write)
+                                {
+                                j=(cw_num > (long)sizeof(cbuf))
+                                        ?sizeof(cbuf):(int)cw_num;
+                                i=BIO_write(c_bio,cbuf,j);
+                                if (i < 0)
+                                        {
+                                        c_r=0;
+                                        c_w=0;
+                                        if (BIO_should_retry(c_bio))
+                                                {
+                                                if (BIO_should_read(c_bio))
+                                                        c_r=1;
+                                                if (BIO_should_write(c_bio))
+                                                        c_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in CLIENT\n");
+                                                ERR_print_errors(bio_err);
+                                                goto err;
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+                                        goto err;
+                                        }
+                                else
+                                        {
+                                        if (debug)
+                                                printf("client wrote %d\n",i);
+                                        /* ok */
+                                        s_r=1;
+                                        c_write=0;
+                                        cw_num-=i;
+                                        }
+                                }
+                        else
+                                {
+                                i=BIO_read(c_bio,cbuf,sizeof(cbuf));
+                                if (i < 0)
+                                        {
+                                        c_r=0;
+                                        c_w=0;
+                                        if (BIO_should_retry(c_bio))
+                                                {
+                                                if (BIO_should_read(c_bio))
+                                                        c_r=1;
+                                                if (BIO_should_write(c_bio))
+                                                        c_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in CLIENT\n");
+                                                ERR_print_errors(bio_err);
+                                                goto err;
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+                                        goto err;
+                                        }
+                                else
+                                        {
+                                        if (debug)
+                                                printf("client read %d\n",i);
+                                        cr_num-=i;
+                                        if (sw_num > 0)
+                                                {
+                                                s_write=1;
+                                                s_w=1;
+                                                }
+                                        if (cr_num <= 0)
+                                                {
+                                                s_write=1;
+                                                s_w=1;
+                                                done=S_DONE|C_DONE;
+                                                }
+                                        }
+                                }
+                        }
+                if (do_server && !(done & S_DONE))
+                        {
+                        if (!s_write)
+                                {
+                                i=BIO_read(s_bio,sbuf,sizeof(cbuf));
+                                if (i < 0)
+                                        {
+                                        s_r=0;
+                                        s_w=0;
+                                        if (BIO_should_retry(s_bio))
+                                                {
+                                                if (BIO_should_read(s_bio))
+                                                        s_r=1;
+                                                if (BIO_should_write(s_bio))
+                                                        s_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in SERVER\n");
+                                                ERR_print_errors(bio_err);
+                                                goto err;
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        ERR_print_errors(bio_err);
+                                        fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
+                                        goto err;
+                                        }
+                                else
+                                        {
+                                        if (debug)
+                                                printf("server read %d\n",i);
+                                        sr_num-=i;
+                                        if (cw_num > 0)
+                                                {
+                                                c_write=1;
+                                                c_w=1;
+                                                }
+                                        if (sr_num <= 0)
+                                                {
+                                                s_write=1;
+                                                s_w=1;
+                                                c_write=0;
+                                                }
+                                        }
+                                }
+                        else
+                                {
+                                j=(sw_num > (long)sizeof(sbuf))?
+                                        sizeof(sbuf):(int)sw_num;
+                                i=BIO_write(s_bio,sbuf,j);
+                                if (i < 0)
+                                        {
+                                        s_r=0;
+                                        s_w=0;
+                                        if (BIO_should_retry(s_bio))
+                                                {
+                                                if (BIO_should_read(s_bio))
+                                                        s_r=1;
+                                                if (BIO_should_write(s_bio))
+                                                        s_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in SERVER\n");
+                                                ERR_print_errors(bio_err);
+                                                goto err;
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        ERR_print_errors(bio_err);
+                                        fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
+                                        goto err;
+                                        }
+                                else
+                                        {
+                                        if (debug)
+                                                printf("server wrote %d\n",i);
+                                        sw_num-=i;
+                                        s_write=0;
+                                        c_r=1;
+                                        if (sw_num <= 0)
+                                                done|=S_DONE;
+                                        }
+                                }
+                        }
+                if ((done & S_DONE) && (done & C_DONE)) break;
+                }
+        ciph=SSL_get_current_cipher(c_ssl);
+        if (verbose)
+                fprintf(stdout,"DONE, protocol %s, cipher %s, %s\n",
+                        SSL_get_version(c_ssl),
+                        SSL_CIPHER_get_version(ciph),
+                        SSL_CIPHER_get_name(ciph));
+        ret=0;
+err:
+        /* We have to set the BIO's to NULL otherwise they will be
+         * Free()ed twice.  Once when th s_ssl is SSL_free()ed and
+         * again when c_ssl is SSL_free()ed.
+         * This is a hack required because s_ssl and c_ssl are sharing the same
+         * BIO structure and SSL_set_bio() and SSL_free() automatically
+         * BIO_free non NULL entries.
+         * You should not normally do this or be required to do this */
+        if (s_ssl != NULL)
+                {
+                s_ssl->rbio=NULL;
+                s_ssl->wbio=NULL;
+                }
+        if (c_ssl != NULL)
+                {
+                c_ssl->rbio=NULL;
+                c_ssl->wbio=NULL;
+                }
+        if (c_to_s != NULL) BIO_free(c_to_s);
+        if (s_to_c != NULL) BIO_free(s_to_c);
+        if (c_bio != NULL) BIO_free_all(c_bio);
+        if (s_bio != NULL) BIO_free_all(s_bio);
+        return(ret);
+        }
+int MS_CALLBACK verify_callback(ok, ctx)
+int ok;
+X509_STORE_CTX *ctx;
+        {
+        char *s,buf[256];
+        s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256);
+        if (s != NULL)
+                {
+                if (ok)
+                        fprintf(stderr,"depth=%d %s\n",ctx->error_depth,buf);
+                else
+                        fprintf(stderr,"depth=%d error=%d %s\n",
+                                ctx->error_depth,ctx->error,buf);
+                }
+        if (ok == 0)
+                {
+                switch (ctx->error)
+                        {
+                case X509_V_ERR_CERT_NOT_YET_VALID:
+                case X509_V_ERR_CERT_HAS_EXPIRED:
+                case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+                        ok=1;
+                        }
+                }
+        return(ok);
+        }
+#ifndef NO_DH
+static unsigned char dh512_p[]={
+        0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+        0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+        0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+        0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+        0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+        0x47,0x74,0xE8,0x33,
+        };
+static unsigned char dh512_g[]={
+        0x02,
+        };
+static DH *get_dh512()
+        {
+        DH *dh=NULL;
+        if ((dh=DH_new()) == NULL) return(NULL);
+        dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+        dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+        if ((dh->p == NULL) || (dh->g == NULL))
+                return(NULL);
+        return(dh);
+        }
+#endif
+static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
+SSL *s;
+int export;
+        {
+        static RSA *rsa_tmp=NULL;
+        if (rsa_tmp == NULL)
+                {
+                BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
+                BIO_flush(bio_err);
+#ifndef NO_RSA
+                rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
+#endif
+                BIO_printf(bio_err,"\n");
+                BIO_flush(bio_err);
+                }
+        return(rsa_tmp);
+        }
diff --git a/src/lib/libssl/src/ssl/t1_clnt.c b/src/lib/libssl/src/ssl/t1_clnt.c
new file mode 100644
index 0000000000..986d2436e2
--- /dev/null
+++ b/src/lib/libssl/src/ssl/t1_clnt.c
@@ -0,0 +1,90 @@
+/* ssl/t1_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "buffer.h"
+#include "rand.h"
+#include "objects.h"
+#include "evp.h"
+#include "ssl_locl.h"
+static SSL_METHOD *tls1_get_client_method(ver)
+int ver;
+        {
+        if (ver == TLS1_VERSION)
+                return(TLSv1_client_method());
+        else
+                return(NULL);
+        }
+SSL_METHOD *TLSv1_client_method()
+        {
+        static int init=1;
+        static SSL_METHOD TLSv1_client_data;
+        if (init)
+                {
+                init=0;
+                memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+                        sizeof(SSL_METHOD));
+                TLSv1_client_data.ssl_connect=ssl3_connect;
+                TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+                }
+        return(&TLSv1_client_data);
+        }
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
new file mode 100644
index 0000000000..fbdd3bffb5
--- /dev/null
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -0,0 +1,635 @@
+/* ssl/t1_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "evp.h"
+#include "hmac.h"
+#include "ssl_locl.h"
+static void tls1_P_hash(md,sec,sec_len,seed,seed_len,out,olen)
+EVP_MD *md;
+unsigned char *sec;
+int sec_len;
+unsigned char *seed;
+int seed_len;
+unsigned char *out;
+int olen;
+        {
+        int chunk,n;
+        unsigned int j;
+        HMAC_CTX ctx;
+        HMAC_CTX ctx_tmp;
+        unsigned char A1[HMAC_MAX_MD_CBLOCK];
+        unsigned int A1_len;
+        
+        chunk=EVP_MD_size(md);
+        HMAC_Init(&ctx,sec,sec_len,md);
+        HMAC_Update(&ctx,seed,seed_len);
+        HMAC_Final(&ctx,A1,&A1_len);
+        n=0;
+        for (;;)
+                {
+                HMAC_Init(&ctx,NULL,0,NULL); /* re-init */
+                HMAC_Update(&ctx,A1,A1_len);
+                memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */
+                HMAC_Update(&ctx,seed,seed_len);
+                if (olen > chunk)
+                        {
+                        HMAC_Final(&ctx,out,&j);
+                        out+=j;
+                        olen-=j;
+                        HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
+                        }
+                else    /* last one */
+                        {
+                        HMAC_Final(&ctx,A1,&A1_len);
+                        memcpy(out,A1,olen);
+                        break;
+                        }
+                }
+        HMAC_cleanup(&ctx);
+        HMAC_cleanup(&ctx_tmp);
+        memset(A1,0,sizeof(A1));
+        }
+static void tls1_PRF(md5,sha1,label,label_len,sec,slen,out1,out2,olen)
+EVP_MD *md5;
+EVP_MD *sha1;
+unsigned char *label;
+int label_len;
+unsigned char *sec;
+int slen;
+unsigned char *out1;
+unsigned char *out2;
+int olen;
+        {
+        int len,i;
+        unsigned char *S1,*S2;
+        len=slen/2;
+        S1=sec;
+        S2= &(sec[len]);
+        len+=(slen&1); /* add for odd, make longer */
+        
+        tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
+        tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
+        for (i=0; i<olen; i++)
+                out1[i]^=out2[i];
+        }
+static void tls1_generate_key_block(s,km,tmp,num)
+SSL *s;
+unsigned char *km,*tmp;
+int num;
+        {
+        unsigned char *p;
+        unsigned char buf[SSL3_RANDOM_SIZE*2+
+                TLS_MD_MAX_CONST_SIZE];
+        p=buf;
+        memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
+                TLS_MD_KEY_EXPANSION_CONST_SIZE);
+        p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
+        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+        p+=SSL3_RANDOM_SIZE;
+        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+        p+=SSL3_RANDOM_SIZE;
+        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,
+                s->session->master_key,s->session->master_key_length,
+                km,tmp,num);
+        }
+int tls1_change_cipher_state(s,which)
+SSL *s;
+int which;
+        {
+        unsigned char *p,*key_block,*mac_secret;
+        unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
+                SSL3_RANDOM_SIZE*2];
+        unsigned char tmp1[EVP_MAX_KEY_LENGTH];
+        unsigned char tmp2[EVP_MAX_KEY_LENGTH];
+        unsigned char iv1[EVP_MAX_IV_LENGTH*2];
+        unsigned char iv2[EVP_MAX_IV_LENGTH*2];
+        unsigned char *ms,*key,*iv,*er1,*er2;
+        int client_write;
+        EVP_CIPHER_CTX *dd;
+        EVP_CIPHER *c;
+        SSL_COMPRESSION *comp;
+        EVP_MD *m;
+        int exp,n,i,j,k,exp_label_len;
+        exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
+        c=s->s3->tmp.new_sym_enc;
+        m=s->s3->tmp.new_hash;
+        comp=s->s3->tmp.new_compression;
+        key_block=s->s3->tmp.key_block;
+        if (which & SSL3_CC_READ)
+                {
+                if ((s->enc_read_ctx == NULL) &&
+                        ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
+                        Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                        goto err;
+                dd= s->enc_read_ctx;
+                s->read_hash=m;
+                s->read_compression=comp;
+                memset(&(s->s3->read_sequence[0]),0,8);
+                mac_secret= &(s->s3->read_mac_secret[0]);
+                }
+        else
+                {
+                if ((s->enc_write_ctx == NULL) &&
+                        ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
+                        Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                        goto err;
+                dd= s->enc_write_ctx;
+                s->write_hash=m;
+                s->write_compression=comp;
+                memset(&(s->s3->write_sequence[0]),0,8);
+                mac_secret= &(s->s3->write_mac_secret[0]);
+                }
+        EVP_CIPHER_CTX_init(dd);
+        p=s->s3->tmp.key_block;
+        i=EVP_MD_size(m);
+        j=(exp)?5:EVP_CIPHER_key_length(c);
+        k=EVP_CIPHER_iv_length(c);
+        er1= &(s->s3->client_random[0]);
+        er2= &(s->s3->server_random[0]);
+        if (    (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+                (which == SSL3_CHANGE_CIPHER_SERVER_READ))
+                {
+                ms=  &(p[ 0]); n=i+i;
+                key= &(p[ n]); n+=j+j;
+                iv=  &(p[ n]); n+=k+k;
+                exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
+                exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
+                client_write=1;
+                }
+        else
+                {
+                n=i;
+                ms=  &(p[ n]); n+=i+j;
+                key= &(p[ n]); n+=j+k;
+                iv=  &(p[ n]); n+=k;
+                exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
+                exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
+                client_write=0;
+                }
+        if (n > s->s3->tmp.key_block_length)
+                {
+                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
+                goto err2;
+                }
+        memcpy(mac_secret,ms,i);
+#ifdef TLS_DEBUG
+printf("which = %04X\nmac key=",which);
+{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
+#endif
+        if (exp)
+                {
+                /* In here I set both the read and write key/iv to the
+                 * same value since only the correct one will be used :-).
+                 */
+                p=buf;
+                memcpy(p,exp_label,exp_label_len);
+                p+=exp_label_len;
+                memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+                p+=SSL3_RANDOM_SIZE;
+                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+                p+=SSL3_RANDOM_SIZE;
+                tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,key,j,
+                        tmp1,tmp2,EVP_CIPHER_key_length(c));
+                key=tmp1;
+                if (k > 0)
+                        {
+                        p=buf;
+                        memcpy(p,TLS_MD_IV_BLOCK_CONST,
+                                TLS_MD_IV_BLOCK_CONST_SIZE);
+                        p+=TLS_MD_IV_BLOCK_CONST_SIZE;
+                        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+                        p+=SSL3_RANDOM_SIZE;
+                        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+                        p+=SSL3_RANDOM_SIZE;
+                        tls1_PRF(s->ctx->md5,s->ctx->sha1,
+                                buf,p-buf,"",0,iv1,iv2,k*2);
+                        if (client_write)
+                                iv=iv1;
+                        else
+                                iv= &(iv1[k]);
+                        }
+                }
+        s->session->key_arg_length=0;
+        EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+#ifdef TLS_DEBUG
+printf("which = %04X\nkey=",which);
+{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
+printf("\niv=");
+{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
+printf("\n");
+#endif
+        memset(tmp1,0,sizeof(tmp1));
+        memset(tmp2,0,sizeof(tmp1));
+        memset(iv1,0,sizeof(iv1));
+        memset(iv2,0,sizeof(iv2));
+        return(1);
+err:
+        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+err2:
+        return(0);
+        }
+int tls1_setup_key_block(s)
+SSL *s;
+        {
+        unsigned char *p1,*p2;
+        EVP_CIPHER *c;
+        EVP_MD *hash;
+        int num,exp;
+        if (s->s3->tmp.key_block_length != 0)
+                return(1);
+        if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
+                {
+                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+                return(0);
+                }
+        s->s3->tmp.new_sym_enc=c;
+        s->s3->tmp.new_hash=hash;
+        exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
+        num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
+        num*=2;
+        ssl3_cleanup_key_block(s);
+        if ((p1=(unsigned char *)Malloc(num)) == NULL)
+                goto err;
+        if ((p2=(unsigned char *)Malloc(num)) == NULL)
+                goto err;
+        s->s3->tmp.key_block_length=num;
+        s->s3->tmp.key_block=p1;
+#ifdef TLS_DEBUG
+printf("client random\n");
+{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
+printf("server random\n");
+{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
+printf("pre-master\n");
+{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
+#endif
+        tls1_generate_key_block(s,p1,p2,num);
+        memset(p2,0,num);
+        Free(p2);
+#ifdef TLS_DEBUG
+printf("\nkey block\n");
+{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
+#endif
+        return(1);
+err:
+        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+        return(0);
+        }
+int tls1_enc(s,send)
+SSL *s;
+int send;
+        {
+        SSL3_RECORD *rec;
+        EVP_CIPHER_CTX *ds;
+        unsigned long l;
+        int bs,i,ii,j,k,n=0;
+        EVP_CIPHER *enc;
+        SSL_COMPRESSION *comp;
+        if (send)
+                {
+                if (s->write_hash != NULL)
+                        n=EVP_MD_size(s->write_hash);
+                ds=s->enc_write_ctx;
+                rec= &(s->s3->wrec);
+                if (s->enc_write_ctx == NULL)
+                        { enc=NULL; comp=NULL; }
+                else
+                        {
+                        enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+                        comp=s->write_compression;
+                        }
+                }
+        else
+                {
+                if (s->read_hash != NULL)
+                        n=EVP_MD_size(s->read_hash);
+                ds=s->enc_read_ctx;
+                rec= &(s->s3->rrec);
+                if (s->enc_read_ctx == NULL)
+                        { enc=NULL; comp=NULL; }
+                else
+                        {
+                        enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+                        comp=s->read_compression;
+                        }
+                }
+        if ((s->session == NULL) || (ds == NULL) ||
+                ((enc == NULL) && (comp == NULL)))
+                {
+                memcpy(rec->data,rec->input,rec->length);
+                rec->input=rec->data;
+                }
+        else
+                {
+                l=rec->length;
+                bs=EVP_CIPHER_block_size(ds->cipher);
+                if ((bs != 1) && send)
+                        {
+                        i=bs-((int)l%bs);
+                        /* Add weird padding of upto 256 bytes */
+                        /* we need to add 'i' padding bytes of value j */
+                        j=i-1;
+                        if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
+                                {
+                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+                                        j++;
+                                }
+                        for (k=(int)l; k<(int)(l+i); k++)
+                                rec->input[k]=j;
+                        l+=i;
+                        rec->length+=i;
+                        }
+                EVP_Cipher(ds,rec->data,rec->input,l);
+                if ((bs != 1) && !send)
+                        {
+                        ii=i=rec->data[l-1];
+                        i++;
+                        if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+                                {
+                                /* First packet is even in size, so check */
+                                if ((memcmp(s->s3->read_sequence,
+                                        "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
+                                        s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+                                        i--;
+                                }
+                        if (i > (int)rec->length)
+                                {
+                                SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+                                return(0);
+                                }
+                        for (j=(int)(l-i); j<(int)l; j++)
+                                {
+                                if (rec->data[j] != ii)
+                                        {
+                                        SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED);
+                                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+                                        return(0);
+                                        }
+                                }
+                        rec->length-=i;
+                        }
+                }
+        return(1);
+        }
+int tls1_cert_verify_mac(s,in_ctx,out)
+SSL *s;
+EVP_MD_CTX *in_ctx;
+unsigned char *out;
+        {
+        unsigned int ret;
+        EVP_MD_CTX ctx;
+        memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
+        EVP_DigestFinal(&ctx,out,&ret);
+        return((int)ret);
+        }
+int tls1_final_finish_mac(s,in1_ctx,in2_ctx,str,slen,out)
+SSL *s;
+EVP_MD_CTX *in1_ctx,*in2_ctx;
+unsigned char *str;
+int slen;
+unsigned char *out;
+        {
+        unsigned int i;
+        EVP_MD_CTX ctx;
+        unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+        unsigned char *q,buf2[12];
+        q=buf;
+        memcpy(q,str,slen);
+        q+=slen;
+        memcpy(&ctx,in1_ctx,sizeof(EVP_MD_CTX));
+        EVP_DigestFinal(&ctx,q,&i);
+        q+=i;
+        memcpy(&ctx,in2_ctx,sizeof(EVP_MD_CTX));
+        EVP_DigestFinal(&ctx,q,&i);
+        q+=i;
+        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,q-buf,
+                s->session->master_key,s->session->master_key_length,
+                out,buf2,12);
+        memset(&ctx,0,sizeof(EVP_MD_CTX));
+        return((int)12);
+        }
+int tls1_mac(ssl,md,send)
+SSL *ssl;
+unsigned char *md;
+int send;
+        {
+        SSL3_RECORD *rec;
+        unsigned char *mac_sec,*seq;
+        EVP_MD *hash;
+        unsigned int md_size;
+        int i;
+        HMAC_CTX hmac;
+        unsigned char buf[5]; 
+        if (send)
+                {
+                rec= &(ssl->s3->wrec);
+                mac_sec= &(ssl->s3->write_mac_secret[0]);
+                seq= &(ssl->s3->write_sequence[0]);
+                hash=ssl->write_hash;
+                }
+        else
+                {
+                rec= &(ssl->s3->rrec);
+                mac_sec= &(ssl->s3->read_mac_secret[0]);
+                seq= &(ssl->s3->read_sequence[0]);
+                hash=ssl->read_hash;
+                }
+        md_size=EVP_MD_size(hash);
+        buf[0]=rec->type;
+        buf[1]=TLS1_VERSION_MAJOR;
+        buf[2]=TLS1_VERSION_MINOR;
+        buf[3]=rec->length>>8;
+        buf[4]=rec->length&0xff;
+        /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+        HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash);
+        HMAC_Update(&hmac,seq,8);
+        HMAC_Update(&hmac,buf,5);
+        HMAC_Update(&hmac,rec->input,rec->length);
+        HMAC_Final(&hmac,md,&md_size);
+#ifdef TLS_DEBUG
+printf("sec=");
+{int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
+printf("seq=");
+{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
+printf("buf=");
+{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
+printf("rec=");
+{int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
+#endif
+        for (i=7; i>=0; i--)
+                if (++seq[i]) break; 
+#ifdef TLS_DEBUG
+{int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
+#endif
+        return(md_size);
+        }
+int tls1_generate_master_secret(s,out,p,len)
+SSL *s;
+unsigned char *out;
+unsigned char *p;
+int len;
+        {
+        unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
+        unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
+        /* Setup the stuff to munge */
+        memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
+                TLS_MD_MASTER_SECRET_CONST_SIZE);
+        memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
+                s->s3->client_random,SSL3_RANDOM_SIZE);
+        memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
+                s->s3->server_random,SSL3_RANDOM_SIZE);
+        tls1_PRF(s->ctx->md5,s->ctx->sha1,
+                buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
+                s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
+        return(SSL3_MASTER_SECRET_SIZE);
+        }
+int tls1_alert_code(code)
+int code;
+        {
+        switch (code)
+                {
+        case SSL_AD_CLOSE_NOTIFY:       return(SSL3_AD_CLOSE_NOTIFY);
+        case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
+        case SSL_AD_BAD_RECORD_MAC:     return(SSL3_AD_BAD_RECORD_MAC);
+        case SSL_AD_DECRYPTION_FAILED:  return(TLS1_AD_DECRYPTION_FAILED);
+        case SSL_AD_RECORD_OVERFLOW:    return(TLS1_AD_RECORD_OVERFLOW);
+        case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
+        case SSL_AD_HANDSHAKE_FAILURE:  return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_NO_CERTIFICATE:     return(-1);
+        case SSL_AD_BAD_CERTIFICATE:    return(SSL3_AD_BAD_CERTIFICATE);
+        case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
+        case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
+        case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
+        case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
+        case SSL_AD_ILLEGAL_PARAMETER:  return(SSL3_AD_ILLEGAL_PARAMETER);
+        case SSL_AD_UNKNOWN_CA:         return(TLS1_AD_UNKNOWN_CA);
+        case SSL_AD_ACCESS_DENIED:      return(TLS1_AD_ACCESS_DENIED);
+        case SSL_AD_DECODE_ERROR:       return(TLS1_AD_DECODE_ERROR);
+        case SSL_AD_DECRYPT_ERROR:      return(TLS1_AD_DECRYPT_ERROR);
+        case SSL_AD_EXPORT_RESTRICION:  return(TLS1_AD_EXPORT_RESTRICION);
+        case SSL_AD_PROTOCOL_VERSION:   return(TLS1_AD_PROTOCOL_VERSION);
+        case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
+        case SSL_AD_INTERNAL_ERROR:     return(TLS1_AD_INTERNAL_ERROR);
+        case SSL_AD_USER_CANCLED:       return(TLS1_AD_USER_CANCLED);
+        case SSL_AD_NO_RENEGOTIATION:   return(TLS1_AD_NO_RENEGOTIATION);
+        default:                        return(-1);
+                }
+        }
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
new file mode 100644
index 0000000000..f9fbfa414c
--- /dev/null
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -0,0 +1,151 @@
+/* ssl/t1_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "objects.h"
+#include "ssl_locl.h"
+char *tls1_version_str="TLSv1 part of SSLeay 0.9.0b 29-Jun-1998";
+#ifndef NO_PROTO
+static long tls1_default_timeout(void);
+#else
+static long tls1_default_timeout();
+#endif
+static SSL3_ENC_METHOD TLSv1_enc_data={
+        tls1_enc,
+        tls1_mac,
+        tls1_setup_key_block,
+        tls1_generate_master_secret,
+        tls1_change_cipher_state,
+        tls1_final_finish_mac,
+        TLS1_FINISH_MAC_LENGTH,
+        tls1_cert_verify_mac,
+        TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
+        TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
+        tls1_alert_code,
+        };
+static SSL_METHOD TLSv1_data= {
+        TLS1_VERSION,
+        tls1_new,
+        tls1_clear,
+        tls1_free,
+        ssl_undefined_function,
+        ssl_undefined_function,
+        ssl3_read,
+        ssl3_peek,
+        ssl3_write,
+        ssl3_shutdown,
+        ssl3_renegotiate,
+        ssl3_ctrl,
+        ssl3_ctx_ctrl,
+        ssl3_get_cipher_by_char,
+        ssl3_put_cipher_by_char,
+        ssl3_pending,
+        ssl3_num_ciphers,
+        ssl3_get_cipher,
+        ssl_bad_method,
+        tls1_default_timeout,
+        &TLSv1_enc_data,
+        };
+static long tls1_default_timeout()
+        {
+        /* 2 hours, the 24 hours mentioned in the TLSv1 spec
+         * is way too long for http, the cache would over fill */
+        return(60*60*2);
+        }
+SSL_METHOD *tlsv1_base_method()
+        {
+        return(&TLSv1_data);
+        }
+int tls1_new(s)
+SSL *s;
+        {
+        if (!ssl3_new(s)) return(0);
+        s->method->ssl_clear(s);
+        return(1);
+        }
+void tls1_free(s)
+SSL *s;
+        {
+        ssl3_free(s);
+        }
+void tls1_clear(s)
+SSL *s;
+        {
+        ssl3_clear(s);
+        s->version=TLS1_VERSION;
+        }
+#if 0
+long tls1_ctrl(s,cmd,larg,parg)
+SSL *s;
+int cmd;
+long larg;
+char *parg;
+        {
+        return(0);
+        }
+#endif
diff --git a/src/lib/libssl/src/ssl/t1_meth.c b/src/lib/libssl/src/ssl/t1_meth.c
new file mode 100644
index 0000000000..512c2078e7
--- /dev/null
+++ b/src/lib/libssl/src/ssl/t1_meth.c
@@ -0,0 +1,88 @@
+/* ssl/t1_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "objects.h"
+#include "ssl_locl.h"
+static SSL_METHOD *tls1_get_method(ver)
+int ver;
+        {
+        if (ver == TLS1_VERSION)
+                return(TLSv1_method());
+        else
+                return(NULL);
+        }
+SSL_METHOD *TLSv1_method()
+        {
+        static int init=1;
+        static SSL_METHOD TLSv1_data;
+        if (init)
+                {
+                init=0;
+                memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+                        sizeof(SSL_METHOD));
+                TLSv1_data.ssl_connect=ssl3_connect;
+                TLSv1_data.ssl_accept=ssl3_accept;
+                TLSv1_data.get_ssl_method=tls1_get_method;
+                }
+        return(&TLSv1_data);
+        }
diff --git a/src/lib/libssl/src/ssl/t1_srvr.c b/src/lib/libssl/src/ssl/t1_srvr.c
new file mode 100644
index 0000000000..8cf0addcd9
--- /dev/null
+++ b/src/lib/libssl/src/ssl/t1_srvr.c
@@ -0,0 +1,91 @@
+/* ssl/t1_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "buffer.h"
+#include "rand.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+#include "ssl_locl.h"
+static SSL_METHOD *tls1_get_server_method(ver)
+int ver;
+        {
+        if (ver == TLS1_VERSION)
+                return(TLSv1_server_method());
+        else
+                return(NULL);
+        }
+SSL_METHOD *TLSv1_server_method()
+        {
+        static int init=1;
+        static SSL_METHOD TLSv1_server_data;
+        if (init)
+                {
+                init=0;
+                memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+                        sizeof(SSL_METHOD));
+                TLSv1_server_data.ssl_accept=ssl3_accept;
+                TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+                }
+        return(&TLSv1_server_data);
+        }
diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h
new file mode 100644
index 0000000000..60978613ef
--- /dev/null
+++ b/src/lib/libssl/src/ssl/tls1.h
@@ -0,0 +1,115 @@
+/* ssl/tls1.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_TLS1_H 
+#define HEADER_TLS1_H 
+#include "buffer.h"
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#define TLS1_VERSION                    0x0301
+#define TLS1_VERSION_MAJOR              0x03
+#define TLS1_VERSION_MINOR              0x01
+#define TLS1_AD_DECRYPTION_FAILED       21
+#define TLS1_AD_RECORD_OVERFLOW         22
+#define TLS1_AD_UNKNOWN_CA              48      /* fatal */
+#define TLS1_AD_ACCESS_DENIED           49      /* fatal */
+#define TLS1_AD_DECODE_ERROR            50      /* fatal */
+#define TLS1_AD_DECRYPT_ERROR           51
+#define TLS1_AD_EXPORT_RESTRICION       60      /* fatal */
+#define TLS1_AD_PROTOCOL_VERSION        70      /* fatal */
+#define TLS1_AD_INSUFFICIENT_SECURITY   71      /* fatal */
+#define TLS1_AD_INTERNAL_ERROR          80      /* fatal */
+#define TLS1_AD_USER_CANCLED            90
+#define TLS1_AD_NO_RENEGOTIATION        100
+#define TLS_CT_RSA_SIGN                 1
+#define TLS_CT_DSS_SIGN                 2
+#define TLS_CT_RSA_FIXED_DH             3
+#define TLS_CT_DSS_FIXED_DH             4
+#define TLS_CT_NUMBER                   4
+#define TLS1_FINISH_MAC_LENGTH          12
+#define TLS_MD_MAX_CONST_SIZE                   20
+#define TLS_MD_CLIENT_FINISH_CONST              "client finished"
+#define TLS_MD_CLIENT_FINISH_CONST_SIZE         15
+#define TLS_MD_SERVER_FINISH_CONST              "server finished"
+#define TLS_MD_SERVER_FINISH_CONST_SIZE         15
+#define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
+#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
+#define TLS_MD_KEY_EXPANSION_CONST              "key expansion"
+#define TLS_MD_KEY_EXPANSION_CONST_SIZE         13
+#define TLS_MD_CLIENT_WRITE_KEY_CONST           "client write key"
+#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE      16
+#define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
+#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
+#define TLS_MD_IV_BLOCK_CONST                   "IV block"
+#define TLS_MD_IV_BLOCK_CONST_SIZE              8
+#define TLS_MD_MASTER_SECRET_CONST              "master secret"
+#define TLS_MD_MASTER_SECRET_CONST_SIZE         13
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/test/CAss.cnf b/src/lib/libssl/src/test/CAss.cnf
new file mode 100644
index 0000000000..b941b7ae15
--- /dev/null
+++ b/src/lib/libssl/src/test/CAss.cnf
@@ -0,0 +1,25 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+RANDFILE                = ./.rnd
+####################################################################
+[ req ]
+default_bits            = 512
+default_keyfile         = keySS.pem
+distinguished_name      = req_distinguished_name
+encrypt_rsa_key         = no
+default_md              = sha1
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+countryName_default             = AU
+countryName_value               = AU
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Dodgy Brothers
+commonName                      = Common Name (eg, YOUR name)
+commonName_value                = Dodgy CA
diff --git a/src/lib/libssl/src/test/CAssdh.cnf b/src/lib/libssl/src/test/CAssdh.cnf
new file mode 100644
index 0000000000..4e0a908679
--- /dev/null
+++ b/src/lib/libssl/src/test/CAssdh.cnf
@@ -0,0 +1,24 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DH certs - CA
+RANDFILE              = ./.rnd
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = CU
+countryName_value             = CU
+organizationName              = Organization Name (eg, company)
+organizationName_value                = La Junta de la Revolucion
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Junta
diff --git a/src/lib/libssl/src/test/CAssdsa.cnf b/src/lib/libssl/src/test/CAssdsa.cnf
new file mode 100644
index 0000000000..a6b4d1810c
--- /dev/null
+++ b/src/lib/libssl/src/test/CAssdsa.cnf
@@ -0,0 +1,23 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - CA
+RANDFILE              = ./.rnd
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+organizationName              = Organization Name (eg, company)
+organizationName_value                = Hermanos Locos
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Hermanos Locos CA
diff --git a/src/lib/libssl/src/test/CAssrsa.cnf b/src/lib/libssl/src/test/CAssrsa.cnf
new file mode 100644
index 0000000000..eb24a6dfc0
--- /dev/null
+++ b/src/lib/libssl/src/test/CAssrsa.cnf
@@ -0,0 +1,24 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# create RSA certs - CA
+RANDFILE              = ./.rnd
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_key           = no
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+organizationName              = Organization Name (eg, company)
+organizationName_value                = Hermanos Locos
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Hermanos Locos CA
diff --git a/src/lib/libssl/src/test/Sssdsa.cnf b/src/lib/libssl/src/test/Sssdsa.cnf
new file mode 100644
index 0000000000..8e170a28ef
--- /dev/null
+++ b/src/lib/libssl/src/test/Sssdsa.cnf
@@ -0,0 +1,27 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - Server
+RANDFILE              = ./.rnd
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Tortilleras S.A.
+0.commonName                  = Common Name (eg, YOUR name)
+0.commonName_value            = Torti
+1.commonName                  = Common Name (eg, YOUR name)
+1.commonName_value            = Gordita
diff --git a/src/lib/libssl/src/test/Sssrsa.cnf b/src/lib/libssl/src/test/Sssrsa.cnf
new file mode 100644
index 0000000000..8c79a03fca
--- /dev/null
+++ b/src/lib/libssl/src/test/Sssrsa.cnf
@@ -0,0 +1,26 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# create RSA certs - Server
+RANDFILE              = ./.rnd
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_key           = no
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Tortilleras S.A.
+0.commonName                  = Common Name (eg, YOUR name)
+0.commonName_value            = Torti
+1.commonName                  = Common Name (eg, YOUR name)
+1.commonName_value            = Gordita
diff --git a/src/lib/libssl/src/test/Uss.cnf b/src/lib/libssl/src/test/Uss.cnf
new file mode 100644
index 0000000000..c89692d519
--- /dev/null
+++ b/src/lib/libssl/src/test/Uss.cnf
@@ -0,0 +1,28 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+RANDFILE                = ./.rnd
+####################################################################
+[ req ]
+default_bits            = 512
+default_keyfile         = keySS.pem
+distinguished_name      = req_distinguished_name
+encrypt_rsa_key         = no
+default_md              = md2
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+countryName_default             = AU
+countryName_value               = AU
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Dodgy Brothers
+0.commonName                    = Common Name (eg, YOUR name)
+0.commonName_value              = Brother 1
+1.commonName                    = Common Name (eg, YOUR name)
+1.commonName_value              = Brother 2
diff --git a/src/lib/libssl/src/test/methtest.c b/src/lib/libssl/src/test/methtest.c
new file mode 100644
index 0000000000..630d29dc91
--- /dev/null
+++ b/src/lib/libssl/src/test/methtest.c
@@ -0,0 +1,105 @@
+/* test/methtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "rsa.h"
+#include "x509.h"
+#include "meth.h"
+#include "err.h"
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        METHOD_CTX *top,*tmp1,*tmp2;
+        top=METH_new(x509_lookup()); /* get a top level context */
+        if (top == NULL) goto err;
+        tmp1=METH_new(x509_by_file());
+        if (top == NULL) goto err;
+        METH_arg(tmp1,METH_TYPE_FILE,"cafile1");
+        METH_arg(tmp1,METH_TYPE_FILE,"cafile2");
+        METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);
+        tmp2=METH_new(x509_by_dir());
+        METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts");
+        METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs");
+        METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");
+        METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);
+/*      tmp=METH_new(x509_by_issuer_dir);
+        METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
+        METH_push(top,METH_X509_BY_ISSUER,tmp);
+        tmp=METH_new(x509_by_issuer_primary);
+        METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
+        METH_push(top,METH_X509_BY_ISSUER,tmp);
+*/
+        METH_init(top);
+        METH_control(tmp1,METH_CONTROL_DUMP,stdout);
+        METH_control(tmp2,METH_CONTROL_DUMP,stdout);
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        return(0);
+        }
diff --git a/src/lib/libssl/src/test/pkcs7-1.pem b/src/lib/libssl/src/test/pkcs7-1.pem
new file mode 100644
index 0000000000..c47b27af88
--- /dev/null
+++ b/src/lib/libssl/src/test/pkcs7-1.pem
@@ -0,0 +1,15 @@
+-----BEGIN PKCS7-----
+MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG
+SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE
+AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF
+eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4
+MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv
+bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK
+ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB
+FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N
+9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8
+BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w
+bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB
+BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C
+j7Kie1x339mxW/w9VZNTUDQQweHh
+-----END PKCS7-----
diff --git a/src/lib/libssl/src/test/pkcs7.pem b/src/lib/libssl/src/test/pkcs7.pem
new file mode 100644
index 0000000000..d55c60b94e
--- /dev/null
+++ b/src/lib/libssl/src/test/pkcs7.pem
@@ -0,0 +1,54 @@
+     MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
+     AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
+     EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
+     cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
+     ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
+     MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+     c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
+     bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
+     CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
+     Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
+     CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
+     ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
+     l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
+     HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
+     Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
+     c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
+     YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
+     dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
+     dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
+     LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
+     ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
+     biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
+     IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
+     AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
+     L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
+     HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
+     slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
+     ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
+     /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
+     aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
+     ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
+     OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
+     MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
+     Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
+     qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
+     sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
+     P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
+     A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
+     KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
+     Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
+     Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
+     hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
+     Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
+     dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
+     KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
+     dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
+     I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
+     ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
+     ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
+     ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
+     MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
+     /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
+     DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
+     b+xSu/jH0gAAMYAAAAAAAAAAAA==
diff --git a/src/lib/libssl/src/test/r160test.c b/src/lib/libssl/src/test/r160test.c
new file mode 100644
index 0000000000..a172e393ca
--- /dev/null
+++ b/src/lib/libssl/src/test/r160test.c
@@ -0,0 +1,57 @@
+/* test/r160test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
diff --git a/src/lib/libssl/src/test/tcrl b/src/lib/libssl/src/test/tcrl
new file mode 100644
index 0000000000..859fba452f
--- /dev/null
+++ b/src/lib/libssl/src/test/tcrl
@@ -0,0 +1,81 @@
+#!/bin/sh
+PATH=../apps:$PATH
+export PATH
+cmd='../apps/ssleay crl'
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=testcrl.pem
+fi
+echo testing crl conversions
+cp $t fff.p
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in fff.p -inform p -outform t >f.t
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> d"
+#$cmd -in f.t -inform t -outform d >ff.d2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+#echo "d -> t"
+#$cmd -in f.d -inform d -outform t >ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#echo "t -> t"
+#$cmd -in f.t -inform t -outform t >ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in f.p -inform p -outform t >ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> p"
+#$cmd -in f.t -inform t -outform p >ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp fff.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/src/test/test.cnf b/src/lib/libssl/src/test/test.cnf
new file mode 100644
index 0000000000..faad3914a8
--- /dev/null
+++ b/src/lib/libssl/src/test/test.cnf
@@ -0,0 +1,88 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+RANDFILE                = ./.rnd
+####################################################################
+[ ca ]
+default_ca      = CA_default            # The default ca section
+####################################################################
+[ CA_default ]
+dir             = ./demoCA              # Where everything is kept
+certs           = $dir/certs            # Where the issued certs are kept
+crl_dir         = $dir/crl              # Where the issued crl are kept
+database        = $dir/index.txt        # database index file.
+new_certs_dir   = $dir/new_certs        # default place for new certs.
+certificate     = $dir/CAcert.pem       # The CA certificate
+serial          = $dir/serial           # The current serial number
+crl             = $dir/crl.pem          # The current CRL
+private_key     = $dir/private/CAkey.pem# The private key
+RANDFILE        = $dir/private/.rand    # private random number file
+default_days    = 365                   # how long to certify for
+default_crl_days= 30                    # how long before next CRL
+default_md      = md5                   # which md to use.
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy          = policy_match
+# For the CA policy
+[ policy_match ]
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+####################################################################
+[ req ]
+default_bits            = 512
+default_keyfile         = testkey.pem
+distinguished_name      = req_distinguished_name
+encrypt_rsa_key         = no
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+countryName_default             = AU
+countryName_value               = AU
+stateOrProvinceName             = State or Province Name (full name)
+stateOrProvinceName_default     = Queensland
+stateOrProvinceName_value       =
+localityName                    = Locality Name (eg, city)
+localityName_value              = Brisbane
+organizationName                = Organization Name (eg, company)
+organizationName_default        = 
+organizationName_value          = CryptSoft Pty Ltd
+organizationalUnitName          = Organizational Unit Name (eg, section)
+organizationalUnitName_default  =
+organizationalUnitName_value    = .
+commonName                      = Common Name (eg, YOUR name)
+commonName_value                = Eric Young
+emailAddress                    = Email Address
+emailAddress_value              = eay@mincom.oz.au
diff --git a/src/lib/libssl/src/test/testca b/src/lib/libssl/src/test/testca
new file mode 100644
index 0000000000..a28402f9ca
--- /dev/null
+++ b/src/lib/libssl/src/test/testca
@@ -0,0 +1,44 @@
+#!/bin/sh
+SH="/bin/sh"
+PATH=../apps:$PATH
+export SH PATH
+SSLEAY_CONFIG="-config CAss.cnf"
+export SSLEAY_CONFIG
+/bin/rm -fr demoCA
+$SH ../apps/CA.sh -newca <<EOF
+EOF
+if [ $? != 0 ]; then
+        exit 1;
+fi
+SSLEAY_CONFIG="-config Uss.cnf"
+export SSLEAY_CONFIG
+$SH ../apps/CA.sh -newreq
+if [ $? != 0 ]; then
+        exit 1;
+fi
+SSLEAY_CONFIG="-config ../apps/ssleay.cnf"
+export SSLEAY_CONFIG
+$SH ../apps/CA.sh -sign  <<EOF
+y
+y
+EOF
+if [ $? != 0 ]; then
+        exit 1;
+fi
+$SH ../apps/CA.sh -verify newcert.pem
+if [ $? != 0 ]; then
+        exit 1;
+fi
+/bin/rm -fr demoCA newcert.pem newreq.pem
+#usage: CA -newcert|-newreq|-newca|-sign|-verify
diff --git a/src/lib/libssl/src/test/testcrl.pem b/src/lib/libssl/src/test/testcrl.pem
new file mode 100644
index 0000000000..0989788354
--- /dev/null
+++ b/src/lib/libssl/src/test/testcrl.pem
@@ -0,0 +1,16 @@
+-----BEGIN X509 CRL-----
+MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
+F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw
+MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw
+MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw
+MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw
+MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw
+MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw
+MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw
+NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw
+NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF
+AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ
+wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt
+JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v
+-----END X509 CRL-----
diff --git a/src/lib/libssl/src/test/testenc b/src/lib/libssl/src/test/testenc
new file mode 100644
index 0000000000..42db56c2be
--- /dev/null
+++ b/src/lib/libssl/src/test/testenc
@@ -0,0 +1,62 @@
+#!/bin/sh
+testsrc=Makefile.ssl
+test=./p
+cmd=../apps/ssleay
+cat $testsrc >$test;
+echo cat
+$cmd enc < $test > $test.cipher
+$cmd enc < $test.cipher >$test.clear
+cmp $test $test.clear
+if [ $? != 0 ]
+then
+        exit 1
+else
+        /bin/rm $test.cipher $test.clear
+fi
+echo base64
+$cmd enc -a -e < $test > $test.cipher
+$cmd enc -a -d < $test.cipher >$test.clear
+cmp $test $test.clear
+if [ $? != 0 ]
+then
+        exit 1
+else
+        /bin/rm $test.cipher $test.clear
+fi
+for i in rc4 \
+        des-cfb des-ede-cfb des-ede3-cfb \
+        des-ofb des-ede-ofb des-ede3-ofb \
+        des-ecb des-ede des-ede3 desx \
+        des-cbc des-ede-cbc des-ede3-cbc \
+        idea-ecb idea-cfb idea-ofb idea-cbc \
+        rc2-ecb rc2-cfb rc2-ofb rc2-cbc \
+        bf-ecb bf-cfb bf-ofb bf-cbc rc4 \
+        cast5-ecb cast5-cfb cast5-ofb cast5-cbc
+do
+        echo $i
+        $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
+        $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
+        cmp $test $test.$i.clear
+        if [ $? != 0 ]
+        then
+                exit 1
+        else
+                /bin/rm $test.$i.cipher $test.$i.clear
+        fi
+        echo $i base64
+        $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
+        $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
+        cmp $test $test.$i.clear
+        if [ $? != 0 ]
+        then
+                exit 1
+        else
+                /bin/rm $test.$i.cipher $test.$i.clear
+        fi
+done
+rm -f $test
diff --git a/src/lib/libssl/src/test/testgen b/src/lib/libssl/src/test/testgen
new file mode 100644
index 0000000000..12a4ca4cea
--- /dev/null
+++ b/src/lib/libssl/src/test/testgen
@@ -0,0 +1,30 @@
+#!/bin/sh
+T=testcert
+KEY=512
+CA=../certs/testca.pem
+/bin/rm -f $T.1 $T.2 $T.key
+PATH=../apps:$PATH;
+export PATH
+echo "generating certificate request"
+echo "There should be a 2 sequences of .'s and some +'s."
+echo "There should not be more that at most 80 per line"
+echo "This could take some time."
+../apps/ssleay req -config test.cnf -new -out testreq.pem
+if [ $? != 0 ]; then
+echo problems creating request
+exit 1
+fi
+../apps/ssleay req -verify -in testreq.pem -noout
+if [ $? != 0 ]; then
+echo signature on req is wrong
+exit 1
+fi
+exit 0
diff --git a/src/lib/libssl/src/test/testp7.pem b/src/lib/libssl/src/test/testp7.pem
new file mode 100644
index 0000000000..b3b6dba830
--- /dev/null
+++ b/src/lib/libssl/src/test/testp7.pem
@@ -0,0 +1,46 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHAqCAMIIIBwIBATEAMIAGCSqGSIb3DQEHAQAAoIIGPDCCBHIw
+ggQcoAMCAQICEHkvjiX1iVGQMenF9HgIjI8wDQYJKoZIhvcNAQEEBQAwYjERMA8G
+A1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQL
+EytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMB4X
+DTk2MDcxOTAwMDAwMFoXDTk3MDMzMDIzNTk1OVowgdUxETAPBgNVBAcTCEludGVy
+bmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24g
+Q2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjEoMCYGA1UECxMfRGln
+aXRhbCBJRCBDbGFzcyAxIC0gU01JTUUgVGVzdDFHMEUGA1UECxM+d3d3LnZlcmlz
+aWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLjAgSW5jLiBieSBSZWYuLExJQUIuTFRE
+KGMpOTYwWzANBgkqhkiG9w0BAQEFAANKADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDO
+Rl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMB
+AAGjggI5MIICNTAJBgNVHRMEAjAAMIICJgYDVR0DBIICHTCCAhkwggIVMIICEQYL
+YIZIAYb4RQEHAQEwggIAFoIBq1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVz
+IGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0
+bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50
+IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9D
+UFMtMS4wOyBieSBFLW1haWwgYXQgQ1BTLXJlcXVlc3RzQHZlcmlzaWduLmNvbTsg
+b3IgYnkgbWFpbCBhdCBWZXJpU2lnbiwgSW5jLiwgMjU5MyBDb2FzdCBBdmUuLCBN
+b3VudGFpbiBWaWV3LCBDQSA5NDA0MyBVU0EgVGVsLiArMSAoNDE1KSA5NjEtODgz
+MCBDb3B5cmlnaHQgKGMpIDE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMg
+UmVzZXJ2ZWQuIENFUlRBSU4gV0FSUkFOVElFUyBESVNDTEFJTUVEIGFuZCBMSUFC
+SUxJVFkgTElNSVRFRC6gDgYMYIZIAYb4RQEHAQEBoQ4GDGCGSAGG+EUBBwEBAjAv
+MC0WK2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLgMw
+DQYJKoZIhvcNAQEEBQADQQDAmA7km/3iJWEsWN9Z2WU2gmZAknx45WnDKHxMa3Bf
+gNsh6BLk/ngkJKjNKTDR13XVHqEPUY1flbjATZputw1GMIIBwjCCAWygAwIBAgIQ
+fAmE6tW5ERSQWDneu3KfSTANBgkqhkiG9w0BAQIFADA+MQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xFjAUBgNVBAsTDVRFU1QgUm9vdCBQQ0Ew
+HhcNOTYwNzE3MDAwMDAwWhcNOTcwNzE3MjM1OTU5WjBiMREwDwYDVQQHEwhJbnRl
+cm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWdu
+IENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwXDANBgkqhkiG9w0B
+AQEFAANLADBIAkEA7Fc6zYJw4WwCWa1ni3fYNbzGSQNluuw990024GusjLfhEk1h
+MsIUukTT/n8yxoO7rYp4x+LS+tHF2tBtuxg7CwIDAQABoyIwIDALBgNVHQ8EBAMC
+AQYwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBAgUAA0EAFKem0cJGg9nd
+TAbP5o1HIEyNn11ZlvLU5v1Hejs1MKQt72IMm4jjgOH+pjguXW8lB6yzrK4oVOO2
+UNCaNQ1H26GCAa0wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UEBxMISW50
+ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
+biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3MTcxNzU5
+MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsWsQmste9f
+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9XfZsaiiI
+gotQHjCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVTMRcwFQYDVQQK
+Ew5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBDQRcNOTYwNzE3
+MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANBAHitA0/xAukC
+jHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMlExONA3ju10f7
+owIq3s3wx10xAAAAAAA=
+-----END PKCS7-----
diff --git a/src/lib/libssl/src/test/testreq2.pem b/src/lib/libssl/src/test/testreq2.pem
new file mode 100644
index 0000000000..c3cdcffcbc
--- /dev/null
+++ b/src/lib/libssl/src/test/testreq2.pem
@@ -0,0 +1,7 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
+QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG
+DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq
+hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi
+gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=
+-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/src/test/testrsa.pem b/src/lib/libssl/src/test/testrsa.pem
new file mode 100644
index 0000000000..aad21067a8
--- /dev/null
+++ b/src/lib/libssl/src/test/testrsa.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
+Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
+rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
+oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
+mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
+rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
+mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/test/testsid.pem b/src/lib/libssl/src/test/testsid.pem
new file mode 100644
index 0000000000..cd8617be2e
--- /dev/null
+++ b/src/lib/libssl/src/test/testsid.pem
@@ -0,0 +1,12 @@
+-----BEGIN SSL SESSION PARAMETERS-----
+MIIBxwIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
+bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
+ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
+YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
+A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk
+LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
+CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
+TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
+hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
+CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTv
+-----END SSL SESSION PARAMETERS-----
diff --git a/src/lib/libssl/src/test/testss b/src/lib/libssl/src/test/testss
new file mode 100644
index 0000000000..a5aecf4694
--- /dev/null
+++ b/src/lib/libssl/src/test/testss
@@ -0,0 +1,89 @@
+#!/bin/sh
+digest='-mdc2'
+reqcmd="../apps/ssleay req"
+x509cmd="../apps/ssleay x509 $digest"
+verifycmd="../apps/ssleay verify"
+CAkey="keyCA.ss"
+CAcert="certCA.ss"
+CAreq="reqCA.ss"
+CAconf="CAss.cnf"
+CAreq2="req2CA.ss"      # temp
+Uconf="Uss.cnf"
+Ukey="keyU.ss"
+Ureq="reqU.ss"
+Ucert="certU.ss"
+echo
+echo "make a certificate request using 'req'"
+$reqcmd -config $CAconf -out $CAreq -keyout $CAkey -new #>err.ss
+if [ $? != 0 ]; then
+        echo "error using 'req' to generate a certificate request"
+        exit 1
+fi
+echo
+echo "convert the certificate request into a self signed certificate using 'x509'"
+$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >err.ss
+if [ $? != 0 ]; then
+        echo "error using 'x509' to self sign a certificate request"
+        exit 1
+fi
+echo
+echo "convert a certificate into a certificate request using 'x509'"
+$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss
+if [ $? != 0 ]; then
+        echo "error using 'x509' convert a certificate to a certificate request"
+        exit 1
+fi
+$reqcmd -verify -in $CAreq -noout
+if [ $? != 0 ]; then
+        echo first generated request is invalid
+        exit 1
+fi
+$reqcmd -verify -in $CAreq2 -noout
+if [ $? != 0 ]; then
+        echo second generated request is invalid
+        exit 1
+fi
+$verifycmd -CAfile $CAcert $CAcert
+if [ $? != 0 ]; then
+        echo first generated cert is invalid
+        exit 1
+fi
+echo
+echo "make another certificate request using 'req'"
+$reqcmd -config $Uconf -out $Ureq -keyout $Ukey -new >err.ss
+if [ $? != 0 ]; then
+        echo "error using 'req' to generate a certificate request"
+        exit 1
+fi
+echo
+echo "sign certificate request with the just created CA via 'x509'"
+$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey >err.ss
+if [ $? != 0 ]; then
+        echo "error using 'x509' to sign a certificate request"
+        exit 1
+fi
+$verifycmd -CAfile $CAcert $Ucert
+echo
+echo "Certificate details"
+$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
+echo
+echo The generated CA certificate is $CAcert
+echo The generated CA private key is $CAkey
+echo The generated user certificate is $Ucert
+echo The generated user private key is $Ukey
+/bin/rm err.ss
+exit 0
diff --git a/src/lib/libssl/src/test/testssl b/src/lib/libssl/src/test/testssl
new file mode 100644
index 0000000000..f115adb8e1
--- /dev/null
+++ b/src/lib/libssl/src/test/testssl
@@ -0,0 +1,40 @@
+#!/bin/sh
+echo test sslv2
+./ssltest -ssl2 || exit 1
+echo test sslv2 with server authentication
+./ssltest -ssl2 -server_auth -CApath ../certs || exit 1
+echo test sslv2 with client authentication
+./ssltest -ssl2 -client_auth -CApath ../certs || exit 1
+echo test sslv2 with both client and server authentication
+./ssltest -ssl2 -server_auth -client_auth -CApath ../certs || exit 1
+echo test sslv3
+./ssltest -ssl3 || exit 1
+echo test sslv3 with server authentication
+./ssltest -ssl3 -server_auth -CApath ../certs || exit 1
+echo test sslv3 with client authentication
+./ssltest -ssl3 -client_auth -CApath ../certs || exit 1
+echo test sslv3 with both client and server authentication
+./ssltest -ssl3 -server_auth -client_auth -CApath ../certs || exit 1
+echo test sslv2/sslv3
+./ssltest || exit 1
+echo test sslv2/sslv3 with server authentication
+./ssltest -server_auth -CApath ../certs || exit 1
+echo test sslv2/sslv3 with client authentication
+./ssltest -client_auth -CApath ../certs || exit 1
+echo test sslv2/sslv3 with both client and server authentication
+./ssltest -server_auth -client_auth -CApath ../certs || exit 1
+exit 0
diff --git a/src/lib/libssl/src/test/testx509.pem b/src/lib/libssl/src/test/testx509.pem
new file mode 100644
index 0000000000..8a85d14964
--- /dev/null
+++ b/src/lib/libssl/src/test/testx509.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
+MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
+AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
+/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
+Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
+zl9HYIMxATFyqSiD9jsx
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/test/times b/src/lib/libssl/src/test/times
new file mode 100644
index 0000000000..49aeebf216
--- /dev/null
+++ b/src/lib/libssl/src/test/times
@@ -0,0 +1,113 @@
+More number for the questions about SSL overheads....
+The following numbers were generated on a pentium pro 200, running linux.
+They give an indication of the SSL protocol and encryption overheads.
+The program that generated them is an unreleased version of ssl/ssltest.c
+which is the SSLeay ssl protocol testing program.  It is a single process that
+talks both sides of the SSL protocol via a non-blocking memory buffer
+interface.
+How do I read this?  The protocol and cipher are reasonable obvious.
+The next number is the number of connections being made.  The next is the
+number of bytes exchanged bewteen the client and server side of the protocol.
+This is the number of bytes that the client sends to the server, and then
+the server sends back.  Because this is all happening in one process,
+the data is being encrypted, decrypted, encrypted and then decrypted again.
+It is a round trip of that many bytes.  Because the one process performs
+both the client and server sides of the protocol and it sends this many bytes
+each direction, multiply this number by 4 to generate the number
+of bytes encrypted/decrypted/MACed.  The first time value is how many seconds
+elapsed doing a full SSL handshake, the second is the cost of one
+full handshake and the rest being session-id reuse.
+SSLv2 RC4-MD5      1000 x      1   12.83s   0.70s
+SSLv3 NULL-MD5     1000 x      1   14.35s   1.47s
+SSLv3 RC4-MD5      1000 x      1   14.46s   1.56s
+SSLv3 RC4-MD5      1000 x      1   51.93s   1.62s 1024bit RSA
+SSLv3 RC4-SHA      1000 x      1   14.61s   1.83s
+SSLv3 DES-CBC-SHA  1000 x      1   14.70s   1.89s
+SSLv3 DES-CBC3-SHA 1000 x      1   15.16s   2.16s
+SSLv2 RC4-MD5      1000 x   1024   13.72s   1.27s
+SSLv3 NULL-MD5     1000 x   1024   14.79s   1.92s
+SSLv3 RC4-MD5      1000 x   1024   52.58s   2.29s 1024bit RSA
+SSLv3 RC4-SHA      1000 x   1024   15.39s   2.67s
+SSLv3 DES-CBC-SHA  1000 x   1024   16.45s   3.55s
+SSLv3 DES-CBC3-SHA 1000 x   1024   18.21s   5.38s
+SSLv2 RC4-MD5      1000 x  10240   18.97s   6.52s
+SSLv3 NULL-MD5     1000 x  10240   17.79s   5.11s
+SSLv3 RC4-MD5      1000 x  10240   20.25s   7.90s
+SSLv3 RC4-MD5      1000 x  10240   58.26s   8.08s 1024bit RSA
+SSLv3 RC4-SHA      1000 x  10240   22.96s  11.44s
+SSLv3 DES-CBC-SHA  1000 x  10240   30.65s  18.41s
+SSLv3 DES-CBC3-SHA 1000 x  10240   47.04s  34.53s
+SSLv2 RC4-MD5      1000 x 102400   70.22s  57.74s
+SSLv3 NULL-MD5     1000 x 102400   43.73s  31.03s
+SSLv3 RC4-MD5      1000 x 102400   71.32s  58.83s
+SSLv3 RC4-MD5      1000 x 102400  109.66s  59.20s 1024bit RSA
+SSLv3 RC4-SHA      1000 x 102400   95.88s  82.21s
+SSLv3 DES-CBC-SHA  1000 x 102400  173.22s 160.55s
+SSLv3 DES-CBC3-SHA 1000 x 102400  336.61s 323.82s
+What does this all mean?  Well for a server, with no session-id reuse, with
+a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
+a pentium pro 200 running linux can handle the SSLv3 protocol overheads of
+about 49 connections a second.  Reality will be quite different :-).
+Remeber the first number is 1000 full ssl handshakes, the second is
+1 full and 999 with session-id reuse.  The RSA overheads for each exchange
+would be one public and one private operation, but the protocol/MAC/cipher
+cost would be quite similar in both the client and server.
+eric (adding numbers to speculation)
+--- Appendix ---
+- The time measured is user time but these number a very rough.
+- Remember this is the cost of both client and server sides of the protocol.
+- The TCP/kernal overhead of connection establishment is normally the
+  killer in SSL.  Often delays in the TCP protocol will make session-id
+  reuse look slower that new sessions, but this would not be the case on
+  a loaded server.
+- The TCP round trip latencies, while slowing indervidual connections,
+  would have minimal impact on throughput.
+- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
+- the required number of bytes are processed.
+- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers.
+- A 512bit server key was being used except where noted.
+- No server key verification was being performed on the client side of the
+  protocol.  This would slow things down very little.
+- The library being used is SSLeay 0.8.x.
+- The normal mesauring system was commands of the form
+  time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
+  This modified version of ssltest should be in the next public release of
+  SSLeay.
+The general cipher performace number for this platform are
+SSLeay 0.8.2a 04-Sep-1997
+built on Fri Sep  5 17:37:05 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
+C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized 
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               131.02k      368.41k      500.57k      549.21k      566.09k
+mdc2              535.60k      589.10k      595.88k      595.97k      594.54k
+md5              1801.53k     9674.77k    17484.03k    21849.43k    23592.96k
+sha              1261.63k     5533.25k     9285.63k    11187.88k    11913.90k
+sha1             1103.13k     4782.53k     7933.78k     9472.34k    10070.70k
+rc4             10722.53k    14443.93k    15215.79k    15299.24k    15219.59k
+des cbc          3286.57k     3827.73k     3913.39k     3931.82k     3926.70k
+des ede3         1443.50k     1549.08k     1561.17k     1566.38k     1564.67k
+idea cbc         2203.64k     2508.16k     2538.33k     2543.62k     2547.71k
+rc2 cbc          1430.94k     1511.59k     1524.82k     1527.13k     1523.33k
+blowfish cbc     4716.07k     5965.82k     6190.17k     6243.67k     6234.11k
+                  sign    verify
+rsa  512 bits   0.0100s   0.0011s
+rsa 1024 bits   0.0451s   0.0012s
+rsa 2048 bits   0.2605s   0.0086s
+rsa 4096 bits   1.6883s   0.0302s
diff --git a/src/lib/libssl/src/test/tpkcs7 b/src/lib/libssl/src/test/tpkcs7
new file mode 100644
index 0000000000..ea1f005dac
--- /dev/null
+++ b/src/lib/libssl/src/test/tpkcs7
@@ -0,0 +1,51 @@
+#!/bin/sh
+PATH=../apps:$PATH
+export PATH
+cmd='../apps/ssleay pkcs7'
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=testp7.pem
+fi
+echo testing pkcs7 conversions
+cp $t fff.p
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/src/test/tpkcs7d b/src/lib/libssl/src/test/tpkcs7d
new file mode 100644
index 0000000000..c8f18fb09c
--- /dev/null
+++ b/src/lib/libssl/src/test/tpkcs7d
@@ -0,0 +1,44 @@
+#!/bin/sh
+PATH=../apps:$PATH
+export PATH
+cmd='../apps/ssleay pkcs7'
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=pkcs7-1.pem
+fi
+echo testing pkcs7 conversions
+cp $t fff.p
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/src/test/treq b/src/lib/libssl/src/test/treq
new file mode 100644
index 0000000000..e5f1d8cc41
--- /dev/null
+++ b/src/lib/libssl/src/test/treq
@@ -0,0 +1,81 @@
+#!/bin/sh
+PATH=../apps:$PATH
+export PATH
+cmd='../apps/ssleay req'
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=testreq.pem
+fi
+echo testing req conversions
+cp $t fff.p
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in fff.p -inform p -outform t >f.t
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+echo "d -> d"
+$cmd -verify -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> d"
+#$cmd -in f.t -inform t -outform d >ff.d2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -verify -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+#echo "d -> t"
+#$cmd -in f.d -inform d -outform t >ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#echo "t -> t"
+#$cmd -in f.t -inform t -outform t >ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in f.p -inform p -outform t >ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> p"
+#$cmd -in f.t -inform t -outform p >ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp fff.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/src/test/trsa b/src/lib/libssl/src/test/trsa
new file mode 100644
index 0000000000..e5b8fe0448
--- /dev/null
+++ b/src/lib/libssl/src/test/trsa
@@ -0,0 +1,81 @@
+#!/bin/sh
+PATH=../apps:$PATH
+export PATH
+cmd='../apps/ssleay rsa'
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=testrsa.pem
+fi
+echo testing rsa conversions
+cp $t fff.p
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in fff.p -inform p -outform t >f.t
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> d"
+#$cmd -in f.t -inform t -outform d >ff.d2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+#echo "d -> t"
+#$cmd -in f.d -inform d -outform t >ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#echo "t -> t"
+#$cmd -in f.t -inform t -outform t >ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in f.p -inform p -outform t >ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> p"
+#$cmd -in f.t -inform t -outform p >ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp fff.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/src/test/tsid b/src/lib/libssl/src/test/tsid
new file mode 100644
index 0000000000..8c7e9b1387
--- /dev/null
+++ b/src/lib/libssl/src/test/tsid
@@ -0,0 +1,81 @@
+#!/bin/sh
+PATH=../apps:$PATH
+export PATH
+cmd='../apps/ssleay sess_id'
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=testsid.pem
+fi
+echo testing session-id conversions
+cp $t fff.p
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in fff.p -inform p -outform t >f.t
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> d"
+#$cmd -in f.t -inform t -outform d >ff.d2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+#echo "d -> t"
+#$cmd -in f.d -inform d -outform t >ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#echo "t -> t"
+#$cmd -in f.t -inform t -outform t >ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in f.p -inform p -outform t >ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> p"
+#$cmd -in f.t -inform t -outform p >ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp fff.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/src/test/tx509 b/src/lib/libssl/src/test/tx509
new file mode 100644
index 0000000000..f8d1f82cdd
--- /dev/null
+++ b/src/lib/libssl/src/test/tx509
@@ -0,0 +1,81 @@
+#!/bin/sh
+PATH=../apps:$PATH
+export PATH
+cmd='../apps/ssleay x509'
+if [ "$1"x != "x" ]; then
+        t=$1
+else
+        t=testx509.pem
+fi
+echo testing X509 conversions
+cp $t fff.p
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> n"
+$cmd -in fff.p -inform p -outform n >f.n
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+echo "n -> d"
+$cmd -in f.n -inform n -outform d >ff.d2
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+echo "d -> n"
+$cmd -in f.d -inform d -outform n >ff.n1
+if [ $? != 0 ]; then exit 1; fi
+echo "n -> n"
+$cmd -in f.n -inform n -outform n >ff.n2
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> n"
+$cmd -in f.p -inform p -outform n >ff.n3
+if [ $? != 0 ]; then exit 1; fi
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+echo "n -> p"
+$cmd -in f.n -inform n -outform p >ff.p2
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p2
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+cmp f.n ff.n1
+if [ $? != 0 ]; then exit 1; fi
+cmp f.n ff.n2
+if [ $? != 0 ]; then exit 1; fi
+cmp f.n ff.n3
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p2
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/src/lib/libssl/src/test/v3-cert1.pem b/src/lib/libssl/src/test/v3-cert1.pem
new file mode 100644
index 0000000000..0da253d5c3
--- /dev/null
+++ b/src/lib/libssl/src/test/v3-cert1.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx
+NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz
+dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw
+ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2
+ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp
+miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C
+AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR
+MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB
+AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21
+X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3
+WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/test/v3-cert2.pem b/src/lib/libssl/src/test/v3-cert2.pem
new file mode 100644
index 0000000000..de0723ff8d
--- /dev/null
+++ b/src/lib/libssl/src/test/v3-cert2.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
+YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
+ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
+dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
+WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
+BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
+FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
+6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
+G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
+YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
+b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
+F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
+lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
+jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/times/090/586-100.nt b/src/lib/libssl/src/times/090/586-100.nt
new file mode 100644
index 0000000000..297ec3e7f0
--- /dev/null
+++ b/src/lib/libssl/src/times/090/586-100.nt
@@ -0,0 +1,32 @@
+SSLeay 0.9.0 08-Apr-1998
+built on Wed Apr  8 12:47:17 EST 1998
+options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(
+ptr2)
+C flags:cl /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN
+-DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                 92.25k      256.80k      347.01k      380.40k      390.31k
+mdc2               240.72k      251.10k      252.00k      250.80k      251.40k
+md5               1013.61k     5651.94k    11831.61k    16294.89k    17901.43k
+hmac(md5)          419.50k     2828.07k     7770.11k    13824.34k    17091.70k
+sha1               524.31k     2721.45k     5216.15k     6766.10k     7308.42k
+rmd160             462.09k     2288.59k     4260.77k     5446.44k     5841.65k
+rc4               7895.90k    10326.73k    10555.43k    10728.22k    10429.44k
+des cbc           2036.86k     2208.92k     2237.68k     2237.20k     2181.35k
+des ede3           649.92k      739.42k      749.07k      748.86k      738.27k
+idea cbc           823.19k      885.10k      894.92k      896.45k      891.87k
+rc2 cbc            792.63k      859.00k      867.45k      868.96k      865.30k
+rc5-32/12 cbc     3502.26k     4026.79k     4107.23k     4121.76k     4073.72k
+blowfish cbc      3752.96k     4026.79k     4075.31k     3965.87k     3892.26k
+cast cbc          2566.27k     2807.43k     2821.79k     2792.48k     2719.34k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0179s   0.0020s     56.0    501.7
+rsa 1024 bits   0.0950s   0.0060s     10.5    166.6
+rsa 2048 bits   0.6299s   0.0209s      1.6     47.8
+rsa 4096 bits   4.5870s   0.0787s      0.2     12.7
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0180s   0.0339s     55.6     29.5
+dsa 1024 bits   0.0555s   0.1076s     18.0      9.3
+dsa 2048 bits   0.1971s   0.3918s      5.1      2.6
diff --git a/src/lib/libssl/src/times/100.lnx b/src/lib/libssl/src/times/100.lnx
new file mode 100644
index 0000000000..d0f45371d6
--- /dev/null
+++ b/src/lib/libssl/src/times/100.lnx
@@ -0,0 +1,32 @@
+SSLeay 0.8.4c 03-Aug-1999
+built on Tue Nov  4 02:52:29 EST 1997
+options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                53.27k      155.95k      201.30k      216.41k      236.78k
+mdc2              192.98k      207.98k      206.76k      206.17k      208.87k
+md5               993.15k     5748.27k    11944.70k    16477.53k    18287.27k
+hmac(md5)         404.97k     2787.58k     7690.07k    13744.43k    17601.88k
+sha1              563.24k     2851.67k     5363.71k     6879.23k     7441.07k
+rc4              7876.70k    10400.85k    10825.90k    10943.49k    10745.17k
+des cbc          2047.39k     2188.25k     2188.29k     2239.49k     2233.69k
+des ede3          660.55k      764.01k      773.55k      779.21k      780.97k
+idea cbc          653.93k      708.48k      715.43k      719.87k      720.90k
+rc2 cbc           648.08k      702.23k      708.78k      711.00k      709.97k
+blowfish cbc     3764.39k     4288.66k     4375.04k     4497.07k     4423.68k
+cast cbc         2757.14k     2993.75k     3035.31k     3078.90k     3055.62k
+blowfish cbc     3258.81k     3673.47k     3767.30k     3774.12k     3719.17k
+cast cbc         2677.05k     3164.78k     3273.05k     3287.38k     3244.03k
+                  sign    verify
+rsa  512 bits   0.0213s   0.0020s
+rsa 1024 bits   0.1073s   0.0063s
+rsa 2048 bits   0.6873s   0.0224s
+rsa 4096 bits   4.9333s   0.0845s
+                  sign    verify
+dsa  512 bits   0.0201s   0.0385s
+dsa 1024 bits   0.0604s   0.1190s
+dsa 2048 bits   0.2121s   0.4229s
diff --git a/src/lib/libssl/src/times/100.nt b/src/lib/libssl/src/times/100.nt
new file mode 100644
index 0000000000..0dd7cfc478
--- /dev/null
+++ b/src/lib/libssl/src/times/100.nt
@@ -0,0 +1,29 @@
+SSLeay 0.8.4c 03-Aug-1999
+built on Tue Aug  3 09:49:58 EST 1999
+options:bn(64,32) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish(
+ptr2)
+C flags:cl /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN -DBN
+_ASM -DMD5_ASM -DSHA1_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                93.07k      258.38k      349.03k      382.83k      392.87k
+mdc2              245.80k      259.02k      259.34k      259.16k      260.14k
+md5              1103.42k     6017.65k    12210.49k    16552.11k    18291.77k
+hmac(md5)         520.15k     3394.00k     8761.86k    14593.96k    17742.40k
+sha1              538.06k     2726.76k     5242.22k     6821.12k     7426.18k
+rc4              8283.90k    10513.09k    10886.38k    10929.50k    10816.75k
+des cbc          2073.10k     2232.91k     2251.61k     2256.46k     2232.44k
+des ede3          758.85k      782.46k      786.14k      786.08k      781.24k
+idea cbc          831.02k      892.63k      901.07k      903.48k      901.85k
+rc2 cbc           799.89k      866.09k      873.96k      876.22k      874.03k
+blowfish cbc     3835.32k     4418.78k     4511.94k     4494.54k     4416.92k
+cast cbc         2974.68k     3272.71k     3313.04k     3335.17k     3261.51k
+                  sign    verify
+rsa  512 bits   0.0202s   0.0019s
+rsa 1024 bits   0.1029s   0.0062s
+rsa 2048 bits   0.6770s   0.0220s
+rsa 4096 bits   4.8770s   0.0838s
+                  sign    verify
+dsa  512 bits   0.0191s   0.0364s
+dsa 1024 bits   0.0590s   0.1141s
+dsa 2048 bits   0.2088s   0.4171s
diff --git a/src/lib/libssl/src/times/200.lnx b/src/lib/libssl/src/times/200.lnx
new file mode 100644
index 0000000000..fd7e7f4e92
--- /dev/null
+++ b/src/lib/libssl/src/times/200.lnx
@@ -0,0 +1,30 @@
+This machine was slightly loaded :-(
+SSLeay 0.8.4c 03-Aug-1999
+built on Tue Nov  4 02:52:29 EST 1997
+options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               130.86k      365.31k      499.60k      547.75k      561.41k
+mdc2              526.03k      581.38k      587.12k      586.31k      589.60k
+md5              1919.49k    11173.23k    22387.60k    29553.47k    32587.21k
+hmac(md5)         747.09k     5248.35k    14275.44k    24713.26k    31737.13k
+sha1             1336.63k     6400.50k    11668.67k    14648.83k    15700.85k
+rc4             15002.32k    21327.21k    22301.63k    22503.78k    22549.26k
+des cbc          4115.16k     4521.08k     4632.37k     4607.28k     4570.57k
+des ede3         1540.29k     1609.76k     1623.64k     1620.76k     1624.18k
+idea cbc         2405.08k     2664.78k     2704.22k     2713.95k     2716.29k
+rc2 cbc          1634.07k     1764.30k     1780.23k     1790.27k     1788.12k
+blowfish cbc     5993.98k     6927.27k     7083.61k     7088.40k     7123.72k
+cast cbc         5981.52k     6900.44k     7079.70k     7110.40k     7057.72k
+                  sign    verify
+rsa  512 bits   0.0085s   0.0007s
+rsa 1024 bits   0.0377s   0.0020s
+rsa 2048 bits   0.2176s   0.0067s
+rsa 4096 bits   1.4800s   0.0242s
+sign    verify
+dsa  512 bits   0.0071s   0.0132s
+dsa 1024 bits   0.0192s   0.0376s
+dsa 2048 bits   0.0638s   0.1280s
diff --git a/src/lib/libssl/src/times/486-66.dos b/src/lib/libssl/src/times/486-66.dos
new file mode 100644
index 0000000000..1644bf8022
--- /dev/null
+++ b/src/lib/libssl/src/times/486-66.dos
@@ -0,0 +1,22 @@
+MS-dos static libs, 16bit C build, 16bit assember
+SSLeay 0.6.1
+options:bn(32,16) md2(char) rc4(idx,int) des(ptr,long) idea(short)
+C flags:cl /ALw /Gx- /Gf /f- /Ocgnotb2 /G2 /W3 /WX -DL_ENDIAN /nologo -DMSDOS -D
+NO_SOCK
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             18.62k       55.54k       76.88k       85.39k       86.52k
+md5             94.03k      442.06k      794.38k      974.51k     1061.31k
+sha             38.37k      166.23k      272.78k      331.41k      353.77k
+sha1            34.38k      147.77k      244.77k      292.57k      312.08k
+rc4            641.25k      795.34k      817.16k      829.57k      817.16k
+des cfb        111.46k      118.08k      120.69k      119.16k      119.37k
+des cbc        122.96k      135.69k      137.10k      135.69k      135.40k
+des ede3        48.01k       50.92k       50.32k       50.96k       50.96k
+idea cfb        97.09k      100.21k      100.36k      101.14k      100.98k
+idea cbc       102.08k      109.41k      111.46k      111.65k      110.52k
+rc2 cfb        120.47k      125.55k      125.79k      125.55k      125.55k
+rc2 cbc        129.77k      140.33k      143.72k      142.16k      141.85k
+rsa  512 bits   0.264s
+rsa 1024 bits   1.494s
diff --git a/src/lib/libssl/src/times/486-66.nt b/src/lib/libssl/src/times/486-66.nt
new file mode 100644
index 0000000000..b26a9005d6
--- /dev/null
+++ b/src/lib/libssl/src/times/486-66.nt
@@ -0,0 +1,22 @@
+SSLeay 0.6.1 02-Jul-1996
+built on Fri Jul 10 09:53:15 EST 1996
+options:bn(64,32) md2(int) rc4(idx,int) des(idx,long) idea(int)
+C flags:cl /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /nologo -DWIN32 -DL_ENDIAN /MD
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             38.27k      107.28k      145.43k      159.60k      164.15k
+md5            399.00k     1946.13k     3610.80k     4511.94k     4477.27k
+sha            182.04k      851.26k     1470.65k     1799.20k     1876.48k
+sha1           151.83k      756.55k     1289.76k     1567.38k     1625.70k
+rc4           1853.92k     2196.25k     2232.91k     2241.31k     2152.96k
+des cfb        360.58k      382.69k      384.94k      386.07k      377.19k
+des cbc        376.10k      431.87k      436.32k      437.78k      430.45k
+des ede3       152.55k      160.38k      161.51k      161.33k      159.98k
+idea cfb       245.59k      255.60k      256.65k      257.16k      254.61k
+idea cbc       257.16k      276.12k      279.05k      279.11k      276.70k
+rc2 cfb        280.25k      293.49k      294.74k      294.15k      291.47k
+rc2 cbc        295.47k      321.57k      324.76k      324.76k      320.00k
+rsa  512 bits   0.084s
+rsa 1024 bits   0.495s
+rsa 2048 bits   3.435s
diff --git a/src/lib/libssl/src/times/486-66.w31 b/src/lib/libssl/src/times/486-66.w31
new file mode 100644
index 0000000000..381f149b32
--- /dev/null
+++ b/src/lib/libssl/src/times/486-66.w31
@@ -0,0 +1,23 @@
+Windows 3.1 DLL's, 16 bit C with 32bit assember
+SSLeay 0.6.1 02-Jul-1996
+built on Wed Jul 10 09:53:15 EST 1996
+options:bn(32,32) md2(char) rc4(idx,int) des(ptr,long) idea(short)
+C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWIN16
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             18.94k       54.27k       73.43k       80.91k       83.75k
+md5             78.96k      391.26k      734.30k      919.80k      992.97k
+sha             39.01k      168.04k      280.67k      336.08k      359.10k
+sha1            35.20k      150.14k      247.31k      294.54k      313.94k
+rc4            509.61k      655.36k      678.43k      677.02k      670.10k
+des cfb         97.09k      104.69k      106.56k      105.70k      106.56k
+des cbc        116.82k      129.77k      131.07k      131.07k      131.07k
+des ede3        44.22k       47.90k       48.53k       48.47k       47.86k
+idea cfb        83.49k       87.03k       87.03k       87.15k       87.73k
+idea cbc        89.04k       96.23k       96.95k       97.81k       97.09k
+rc2 cfb        108.32k      113.58k      113.78k      114.57k      114.77k
+rc2 cbc        118.08k      131.07k      134.02k      134.02k      132.66k
+rsa  512 bits   0.181s
+rsa 1024 bits   0.846s
diff --git a/src/lib/libssl/src/times/5.lnx b/src/lib/libssl/src/times/5.lnx
new file mode 100644
index 0000000000..1c1e392a29
--- /dev/null
+++ b/src/lib/libssl/src/times/5.lnx
@@ -0,0 +1,29 @@
+SSLeay 0.8.5g 24-Jan-1998
+built on Tue Jan 27 08:11:42 EST 1998
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                 56.55k      156.69k      211.63k      231.77k      238.71k
+mdc2               192.26k      208.09k      210.09k      209.58k      210.26k
+md5                991.04k     5745.51k    11932.67k    16465.24k    18306.39k
+hmac(md5)          333.99k     2383.89k     6890.67k    13133.82k    17397.08k
+sha1               571.68k     2883.88k     5379.07k     6880.26k     7443.80k
+rmd160             409.41k     2212.91k     4225.45k     5456.55k     5928.28k
+rc4               6847.57k     8596.22k     8901.80k     8912.90k     8850.09k
+des cbc           2046.29k     2229.78k     2254.76k     2259.97k     2233.69k
+des ede3           751.11k      779.95k      783.96k      784.38k      780.97k
+idea cbc           653.40k      708.29k      718.42k      720.21k      720.90k
+rc2 cbc            647.19k      702.46k      709.21k      710.66k      709.97k
+rc5-32/12 cbc     3498.18k     4054.12k     4133.46k     4151.64k     4139.69k
+blowfish cbc      3763.95k     4437.74k     4532.74k     4515.50k     4448.26k
+cast cbc          2754.22k     3020.67k     3079.08k     3069.95k     3036.50k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0207s   0.0020s     48.3    511.3
+rsa 1024 bits   0.1018s   0.0059s      9.8    169.6
+rsa 2048 bits   0.6438s   0.0208s      1.6     48.0
+rsa 4096 bits   4.6033s   0.0793s      0.2     12.6
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0190s   0.0359s     52.6     27.8
+dsa 1024 bits   0.0566s   0.1109s     17.7      9.0
+dsa 2048 bits   0.1988s   0.3915s      5.0      2.6
diff --git a/src/lib/libssl/src/times/586-085i.nt b/src/lib/libssl/src/times/586-085i.nt
new file mode 100644
index 0000000000..8a5797526f
--- /dev/null
+++ b/src/lib/libssl/src/times/586-085i.nt
@@ -0,0 +1,29 @@
+SSLeay 0.8.5i 28-Jan-1998
+built on Wed Jan 28 18:00:07 EST 1998
+options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
+C flags:cl /MT /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                 92.74k      257.59k      348.16k      381.79k      392.14k
+mdc2               227.65k      247.82k      249.90k      250.65k      250.20k
+md5               1089.54k     5966.29k    12104.77k    16493.53k    18204.44k
+hmac(md5)          513.53k     3361.36k     8725.41k    14543.36k    17593.56k
+sha1               580.74k     2880.51k     5376.62k     6865.78k     7413.05k
+rmd160             508.06k     2427.96k     4385.51k     5510.84k     5915.80k
+rc4               8004.40k    10408.74k    10794.48k    10884.12k    10728.22k
+des cbc           2057.24k     2222.97k     2246.79k     2209.39k     2223.44k
+des ede3           739.42k      761.99k      765.48k      760.26k      760.97k
+idea cbc           827.08k      889.60k      898.83k      901.15k      897.98k
+rc2 cbc            795.64k      861.04k      871.13k      872.58k      871.13k
+rc5-32/12 cbc     3597.17k     4139.66k     4204.39k     4223.02k     4204.39k
+blowfish cbc      3807.47k     3996.10k     4156.07k     4204.39k     4105.62k
+cast cbc          2777.68k     2814.21k     2892.62k     2916.76k     2868.88k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0178s   0.0018s     56.3    541.6
+rsa 1024 bits   0.0945s   0.0059s     10.6    168.3
+rsa 2048 bits   0.6269s   0.0208s      1.6     48.0
+rsa 4096 bits   4.5560s   0.0784s      0.2     12.8
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0178s   0.0340s     56.2     29.4
+dsa 1024 bits   0.0552s   0.1077s     18.1      9.3
+dsa 2048 bits   0.1963s   0.3811s      5.1      2.6
diff --git a/src/lib/libssl/src/times/586-100.LN3 b/src/lib/libssl/src/times/586-100.LN3
new file mode 100644
index 0000000000..a6fa818f4b
--- /dev/null
+++ b/src/lib/libssl/src/times/586-100.LN3
@@ -0,0 +1,26 @@
+SSLeay 0.8.3v 15-Oct-1997
+built on Wed Oct 15 10:05:00 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DX86_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                56.27k      156.76k      211.46k      231.77k      238.71k
+mdc2              188.74k      206.12k      207.70k      207.87k      208.18k
+md5               991.56k     5718.31k    11748.61k    16090.79k    17850.37k
+hmac(md5)         387.56k     2636.01k     7327.83k    13340.33k    17091.24k
+sha1              463.55k     2274.18k     4071.17k     5072.90k     5447.68k
+rc4              3673.94k     4314.52k     4402.26k     4427.09k     4407.30k
+des cbc          2023.79k     2209.77k     2233.34k     2220.71k     2222.76k
+des ede3          747.17k      778.54k      781.57k      778.24k      778.24k
+idea cbc          614.64k      678.04k      683.52k      685.06k      685.40k
+rc2 cbc           536.83k      574.10k      578.05k      579.24k      578.90k
+blowfish cbc     3673.39k     4354.58k     4450.22k     4429.48k     4377.26k
+                  sign    verify
+rsa  512 bits   0.0217s   0.0021s
+rsa 1024 bits   0.1083s   0.0064s
+rsa 2048 bits   0.6867s   0.0223s
+rsa 4096 bits   4.9400s   0.0846s
+                  sign    verify
+dsa  512 bits   0.0203s   0.0387s
+dsa 1024 bits   0.0599s   0.1170s
+dsa 2048 bits   0.2115s   0.4242s
diff --git a/src/lib/libssl/src/times/586-100.NT2 b/src/lib/libssl/src/times/586-100.NT2
new file mode 100644
index 0000000000..7f8c167b46
--- /dev/null
+++ b/src/lib/libssl/src/times/586-100.NT2
@@ -0,0 +1,26 @@
+SSLeay 0.8.3e 30-Sep-1997
+built on Tue Sep 30 14:52:58 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
+C flags:cl /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN -DX86_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                92.99k      257.59k      348.16k      381.47k      392.14k
+mdc2              223.77k      235.30k      237.15k      236.77k      237.29k
+md5               862.53k     4222.17k     7842.75k     9925.00k    10392.23k
+sha               491.34k     2338.61k     4062.28k     4986.10k     5307.90k
+sha1              494.38k     2234.94k     3838.83k     4679.58k     4980.18k
+rc4              6338.10k     7489.83k     7676.25k     7698.80k     7631.56k
+des cbc          1654.17k     1917.66k     1961.05k     1968.05k     1960.69k
+des ede3          691.17k      739.42k      744.13k      745.82k      741.40k
+idea cbc          788.46k      870.33k      879.16k      881.38k      879.90k
+rc2 cbc           794.44k      859.63k      868.24k      869.68k      867.45k
+blowfish cbc     2379.88k     3017.48k     3116.12k     3134.76k     3070.50k
+                  sign    verify
+rsa  512 bits   0.0204s   0.0027s
+rsa 1024 bits   0.1074s   0.0032s
+rsa 2048 bits   0.6890s   0.0246s
+rsa 4096 bits   5.0180s   0.0911s
+                  sign    verify
+dsa  512 bits   0.0201s   0.0376s
+dsa 1024 bits   0.0608s   0.1193s
+dsa 2048 bits   0.2133s   0.4294s
diff --git a/src/lib/libssl/src/times/586-100.dos b/src/lib/libssl/src/times/586-100.dos
new file mode 100644
index 0000000000..3085c256b1
--- /dev/null
+++ b/src/lib/libssl/src/times/586-100.dos
@@ -0,0 +1,24 @@
+ms-dos static libs, 16 bit C and 16 bit assmber 
+SSLeay 0.6.1 02-Jul-1996
+built on Tue Jul  9 22:52:54 EST 1996
+options:bn(32,16) md2(char) rc4(idx,int) des(ptr,long) idea(short)
+C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DMSDOS -DNO_SOCK
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             45.99k      130.75k      176.53k      199.35k      203.21k
+md5            236.17k     1072.16k     1839.61k     2221.56k     2383.13k
+sha            107.97k      459.10k      757.64k      908.64k      954.99k
+sha1            96.95k      409.92k      672.16k      788.40k      844.26k
+rc4           1659.14k     1956.30k     2022.72k     2022.72k     2022.72k
+des cfb        313.57k      326.86k      326.86k      331.83k      326.86k
+des cbc        345.84k      378.82k      378.82k      384.38k      378.82k
+des ede3       139.59k      144.66k      144.61k      144.45k      143.29k
+idea cfb       262.67k      274.21k      274.21k      274.21k      274.21k
+idea cbc       284.32k      318.14k      318.14k      318.14k      318.14k
+rc2 cfb        265.33k      274.21k      277.69k      277.11k      277.69k
+rc2 cbc        283.71k      310.60k      309.86k      313.57k      314.32k
+rsa  512 bits   0.104s
+rsa 1024 bits   0.566s
+rsa 2048 bits   3.680s
+rsa 4096 bits  26.740s
diff --git a/src/lib/libssl/src/times/586-100.ln4 b/src/lib/libssl/src/times/586-100.ln4
new file mode 100644
index 0000000000..14a9db912b
--- /dev/null
+++ b/src/lib/libssl/src/times/586-100.ln4
@@ -0,0 +1,26 @@
+SSLeay 0.8.3aa 24-Oct-1997
+built on Mon Oct 27 10:16:25 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                56.78k      156.71k      211.46k      231.77k      238.71k
+mdc2              187.45k      200.49k      201.64k      202.75k      202.77k
+md5              1002.51k     5798.66k    11967.15k    16449.19k    18251.78k
+hmac(md5)         468.71k     3173.46k     8386.99k    14305.56k    17607.34k
+sha1              586.98k     2934.87k     5393.58k     6863.19k     7408.30k
+rc4              3675.10k     4314.15k     4402.77k     4427.78k     4404.57k
+des cbc          1902.96k     2202.01k     2242.30k     2252.46k     2236.42k
+des ede3          700.15k      774.23k      783.70k      781.62k      783.70k
+idea cbc          618.46k      677.93k      683.61k      685.40k      685.40k
+rc2 cbc           536.97k      573.87k      577.96k      579.24k      578.90k
+blowfish cbc     3672.66k     4271.89k     4428.80k     4469.76k     4374.53k
+                  sign    verify
+rsa  512 bits   0.0213s   0.0021s
+rsa 1024 bits   0.1075s   0.0063s
+rsa 2048 bits   0.6853s   0.0224s
+rsa 4096 bits   4.9400s   0.0845s
+                  sign    verify
+dsa  512 bits   0.0203s   0.0380s
+dsa 1024 bits   0.0600s   0.1189s
+dsa 2048 bits   0.2110s   0.4250s
diff --git a/src/lib/libssl/src/times/586-100.lnx b/src/lib/libssl/src/times/586-100.lnx
new file mode 100644
index 0000000000..0c051738c6
--- /dev/null
+++ b/src/lib/libssl/src/times/586-100.lnx
@@ -0,0 +1,23 @@
+SSLeay 0.7.3 30-Apr-1997
+built on Mon May 12 04:13:55 EST 1997
+options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
+C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                72.95k      202.77k      274.01k      300.37k      309.23k
+md5               770.57k     4094.02k     7409.41k     9302.36k     9986.05k
+sha               363.05k     1571.07k     2613.85k     3134.81k     3320.49k
+sha1              340.94k     1462.85k     2419.20k     2892.12k     3042.35k
+rc4              3676.91k     4314.94k     4407.47k     4430.51k     4412.76k
+des cbc          1489.95k     1799.08k     1841.66k     1851.73k     1848.66k
+des ede3          621.93k      711.19k      726.10k      729.77k      729.09k
+idea cbc          618.16k      676.99k      683.09k      684.37k      683.59k
+rc2 cbc           537.59k      573.93k      578.56k      579.58k      579.70k
+blowfish cbc     2077.57k     2682.20k     2827.18k     2840.92k     2842.62k
+rsa  512 bits   0.024s   0.003
+rsa 1024 bits   0.120s   0.003
+rsa 2048 bits   0.751s   0.026
+rsa 4096 bits   5.320s   0.096
+dsa  512 bits   0.022s   0.042
+dsa 1024 bits   0.065s   0.126
+dsa 2048 bits   0.227s   0.449
diff --git a/src/lib/libssl/src/times/586-100.nt b/src/lib/libssl/src/times/586-100.nt
new file mode 100644
index 0000000000..9adcac3105
--- /dev/null
+++ b/src/lib/libssl/src/times/586-100.nt
@@ -0,0 +1,23 @@
+SSLeay 0.7.3 30-Apr-1997
+built on Mon May 19 10:47:38 EST 1997
+options:bn(64,32) md2(char) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
+C flags not available
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                89.57k      245.94k      331.59k      362.95k      373.29k
+md5               858.93k     4175.51k     7700.21k     9715.78k    10369.11k
+sha               466.18k     2103.67k     3607.69k     4399.31k     4669.16k
+sha1              449.59k     2041.02k     3496.13k     4256.45k     4512.92k
+rc4              5862.55k     7447.27k     7698.80k     7768.38k     7653.84k
+des cbc          1562.71k     1879.84k     1928.24k     1938.93k     1911.02k
+des ede3          680.27k      707.97k      728.62k      733.15k      725.98k
+idea cbc          797.46k      885.85k      895.68k      898.06k      896.45k
+rc2 cbc           609.46k      648.75k      654.01k      654.42k      653.60k
+blowfish cbc     2357.94k     3000.22k     3106.89k     3134.76k     3080.42k
+rsa  512 bits   0.022s   0.003
+rsa 1024 bits   0.112s   0.003
+rsa 2048 bits   0.726s   0.026
+rsa 4096 bits   5.268s   0.095
+dsa  512 bits   0.021s   0.039
+dsa 1024 bits   0.063s   0.127
+dsa 2048 bits   0.224s   0.451
diff --git a/src/lib/libssl/src/times/586-100.ntx b/src/lib/libssl/src/times/586-100.ntx
new file mode 100644
index 0000000000..35166a5e97
--- /dev/null
+++ b/src/lib/libssl/src/times/586-100.ntx
@@ -0,0 +1,30 @@
+SSLeay 0.8.5f 22-Jan-1998
+built on Wed Jan 21 17:11:53 EST 1998
+options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(
+ptr2)
+C flags:cl /MT /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN
+-DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                92.99k      257.43k      347.84k      381.82k      392.14k
+mdc2              232.19k      253.68k      257.57k      258.70k      258.70k
+md5              1094.09k     5974.79k    12139.81k    16487.04k    18291.77k
+hmac(md5)         375.70k     2590.04k     7309.70k    13469.18k    17447.19k
+sha1              613.78k     2982.93k     5446.44k     6889.46k     7424.86k
+rmd160            501.23k     2405.68k     4367.25k     5503.61k     5915.80k
+rc4              8167.75k    10429.44k    10839.12k    10929.50k    10772.30k
+des cbc          2057.24k     2218.27k     2237.20k     2227.69k     2213.59k
+des ede3          719.63k      727.11k      728.77k      719.56k      722.97k
+idea cbc          827.67k      888.85k      898.06k      900.30k      898.75k
+rc2 cbc           797.46k      862.53k      870.33k      872.58k      870.40k
+blowfish cbc     3835.32k     4435.60k     4513.89k     4513.89k     4416.92k
+cast cbc         2785.06k     3052.62k     3088.59k     3034.95k     3034.95k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0202s   0.0020s     49.4    500.2
+rsa 1024 bits   0.1030s   0.0063s      9.7    159.4
+rsa 2048 bits   0.6740s   0.0223s      1.5     44.9
+rsa 4096 bits   4.8970s   0.0844s      0.2     11.8
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0191s   0.0361s     52.4     27.7
+dsa 1024 bits   0.0587s   0.1167s     17.0      8.6
+dsa 2048 bits   0.2091s   0.4123s      4.8      2.4
diff --git a/src/lib/libssl/src/times/586-100.w31 b/src/lib/libssl/src/times/586-100.w31
new file mode 100644
index 0000000000..d5b1c10243
--- /dev/null
+++ b/src/lib/libssl/src/times/586-100.w31
@@ -0,0 +1,27 @@
+Pentium 100, Windows 3.1 DLL's, 16 bit C, 32bit assember.
+Running under Windows NT 4.0 Beta 2
+SSLeay 0.6.4 20-Aug-1996
+built on Thu Aug 22 08:44:21 EST 1996
+options:bn(32,32) md2(char) rc4(idx,int) des(ptr,long) idea(short)
+C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWIN16
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             45.83k      128.82k      180.17k      194.90k      198.59k
+md5            224.82k     1038.19k     1801.68k     2175.47k     2330.17k
+sha            105.11k      448.11k      739.48k      884.13k      944.66k
+sha1            94.71k      402.99k      667.88k      795.58k      844.26k
+rc4           1614.19k     1956.30k     2022.72k     2022.72k     2022.72k
+des cfb        291.27k      318.14k      318.14k      318.14k      322.84k
+des cbc        326.86k      356.17k      362.08k      362.08k      367.15k
+des ede3       132.40k      139.57k      139.53k      139.37k      140.97k
+idea cfb       265.33k      280.67k      280.67k      277.69k      281.27k
+idea cbc       274.21k      302.01k      306.24k      306.24k      305.53k
+rc2 cfb        264.79k      274.21k      274.78k      274.21k      274.21k
+rc2 cbc        281.27k      306.24k      309.86k      305.53k      309.86k
+rsa  512 bits   0.058s
+rsa 1024 bits   0.280s
+rsa 2048 bits   1.430s
+rsa 4096 bits  10.600s
diff --git a/src/lib/libssl/src/times/586-1002.lnx b/src/lib/libssl/src/times/586-1002.lnx
new file mode 100644
index 0000000000..d830bcea42
--- /dev/null
+++ b/src/lib/libssl/src/times/586-1002.lnx
@@ -0,0 +1,26 @@
+SSLeay 0.8.3e 30-Sep-1997
+built on Wed Oct  1 03:01:44 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DX86_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                56.21k      156.57k      211.29k      231.77k      237.92k
+mdc2              170.99k      191.70k      193.90k      195.58k      195.95k
+md5               770.50k     3961.96k     7291.22k     9250.82k     9942.36k
+sha               344.93k     1520.77k     2569.81k     3108.52k     3295.91k
+sha1              326.20k     1423.74k     2385.15k     2870.95k     3041.96k
+rc4              3672.88k     4309.65k     4374.41k     4408.66k     4355.41k
+des cbc          1349.73k     1689.05k     1735.34k     1748.99k     1739.43k
+des ede3          638.70k      704.00k      711.85k      714.41k      712.70k
+idea cbc          619.55k      677.33k      683.26k      685.06k      685.40k
+rc2 cbc           521.18k      571.20k      573.46k      578.90k      578.90k
+blowfish cbc     2079.67k     2592.49k     2702.34k     2730.33k     2695.17k
+                  sign    verify
+rsa  512 bits   0.0213s   0.0026s
+rsa 1024 bits   0.1099s   0.0031s
+rsa 2048 bits   0.7007s   0.0248s
+rsa 4096 bits   5.0500s   0.0921s
+                  sign    verify
+dsa  512 bits   0.0203s   0.0389s
+dsa 1024 bits   0.0614s   0.1222s
+dsa 2048 bits   0.2149s   0.4283s
diff --git a/src/lib/libssl/src/times/586p-100.lnx b/src/lib/libssl/src/times/586p-100.lnx
new file mode 100644
index 0000000000..561eb3114f
--- /dev/null
+++ b/src/lib/libssl/src/times/586p-100.lnx
@@ -0,0 +1,26 @@
+Pentium 100 - Linux 1.2.13 - gcc 2.7.2p
+This is the pentium specific version of gcc
+SSLeay 0.6.4 20-Aug-1996
+built on Thu Aug 22 08:27:58 EST 1996
+options:bn(64,32) md2(char) rc4(idx,int) des(idx,long) idea(int)
+C flags:gcc -DL_ENDIAN -DTERMIO -O6 -fomit-frame-pointer -mpentium -Wall
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             74.90k      208.43k      282.11k      309.59k      318.43k
+md5            807.08k     4205.67k     7801.51k     9958.06k    10810.71k
+sha            405.98k     1821.55k     3119.10k     3799.04k     4052.31k
+sha1           389.13k     1699.50k     2852.78k     3437.57k     3656.36k
+rc4           3621.15k     4130.07k     4212.74k     4228.44k     4213.42k
+des cfb        794.39k      828.37k      831.74k      832.51k      832.85k
+des cbc        817.68k      886.17k      894.72k      896.00k      892.93k
+des ede3       308.83k      323.29k      324.61k      324.95k      324.95k
+idea cfb       690.41k      715.39k      718.51k      719.19k      718.17k
+idea cbc       696.80k      760.60k      767.32k      768.68k      770.05k
+rc2 cfb        619.91k      639.74k      642.30k      642.73k      641.71k
+rc2 cbc        631.99k      671.42k      676.35k      676.18k      677.21k
+rsa  512 bits   0.025s
+rsa 1024 bits   0.123s
+rsa 2048 bits   0.756s
+rsa 4096 bits   5.365s
diff --git a/src/lib/libssl/src/times/686-200.bsd b/src/lib/libssl/src/times/686-200.bsd
new file mode 100644
index 0000000000..f23c580e09
--- /dev/null
+++ b/src/lib/libssl/src/times/686-200.bsd
@@ -0,0 +1,25 @@
+Pentium Pro 200mhz
+FreeBSD 2.1.5
+gcc 2.7.2.2
+SSLeay 0.7.0 30-Jan-1997
+built on Tue Apr 22 12:14:36 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
+C flags:gcc -DTERMIOS -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               130.99k      367.68k      499.09k      547.04k      566.50k
+md5              1924.98k     8293.50k    13464.41k    16010.39k    16820.68k
+sha              1250.75k     5330.43k     8636.88k    10227.36k    10779.14k
+sha1             1071.55k     4572.50k     7459.98k     8791.96k     9341.61k
+rc4             10724.22k    14546.25k    15240.18k    15259.50k    15265.63k
+des cbc          3309.11k     3883.01k     3968.25k     3971.86k     3979.14k
+des ede3         1442.98k     1548.33k     1562.48k     1562.00k     1563.33k
+idea cbc         2195.69k     2506.39k     2529.59k     2545.66k     2546.54k
+rc2 cbc           806.00k      833.52k      837.58k      838.52k      836.69k
+blowfish cbc     4687.34k     5949.97k     6182.43k     6248.11k     6226.09k
+rsa  512 bits   0.010s
+rsa 1024 bits   0.045s
+rsa 2048 bits   0.260s
+rsa 4096 bits   1.690s
diff --git a/src/lib/libssl/src/times/686-200.lnx b/src/lib/libssl/src/times/686-200.lnx
new file mode 100644
index 0000000000..a10cc2fd01
--- /dev/null
+++ b/src/lib/libssl/src/times/686-200.lnx
@@ -0,0 +1,26 @@
+SSLeay 0.8.2a 04-Sep-1997
+built on Fri Sep  5 17:37:05 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               131.02k      368.41k      500.57k      549.21k      566.09k
+mdc2              535.60k      589.10k      595.88k      595.97k      594.54k
+md5              1801.53k     9674.77k    17484.03k    21849.43k    23592.96k
+sha              1261.63k     5533.25k     9285.63k    11187.88k    11913.90k
+sha1             1103.13k     4782.53k     7933.78k     9472.34k    10070.70k
+rc4             10722.53k    14443.93k    15215.79k    15299.24k    15219.59k
+des cbc          3286.57k     3827.73k     3913.39k     3931.82k     3926.70k
+des ede3         1443.50k     1549.08k     1561.17k     1566.38k     1564.67k
+idea cbc         2203.64k     2508.16k     2538.33k     2543.62k     2547.71k
+rc2 cbc          1430.94k     1511.59k     1524.82k     1527.13k     1523.33k
+blowfish cbc     4716.07k     5965.82k     6190.17k     6243.67k     6234.11k
+                  sign    verify
+rsa  512 bits   0.0100s   0.0011s
+rsa 1024 bits   0.0451s   0.0012s
+rsa 2048 bits   0.2605s   0.0086s
+rsa 4096 bits   1.6883s   0.0302s
+                  sign    verify
+dsa  512 bits   0.0083s   0.0156s
+dsa 1024 bits   0.0228s   0.0454s
+dsa 2048 bits   0.0719s   0.1446s
diff --git a/src/lib/libssl/src/times/686-200.nt b/src/lib/libssl/src/times/686-200.nt
new file mode 100644
index 0000000000..c8cbaa04e3
--- /dev/null
+++ b/src/lib/libssl/src/times/686-200.nt
@@ -0,0 +1,24 @@
+built on Tue May 13 08:24:51 EST 1997
+options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfi
+sh(ptr2)
+C flags not available
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               156.39k      427.99k      576.14k      628.36k      647.27k
+md5              2120.48k    10255.02k    18396.07k    22795.13k    24244.53k
+sha              1468.59k     6388.89k    10686.12k    12826.62k    13640.01k
+sha1             1393.46k     6013.34k     9974.56k    11932.59k    12633.45k
+rc4             13833.46k    19275.29k    20321.24k    20281.93k    20520.08k
+des cbc          3382.50k     4104.02k     4152.78k     4194.30k     4194.30k
+des ede3         1465.51k     1533.00k     1549.96k     1553.29k     1570.29k
+idea cbc         2579.52k     3079.52k     3130.08k     3153.61k     3106.89k
+rc2 cbc          1204.57k     1276.42k     1285.81k     1289.76k     1285.81k
+blowfish cbc     5229.81k     6374.32k     6574.14k     6574.14k     6594.82k
+rsa  512 bits   0.008s   0.001
+rsa 1024 bits   0.038s   0.001
+rsa 2048 bits   0.231s   0.008
+rsa 4096 bits   1.540s   0.027
+dsa  512 bits   0.007s   0.013
+dsa 1024 bits   0.021s   0.040
+dsa 2048 bits   0.066s   0.130
diff --git a/src/lib/libssl/src/times/L1 b/src/lib/libssl/src/times/L1
new file mode 100644
index 0000000000..09253d7279
--- /dev/null
+++ b/src/lib/libssl/src/times/L1
@@ -0,0 +1,27 @@
+SSLeay 0.8.3ad 27-Oct-1997
+built on Wed Oct 29 00:36:17 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                56.16k      156.50k      211.46k      231.77k      238.71k
+mdc2              183.37k      205.21k      205.57k      209.92k      207.53k
+md5              1003.65k     5605.56k    11628.54k    15887.70k    17522.69k
+hmac(md5)         411.24k     2803.46k     7616.94k    13475.84k    16864.60k
+sha1              542.66k     2843.50k     5320.53k     6833.49k     7389.18k
+rc4              3677.15k     4313.73k     4407.89k     4429.82k     4404.57k
+des cbc          1787.94k     2174.51k     2236.76k     2249.73k     2230.95k
+des ede3          719.46k      777.26k      784.81k      780.29k      783.70k
+idea cbc          619.56k      677.89k      684.12k      685.40k      685.40k
+rc2 cbc           537.51k      573.93k      578.47k      579.24k      578.90k
+blowfish cbc     3226.76k     4221.65k     4424.19k     4468.39k     4377.26k
+cast cbc         2866.13k     3165.35k     3263.15k     3287.04k     3233.11k
+                  sign    verify
+rsa  512 bits   0.0212s   0.0021s
+rsa 1024 bits   0.1072s   0.0064s
+rsa 2048 bits   0.6853s   0.0222s
+rsa 4096 bits   4.9300s   0.0848s
+                  sign    verify
+dsa  512 bits   0.0200s   0.0380s
+dsa 1024 bits   0.0600s   0.1180s
+dsa 2048 bits   0.2110s   0.4221s
diff --git a/src/lib/libssl/src/times/R10000.t b/src/lib/libssl/src/times/R10000.t
new file mode 100644
index 0000000000..6b3874c866
--- /dev/null
+++ b/src/lib/libssl/src/times/R10000.t
@@ -0,0 +1,24 @@
+IRIX 6.2 - R10000 195mhz
+SLeay 0.6.5a 06-Dec-1996
+built on Tue Dec 24 03:51:45 EST 1996
+options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int)
+C flags:cc -O2 -DTERMIOS -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2            156.34k      424.03k      571.88k      628.88k      646.01k
+md5           1885.02k     8181.72k    13440.53k    16020.60k    16947.54k
+sha           1587.12k     7022.05k    11951.24k    14440.12k    15462.74k
+sha1          1413.13k     6215.86k    10571.16k    12736.22k    13628.51k
+rc4          10556.28k    11974.08k    12077.10k    12111.38k    12103.20k
+des cfb       2977.71k     3252.27k     3284.36k     3302.66k     3290.54k
+des cbc       3298.31k     3704.96k     3771.30k     3730.73k     3778.80k
+des ede3      1278.28k     1328.82k     1342.66k     1339.82k     1343.27k
+idea cfb      2843.34k     3138.04k     3180.95k     3176.46k     3188.54k
+idea cbc      3115.21k     3558.03k     3590.61k     3591.24k     3601.18k
+rc2 cfb       2006.66k     2133.33k     2149.03k     2159.36k     2149.71k
+rc2 cbc       2167.07k     2315.30k     2338.05k     2329.34k     2333.90k
+rsa  512 bits   0.008s
+rsa 1024 bits   0.043s
+rsa 2048 bits   0.280s
+rsa 4096 bits   2.064s
diff --git a/src/lib/libssl/src/times/R4400.t b/src/lib/libssl/src/times/R4400.t
new file mode 100644
index 0000000000..af8848ffe3
--- /dev/null
+++ b/src/lib/libssl/src/times/R4400.t
@@ -0,0 +1,26 @@
+IRIX 5.3
+R4400 200mhz
+cc -O2
+SSLeay 0.6.5a 06-Dec-1996
+built on Mon Dec 23 11:51:11 EST 1996
+options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int)
+C flags:cc -O2 -DTERMIOS -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2            100.62k      280.25k      380.15k      416.02k      428.82k
+md5            828.62k     3525.05k     6311.98k     7742.51k     8328.04k
+sha            580.04k     2513.74k     4251.73k     5101.04k     5394.80k
+sha1           520.23k     2382.94k     4107.82k     5024.62k     5362.56k
+rc4           5871.53k     6323.08k     6357.49k     6392.04k     6305.45k
+des cfb       1016.76k     1156.72k     1176.59k     1180.55k     1181.65k
+des cbc       1016.38k     1303.81k     1349.10k     1359.41k     1356.62k
+des ede3       607.39k      650.74k      655.11k      657.52k      654.18k
+idea cfb      1296.10k     1348.66k     1353.80k     1358.75k     1355.40k
+idea cbc      1453.90k     1554.68k     1567.84k     1569.89k     1573.57k
+rc2 cfb       1199.86k     1251.69k     1253.57k     1259.56k     1251.31k
+rc2 cbc       1334.60k     1428.55k     1441.89k     1445.42k     1441.45k
+rsa  512 bits   0.024s
+rsa 1024 bits   0.125s
+rsa 2048 bits   0.806s
+rsa 4096 bits   5.800s
diff --git a/src/lib/libssl/src/times/aix.t b/src/lib/libssl/src/times/aix.t
new file mode 100644
index 0000000000..4f24e3980e
--- /dev/null
+++ b/src/lib/libssl/src/times/aix.t
@@ -0,0 +1,34 @@
+from Paco Garcia <pgarcia@ctv.es>
+This machine is a Bull Estrella  Minitower Model MT604-100
+Processor        : PPC604 
+P.Speed          : 100Mhz 
+Data/Instr Cache :    16 K
+L2 Cache         :   256 K
+PCI BUS Speed    :    33 Mhz
+TransfRate PCI   :   132 MB/s
+Memory           :    96 MB
+AIX 4.1.4
+SSLeay 0.6.6 14-Jan-1997
+built on Mon Jan 13 21:36:03 CUT 1997
+options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,4,long) idea(int) blowfish
+(idx)
+C flags:cc -O -DAIX -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                53.83k      147.46k      197.63k      215.72k     221.70k
+md5              1278.13k     5354.77k     8679.60k    10195.09k   10780.56k
+sha              1055.34k     4600.37k     7721.30k     9298.94k    9868.63k
+sha1              276.90k     1270.25k     2187.95k     2666.84k    2850.82k
+rc4              4660.57k     5268.93k     5332.48k     5362.47k    5346.65k
+des cbc          1774.16k     1981.10k     1979.56k     2032.71k    1972.25k
+des ede3          748.81k      781.42k      785.66k      785.75k     780.84k
+idea cbc         2066.19k     2329.58k     2378.91k     2379.86k    2380.89k
+rc2 cbc          1278.53k     1379.69k     1389.99k     1393.66k    1389.91k
+blowfish cbc     2812.91k     3307.90k     3364.91k     3386.37k    3374.32k
+rsa  512 bits   0.019s
+rsa 1024 bits   0.096s
+rsa 2048 bits   0.614s
+rsa 4096 bits   4.433s
diff --git a/src/lib/libssl/src/times/aixold.t b/src/lib/libssl/src/times/aixold.t
new file mode 100644
index 0000000000..0b51412cf9
--- /dev/null
+++ b/src/lib/libssl/src/times/aixold.t
@@ -0,0 +1,23 @@
+SSLeay 0.7.3r 20-May-1997
+built on Mon Jun  2 04:06:32 EST 1997
+options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,4,long) idea(int) blowfish(idx)
+C flags:cc -O -DAIX -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                19.09k       52.47k       71.23k       77.49k       78.93k
+md5               214.56k      941.21k     1585.43k     1883.12k     1988.70k
+sha               118.35k      521.65k      860.28k     1042.27k     1100.46k
+sha1              109.52k      478.98k      825.90k      995.48k     1049.69k
+rc4              1263.63k     1494.24k     1545.70k     1521.66k     1518.99k
+des cbc           259.62k      286.55k      287.15k      288.15k      289.45k
+des ede3          104.92k      107.88k      109.27k      109.25k      109.96k
+idea cbc          291.63k      320.07k      319.40k      320.51k      318.27k
+rc2 cbc           220.04k      237.76k      241.44k      245.90k      244.08k
+blowfish cbc      407.95k      474.83k      480.99k      485.71k      481.07k
+rsa  512 bits   0.157s   0.019
+rsa 1024 bits   0.908s   0.023
+rsa 2048 bits   6.225s   0.218
+rsa 4096 bits  46.500s   0.830
+dsa  512 bits   0.159s   0.312
+dsa 1024 bits   0.536s   1.057
+dsa 2048 bits   1.970s   3.977
diff --git a/src/lib/libssl/src/times/alpha.t b/src/lib/libssl/src/times/alpha.t
new file mode 100644
index 0000000000..3a7c6c4983
--- /dev/null
+++ b/src/lib/libssl/src/times/alpha.t
@@ -0,0 +1,81 @@
+SSLeay-051 Alpha gcc -O3 64Bit (assember bn_mul)
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             44.40k      121.56k      162.73k      179.20k      185.01k
+md5            780.85k     3278.53k     5281.52k     6327.98k     6684.67k
+sha            501.40k     2249.19k     3855.27k     4801.19k     5160.96k
+sha-1          384.99k     1759.72k     3113.64k     3946.92k     4229.80k
+rc4           3505.05k     3724.54k     3723.78k     3555.33k     3694.68k
+des cfb        946.96k     1015.27k     1021.87k     1033.56k     1037.65k
+des cbc       1001.24k     1220.20k     1243.31k     1272.73k     1265.87k
+des ede3       445.34k      491.65k      500.53k      502.10k      502.44k
+idea cfb       643.53k      667.49k      663.81k      666.28k      664.51k
+idea cbc       650.42k      735.41k      733.27k      742.74k      745.47k
+rsa  512 bits   0.031s
+rsa 1024 bits   0.141s
+rsa 2048 bits   0.844s
+rsa 4096 bits   6.033s
+SSLeay-051 Alpha cc -O2 64bit (assember bn_mul)
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             45.37k      122.86k      165.97k      182.95k      188.42k
+md5            842.42k     3629.93k     5916.76k     7039.17k     7364.61k
+sha            498.93k     2197.23k     3895.60k     4756.48k     5132.13k
+sha-1          382.02k     1757.21k     3112.53k     3865.23k     4128.77k
+rc4           2975.25k     3049.33k     3180.97k     3214.68k     3424.26k
+des cfb        901.55k      990.83k     1006.08k     1011.19k     1004.89k
+des cbc        947.84k     1127.84k     1163.67k     1162.24k     1157.80k
+des ede3       435.62k      485.57k      493.67k      491.52k      491.52k
+idea cfb       629.31k      648.66k      647.77k      648.53k      649.90k
+idea cbc       565.15k      608.00k      613.46k      613.38k      617.13k
+rsa  512 bits   0.030s
+rsa 1024 bits   0.141s
+rsa 2048 bits   0.854s
+rsa 4096 bits   6.067s
+des cfb        718.28k      822.64k      833.11k      836.27k      841.05k
+des cbc        806.10k      951.42k      975.83k      983.73k      991.23k
+des ede3       329.50k      379.11k      387.95k      387.41k      388.33k
+des cfb        871.62k      948.65k      951.81k      953.00k      955.58k
+des cbc        953.60k     1174.27k     1206.70k     1216.10k     1216.44k
+des ede3       349.34k      418.05k      427.26k      429.74k      431.45k
+SSLeay-045c Alpha gcc -O3 64Bit
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             44.95k      122.22k      164.27k      180.62k      184.66k
+md5            808.71k     3371.95k     5415.68k     6385.66k     6684.67k
+sha            493.68k     2162.05k     3725.82k     4552.02k     4838.74k
+rc4           3317.32k     3649.09k     3728.30k     3744.09k     3691.86k
+cfb des        996.45k     1050.77k     1058.30k     1059.16k     1064.96k
+cbc des       1096.52k     1255.49k     1282.13k     1289.90k     1299.80k
+ede3 des       482.14k      513.51k      518.66k      520.19k      521.39k
+cfb idea       519.90k      533.40k      535.21k      535.55k      535.21k
+cbc idea       619.34k      682.21k      688.04k      689.15k      690.86k
+rsa  512 bits   0.050s
+rsa 1024 bits   0.279s
+rsa 2048 bits   1.908s
+rsa 4096 bits  14.750s
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             37.31k      102.77k      137.64k      151.55k      155.78k
+md5            516.65k     2535.21k     4655.72k     5859.66k     6343.34k
+rc4           3519.61k     3707.01k     3746.86k     3755.39k     3675.48k
+cfb des        780.27k      894.68k      913.10k      921.26k      922.97k
+cbc des        867.54k     1040.13k     1074.17k     1075.54k     1084.07k
+ede3 des       357.19k      397.36k      398.08k      402.28k      401.41k
+cbc idea       646.53k      686.44k      694.03k      691.20k      693.59k
+rsa  512 bits   0.046s
+rsa 1024 bits   0.270s
+rsa 2048 bits   1.858s
+rsa 4096 bits  14.350s
+md2      C      37.83k      103.17k      137.90k      150.87k      155.37k
+md2      L      37.30k      102.04k      139.01k      152.74k      155.78k
+rc4       I   3532.24k     3718.08k     3750.83k     3768.78k     3694.59k
+rc4      CI   2662.97k     2873.26k     2907.22k     2920.63k     2886.31k
+rc4      LI   3514.63k     3738.72k     3747.41k     3752.96k     3708.49k
+cbc idea S     619.01k      658.68k      661.50k      662.53k      663.55k
+cbc idea  L    645.69k      684.22k      694.55k      692.57k      690.86k
diff --git a/src/lib/libssl/src/times/alpha400.t b/src/lib/libssl/src/times/alpha400.t
new file mode 100644
index 0000000000..079e0d187c
--- /dev/null
+++ b/src/lib/libssl/src/times/alpha400.t
@@ -0,0 +1,25 @@
+Alpha EV5.6 (21164A) 400mhz
+SSLeay 0.7.3r 20-May-1997
+built on Mon Jun  2 03:39:58 EST 1997
+options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish(idx)
+C flags:cc -arch host -tune host -fast -std -O4 -inline speed
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               274.98k      760.96k     1034.27k     1124.69k     1148.69k
+md5              2524.46k    11602.60k    19838.81k    24075.26k    25745.10k
+sha              1848.46k     8335.66k    14232.49k    17247.91k    18530.30k
+sha1             1639.67k     7336.53k    12371.80k    14807.72k    15870.63k
+rc4             17950.93k    19390.66k    19652.44k    19700.39k    19412.31k
+des cbc          4018.59k     4872.06k     4988.76k     5003.26k     4995.73k
+des ede3         1809.11k     1965.67k     1984.26k     1986.90k     1982.46k
+idea cbc         2848.82k     3204.33k     3250.26k     3257.34k     3260.42k
+rc2 cbc          3766.08k     4349.50k     4432.21k     4448.94k     4448.26k
+blowfish cbc     6694.88k     9042.35k     9486.93k     9598.98k     9624.91k
+rsa  512 bits   0.003s   0.000
+rsa 1024 bits   0.013s   0.000
+rsa 2048 bits   0.081s   0.003
+rsa 4096 bits   0.577s   0.011
+dsa  512 bits   0.003s   0.005
+dsa 1024 bits   0.007s   0.014
+dsa 2048 bits   0.025s   0.050
diff --git a/src/lib/libssl/src/times/cyrix100.lnx b/src/lib/libssl/src/times/cyrix100.lnx
new file mode 100644
index 0000000000..010a2216b1
--- /dev/null
+++ b/src/lib/libssl/src/times/cyrix100.lnx
@@ -0,0 +1,22 @@
+SSLeay 0.6.6 06-Dec-1996
+built on Fri Dec  6 10:05:20 GMT 1996
+options:bn(64,32) md2(char) rc4(idx,int) des(idx,risc,16,long) idea(int)
+C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             36.77k      102.48k      138.00k      151.57k      155.78k
+md5            513.59k     2577.22k     4623.51k     5768.99k     6214.53k
+sha            259.89k     1105.45k     1814.97k     2156.16k     2292.13k
+sha1           242.43k     1040.95k     1719.44k     2049.74k     2164.64k
+rc4           1984.48k     2303.41k     2109.37k     2071.47k     1985.61k
+des cfb        712.08k      758.29k      753.17k      752.06k      748.67k
+des cbc        787.37k      937.64k      956.77k      961.61k      957.54k
+des ede3       353.97k      377.28k      379.99k      379.34k      379.11k
+idea cfb       403.80k      418.50k      416.60k      415.78k      415.03k
+idea cbc       426.54k      466.40k      471.31k      472.67k      473.14k
+rc2 cfb        405.15k      420.05k      418.16k      416.72k      416.36k
+rc2 cbc        428.21k      468.43k      473.09k      472.59k      474.70k
+rsa  512 bits   0.040s
+rsa 1024 bits   0.195s
+rsa 2048 bits   1.201s
+rsa 4096 bits   8.700s
diff --git a/src/lib/libssl/src/times/dgux-x86.t b/src/lib/libssl/src/times/dgux-x86.t
new file mode 100644
index 0000000000..70635c536b
--- /dev/null
+++ b/src/lib/libssl/src/times/dgux-x86.t
@@ -0,0 +1,23 @@
+version:SSLeay 0.5.2c 15-May-1996
+built Fri Jun 14 19:47:04 EST 1996
+options:bn(LLONG,thirty_two) md2(CHAR) rc4(IDX,int) des(ary,long) idea(int)
+C flags:gcc -O3 -fomit-frame-pointer -DL_ENDIAN
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2            113.86k      316.48k      428.36k      467.63k      481.56k
+md5           1001.99k     5037.99k     9545.94k    12036.95k    11800.38k
+sha            628.77k     2743.48k     5113.42k     6206.99k     6165.42k
+sha1           583.83k     2638.66k     4538.85k     5532.09k     5917.04k
+rc4           5493.27k     6369.39k     6511.30k     6577.83k     6486.73k
+des cfb       1219.01k     1286.06k     1299.33k     1288.87k     1381.72k
+des cbc       1360.58k     1469.04k     1456.96k     1454.08k     1513.57k
+des ede3       544.45k      567.84k      568.99k      570.37k      566.09k
+idea cfb      1012.39k     1056.30k     1063.52k      989.17k      863.24k
+idea cbc       985.36k     1090.44k     1105.92k     1108.65k     1090.17k
+rc2 cfb        963.86k      979.06k      995.30k      937.35k      827.39k
+rc2 cbc        951.72k     1042.11k     1049.60k     1047.21k     1059.11k
+rsa  512 bits   0.032s
+rsa 1024 bits   0.159s
+rsa 2048 bits   1.025s
+rsa 4096 bits   7.270s
diff --git a/src/lib/libssl/src/times/dgux.t b/src/lib/libssl/src/times/dgux.t
new file mode 100644
index 0000000000..c7f7564e8d
--- /dev/null
+++ b/src/lib/libssl/src/times/dgux.t
@@ -0,0 +1,17 @@
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             38.54k      106.28k      144.00k      157.46k      161.72k
+md5            323.23k     1471.62k     2546.11k     3100.20k     3309.57k
+rc4        I  1902.74k     2055.20k     2080.42k     2077.88k     2065.46k
+cfb des        456.23k      475.22k      481.79k      488.42k      487.17k
+cbc des        484.30k      537.50k      553.09k      558.08k      558.67k
+ede3 des       199.97k      209.05k      211.03k      211.85k      212.78k
+cbc idea       478.50k      519.33k      523.42k      525.09k      526.44k
+rsa  512 bits   0.159s !RSA_LLONG
+rsa 1024 bits   1.053s
+rsa 2048 bits   7.600s
+rsa 4096 bits  59.760s
+md2       C     30.53k       83.58k      112.84k      123.22k      126.24k
+rc4           1844.56k     1975.50k     1997.73k     1994.95k     1984.88k
+rc4       C   1800.09k     1968.85k     1995.20k     1992.36k     1996.80k
+rc4       CI  1830.81k     2035.75k     2067.28k     2070.23k     2062.77k
diff --git a/src/lib/libssl/src/times/hpux-acc.t b/src/lib/libssl/src/times/hpux-acc.t
new file mode 100644
index 0000000000..0c0e936d19
--- /dev/null
+++ b/src/lib/libssl/src/times/hpux-acc.t
@@ -0,0 +1,25 @@
+HPUX 887
+SSLeay 0.7.3r 20-May-1997
+built on Mon Jun  2 02:59:45 EST 1997
+options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) blowfish(idx)
+C flags:cc -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                58.99k      166.85k      225.07k      247.21k      253.76k
+md5               639.22k     2726.98k     4477.25k     5312.69k     5605.20k
+sha               381.08k     1661.49k     2793.84k     3368.86k     3581.23k
+sha1              349.54k     1514.56k     2536.63k     3042.59k     3224.39k
+rc4              2891.10k     4238.01k     4464.11k     4532.49k     4545.87k
+des cbc           717.05k      808.76k      820.14k      821.97k      821.96k
+des ede3          288.21k      303.50k      303.69k      305.82k      305.14k
+idea cbc          325.83k      334.36k      335.89k      336.61k      333.43k
+rc2 cbc           793.00k      915.81k      926.69k      933.28k      929.53k
+blowfish cbc     1561.91k     2051.97k     2122.65k     2139.40k     2145.92k
+rsa  512 bits   0.031s   0.004
+rsa 1024 bits   0.164s   0.004
+rsa 2048 bits   1.055s   0.037
+rsa 4096 bits   7.600s   0.137
+dsa  512 bits   0.029s   0.057
+dsa 1024 bits   0.092s   0.177
+dsa 2048 bits   0.325s   0.646
diff --git a/src/lib/libssl/src/times/hpux-kr.t b/src/lib/libssl/src/times/hpux-kr.t
new file mode 100644
index 0000000000..ad4a0adc18
--- /dev/null
+++ b/src/lib/libssl/src/times/hpux-kr.t
@@ -0,0 +1,23 @@
+SSLeay 0.7.3r 20-May-1997
+built on Mon Jun  2 02:17:35 EST 1997
+options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,cisc,16,long) idea(int) blowfish(idx)
+C flags:cc -DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                35.30k       98.36k      133.41k      146.34k      150.69k
+md5               391.20k     1737.31k     2796.65k     3313.75k     3503.74k
+sha               189.55k      848.14k     1436.72k     1735.87k     1848.03k
+sha1              175.30k      781.14k     1310.32k     1575.61k     1675.81k
+rc4              2070.55k     2501.47k     2556.65k     2578.34k     2584.91k
+des cbc           465.13k      536.85k      545.87k      547.86k      548.89k
+des ede3          190.05k      200.99k      202.31k      202.22k      202.75k
+idea cbc          263.44k      277.77k      282.13k      281.51k      283.15k
+rc2 cbc           448.37k      511.39k      519.54k      522.00k      521.31k
+blowfish cbc      839.98k     1097.70k     1131.16k     1145.64k     1144.67k
+rsa  512 bits   0.048s   0.005
+rsa 1024 bits   0.222s   0.006
+rsa 2048 bits   1.272s   0.042
+rsa 4096 bits   8.445s   0.149
+dsa  512 bits   0.041s   0.077
+dsa 1024 bits   0.111s   0.220
+dsa 2048 bits   0.363s   0.726
diff --git a/src/lib/libssl/src/times/hpux.t b/src/lib/libssl/src/times/hpux.t
new file mode 100644
index 0000000000..dcf7615edf
--- /dev/null
+++ b/src/lib/libssl/src/times/hpux.t
@@ -0,0 +1,86 @@
+HP-UX A.09.05 9000/712
+SSLeay 0.6.6 14-Jan-1997
+built on Tue Jan 14 16:36:31 WET 1997
+options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) 
+blowfish(idx)
+C flags:cc -DB_ENDIAN -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                66.56k      184.92k      251.82k      259.86k      282.62k
+md5               615.54k     2805.92k     4764.30k     5724.21k     6084.39k
+sha               358.23k     1616.46k     2781.50k     3325.72k     3640.89k
+sha1              327.50k     1497.98k     2619.44k     3220.26k     3460.85k
+rc4              3500.47k     3890.99k     3943.81k     3883.74k     3900.02k
+des cbc           742.65k      871.66k      887.15k      891.21k      895.40k
+des ede3          302.42k      322.50k      324.46k      326.66k      326.05k
+idea cbc          664.41k      755.87k      765.61k      772.70k      773.69k
+rc2 cbc           798.78k      931.04k      947.69k      950.31k      952.04k
+blowfish cbc     1353.32k     1932.29k     2021.93k     2047.02k     2053.66k
+rsa  512 bits   0.059s
+rsa 1024 bits   0.372s
+rsa 2048 bits   2.697s
+rsa 4096 bits  20.790s
+SSLeay 0.6.6 14-Jan-1997
+built on Tue Jan 14 15:37:30 WET 1997
+options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) 
+blowfish(idx)
+C flags:gcc -DB_ENDIAN -O3
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                44.91k      122.57k      167.71k      183.89k      190.24k
+md5               532.50k     2316.27k     3965.72k     4740.11k     5055.06k
+sha               363.76k     1684.09k     2978.53k     3730.86k     3972.72k
+sha1              385.76k     1743.53k     2997.69k     3650.74k     3899.08k
+rc4              3178.84k     3621.31k     3672.71k     3684.01k     3571.54k
+des cbc           733.00k      844.70k      863.28k      863.72k      868.73k
+des ede3          289.99k      308.94k      310.11k      309.64k      312.08k
+idea cbc          624.07k      713.91k      724.76k      723.35k      725.13k
+rc2 cbc           704.34k      793.39k      804.25k      805.99k      782.63k
+blowfish cbc     1371.24k     1823.66k     1890.05k     1915.51k     1920.12k
+rsa  512 bits   0.030s
+rsa 1024 bits   0.156s
+rsa 2048 bits   1.113s
+rsa 4096 bits   7.480s
+HPUX B.10.01 V 9000/887 - HP92453-01 A.10.11 HP C Compiler
+SSLeay 0.5.2 - -Aa +ESlit +Oall +O4 -Wl,-a,archive
+HPUX A.09.04 B 9000/887
+ssleay 0.5.1 gcc v 2.7.0 -O3 -mpa-risc-1-1
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             53.00k      166.81k      205.66k      241.95k      242.20k
+md5            743.22k     3128.44k     6031.85k     6142.07k     7025.26k
+sha            481.30k     2008.24k     3361.31k     3985.07k     4180.74k
+sha-1          463.60k     1916.15k     3139.24k     3786.27k     3997.70k
+rc4           3708.61k     4125.16k     4547.53k     4206.21k     4390.07k
+des cfb        665.91k      705.97k      698.48k      694.25k      666.08k
+des cbc        679.80k      741.90k      769.85k      747.62k      719.47k
+des ede3       264.31k      270.22k      265.63k      273.07k      273.07k
+idea cfb       635.91k      673.40k      605.60k      699.53k      672.36k
+idea cbc       705.85k      774.63k      750.60k      715.83k      721.50k
+rsa  512 bits   0.066s
+rsa 1024 bits   0.372s
+rsa 2048 bits   2.177s
+rsa 4096 bits  16.230s
+HP92453-01 A.09.61 HP C Compiler
+ssleay 0.5.1 cc -Ae +ESlit +Oall -Wl,-a,archive
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             58.69k      163.30k      213.57k      230.40k      254.23k
+md5            608.60k     2596.82k     3871.43k     4684.10k     4763.88k
+sha            343.26k     1482.43k     2316.80k     2766.27k     2860.26k
+sha-1          319.15k     1324.13k     2106.03k     2527.82k     2747.95k
+rc4           2467.47k     3374.41k     3265.49k     3354.39k     3368.55k
+des cfb        812.05k      814.90k      851.20k      819.20k      854.56k
+des cbc        836.35k      994.06k      916.02k     1020.01k      988.14k
+des ede3       369.78k      389.15k      401.01k      382.94k      408.03k
+idea cfb       290.40k      298.06k      286.11k      296.92k      299.46k
+idea cbc       301.30k      297.72k      304.34k      300.10k      309.70k
+rsa  512 bits   0.350s
+rsa 1024 bits   2.635s
+rsa 2048 bits  19.930s
diff --git a/src/lib/libssl/src/times/p2.w95 b/src/lib/libssl/src/times/p2.w95
new file mode 100644
index 0000000000..82d1e5515d
--- /dev/null
+++ b/src/lib/libssl/src/times/p2.w95
@@ -0,0 +1,22 @@
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               235.90k      652.30k      893.36k      985.74k      985.74k
+mdc2              779.61k      816.81k      825.65k      816.01k      825.65k
+md5              2788.77k    13508.23k    24672.38k    30504.03k    33156.55k
+sha              1938.22k     8397.01k    14122.24k    16980.99k    18196.55k
+sha1             1817.29k     7832.50k    13168.93k    15738.48k    16810.84k
+rc4             15887.52k    21709.65k    22745.68k    22995.09k    22995.09k
+des cbc          4599.02k     5377.31k     5377.31k     5533.38k     5533.38k
+des ede3         1899.59k     2086.71k     2086.67k     2086.51k     2085.90k
+idea cbc         3350.08k     3934.62k     3979.42k     4017.53k     4017.53k
+rc2 cbc          1534.13k     1630.76k     1625.70k     1644.83k     1653.91k
+blowfish cbc     6678.83k     8490.49k     8701.88k     8848.74k     8886.24k
+                  sign    verify
+rsa  512 bits   0.0062s   0.0008s
+rsa 1024 bits   0.0287s   0.0009s
+rsa 2048 bits   0.1785s   0.0059s
+rsa 4096 bits   1.1300s   0.0205s
+                  sign    verify
+dsa  512 bits   0.0055s   0.0100s
+dsa 1024 bits   0.0154s   0.0299s
+dsa 2048 bits   0.0502s   0.0996s
diff --git a/src/lib/libssl/src/times/pent2.t b/src/lib/libssl/src/times/pent2.t
new file mode 100644
index 0000000000..b6dc269155
--- /dev/null
+++ b/src/lib/libssl/src/times/pent2.t
@@ -0,0 +1,24 @@
+pentium 2, 266mhz, Visual C++ 5.0, Windows 95
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               235.90k      652.30k      893.36k      985.74k      985.74k
+mdc2              779.61k      816.81k      825.65k      816.01k      825.65k
+md5              2788.77k    13508.23k    24672.38k    30504.03k    33156.55k
+sha              1938.22k     8397.01k    14122.24k    16980.99k    18196.55k
+sha1             1817.29k     7832.50k    13168.93k    15738.48k    16810.84k
+rc4             15887.52k    21709.65k    22745.68k    22995.09k    22995.09k
+des cbc          4599.02k     5377.31k     5377.31k     5533.38k     5533.38k
+des ede3         1899.59k     2086.71k     2086.67k     2086.51k     2085.90k
+idea cbc         3350.08k     3934.62k     3979.42k     4017.53k     4017.53k
+rc2 cbc          1534.13k     1630.76k     1625.70k     1644.83k     1653.91k
+blowfish cbc     6678.83k     8490.49k     8701.88k     8848.74k     8886.24k
+                  sign    verify
+rsa  512 bits   0.0062s   0.0008s
+rsa 1024 bits   0.0287s   0.0009s
+rsa 2048 bits   0.1785s   0.0059s
+rsa 4096 bits   1.1300s   0.0205s
+                  sign    verify
+dsa  512 bits   0.0055s   0.0100s
+dsa 1024 bits   0.0154s   0.0299s
+dsa 2048 bits   0.0502s   0.0996s
diff --git a/src/lib/libssl/src/times/readme b/src/lib/libssl/src/times/readme
new file mode 100644
index 0000000000..7074f5815b
--- /dev/null
+++ b/src/lib/libssl/src/times/readme
@@ -0,0 +1,11 @@
+The 'times' in this directory are not all for the most recent version of
+the library and it should be noted that on some CPUs (specifically sparc
+and Alpha), the locations of files in the application after linking can
+make upto a %10 speed difference when running benchmarks on things like
+cbc mode DES.  To put it mildly this can be very anoying.
+About the only way to get around this would be to compile the library as one
+object file, or to 'include' the source files in a specific order.
+The best way to get an idea of the 'raw' DES speed is to build the 
+'speed' program in crypto/des.
diff --git a/src/lib/libssl/src/times/s586-100.lnx b/src/lib/libssl/src/times/s586-100.lnx
new file mode 100644
index 0000000000..cbc3e3c4fb
--- /dev/null
+++ b/src/lib/libssl/src/times/s586-100.lnx
@@ -0,0 +1,25 @@
+Shared library build
+SSLeay 0.7.3 30-Apr-1997
+built on Tue May 13 03:43:56 EST 1997
+options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
+C flags:-DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -m486 -Wall
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                68.95k      191.40k      258.22k      283.31k      291.21k
+md5               627.37k     3064.75k     5370.15k     6765.91k     7255.38k
+sha               323.35k     1431.32k     2417.07k     2916.69k     3102.04k
+sha1              298.08k     1318.34k     2228.82k     2694.83k     2864.47k
+rc4              3404.13k     4026.33k     4107.43k     4136.28k     4117.85k
+des cbc          1414.60k     1782.53k     1824.24k     1847.64k     1840.47k
+des ede3          588.36k      688.19k      700.33k      702.46k      704.51k
+idea cbc          582.96k      636.71k      641.54k      642.39k      642.30k
+rc2 cbc           569.34k      612.37k      617.64k      617.47k      619.86k
+blowfish cbc     2015.77k     2534.49k     2609.65k     2607.10k     2615.98k
+rsa  512 bits   0.027s   0.003
+rsa 1024 bits   0.128s   0.003
+rsa 2048 bits   0.779s   0.027
+rsa 4096 bits   5.450s   0.098
+dsa  512 bits   0.024s   0.045
+dsa 1024 bits   0.068s   0.132
+dsa 2048 bits   0.231s   0.469
diff --git a/src/lib/libssl/src/times/s586-100.nt b/src/lib/libssl/src/times/s586-100.nt
new file mode 100644
index 0000000000..8e3baf6d5e
--- /dev/null
+++ b/src/lib/libssl/src/times/s586-100.nt
@@ -0,0 +1,23 @@
+SSLeay 0.7.3 30-Apr-1997
+built on Mon May 19 10:47:38 EST 1997
+options:bn(64,32) md2(char) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
+C flags not available
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                90.26k      248.57k      335.06k      366.09k      376.64k
+md5               863.95k     4205.24k     7628.78k     9582.60k    10290.25k
+sha               463.93k     2102.51k     3623.28k     4417.85k     4695.29k
+sha1              458.23k     2005.88k     3385.78k     4094.00k     4340.13k
+rc4              5843.60k     7543.71k     7790.31k     7836.89k     7791.47k
+des cbc          1583.95k     1910.67k     1960.69k     1972.12k     1946.13k
+des ede3          654.79k      722.60k      740.97k      745.82k      738.27k
+idea cbc          792.04k      876.96k      887.35k      892.63k      890.36k
+rc2 cbc           603.50k      652.38k      661.85k      662.69k      661.44k
+blowfish cbc     2379.88k     3043.76k     3153.61k     3153.61k     3134.76k
+rsa  512 bits   0.022s   0.003
+rsa 1024 bits   0.111s   0.003
+rsa 2048 bits   0.716s   0.025
+rsa 4096 bits   5.188s   0.094
+dsa  512 bits   0.020s   0.039
+dsa 1024 bits   0.062s   0.124
+dsa 2048 bits   0.221s   0.441
diff --git a/src/lib/libssl/src/times/sgi.t b/src/lib/libssl/src/times/sgi.t
new file mode 100644
index 0000000000..7963610150
--- /dev/null
+++ b/src/lib/libssl/src/times/sgi.t
@@ -0,0 +1,29 @@
+SGI Challenge R4400 200mhz IRIX 5.3 - gcc (2.6.3)
+SSLeay 0.6.1 02-Jul-1996
+built on Tue Jul  2 16:25:30 EST 1996
+options:bn(64,32) md2(char) rc4(idx,char) des(idx,long) idea(int)
+C flags:gcc -O2 -mips2 -DTERMIOS -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             96.53k      266.70k      360.09k      393.70k      405.07k
+md5            971.15k     4382.56k     7406.90k     8979.99k     9559.18k
+sha            596.86k     2832.26k     4997.30k     6277.75k     6712.89k
+sha1           578.34k     2630.16k     4632.05k     5684.34k     6083.37k
+rc4           5641.12k     6821.76k     6996.13k     7052.61k     6913.32k
+des cfb       1354.86k     1422.11k     1434.58k     1433.24k     1432.89k
+des cbc       1467.13k     1618.92k     1630.08k     1637.00k     1629.62k
+des ede3       566.13k      591.91k      596.86k      596.18k      592.54k
+idea cfb      1190.60k     1264.49k     1270.38k     1267.84k     1272.37k
+idea cbc      1271.45k     1410.37k     1422.49k     1426.46k     1421.73k
+rc2 cfb       1285.73k     1371.40k     1380.92k     1383.13k     1379.23k
+rc2 cbc       1386.61k     1542.10k     1562.49k     1572.45k     1567.93k
+rsa  512 bits   0.018s
+rsa 1024 bits   0.106s
+rsa 2048 bits   0.738s
+rsa 4096 bits   5.535s
+version:SSLeay 0.5.2c 15-May-1996
+rsa  512 bits   0.035s
+rsa 1024 bits   0.204s
+rsa 2048 bits   1.423s
+rsa 4096 bits  10.800s
diff --git a/src/lib/libssl/src/times/sparc.t b/src/lib/libssl/src/times/sparc.t
new file mode 100644
index 0000000000..1611f76570
--- /dev/null
+++ b/src/lib/libssl/src/times/sparc.t
@@ -0,0 +1,26 @@
+gcc 2.7.2
+Sparc 10 - Solaris 2.3 - 50mhz
+SSLeay 0.7.3r 20-May-1997
+built on Mon Jun  2 00:55:51 EST 1997
+options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr)
+C flags:gcc -O3 -fomit-frame-pointer -mv8 -Wall
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                54.88k      154.52k      210.35k      231.08k      237.21k
+md5               550.75k     2460.49k     4116.01k     4988.74k     5159.86k
+sha               340.28k     1461.76k     2430.10k     2879.87k     2999.15k
+sha1              307.27k     1298.41k     2136.26k     2540.07k     2658.28k
+rc4              2652.21k     2805.24k     3301.63k     4003.98k     4071.18k
+des cbc           811.78k      903.93k      914.19k      921.60k      932.29k
+des ede3          328.21k      344.93k      349.64k      351.48k      345.07k
+idea cbc          685.06k      727.42k      734.41k      730.11k      739.21k
+rc2 cbc           718.59k      777.02k      781.96k      784.38k      782.60k
+blowfish cbc     1268.85k     1520.64k     1568.88k     1587.54k     1591.98k
+rsa  512 bits   0.037s   0.005
+rsa 1024 bits   0.213s   0.006
+rsa 2048 bits   1.471s   0.053
+rsa 4096 bits  11.100s   0.202
+dsa  512 bits   0.038s   0.074
+dsa 1024 bits   0.128s   0.248
+dsa 2048 bits   0.473s   0.959
diff --git a/src/lib/libssl/src/times/sparc2 b/src/lib/libssl/src/times/sparc2
new file mode 100644
index 0000000000..4b0dd805ef
--- /dev/null
+++ b/src/lib/libssl/src/times/sparc2
@@ -0,0 +1,21 @@
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                14.56k       40.25k       54.95k       60.13k       62.18k
+mdc2               53.59k       57.45k       58.11k       58.21k       58.51k
+md5               176.95k      764.75k     1270.36k     1520.14k     1608.36k
+hmac(md5)          55.88k      369.70k      881.15k     1337.05k     1567.40k
+sha1               92.69k      419.75k      723.63k      878.82k      939.35k
+rc4              1247.28k     1414.09k     1434.30k     1434.34k     1441.13k
+des cbc           284.41k      318.58k      323.07k      324.09k      323.87k
+des ede3          109.99k      119.99k      121.60k      121.87k      121.66k
+idea cbc           43.06k       43.68k       43.84k       43.64k       44.07k
+rc2 cbc           278.85k      311.44k      316.50k      316.57k      317.37k
+blowfish cbc      468.89k      569.35k      581.61k      568.34k      559.54k
+cast cbc          285.84k      338.79k      345.71k      346.19k      341.09k
+                  sign    verify
+rsa  512 bits   0.4175s   0.0519s
+rsa 1024 bits   2.9325s   0.1948s
+rsa 2048 bits  22.3600s   0.7669s
+                  sign    verify
+dsa  512 bits   0.5178s   1.0300s
+dsa 1024 bits   1.8780s   3.7167s
+dsa 2048 bits   7.3500s  14.4800s
diff --git a/src/lib/libssl/src/times/sparcLX.t b/src/lib/libssl/src/times/sparcLX.t
new file mode 100644
index 0000000000..2fdaed7cc5
--- /dev/null
+++ b/src/lib/libssl/src/times/sparcLX.t
@@ -0,0 +1,22 @@
+Sparc Station LX
+SSLeay 0.7.3 30-Apr-1997
+built on Thu May  1 10:44:02 EST 1997
+options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr)
+C flags:gcc -O3 -fomit-frame-pointer -mv8 -Wall
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                17.60k       48.72k       66.47k       72.70k       74.72k
+md5               226.24k     1082.21k     1982.72k     2594.02k     2717.01k
+sha                71.38k      320.71k      551.08k      677.76k      720.90k
+sha1               63.08k      280.79k      473.86k      576.94k      608.94k
+rc4              1138.30k     1257.67k     1304.49k     1377.78k     1364.42k
+des cbc           265.34k      308.85k      314.28k      315.39k      317.20k
+des ede3           83.23k       93.13k       94.04k       94.50k       94.63k
+idea cbc          254.48k      274.26k      275.88k      274.68k      275.80k
+rc2 cbc           328.27k      375.39k      381.43k      381.61k      380.83k
+blowfish cbc      487.00k      498.02k      510.12k      515.41k      516.10k
+rsa  512 bits   0.093s
+rsa 1024 bits   0.537s
+rsa 2048 bits   3.823s
+rsa 4096 bits  28.650s
diff --git a/src/lib/libssl/src/times/usparc.t b/src/lib/libssl/src/times/usparc.t
new file mode 100644
index 0000000000..2215624f9f
--- /dev/null
+++ b/src/lib/libssl/src/times/usparc.t
@@ -0,0 +1,25 @@
+Sparc 2000? - Solaris 2.5.1 - 167mhz Ultra sparc
+SSLeay 0.7.3r 20-May-1997
+built on Mon Jun  2 02:25:48 EST 1997
+options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) idea(int) blowfish(ptr)
+C flags:cc cc -xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               135.23k      389.87k      536.66k      591.87k      603.48k
+md5              1534.38k     6160.41k     9842.69k    11446.95k    11993.09k
+sha              1178.30k     5020.74k     8532.22k    10275.50k    11010.05k
+sha1             1114.22k     4703.94k     7703.81k     9236.14k     9756.67k
+rc4             10818.03k    13327.57k    13711.10k    13810.69k    13836.29k
+des cbc          3052.44k     3320.02k     3356.25k     3369.98k     3295.91k
+des ede3         1310.32k     1359.98k     1367.47k     1362.94k     1362.60k
+idea cbc         1749.52k     1833.13k     1844.74k     1848.32k     1848.66k
+rc2 cbc          1950.25k     2053.23k     2064.21k     2072.58k     2072.58k
+blowfish cbc     4927.16k     5659.75k     5762.73k     5797.55k     5805.40k
+rsa  512 bits   0.021s   0.003
+rsa 1024 bits   0.126s   0.003
+rsa 2048 bits   0.888s   0.032
+rsa 4096 bits   6.770s   0.122
+dsa  512 bits   0.022s   0.043
+dsa 1024 bits   0.076s   0.151
+dsa 2048 bits   0.286s   0.574
diff --git a/src/lib/libssl/src/times/x86/bfs.cpp b/src/lib/libssl/src/times/x86/bfs.cpp
new file mode 100644
index 0000000000..272ed2f978
--- /dev/null
+++ b/src/lib/libssl/src/times/x86/bfs.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "blowfish.h"
+void main(int argc,char *argv[])
+        {
+        BF_KEY key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(s1);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(e2);
+                        BF_encrypt(&data[0],&key);
+                        }
+                printf("blowfish %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libssl/src/times/x86/casts.cpp b/src/lib/libssl/src/times/x86/casts.cpp
new file mode 100644
index 0000000000..7f524da57b
--- /dev/null
+++ b/src/lib/libssl/src/times/x86/casts.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "cast.h"
+void main(int argc,char *argv[])
+        {
+        CAST_KEY key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(s1);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(e2);
+                        CAST_encrypt(&data[0],&key);
+                        }
+                printf("cast %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libssl/src/times/x86/des3s.cpp b/src/lib/libssl/src/times/x86/des3s.cpp
new file mode 100644
index 0000000000..9aff6494d9
--- /dev/null
+++ b/src/lib/libssl/src/times/x86/des3s.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "des.h"
+void main(int argc,char *argv[])
+        {
+        des_key_schedule key1,key2,key3;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(s1);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(e2);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        }
+                printf("des %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libssl/src/times/x86/dess.cpp b/src/lib/libssl/src/times/x86/dess.cpp
new file mode 100644
index 0000000000..7fb5987314
--- /dev/null
+++ b/src/lib/libssl/src/times/x86/dess.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "des.h"
+void main(int argc,char *argv[])
+        {
+        des_key_schedule key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        des_encrypt(&data[0],key,1);
+                        GetTSC(s1);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        des_encrypt(&data[0],key,1);
+                        GetTSC(e2);
+                        des_encrypt(&data[0],key,1);
+                        }
+                printf("des %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libssl/src/times/x86/md5s.cpp b/src/lib/libssl/src/times/x86/md5s.cpp
new file mode 100644
index 0000000000..ef8e175df0
--- /dev/null
+++ b/src/lib/libssl/src/times/x86/md5s.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "md5.h"
+extern "C" {
+void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
+}
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        MD5_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        md5_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        md5_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        md5_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        md5_block_x86(&ctx,buffer,num);
+                        }
+                printf("md5 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
diff --git a/src/lib/libssl/src/times/x86/rc4s.cpp b/src/lib/libssl/src/times/x86/rc4s.cpp
new file mode 100644
index 0000000000..39f1727dd3
--- /dev/null
+++ b/src/lib/libssl/src/times/x86/rc4s.cpp
@@ -0,0 +1,73 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "rc4.h"
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[1024];
+        RC4_KEY ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=64,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=256;
+        if (num > 1024-16) num=1024-16;
+        numm=num+8;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        RC4(&ctx,numm,buffer,buffer);
+                        GetTSC(s1);
+                        RC4(&ctx,numm,buffer,buffer);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        RC4(&ctx,num,buffer,buffer);
+                        GetTSC(e2);
+                        RC4(&ctx,num,buffer,buffer);
+                        }
+                printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num,
+                        e1-s1,e2-s2,(e1-s1)-(e2-s2));
+                }
+        }
diff --git a/src/lib/libssl/src/times/x86/sha1s.cpp b/src/lib/libssl/src/times/x86/sha1s.cpp
new file mode 100644
index 0000000000..0163377de6
--- /dev/null
+++ b/src/lib/libssl/src/times/x86/sha1s.cpp
@@ -0,0 +1,79 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include "sha.h"
+extern "C" {
+void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num);
+}
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        SHA_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        sha1_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        sha1_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        sha1_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        sha1_block_x86(&ctx,buffer,num);
+                        }
+                printf("sha1 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
diff --git a/src/lib/libssl/src/tools/c_hash b/src/lib/libssl/src/tools/c_hash
new file mode 100644
index 0000000000..54ff9d2cac
--- /dev/null
+++ b/src/lib/libssl/src/tools/c_hash
@@ -0,0 +1,9 @@
+#!/bin/sh
+# print out the hash values 
+#
+for i in $*
+do
+        h=`ssleay x509 -hash -noout -in $i`
+        echo "$h.0 => $i"
+done
diff --git a/src/lib/libssl/src/tools/c_info b/src/lib/libssl/src/tools/c_info
new file mode 100644
index 0000000000..5dd960b3a1
--- /dev/null
+++ b/src/lib/libssl/src/tools/c_info
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# print the subject
+#
+for i in $*
+do
+        n=`ssleay x509 -subject -issuer -enddate -noout -in $i`
+        echo "$i"
+        echo "$n"
+        echo "--------"
+done
diff --git a/src/lib/libssl/src/tools/c_issuer b/src/lib/libssl/src/tools/c_issuer
new file mode 100644
index 0000000000..a885b24b7b
--- /dev/null
+++ b/src/lib/libssl/src/tools/c_issuer
@@ -0,0 +1,10 @@
+#!/bin/sh
+#
+# print out the issuer
+#
+for i in $*
+do
+        n=`ssleay x509 -issuer -noout -in $i`
+        echo "$i\t$n"
+done
diff --git a/src/lib/libssl/src/tools/c_name b/src/lib/libssl/src/tools/c_name
new file mode 100644
index 0000000000..4b33e68c59
--- /dev/null
+++ b/src/lib/libssl/src/tools/c_name
@@ -0,0 +1,10 @@
+#!/bin/sh
+#
+# print the subject
+#
+for i in $*
+do
+        n=`ssleay x509 -subject -noout -in $i`
+        echo "$i        $n"
+done
diff --git a/src/lib/libssl/src/tools/c_rehash b/src/lib/libssl/src/tools/c_rehash
new file mode 100644
index 0000000000..cbff15e48b
--- /dev/null
+++ b/src/lib/libssl/src/tools/c_rehash
@@ -0,0 +1,47 @@
+#!/bin/sh
+#
+# redo the hashes for the certificates in your cert path or the ones passed
+# on the command line.
+#
+if [ "$SSLEAY"x = "x" -o ! -x $SSLEAY ]; then
+        SSLEAY='ssleay'
+        export SSLEAY
+fi
+DIR=/usr/ssl
+PATH=$DIR/bin:$PATH
+SSL_DIR=$DIR/certs
+if [ "$*" = "" ]; then
+        CERTS=${*:-${SSL_CERT_DIR:-$SSL_DIR}}
+else
+        CERTS=$*
+fi
+IFS=': '
+for i in $CERTS
+do
+  (
+  IFS=' '
+  if [ -d $i -a -w $i ]; then
+    cd $i
+    echo "Doing $i"
+    for i in *.pem
+    do
+      if [ $i != '*.pem' ]; then
+        h=`$SSLEAY x509 -hash -noout -in $i`
+        if [ "x$h" = "x" ]; then
+          echo $i does not contain a certificate
+        else
+          if [ -f $h.0 ]; then
+            /bin/rm -f $h.0
+          fi
+          echo "$i => $h.0"
+          ln -s $i $h.0
+        fi
+      fi
+    done
+  fi
+  )
+done
diff --git a/src/lib/libssl/src/util/FreeBSD.sh b/src/lib/libssl/src/util/FreeBSD.sh
new file mode 100644
index 0000000000..db8edfc6aa
--- /dev/null
+++ b/src/lib/libssl/src/util/FreeBSD.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+perl util/perlpath.pl /usr/bin
+perl util/ssldir.pl /usr/local  
+perl util/mk1mf.pl FreeBSD >Makefile.FreeBSD
+perl Configure FreeBSD
diff --git a/src/lib/libssl/src/util/add_cr.pl b/src/lib/libssl/src/util/add_cr.pl
new file mode 100644
index 0000000000..ddd6d61e2d
--- /dev/null
+++ b/src/lib/libssl/src/util/add_cr.pl
@@ -0,0 +1,123 @@
+#!/usr/bin/perl
+#
+# This adds a copyright message to a souce code file.
+# It also gets the file name correct.
+#
+# perl util/add_cr.pl *.[ch] */*.[ch] */*/*.[ch]
+#
+foreach (@ARGV)
+        {
+        &dofile($_);
+        }
+sub dofile
+        {
+        local($file)=@_;
+        open(IN,"<$file") || die "unable to open $file:$!\n";
+        print STDERR "doing $file\n";
+        @in=<IN>;
+        return(1) if ($in[0] =~ / NOCW /);
+        @out=();
+        open(OUT,">$file.out") || die "unable to open $file.$$:$!\n";
+        push(@out,"/* $file */\n");
+        if (($in[1] !~ /^\/\* Copyright \(C\) [0-9-]+ Eric Young \(eay\@cryptsoft.com\)/))
+                {
+                push(@out,&Copyright);
+                $i=2;
+                @a=grep(/ Copyright \(C\) /,@in);
+                if ($#a >= 0)
+                        {
+                        while (($i <= $#in) && ($in[$i] ne " */\n"))
+                                { $i++; }
+                        $i++ if ($in[$i] eq " */\n");
+                        while (($i <= $#in) && ($in[$i] =~ /^\s*$/))
+                                { $i++; }
+                        push(@out,"\n");
+                        for ( ; $i <= $#in; $i++)
+                                { push(@out,$in[$i]); }
+                        }
+                else
+                        { push(@out,@in); }
+                }
+        else
+                {
+                shift(@in);
+                push(@out,@in);
+                }
+        print OUT @out;
+        close(IN);
+        close(OUT);
+        rename("$file","$file.orig") || die "unable to rename $file:$!\n";
+        rename("$file.out",$file) || die "unable to rename $file.out:$!\n";
+        }
+sub Copyright
+        {
+        return <<'EOF';
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+EOF
+        }
diff --git a/src/lib/libssl/src/util/bat.sh b/src/lib/libssl/src/util/bat.sh
new file mode 100644
index 0000000000..c6f48e8a7b
--- /dev/null
+++ b/src/lib/libssl/src/util/bat.sh
@@ -0,0 +1,132 @@
+#!/usr/local/bin/perl
+$infile="/home/eay/ssl/SSLeay/MINFO";
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+        {
+        chop;
+        ($key,$val)=/^([^=]+)=(.*)/;
+        if ($key eq "RELATIVE_DIRECTORY")
+                {
+                if ($lib ne "")
+                        {
+                        $uc=$lib;
+                        $uc =~ s/^lib(.*)\.a/$1/;
+                        $uc =~ tr/a-z/A-Z/;
+                        $lib_nam{$uc}=$uc;
+                        $lib_obj{$uc}.=$libobj." ";
+                        }
+                last if ($val eq "FINISHED");
+                $lib="";
+                $libobj="";
+                $dir=$val;
+                }
+        if ($key eq "TEST")
+                { $test.=&var_add($dir,$val); }
+        if (($key eq "PROGS") || ($key eq "E_OBJ"))
+                { $e_exe.=&var_add($dir,$val); }
+        if ($key eq "LIB")
+                {
+                $lib=$val;
+                $lib =~ s/^.*\/([^\/]+)$/$1/;
+                }
+        if ($key eq "EXHEADER")
+                { $exheader.=&var_add($dir,$val); }
+        if ($key eq "HEADER")
+                { $header.=&var_add($dir,$val); }
+        if ($key eq "LIBSRC")
+                { $libsrc.=&var_add($dir,$val); }
+        if (!($_=<IN>))
+                { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+        }
+close(IN);
+@a=split(/\s+/,$libsrc);
+foreach (@a)
+        {
+        print "${_}.c\n";
+        }
+sub var_add
+        {
+        local($dir,$val)=@_;
+        local(@a,$_,$ret);
+        return("") if $no_idea && $dir =~ /\/idea/;
+        return("") if $no_rc2  && $dir =~ /\/rc2/;
+        return("") if $no_rc4  && $dir =~ /\/rc4/;
+        return("") if $no_rsa  && $dir =~ /\/rsa/;
+        return("") if $no_rsa  && $dir =~ /^rsaref/;
+        return("") if $no_dsa  && $dir =~ /\/dsa/;
+        return("") if $no_dh   && $dir =~ /\/dh/;
+        if ($no_des && $dir =~ /\/des/)
+                {
+                if ($val =~ /read_pwd/)
+                        { return("$dir/read_pwd "); }
+                else
+                        { return(""); }
+                }
+        return("") if $no_mdc2 && $dir =~ /\/mdc2/;
+        return("") if $no_sock && $dir =~ /\/proxy/;
+        return("") if $no_bf   && $dir =~ /\/bf/;
+        return("") if $no_cast && $dir =~ /\/cast/;
+        $val =~ s/^\s*(.*)\s*$/$1/;
+        @a=split(/\s+/,$val);
+        grep(s/\.[och]$//,@a);
+        @a=grep(!/^e_.*_3d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_i$/,@a) if $no_idea;
+        @a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
+        @a=grep(!/^e_.*_bf$/,@a) if $no_bf;
+        @a=grep(!/^e_.*_c$/,@a) if $no_cast;
+        @a=grep(!/^e_rc4$/,@a) if $no_rc4;
+        @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+        @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+        @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
+        @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+        @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+        @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+        @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(^pem_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa;
+        @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa;
+        @a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4;
+        @a=grep(!/_dhp$/,@a) if $no_dh;
+        @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha;
+        @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        @a=grep(!/_mdc2$/,@a) if $no_mdc2;
+        @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+        @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+        @a=grep(!/^gendsa$/,@a) if $no_sha1;
+        @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
+        @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        grep($_="$dir/$_",@a);
+        @a=grep(!/(^|\/)s_/,@a) if $no_sock;
+        @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
+        $ret=join(' ',@a)." ";
+        return($ret);
+        }
diff --git a/src/lib/libssl/src/util/ck_errf.pl b/src/lib/libssl/src/util/ck_errf.pl
new file mode 100644
index 0000000000..c5764e40df
--- /dev/null
+++ b/src/lib/libssl/src/util/ck_errf.pl
@@ -0,0 +1,44 @@
+#!/usr/bin/perl
+#
+# This is just a quick script to scan for cases where the 'error'
+# function name in a XXXerr() macro is wrong.
+# 
+# Run in the top level by going
+# perl util/ck_errf.pl */*.c */*/*.c
+#
+foreach $file (@ARGV)
+        {
+        open(IN,"<$file") || die "unable to open $file\n";
+        $func="";
+        while (<IN>)
+                {
+                if (/^[a-zA-Z].+[\s*]([A-Za-z_0-9]+)\(.*\)/)
+                        {
+                        $func=$1;
+                        $func =~ tr/A-Z/a-z/;
+                        }
+                if (/([A-Z0-9]+)err\(([^,]+)/)
+                        {
+                        next if ($func eq "");
+                        $errlib=$1;
+                        $n=$2;
+                        if ($n !~ /([^_]+)_F_(.+)$/)
+                                {
+                #               print "check -$file:$.:$func:$n\n";
+                                next;
+                                }
+                        $lib=$1;
+                        $n=$2;
+                        if ($lib ne $errlib)
+                                { print "$file:$.:$func:$n\n"; next; }
+                        $n =~ tr/A-Z/a-z/;
+                        if (($n ne $func) && ($errlib ne "SYS"))
+                                { print "$file:$.:$func:$n\n"; next; }
+        #               print "$func:$1\n";
+                        }
+                }
+        }
diff --git a/src/lib/libssl/src/util/deleof.pl b/src/lib/libssl/src/util/deleof.pl
new file mode 100644
index 0000000000..04f30f0e47
--- /dev/null
+++ b/src/lib/libssl/src/util/deleof.pl
@@ -0,0 +1,7 @@
+#!/usr/bin/perl
+while (<>)
+        {
+        print
+        last if (/^# DO NOT DELETE THIS LINE/);
+        }
diff --git a/src/lib/libssl/src/util/do_ms.sh b/src/lib/libssl/src/util/do_ms.sh
new file mode 100644
index 0000000000..f498d842b7
--- /dev/null
+++ b/src/lib/libssl/src/util/do_ms.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# generate the Microsoft makefiles and .def files
+#
+PATH=util:../util:$PATH
+# perl util/mk1mf.pl VC-MSDOS no-sock >ms/msdos.mak
+# perl util/mk1mf.pl VC-W31-32 >ms/w31.mak
+perl util/mk1mf.pl VC-WIN16 dll >ms/w31dll.mak
+# perl util/mk1mf.pl VC-WIN32 >ms/nt.mak
+perl util/mk1mf.pl VC-WIN32 dll >ms/ntdll.mak
+perl util/mkdef.pl 16 libeay > ms/libeay16.def
+perl util/mkdef.pl 32 libeay > ms/libeay32.def
+perl util/mkdef.pl 16 ssleay > ms/ssleay16.def
+perl util/mkdef.pl 32 ssleay > ms/ssleay32.def
diff --git a/src/lib/libssl/src/util/err-ins.pl b/src/lib/libssl/src/util/err-ins.pl
new file mode 100644
index 0000000000..db1bb48275
--- /dev/null
+++ b/src/lib/libssl/src/util/err-ins.pl
@@ -0,0 +1,33 @@
+#!/usr/bin/perl
+#
+# tack error codes onto the end of a file
+#
+open(ERR,$ARGV[0]) || die "unable to open error file '$ARGV[0]':$!\n";
+@err=<ERR>;
+close(ERR);
+open(IN,$ARGV[1]) || die "unable to open header file '$ARGV[1]':$!\n";
+@out="";
+while (<IN>)
+        {
+        push(@out,$_);
+        last if /BEGIN ERROR CODES/;
+        }
+close(IN);
+open(OUT,">$ARGV[1]") || die "unable to open header file '$ARGV[1]':$1\n";
+print OUT @out;
+print OUT @err;
+print OUT <<"EOF";
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+EOF
+close(OUT);
diff --git a/src/lib/libssl/src/util/files.pl b/src/lib/libssl/src/util/files.pl
new file mode 100644
index 0000000000..bf3b7effdc
--- /dev/null
+++ b/src/lib/libssl/src/util/files.pl
@@ -0,0 +1,61 @@
+#!/usr/bin/perl
+#
+# used to generate the file MINFO for use by util/mk1mf.pl
+# It is basically a list of all variables from the passed makefile
+#
+$s="";
+while (<>)
+        {
+        chop;
+        s/#.*//;
+        if (/^(\S+)\s*=\s*(.*)$/)
+                {
+                $o="";
+                ($s,$b)=($1,$2);
+                for (;;)
+                        {
+                        if ($b =~ /\\$/)
+                                {
+                                chop($b);
+                                $o.=$b." ";
+                                $b=<>;
+                                chop($b);
+                                }
+                        else
+                                {
+                                $o.=$b." ";
+                                last;
+                                }
+                        }
+                $o =~ s/^\s+//;
+                $o =~ s/\s+$//;
+                $o =~ s/\s+/ /g;
+                $o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
+                $sym{$s}=$o;
+                }
+        }
+$pwd=`pwd`; chop($pwd);
+if ($sym{'TOP'} eq ".")
+        {
+        $n=0;
+        $dir=".";
+        }
+else    {
+        $n=split(/\//,$sym{'TOP'});
+        @_=split(/\//,$pwd);
+        $z=$#_-$n+1;
+        foreach $i ($z .. $#_) { $dir.=$_[$i]."/"; }
+        chop($dir);
+        }
+print "RELATIVE_DIRECTORY=$dir\n";
+foreach (sort keys %sym)
+        {
+        print "$_=$sym{$_}\n";
+        }
+print "RELATIVE_DIRECTORY=\n";
diff --git a/src/lib/libssl/src/util/fixNT.sh b/src/lib/libssl/src/util/fixNT.sh
new file mode 100644
index 0000000000..ce4f19299b
--- /dev/null
+++ b/src/lib/libssl/src/util/fixNT.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# clean up the mess that NT makes of my source tree
+#
+if [ -f makefile.ssl -a ! -f Makefile.ssl ]; then
+        /bin/mv makefile.ssl Makefile.ssl
+fi
+chmod +x Configure util/*
+echo cleaning
+/bin/rm -f `find . -name '*.$$$' -print` 2>/dev/null >/dev/null
+echo 'removing those damn ^M'
+perl -pi -e 's/\015//' `find . -type 'f' -print |grep -v '.obj$' |grep -v '.der$' |grep -v '.gz'`
+make -f Makefile.ssl links
diff --git a/src/lib/libssl/src/util/install.sh b/src/lib/libssl/src/util/install.sh
new file mode 100644
index 0000000000..e1d0c982df
--- /dev/null
+++ b/src/lib/libssl/src/util/install.sh
@@ -0,0 +1,108 @@
+#!/bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5; it is not part of GNU.
+#
+# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+#
+# set DOITPROG to echo to test this script
+doit="${DOITPROG:-}"
+# put in absolute paths if you don't have them in your path; or use env. vars.
+mvprog="${MVPROG:-mv}"
+cpprog="${CPPROG:-cp}"
+chmodprog="${CHMODPROG:-chmod}"
+chownprog="${CHOWNPROG:-chown}"
+chgrpprog="${CHGRPPROG:-chgrp}"
+stripprog="${STRIPPROG:-strip}"
+rmprog="${RMPROG:-rm}"
+instcmd="$mvprog"
+chmodcmd=""
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+src=""
+dst=""
+while [ x"$1" != x ]; do
+    case $1 in
+        -c) instcmd="$cpprog"
+            shift
+            continue;;
+        -m) chmodcmd="$chmodprog $2"
+            shift
+            shift
+            continue;;
+        -o) chowncmd="$chownprog $2"
+            shift
+            shift
+            continue;;
+        -g) chgrpcmd="$chgrpprog $2"
+            shift
+            shift
+            continue;;
+        -s) stripcmd="$stripprog"
+            shift
+            continue;;
+        *)  if [ x"$src" = x ]
+            then
+                src=$1
+            else
+                dst=$1
+            fi
+            shift
+            continue;;
+    esac
+done
+if [ x"$src" = x ]
+then
+        echo "install:  no input file specified"
+        exit 1
+fi
+if [ x"$dst" = x ]
+then
+        echo "install:  no destination specified"
+        exit 1
+fi
+# if destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+if [ -d $dst ]
+then
+        dst="$dst"/`basename $src`
+fi
+# get rid of the old one and mode the new one in
+$doit $rmcmd $dst
+$doit $instcmd $src $dst
+# and set any options; do chmod last to preserve setuid bits
+if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi
+if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi
+if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi
+if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi
+exit 0
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num
new file mode 100644
index 0000000000..fcaf254287
--- /dev/null
+++ b/src/lib/libssl/src/util/libeay.num
@@ -0,0 +1,1065 @@
+SSLeay                                  1
+SSLeay_version                          2
+ASN1_BIT_STRING_asn1_meth               3
+ASN1_HEADER_free                        4
+ASN1_HEADER_new                         5
+ASN1_IA5STRING_asn1_meth                6
+ASN1_INTEGER_get                        7
+ASN1_INTEGER_set                        8
+ASN1_INTEGER_to_BN                      9
+ASN1_OBJECT_create                      10
+ASN1_OBJECT_free                        11
+ASN1_OBJECT_new                         12
+ASN1_PRINTABLE_type                     13
+ASN1_STRING_cmp                         14
+ASN1_STRING_dup                         15
+ASN1_STRING_free                        16
+ASN1_STRING_new                         17
+ASN1_STRING_print                       18
+ASN1_STRING_set                         19
+ASN1_STRING_type_new                    20
+ASN1_TYPE_free                          21
+ASN1_TYPE_new                           22
+ASN1_UNIVERSALSTRING_to_string          23
+ASN1_UTCTIME_check                      24
+ASN1_UTCTIME_print                      25
+ASN1_UTCTIME_set                        26
+ASN1_check_infinite_end                 27
+ASN1_d2i_bio                            28
+ASN1_d2i_fp                             29
+ASN1_digest                             30
+ASN1_dup                                31
+ASN1_get_object                         32
+ASN1_i2d_bio                            33
+ASN1_i2d_fp                             34
+ASN1_object_size                        35
+ASN1_parse                              36
+ASN1_put_object                         37
+ASN1_sign                               38
+ASN1_verify                             39
+BF_cbc_encrypt                          40
+BF_cfb64_encrypt                        41
+BF_ecb_encrypt                          42
+BF_encrypt                              43
+BF_ofb64_encrypt                        44
+BF_options                              45
+BF_set_key                              46
+BIO_CONNECT_free                        47
+BIO_CONNECT_new                         48
+BIO_accept                              51
+BIO_ctrl                                52
+BIO_int_ctrl                            53
+BIO_debug_callback                      54
+BIO_dump                                55
+BIO_dup_chain                           56
+BIO_f_base64                            57
+BIO_f_buffer                            58
+BIO_f_cipher                            59
+BIO_f_md                                60
+BIO_f_null                              61
+BIO_f_proxy_server                      62
+BIO_fd_non_fatal_error                  63
+BIO_fd_should_retry                     64
+BIO_find_type                           65
+BIO_free                                66
+BIO_free_all                            67
+BIO_get_accept_socket                   69
+BIO_get_filter_bio                      70
+BIO_get_host_ip                         71
+BIO_get_port                            72
+BIO_get_retry_BIO                       73
+BIO_get_retry_reason                    74
+BIO_gethostbyname                       75
+BIO_gets                                76
+BIO_new                                 78
+BIO_new_accept                          79
+BIO_new_connect                         80
+BIO_new_fd                              81
+BIO_new_file                            82
+BIO_new_fp                              83
+BIO_new_socket                          84
+BIO_pop                                 85
+BIO_printf                              86
+BIO_push                                87
+BIO_puts                                88
+BIO_read                                89
+BIO_s_accept                            90
+BIO_s_connect                           91
+BIO_s_fd                                92
+BIO_s_file                              93
+BIO_s_mem                               95
+BIO_s_null                              96
+BIO_s_proxy_client                      97
+BIO_s_socket                            98
+BIO_set                                 100
+BIO_set_cipher                          101
+BIO_set_tcp_ndelay                      102
+BIO_sock_cleanup                        103
+BIO_sock_error                          104
+BIO_sock_init                           105
+BIO_sock_non_fatal_error                106
+BIO_sock_should_retry                   107
+BIO_socket_ioctl                        108
+BIO_write                               109
+BN_CTX_free                             110
+BN_CTX_new                              111
+BN_MONT_CTX_free                        112
+BN_MONT_CTX_new                         113
+BN_MONT_CTX_set                         114
+BN_add                                  115
+BN_add_word                             116
+BN_hex2bn                               117
+BN_bin2bn                               118
+BN_bn2hex                               119
+BN_bn2bin                               120
+BN_clear                                121
+BN_clear_bit                            122
+BN_clear_free                           123
+BN_cmp                                  124
+BN_copy                                 125
+BN_div                                  126
+BN_div_word                             127
+BN_dup                                  128
+BN_free                                 129
+BN_from_montgomery                      130
+BN_gcd                                  131
+BN_generate_prime                       132
+BN_get_word                             133
+BN_is_bit_set                           134
+BN_is_prime                             135
+BN_lshift                               136
+BN_lshift1                              137
+BN_mask_bits                            138
+BN_mod                                  139
+BN_mod_exp                              140
+BN_mod_exp_mont                         141
+BN_mod_exp_recp                         142
+BN_mod_exp_simple                       143
+BN_mod_inverse                          144
+BN_mod_mul                              145
+BN_mod_mul_montgomery                   146
+BN_mod_mul_reciprocal                   147
+BN_mod_word                             148
+BN_mul                                  149
+BN_new                                  150
+BN_num_bits                             151
+BN_num_bits_word                        152
+BN_options                              153
+BN_print                                154
+BN_print_fp                             155
+BN_rand                                 156
+BN_reciprocal                           157
+BN_rshift                               158
+BN_rshift1                              159
+BN_set_bit                              160
+BN_set_word                             161
+BN_sqr                                  162
+BN_sub                                  163
+BN_to_ASN1_INTEGER                      164
+BN_ucmp                                 165
+BN_value_one                            166
+BUF_MEM_free                            167
+BUF_MEM_grow                            168
+BUF_MEM_new                             169
+BUF_strdup                              170
+CONF_free                               171
+CONF_get_number                         172
+CONF_get_section                        173
+CONF_get_string                         174
+CONF_load                               175
+CRYPTO_add_lock                         176
+CRYPTO_dbg_free                         177
+CRYPTO_dbg_malloc                       178
+CRYPTO_dbg_realloc                      179
+CRYPTO_dbg_remalloc                     180
+CRYPTO_free                             181
+CRYPTO_get_add_lock_callback            182
+CRYPTO_get_id_callback                  183
+CRYPTO_get_lock_name                    184
+CRYPTO_get_locking_callback             185
+CRYPTO_get_mem_functions                186
+CRYPTO_lock                             187
+CRYPTO_malloc                           188
+CRYPTO_mem_ctrl                         189
+CRYPTO_mem_leaks                        190
+CRYPTO_mem_leaks_cb                     191
+CRYPTO_mem_leaks_fp                     192
+CRYPTO_realloc                          193
+CRYPTO_remalloc                         194
+CRYPTO_set_add_lock_callback            195
+CRYPTO_set_id_callback                  196
+CRYPTO_set_locking_callback             197
+CRYPTO_set_mem_functions                198
+CRYPTO_thread_id                        199
+DH_check                                200
+DH_compute_key                          201
+DH_free                                 202
+DH_generate_key                         203
+DH_generate_parameters                  204
+DH_new                                  205
+DH_size                                 206
+DHparams_print                          207
+DHparams_print_fp                       208
+DSA_free                                209
+DSA_generate_key                        210
+DSA_generate_parameters                 211
+DSA_is_prime                            212
+DSA_new                                 213
+DSA_print                               214
+DSA_print_fp                            215
+DSA_sign                                216
+DSA_sign_setup                          217
+DSA_size                                218
+DSA_verify                              219
+DSAparams_print                         220
+DSAparams_print_fp                      221
+ERR_clear_error                         222
+ERR_error_string                        223
+ERR_free_strings                        224
+ERR_func_error_string                   225
+ERR_get_err_state_table                 226
+ERR_get_error                           227
+ERR_get_error_line                      228
+ERR_get_state                           229
+ERR_get_string_table                    230
+ERR_lib_error_string                    231
+ERR_load_ASN1_strings                   232
+ERR_load_BIO_strings                    233
+ERR_load_BN_strings                     234
+ERR_load_BUF_strings                    235
+ERR_load_CONF_strings                   236
+ERR_load_DH_strings                     237
+ERR_load_DSA_strings                    238
+ERR_load_ERR_strings                    239
+ERR_load_EVP_strings                    240
+ERR_load_OBJ_strings                    241
+ERR_load_PEM_strings                    242
+ERR_load_PROXY_strings                  243
+ERR_load_RSA_strings                    244
+ERR_load_X509_strings                   245
+ERR_load_crypto_strings                 246
+ERR_load_strings                        247
+ERR_peek_error                          248
+ERR_peek_error_line                     249
+ERR_print_errors                        250
+ERR_print_errors_fp                     251
+ERR_put_error                           252
+ERR_reason_error_string                 253
+ERR_remove_state                        254
+EVP_BytesToKey                          255
+EVP_CIPHER_CTX_cleanup                  256
+EVP_CipherFinal                         257
+EVP_CipherInit                          258
+EVP_CipherUpdate                        259
+EVP_DecodeBlock                         260
+EVP_DecodeFinal                         261
+EVP_DecodeInit                          262
+EVP_DecodeUpdate                        263
+EVP_DecryptFinal                        264
+EVP_DecryptInit                         265
+EVP_DecryptUpdate                       266
+EVP_DigestFinal                         267
+EVP_DigestInit                          268
+EVP_DigestUpdate                        269
+EVP_EncodeBlock                         270
+EVP_EncodeFinal                         271
+EVP_EncodeInit                          272
+EVP_EncodeUpdate                        273
+EVP_EncryptFinal                        274
+EVP_EncryptInit                         275
+EVP_EncryptUpdate                       276
+EVP_OpenFinal                           277
+EVP_OpenInit                            278
+EVP_PKEY_assign                         279
+EVP_PKEY_copy_parameters                280
+EVP_PKEY_free                           281
+EVP_PKEY_missing_parameters             282
+EVP_PKEY_new                            283
+EVP_PKEY_save_parameters                284
+EVP_PKEY_size                           285
+EVP_PKEY_type                           286
+EVP_SealFinal                           287
+EVP_SealInit                            288
+EVP_SignFinal                           289
+EVP_VerifyFinal                         290
+EVP_add_alias                           291
+EVP_add_cipher                          292
+EVP_add_digest                          293
+EVP_bf_cbc                              294
+EVP_bf_cfb                              295
+EVP_bf_ecb                              296
+EVP_bf_ofb                              297
+EVP_cleanup                             298
+EVP_des_cbc                             299
+EVP_des_cfb                             300
+EVP_des_ecb                             301
+EVP_des_ede                             302
+EVP_des_ede3                            303
+EVP_des_ede3_cbc                        304
+EVP_des_ede3_cfb                        305
+EVP_des_ede3_ofb                        306
+EVP_des_ede_cbc                         307
+EVP_des_ede_cfb                         308
+EVP_des_ede_ofb                         309
+EVP_des_ofb                             310
+EVP_desx_cbc                            311
+EVP_dss                                 312
+EVP_dss1                                313
+EVP_enc_null                            314
+EVP_get_cipherbyname                    315
+EVP_get_digestbyname                    316
+EVP_get_pw_prompt                       317
+EVP_idea_cbc                            318
+EVP_idea_cfb                            319
+EVP_idea_ecb                            320
+EVP_idea_ofb                            321
+EVP_md2                                 322
+EVP_md5                                 323
+EVP_md_null                             324
+EVP_rc2_cbc                             325
+EVP_rc2_cfb                             326
+EVP_rc2_ecb                             327
+EVP_rc2_ofb                             328
+EVP_rc4                                 329
+EVP_read_pw_string                      330
+EVP_set_pw_prompt                       331
+EVP_sha                                 332
+EVP_sha1                                333
+MD2                                     334
+MD2_Final                               335
+MD2_Init                                336
+MD2_Update                              337
+MD2_options                             338
+MD5                                     339
+MD5_Final                               340
+MD5_Init                                341
+MD5_Update                              342
+MDC2                                    343
+MDC2_Final                              344
+MDC2_Init                               345
+MDC2_Update                             346
+NETSCAPE_SPKAC_free                     347
+NETSCAPE_SPKAC_new                      348
+NETSCAPE_SPKI_free                      349
+NETSCAPE_SPKI_new                       350
+NETSCAPE_SPKI_sign                      351
+NETSCAPE_SPKI_verify                    352
+OBJ_add_object                          353
+OBJ_bsearch                             354
+OBJ_cleanup                             355
+OBJ_cmp                                 356
+OBJ_create                              357
+OBJ_dup                                 358
+OBJ_ln2nid                              359
+OBJ_new_nid                             360
+OBJ_nid2ln                              361
+OBJ_nid2obj                             362
+OBJ_nid2sn                              363
+OBJ_obj2nid                             364
+OBJ_sn2nid                              365
+OBJ_txt2nid                             366
+PEM_ASN1_read                           367
+PEM_ASN1_read_bio                       368
+PEM_ASN1_write                          369
+PEM_ASN1_write_bio                      370
+PEM_SealFinal                           371
+PEM_SealInit                            372
+PEM_SealUpdate                          373
+PEM_SignFinal                           374
+PEM_SignInit                            375
+PEM_SignUpdate                          376
+PEM_X509_INFO_read                      377
+PEM_X509_INFO_read_bio                  378
+PEM_X509_INFO_write_bio                 379
+PEM_dek_info                            380
+PEM_do_header                           381
+PEM_get_EVP_CIPHER_INFO                 382
+PEM_proc_type                           383
+PEM_read                                384
+PEM_read_DHparams                       385
+PEM_read_DSAPrivateKey                  386
+PEM_read_DSAparams                      387
+PEM_read_PKCS7                          388
+PEM_read_PrivateKey                     389
+PEM_read_RSAPrivateKey                  390
+PEM_read_X509                           391
+PEM_read_X509_CRL                       392
+PEM_read_X509_REQ                       393
+PEM_read_bio                            394
+PEM_read_bio_DHparams                   395
+PEM_read_bio_DSAPrivateKey              396
+PEM_read_bio_DSAparams                  397
+PEM_read_bio_PKCS7                      398
+PEM_read_bio_PrivateKey                 399
+PEM_read_bio_RSAPrivateKey              400
+PEM_read_bio_X509                       401
+PEM_read_bio_X509_CRL                   402
+PEM_read_bio_X509_REQ                   403
+PEM_write                               404
+PEM_write_DHparams                      405
+PEM_write_DSAPrivateKey                 406
+PEM_write_DSAparams                     407
+PEM_write_PKCS7                         408
+PEM_write_PrivateKey                    409
+PEM_write_RSAPrivateKey                 410
+PEM_write_X509                          411
+PEM_write_X509_CRL                      412
+PEM_write_X509_REQ                      413
+PEM_write_bio                           414
+PEM_write_bio_DHparams                  415
+PEM_write_bio_DSAPrivateKey             416
+PEM_write_bio_DSAparams                 417
+PEM_write_bio_PKCS7                     418
+PEM_write_bio_PrivateKey                419
+PEM_write_bio_RSAPrivateKey             420
+PEM_write_bio_X509                      421
+PEM_write_bio_X509_CRL                  422
+PEM_write_bio_X509_REQ                  423
+PKCS7_DIGEST_free                       424
+PKCS7_DIGEST_new                        425
+PKCS7_ENCRYPT_free                      426
+PKCS7_ENCRYPT_new                       427
+PKCS7_ENC_CONTENT_free                  428
+PKCS7_ENC_CONTENT_new                   429
+PKCS7_ENVELOPE_free                     430
+PKCS7_ENVELOPE_new                      431
+PKCS7_ISSUER_AND_SERIAL_digest          432
+PKCS7_ISSUER_AND_SERIAL_free            433
+PKCS7_ISSUER_AND_SERIAL_new             434
+PKCS7_RECIP_INFO_free                   435
+PKCS7_RECIP_INFO_new                    436
+PKCS7_SIGNED_free                       437
+PKCS7_SIGNED_new                        438
+PKCS7_SIGNER_INFO_free                  439
+PKCS7_SIGNER_INFO_new                   440
+PKCS7_SIGN_ENVELOPE_free                441
+PKCS7_SIGN_ENVELOPE_new                 442
+PKCS7_dup                               443
+PKCS7_free                              444
+PKCS7_new                               445
+PROXY_ENTRY_add_noproxy                 446
+PROXY_ENTRY_clear_noproxy               447
+PROXY_ENTRY_free                        448
+PROXY_ENTRY_get_noproxy                 449
+PROXY_ENTRY_new                         450
+PROXY_ENTRY_set_server                  451
+PROXY_add_noproxy                       452
+PROXY_add_server                        453
+PROXY_check_by_host                     454
+PROXY_check_url                         455
+PROXY_clear_noproxy                     456
+PROXY_free                              457
+PROXY_get_noproxy                       458
+PROXY_get_proxies                       459
+PROXY_get_proxy_entry                   460
+PROXY_load_conf                         461
+PROXY_new                               462
+PROXY_print                             463
+RAND_bytes                              464
+RAND_cleanup                            465
+RAND_file_name                          466
+RAND_load_file                          467
+RAND_screen                             468
+RAND_seed                               469
+RAND_write_file                         470
+RC2_cbc_encrypt                         471
+RC2_cfb64_encrypt                       472
+RC2_ecb_encrypt                         473
+RC2_encrypt                             474
+RC2_ofb64_encrypt                       475
+RC2_set_key                             476
+RC4                                     477
+RC4_options                             478
+RC4_set_key                             479
+RSAPrivateKey_asn1_meth                 480
+RSAPrivateKey_dup                       481
+RSAPublicKey_dup                        482
+RSA_PKCS1_SSLeay                        483
+RSA_free                                484
+RSA_generate_key                        485
+RSA_new                                 486
+RSA_new_method                          487
+RSA_print                               488
+RSA_print_fp                            489
+RSA_private_decrypt                     490
+RSA_private_encrypt                     491
+RSA_public_decrypt                      492
+RSA_public_encrypt                      493
+RSA_set_default_method                  494
+RSA_sign                                495
+RSA_sign_ASN1_OCTET_STRING              496
+RSA_size                                497
+RSA_verify                              498
+RSA_verify_ASN1_OCTET_STRING            499
+SHA                                     500
+SHA1                                    501
+SHA1_Final                              502
+SHA1_Init                               503
+SHA1_Update                             504
+SHA_Final                               505
+SHA_Init                                506
+SHA_Update                              507
+SSLeay_add_all_algorithms               508
+SSLeay_add_all_ciphers                  509
+SSLeay_add_all_digests                  510
+TXT_DB_create_index                     511
+TXT_DB_free                             512
+TXT_DB_get_by_index                     513
+TXT_DB_insert                           514
+TXT_DB_read                             515
+TXT_DB_write                            516
+X509_ALGOR_free                         517
+X509_ALGOR_new                          518
+X509_ATTRIBUTE_free                     519
+X509_ATTRIBUTE_new                      520
+X509_CINF_free                          521
+X509_CINF_new                           522
+X509_CRL_INFO_free                      523
+X509_CRL_INFO_new                       524
+X509_CRL_add_ext                        525
+X509_CRL_cmp                            526
+X509_CRL_delete_ext                     527
+X509_CRL_dup                            528
+X509_CRL_free                           529
+X509_CRL_get_ext                        530
+X509_CRL_get_ext_by_NID                 531
+X509_CRL_get_ext_by_OBJ                 532
+X509_CRL_get_ext_by_critical            533
+X509_CRL_get_ext_count                  534
+X509_CRL_new                            535
+X509_CRL_sign                           536
+X509_CRL_verify                         537
+X509_EXTENSION_create_by_NID            538
+X509_EXTENSION_create_by_OBJ            539
+X509_EXTENSION_dup                      540
+X509_EXTENSION_free                     541
+X509_EXTENSION_get_critical             542
+X509_EXTENSION_get_data                 543
+X509_EXTENSION_get_object               544
+X509_EXTENSION_new                      545
+X509_EXTENSION_set_critical             546
+X509_EXTENSION_set_data                 547
+X509_EXTENSION_set_object               548
+X509_INFO_free                          549
+X509_INFO_new                           550
+X509_LOOKUP_by_alias                    551
+X509_LOOKUP_by_fingerprint              552
+X509_LOOKUP_by_issuer_serial            553
+X509_LOOKUP_by_subject                  554
+X509_LOOKUP_ctrl                        555
+X509_LOOKUP_file                        556
+X509_LOOKUP_free                        557
+X509_LOOKUP_hash_dir                    558
+X509_LOOKUP_init                        559
+X509_LOOKUP_new                         560
+X509_LOOKUP_shutdown                    561
+X509_NAME_ENTRY_create_by_NID           562
+X509_NAME_ENTRY_create_by_OBJ           563
+X509_NAME_ENTRY_dup                     564
+X509_NAME_ENTRY_free                    565
+X509_NAME_ENTRY_get_data                566
+X509_NAME_ENTRY_get_object              567
+X509_NAME_ENTRY_new                     568
+X509_NAME_ENTRY_set_data                569
+X509_NAME_ENTRY_set_object              570
+X509_NAME_add_entry                     571
+X509_NAME_cmp                           572
+X509_NAME_delete_entry                  573
+X509_NAME_digest                        574
+X509_NAME_dup                           575
+X509_NAME_entry_count                   576
+X509_NAME_free                          577
+X509_NAME_get_entry                     578
+X509_NAME_get_index_by_NID              579
+X509_NAME_get_index_by_OBJ              580
+X509_NAME_get_text_by_NID               581
+X509_NAME_get_text_by_OBJ               582
+X509_NAME_hash                          583
+X509_NAME_new                           584
+X509_NAME_oneline                       585
+X509_NAME_print                         586
+X509_NAME_set                           587
+X509_OBJECT_free_contents               588
+X509_OBJECT_retrive_by_subject          589
+X509_OBJECT_up_ref_count                590
+X509_PKEY_free                          591
+X509_PKEY_new                           592
+X509_PUBKEY_free                        593
+X509_PUBKEY_get                         594
+X509_PUBKEY_new                         595
+X509_PUBKEY_set                         596
+X509_REQ_INFO_free                      597
+X509_REQ_INFO_new                       598
+X509_REQ_dup                            599
+X509_REQ_free                           600
+X509_REQ_get_pubkey                     601
+X509_REQ_new                            602
+X509_REQ_print                          603
+X509_REQ_print_fp                       604
+X509_REQ_set_pubkey                     605
+X509_REQ_set_subject_name               606
+X509_REQ_set_version                    607
+X509_REQ_sign                           608
+X509_REQ_to_X509                        609
+X509_REQ_verify                         610
+X509_REVOKED_add_ext                    611
+X509_REVOKED_delete_ext                 612
+X509_REVOKED_free                       613
+X509_REVOKED_get_ext                    614
+X509_REVOKED_get_ext_by_NID             615
+X509_REVOKED_get_ext_by_OBJ             616
+X509_REVOKED_get_ext_by_critical        617
+X509_REVOKED_get_ext_count              618
+X509_REVOKED_new                        619
+X509_SIG_free                           620
+X509_SIG_new                            621
+X509_STORE_CTX_cleanup                  622
+X509_STORE_CTX_init                     623
+X509_STORE_add_cert                     624
+X509_STORE_add_lookup                   625
+X509_STORE_free                         626
+X509_STORE_get_by_subject               627
+X509_STORE_load_locations               628
+X509_STORE_new                          629
+X509_STORE_set_default_paths            630
+X509_VAL_free                           631
+X509_VAL_new                            632
+X509_add_ext                            633
+X509_asn1_meth                          634
+X509_certificate_type                   635
+X509_check_private_key                  636
+X509_cmp_current_time                   637
+X509_delete_ext                         638
+X509_digest                             639
+X509_dup                                640
+X509_free                               641
+X509_get_default_cert_area              642
+X509_get_default_cert_dir               643
+X509_get_default_cert_dir_env           644
+X509_get_default_cert_file              645
+X509_get_default_cert_file_env          646
+X509_get_default_private_dir            647
+X509_get_ext                            648
+X509_get_ext_by_NID                     649
+X509_get_ext_by_OBJ                     650
+X509_get_ext_by_critical                651
+X509_get_ext_count                      652
+X509_get_issuer_name                    653
+X509_get_pubkey                         654
+X509_get_pubkey_parameters              655
+X509_get_serialNumber                   656
+X509_get_subject_name                   657
+X509_gmtime_adj                         658
+X509_issuer_and_serial_cmp              659
+X509_issuer_and_serial_hash             660
+X509_issuer_name_cmp                    661
+X509_issuer_name_hash                   662
+X509_load_cert_file                     663
+X509_new                                664
+X509_print                              665
+X509_print_fp                           666
+X509_set_issuer_name                    667
+X509_set_notAfter                       668
+X509_set_notBefore                      669
+X509_set_pubkey                         670
+X509_set_serialNumber                   671
+X509_set_subject_name                   672
+X509_set_version                        673
+X509_sign                               674
+X509_subject_name_cmp                   675
+X509_subject_name_hash                  676
+X509_to_X509_REQ                        677
+X509_verify                             678
+X509_verify_cert                        679
+X509_verify_cert_error_string           680
+X509v3_add_ext                          681
+X509v3_add_extension                    682
+X509v3_add_netscape_extensions          683
+X509v3_add_standard_extensions          684
+X509v3_cleanup_extensions               685
+X509v3_data_type_by_NID                 686
+X509v3_data_type_by_OBJ                 687
+X509v3_delete_ext                       688
+X509v3_get_ext                          689
+X509v3_get_ext_by_NID                   690
+X509v3_get_ext_by_OBJ                   691
+X509v3_get_ext_by_critical              692
+X509v3_get_ext_count                    693
+X509v3_pack_string                      694
+X509v3_pack_type_by_NID                 695
+X509v3_pack_type_by_OBJ                 696
+X509v3_unpack_string                    697
+_des_crypt                              698
+a2d_ASN1_OBJECT                         699
+a2i_ASN1_INTEGER                        700
+a2i_ASN1_STRING                         701
+asn1_Finish                             702
+asn1_GetSequence                        703
+bn_div64                                704
+bn_expand2                              705
+bn_mul_add_words                        706
+bn_mul_words                            707
+bn_qadd                                 708
+bn_qsub                                 709
+bn_sqr_words                            710
+crypt                                   711
+d2i_ASN1_BIT_STRING                     712
+d2i_ASN1_BOOLEAN                        713
+d2i_ASN1_HEADER                         714
+d2i_ASN1_IA5STRING                      715
+d2i_ASN1_INTEGER                        716
+d2i_ASN1_OBJECT                         717
+d2i_ASN1_OCTET_STRING                   718
+d2i_ASN1_PRINTABLE                      719
+d2i_ASN1_PRINTABLESTRING                720
+d2i_ASN1_SET                            721
+d2i_ASN1_T61STRING                      722
+d2i_ASN1_TYPE                           723
+d2i_ASN1_UTCTIME                        724
+d2i_ASN1_bytes                          725
+d2i_ASN1_type_bytes                     726
+d2i_DHparams                            727
+d2i_DSAPrivateKey                       728
+d2i_DSAPrivateKey_bio                   729
+d2i_DSAPrivateKey_fp                    730
+d2i_DSAPublicKey                        731
+d2i_DSAparams                           732
+d2i_NETSCAPE_SPKAC                      733
+d2i_NETSCAPE_SPKI                       734
+d2i_Netscape_RSA                        735
+d2i_PKCS7                               736
+d2i_PKCS7_DIGEST                        737
+d2i_PKCS7_ENCRYPT                       738
+d2i_PKCS7_ENC_CONTENT                   739
+d2i_PKCS7_ENVELOPE                      740
+d2i_PKCS7_ISSUER_AND_SERIAL             741
+d2i_PKCS7_RECIP_INFO                    742
+d2i_PKCS7_SIGNED                        743
+d2i_PKCS7_SIGNER_INFO                   744
+d2i_PKCS7_SIGN_ENVELOPE                 745
+d2i_PKCS7_bio                           746
+d2i_PKCS7_fp                            747
+d2i_PrivateKey                          748
+d2i_PublicKey                           749
+d2i_RSAPrivateKey                       750
+d2i_RSAPrivateKey_bio                   751
+d2i_RSAPrivateKey_fp                    752
+d2i_RSAPublicKey                        753
+d2i_X509                                754
+d2i_X509_ALGOR                          755
+d2i_X509_ATTRIBUTE                      756
+d2i_X509_CINF                           757
+d2i_X509_CRL                            758
+d2i_X509_CRL_INFO                       759
+d2i_X509_CRL_bio                        760
+d2i_X509_CRL_fp                         761
+d2i_X509_EXTENSION                      762
+d2i_X509_NAME                           763
+d2i_X509_NAME_ENTRY                     764
+d2i_X509_PKEY                           765
+d2i_X509_PUBKEY                         766
+d2i_X509_REQ                            767
+d2i_X509_REQ_INFO                       768
+d2i_X509_REQ_bio                        769
+d2i_X509_REQ_fp                         770
+d2i_X509_REVOKED                        771
+d2i_X509_SIG                            772
+d2i_X509_VAL                            773
+d2i_X509_bio                            774
+d2i_X509_fp                             775
+des_cbc_cksum                           777
+des_cbc_encrypt                         778
+des_cblock_print_file                   779
+des_cfb64_encrypt                       780
+des_cfb_encrypt                         781
+des_decrypt3                            782
+des_ecb3_encrypt                        783
+des_ecb_encrypt                         784
+des_ede3_cbc_encrypt                    785
+des_ede3_cfb64_encrypt                  786
+des_ede3_ofb64_encrypt                  787
+des_enc_read                            788
+des_enc_write                           789
+des_encrypt                             790
+des_encrypt2                            791
+des_encrypt3                            792
+des_fcrypt                              793
+des_is_weak_key                         794
+des_key_sched                           795
+des_ncbc_encrypt                        796
+des_ofb64_encrypt                       797
+des_ofb_encrypt                         798
+des_options                             799
+des_pcbc_encrypt                        800
+des_quad_cksum                          801
+des_random_key                          802
+des_random_seed                         803
+des_read_2passwords                     804
+des_read_password                       805
+des_read_pw                             806
+des_read_pw_string                      807
+des_set_key                             808
+des_set_odd_parity                      809
+des_string_to_2keys                     810
+des_string_to_key                       811
+des_xcbc_encrypt                        812
+des_xwhite_in2out                       813
+fcrypt_body                             814
+i2a_ASN1_INTEGER                        815
+i2a_ASN1_OBJECT                         816
+i2a_ASN1_STRING                         817
+i2d_ASN1_BIT_STRING                     818
+i2d_ASN1_BOOLEAN                        819
+i2d_ASN1_HEADER                         820
+i2d_ASN1_IA5STRING                      821
+i2d_ASN1_INTEGER                        822
+i2d_ASN1_OBJECT                         823
+i2d_ASN1_OCTET_STRING                   824
+i2d_ASN1_PRINTABLE                      825
+i2d_ASN1_SET                            826
+i2d_ASN1_TYPE                           827
+i2d_ASN1_UTCTIME                        828
+i2d_ASN1_bytes                          829
+i2d_DHparams                            830
+i2d_DSAPrivateKey                       831
+i2d_DSAPrivateKey_bio                   832
+i2d_DSAPrivateKey_fp                    833
+i2d_DSAPublicKey                        834
+i2d_DSAparams                           835
+i2d_NETSCAPE_SPKAC                      836
+i2d_NETSCAPE_SPKI                       837
+i2d_Netscape_RSA                        838
+i2d_PKCS7                               839
+i2d_PKCS7_DIGEST                        840
+i2d_PKCS7_ENCRYPT                       841
+i2d_PKCS7_ENC_CONTENT                   842
+i2d_PKCS7_ENVELOPE                      843
+i2d_PKCS7_ISSUER_AND_SERIAL             844
+i2d_PKCS7_RECIP_INFO                    845
+i2d_PKCS7_SIGNED                        846
+i2d_PKCS7_SIGNER_INFO                   847
+i2d_PKCS7_SIGN_ENVELOPE                 848
+i2d_PKCS7_bio                           849
+i2d_PKCS7_fp                            850
+i2d_PrivateKey                          851
+i2d_PublicKey                           852
+i2d_RSAPrivateKey                       853
+i2d_RSAPrivateKey_bio                   854
+i2d_RSAPrivateKey_fp                    855
+i2d_RSAPublicKey                        856
+i2d_X509                                857
+i2d_X509_ALGOR                          858
+i2d_X509_ATTRIBUTE                      859
+i2d_X509_CINF                           860
+i2d_X509_CRL                            861
+i2d_X509_CRL_INFO                       862
+i2d_X509_CRL_bio                        863
+i2d_X509_CRL_fp                         864
+i2d_X509_EXTENSION                      865
+i2d_X509_NAME                           866
+i2d_X509_NAME_ENTRY                     867
+i2d_X509_PKEY                           868
+i2d_X509_PUBKEY                         869
+i2d_X509_REQ                            870
+i2d_X509_REQ_INFO                       871
+i2d_X509_REQ_bio                        872
+i2d_X509_REQ_fp                         873
+i2d_X509_REVOKED                        874
+i2d_X509_SIG                            875
+i2d_X509_VAL                            876
+i2d_X509_bio                            877
+i2d_X509_fp                             878
+idea_cbc_encrypt                        879
+idea_cfb64_encrypt                      880
+idea_ecb_encrypt                        881
+idea_encrypt                            882
+idea_ofb64_encrypt                      883
+idea_options                            884
+idea_set_decrypt_key                    885
+idea_set_encrypt_key                    886
+lh_delete                               887
+lh_doall                                888
+lh_doall_arg                            889
+lh_free                                 890
+lh_insert                               891
+lh_new                                  892
+lh_node_stats                           893
+lh_node_stats_bio                       894
+lh_node_usage_stats                     895
+lh_node_usage_stats_bio                 896
+lh_retrieve                             897
+lh_stats                                898
+lh_stats_bio                            899
+lh_strhash                              900
+sk_delete                               901
+sk_delete_ptr                           902
+sk_dup                                  903
+sk_find                                 904
+sk_free                                 905
+sk_insert                               906
+sk_new                                  907
+sk_pop                                  908
+sk_pop_free                             909
+sk_push                                 910
+sk_set_cmp_func                         911
+sk_shift                                912
+sk_unshift                              913
+sk_zero                                 914
+BIO_f_nbio_test                         915
+ASN1_TYPE_get                           916
+ASN1_TYPE_set                           917
+PKCS7_content_free                      918
+ERR_load_PKCS7_strings                  919
+X509_find_by_issuer_and_serial          920
+X509_find_by_subject                    921
+PKCS7_ctrl                              927
+PKCS7_set_type                          928
+PKCS7_set_content                       929
+PKCS7_SIGNER_INFO_set                   930
+PKCS7_add_signer                        931
+PKCS7_add_certificate                   932
+PKCS7_add_crl                           933
+PKCS7_content_new                       934
+PKCS7_dataSign                          935
+PKCS7_dataVerify                        936
+PKCS7_dataInit                          937
+PKCS7_add_signature                     938
+PKCS7_cert_from_signer_info             939
+PKCS7_get_signer_info                   940
+EVP_delete_alias                        941
+EVP_mdc2                                942
+PEM_read_bio_RSAPublicKey               943
+PEM_write_bio_RSAPublicKey              944
+d2i_RSAPublicKey_bio                    945
+i2d_RSAPublicKey_bio                    946
+PEM_read_RSAPublicKey                   947
+PEM_write_RSAPublicKey                  949
+d2i_RSAPublicKey_fp                     952
+i2d_RSAPublicKey_fp                     954
+BIO_copy_next_retry                     955
+RSA_flags                               956
+X509_STORE_add_crl                      957
+X509_load_crl_file                      958
+EVP_rc2_40_cbc                          959
+EVP_rc4_40                              960
+EVP_CIPHER_CTX_init                     961
+HMAC                                    962
+HMAC_Init                               963
+HMAC_Update                             964
+HMAC_Final                              965
+ERR_get_next_error_library              966
+EVP_PKEY_cmp_parameters                 967
+HMAC_cleanup                            968
+BIO_ptr_ctrl                            969
+BIO_new_file_internal                   970
+BIO_new_fp_internal                     971
+BIO_s_file_internal                     972
+BN_BLINDING_convert                     973
+BN_BLINDING_invert                      974
+BN_BLINDING_update                      975
+RSA_blinding_on                         977
+RSA_blinding_off                        978
+i2t_ASN1_OBJECT                         979
+BN_BLINDING_new                         980
+BN_BLINDING_free                        981
+EVP_cast5_cbc                           983
+EVP_cast5_cfb                           984
+EVP_cast5_ecb                           985
+EVP_cast5_ofb                           986
+BF_decrypt                              987
+CAST_set_key                            988
+CAST_encrypt                            989
+CAST_decrypt                            990
+CAST_ecb_encrypt                        991
+CAST_cbc_encrypt                        992
+CAST_cfb64_encrypt                      993
+CAST_ofb64_encrypt                      994
+RC2_decrypt                             995
+OBJ_create_objects                      997
+BN_exp                                  998
+BN_mul_word                             999
+BN_sub_word                             1000
+BN_dec2bn                               1001
+BN_bn2dec                               1002
+BIO_ghbn_ctrl                           1003
+CRYPTO_free_ex_data                     1004
+CRYPTO_get_ex_data                      1005
+CRYPTO_set_ex_data                      1007
+ERR_load_CRYPTO_strings                 1009
+ERR_load_CRYPTOlib_strings              1009
+EVP_PKEY_bits                           1010
+MD5_Transform                           1011
+SHA1_Transform                          1012
+SHA_Transform                           1013
+X509_STORE_CTX_get_chain                1014
+X509_STORE_CTX_get_current_cert         1015
+X509_STORE_CTX_get_error                1016
+X509_STORE_CTX_get_error_depth          1017
+X509_STORE_CTX_get_ex_data              1018
+X509_STORE_CTX_set_cert                 1020
+X509_STORE_CTX_set_chain                1021
+X509_STORE_CTX_set_error                1022
+X509_STORE_CTX_set_ex_data              1023
+CRYPTO_dup_ex_data                      1025
+CRYPTO_get_new_lockid                   1026
+CRYPTO_new_ex_data                      1027
+RSA_set_ex_data                         1028
+RSA_get_ex_data                         1029
+RSA_get_ex_new_index                    1030
+RSA_padding_add_PKCS1_type_1            1031
+RSA_padding_add_PKCS1_type_2            1032
+RSA_padding_add_SSLv23                  1033
+RSA_padding_add_none                    1034
+RSA_padding_check_PKCS1_type_1          1035
+RSA_padding_check_PKCS1_type_2          1036
+RSA_padding_check_SSLv23                1037
+RSA_padding_check_none                  1038
+bn_add_words                            1039
+d2i_Netscape_RSA_2                      1040
+CRYPTO_get_ex_new_index                 1041
+RIPEMD160_Init                          1042
+RIPEMD160_Update                        1043
+RIPEMD160_Final                         1044
+RIPEMD160                               1045
+RIPEMD160_Transform                     1046
+RC5_32_set_key                          1047
+RC5_32_ecb_encrypt                      1048
+RC5_32_encrypt                          1049
+RC5_32_decrypt                          1050
+RC5_32_cbc_encrypt                      1051
+RC5_32_cfb64_encrypt                    1052
+RC5_32_ofb64_encrypt                    1053
+BN_bn2mpi                               1058
+BN_mpi2bn                               1059
+ASN1_BIT_STRING_get_bit                 1060
+ASN1_BIT_STRING_set_bit                 1061
+BIO_get_ex_data                         1062
+BIO_get_ex_new_index                    1063
+BIO_set_ex_data                         1064
+X509_STORE_CTX_get_ex_new_index         1065
+X509v3_get_key_usage                    1066
+X509v3_set_key_usage                    1067
+a2i_X509v3_key_usage                    1068
+i2a_X509v3_key_usage                    1069
+EVP_PKEY_decrypt                        1070
+EVP_PKEY_encrypt                        1071
+PKCS7_RECIP_INFO_set                    1072
+PKCS7_add_recipient                     1073
+PKCS7_add_recipient_info                1074
+PKCS7_set_cipher                        1075
+ASN1_TYPE_get_int_octetstring           1076
+ASN1_TYPE_get_octetstring               1077
+ASN1_TYPE_set_int_octetstring           1078
+ASN1_TYPE_set_octetstring               1079
+ASN1_UTCTIME_set_string                 1080
+ERR_add_error_data                      1081
+ERR_set_error_data                      1082
+EVP_CIPHER_asn1_to_param                1083
+EVP_CIPHER_param_to_asn1                1084
+EVP_CIPHER_get_asn1_iv                  1085
+EVP_CIPHER_set_asn1_iv                  1086
+EVP_rc5_32_12_16_cbc                    1087
+EVP_rc5_32_12_16_cfb                    1088
+EVP_rc5_32_12_16_ecb                    1089
+EVP_rc5_32_12_16_ofb                    1090
+asn1_add_error                          1091
diff --git a/src/lib/libssl/src/util/mk1mf.pl b/src/lib/libssl/src/util/mk1mf.pl
new file mode 100644
index 0000000000..149a0f4f80
--- /dev/null
+++ b/src/lib/libssl/src/util/mk1mf.pl
@@ -0,0 +1,793 @@
+#!/usr/bin/perl
+# A bit of an evil hack but it post processes the file ../MINFO which
+# is generated by `make files` in the top directory.
+# This script outputs one mega makefile that has no shell stuff or any
+# funny stuff
+#
+$INSTALLTOP="/usr/local/ssl";
+$ssl_version="0.8.2";
+$infile="MINFO";
+%ops=(
+        "VC-WIN32",   "Microsoft Visual C++ 4.[01] - Windows NT [34].x",
+        "VC-W31-16",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",
+        "VC-WIN16",   "Alias for VC-W31-32",
+        "VC-W31-32",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 386+",
+        "VC-MSDOS","Microsoft Visual C++ 1.52 - MSDOS",
+        "BC-NT",   "Borland C++ 4.5 - Windows NT  - PROBABLY NOT WORKING",
+        "BC-W31",  "Borland C++ 4.5 - Windows 3.1 - PROBABLY NOT WORKING",
+        "BC-MSDOS","Borland C++ 4.5 - MSDOS",
+        "linux-elf","Linux elf",
+        "FreeBSD","FreeBSD distribution",
+        "default","cc under unix",
+        );
+$type="";
+foreach (@ARGV)
+        {
+        if    (/^no-rc2$/)      { $no_rc2=1; }
+        elsif (/^no-rc4$/)      { $no_rc4=1; }
+        elsif (/^no-rc5$/)      { $no_rc5=1; }
+        elsif (/^no-idea$/)     { $no_idea=1; }
+        elsif (/^no-des$/)      { $no_des=1; }
+        elsif (/^no-bf$/)       { $no_bf=1; }
+        elsif (/^no-cast$/)     { $no_cast=1; }
+        elsif (/^no-md2$/)      { $no_md2=1; }
+        elsif (/^no-md5$/)      { $no_md5=1; }
+        elsif (/^no-sha$/)      { $no_sha=1; }
+        elsif (/^no-sha1$/)     { $no_sha1=1; }
+        elsif (/^no-rmd160$/)   { $no_rmd160=1; }
+        elsif (/^no-mdc2$/)     { $no_mdc2=1; }
+        elsif (/^no-patents$/)  { $no_rc2=$no_rc4=$no_rc5=$no_idea=$no_rsa=1; }
+        elsif (/^no-rsa$/)      { $no_rsa=1; }
+        elsif (/^no-dsa$/)      { $no_dsa=1; }
+        elsif (/^no-dh$/)       { $no_dh=1; }
+        elsif (/^no-asm$/)      { $no_asm=1; }
+        elsif (/^no-ssl2$/)     { $no_ssl2=1; }
+        elsif (/^no-ssl3$/)     { $no_ssl3=1; }
+        elsif (/^no-err$/)      { $no_err=1; }
+        elsif (/^no-sock$/)     { $no_sock=1; }
+        elsif (/^just-ssl$/)    { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+                                  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+                                  $no_ssl2=$no_err=1; }
+        elsif (/^rsaref$/)      { $rsaref=1; }
+        elsif (/^gcc$/)         { $gcc=1; }
+        elsif (/^debug$/)       { $debug=1; }
+        elsif (/^shlib$/)       { $shlib=1; }
+        elsif (/^dll$/)         { $shlib=1; }
+        elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
+        elsif (/^-[lL].*$/)     { $l_flags.="$_ "; }
+        elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
+                { $c_flags.="$_ "; }
+        else
+                {
+                if (!defined($ops{$_}))
+                        {
+                        print STDERR "unknown option - $_\n";
+                        print STDERR "usage: perl mk1mf.pl [system] [options]\n";
+                        print STDERR "\nwhere [system] can be one of the following\n";
+                        foreach $i (sort keys %ops)
+                                { printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
+                        print STDERR <<"EOF";
+and [options] can be one of
+        no-md2 no-md5 no-sha no-sha1 no-mdc2 no-rmd160 - Skip this digest
+        no-rc2 no-rc4 no-idea no-des no-bf no-cast - Skip this symetric cipher
+        no-rc5
+        no-rsa no-dsa no-dh                     - Skip this public key cipher
+        no-ssl2 no-ssl3                         - Skip this version of SSL
+        just-ssl                                - remove all non-ssl keys/digest
+        no-asm                                  - No x86 asm
+        no-socks                                - No socket code
+        no-err                                  - No error strings
+        dll/shlib                               - Build shared libraries (MS)
+        debug                                   - Debug build
+        gcc                                     - Use Gcc (unix)
+        rsaref                                  - Build to require RSAref
+Values that can be set
+TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
+-L<ex_lib_path> -l<ex_lib>                      - extra library flags (unix)
+-<ex_cc_flags>                                  - extra 'cc' flags,
+                                                  added (MS), or replace (unix)
+EOF
+                        exit(1);
+                        }
+                $type=$_;
+                }
+        }
+$no_mdc2=1 if ($no_des);
+$no_ssl3=1 if ($no_md5 || $no_sha1);
+$no_ssl3=1 if ($no_rsa && $no_dh);
+$no_ssl2=1 if ($no_md5 || $no_rsa);
+$no_ssl2=1 if ($no_rsa);
+$out_def="out";
+$inc_def="outinc";
+$tmp_def="tmp";
+($ssl,$crypto)=("ssl","crypto");
+$RSAglue="RSAglue";
+$ranlib="echo ranlib";
+$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
+$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.';
+$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
+# $bin_dir.=$o causes a core dump on my sparc :-(
+push(@INC,"util/pl","pl");
+if ($type eq "VC-MSDOS")
+        {
+        $asmbits=16;
+        $msdos=1;
+        require 'VC-16.pl';
+        }
+elsif ($type eq "VC-W31-16")
+        {
+        $asmbits=16;
+        $msdos=1; $win16=1;
+        require 'VC-16.pl';
+        }
+elsif (($type eq "VC-W31-32") || ($type eq "VC-WIN16"))
+        {
+        $asmbits=32;
+        $msdos=1; $win16=1;
+        require 'VC-16.pl';
+        }
+elsif (($type eq "VC-WIN32") || ($type eq "VC-NT"))
+        {
+        require 'VC-32.pl';
+        }
+elsif ($type eq "BC-NT")
+        {
+        $bc=1;
+        require 'BC-32.pl';
+        }
+elsif ($type eq "BC-W31")
+        {
+        $bc=1;
+        $msdos=1; $w16=1;
+        require 'BC-16.pl';
+        }
+elsif ($type eq "BC-Q16")
+        {
+        $msdos=1; $w16=1; $shlib=0; $qw=1;
+        require 'BC-16.pl';
+        }
+elsif ($type eq "BC-MSDOS")
+        {
+        $asmbits=16;
+        $msdos=1;
+        require 'BC-16.pl';
+        }
+elsif ($type eq "FreeBSD")
+        {
+        require 'unix.pl';
+        $cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer';
+        }
+elsif ($type eq "linux-elf")
+        {
+        require "unix.pl";
+        require "linux.pl";
+        $unix=1;
+        }
+else
+        {
+        require "unix.pl";
+        $unix=1;
+        $cflags.=' -DTERMIO';
+        }
+$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
+$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
+$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
+$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
+$cflags.=" -DNO_IDEA" if $no_idea;
+$cflags.=" -DNO_RC2"  if $no_rc2;
+$cflags.=" -DNO_RC4"  if $no_rc4;
+$cflags.=" -DNO_RC5"  if $no_rc5;
+$cflags.=" -DNO_MD2"  if $no_md2;
+$cflags.=" -DNO_MD5"  if $no_md5;
+$cflags.=" -DNO_SHA"  if $no_sha;
+$cflags.=" -DNO_SHA1" if $no_sha1;
+$cflags.=" -DNO_RMD160" if $no_rmd160;
+$cflags.=" -DNO_MDC2" if $no_mdc2;
+$cflags.=" -DNO_BLOWFISH"  if $no_bf;
+$cflags.=" -DNO_CAST" if $no_cast;
+$cflags.=" -DNO_DES"  if $no_des;
+$cflags.=" -DNO_RSA"  if $no_rsa;
+$cflags.=" -DNO_DSA"  if $no_dsa;
+$cflags.=" -DNO_DH"   if $no_dh;
+$cflags.=" -DNO_SOCK" if $no_sock;
+$cflags.=" -DNO_SSL2" if $no_ssl2;
+$cflags.=" -DNO_SSL3" if $no_ssl3;
+$cflags.=" -DNO_ERR"  if $no_err;
+$cflags.=" -DRSAref"  if $rsaref ne "";
+if ($unix)
+        { $cflags="$c_flags" if ($c_flags ne ""); }
+else    { $cflags="$c_flags$cflags" if ($c_flags ne ""); }
+$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
+if ($ranlib ne "")
+        {
+        $ranlib="\$(SRC_D)$o$ranlib";
+        }
+if ($msdos)
+        {
+        $banner ="\t\@echo Make sure you have run 'perl Configure $type' in the\n";
+        $banner.="\t\@echo top level directory, if you don't have perl, you will\n";
+        $banner.="\t\@echo need to probably edit crypto/bn/bn.h, check the\n";
+        $banner.="\t\@echo documentation for details.\n";
+        }
+# have to do this to allow $(CC) under unix
+$link="$bin_dir$link" if ($link !~ /^\$/);
+$INSTALLTOP =~ s|/|$o|g;
+$defs= <<"EOF";
+# This makefile has been automatically generated from the SSLeay distribution.
+# This single makefile will build the complete SSLeay distribution and
+# by default leave the 'intertesting' output files in .${o}out and the stuff
+# that needs deleting in .${o}tmp.
+# The file was generated by running 'make makefile.one', which
+# does a 'make files', which writes all the environment variables from all
+# the makefiles to the file call MINFO.  This file is used by
+# util${o}mk1mf.pl to generate makefile.one.
+# The 'makefile per directory' system suites me when developing this
+# library and also so I can 'distribute' indervidual library sections.
+# The one monster makefile better suits building in non-unix
+# environments.
+INSTALLTOP=$INSTALLTOP
+# Set your compiler options
+CC=$bin_dir${cc}
+CFLAG=$cflags
+APP_CFLAG=$app_cflag
+LIB_CFLAG=$lib_cflag
+SHLIB_CFLAG=$shl_cflag
+APP_EX_OBJ=$app_ex_obj
+SHLIB_EX_OBJ=$shlib_ex_obj
+# add extra libraries to this define, for solaris -lsocket -lnsl would
+# be added
+EX_LIBS=$ex_libs
+# The SSLeay directory
+SRC_D=$src_dir
+LINK=$link
+LFLAGS=$lflags
+BN_MULW_OBJ=$bn_mulw_obj
+BN_MULW_SRC=$bn_mulw_src
+DES_ENC_OBJ=$des_enc_obj
+DES_ENC_SRC=$des_enc_src
+DES_CRYPT_OBJ=$des_crypt_obj
+DES_CRYPT_SRC=$des_crypt_src
+BF_ENC_OBJ=$bf_enc_obj
+BF_ENC_SRC=$bf_enc_src
+CAST_ENC_OBJ=$cast_enc_obj
+CAST_ENC_SRC=$cast_enc_src
+RC4_ENC_OBJ=$rc4_enc_obj
+RC4_ENC_SRC=$rc4_enc_src
+RC5_ENC_OBJ=$rc5_enc_obj
+RC5_ENC_SRC=$rc5_enc_src
+MD5_ASM_OBJ=$md5_asm_obj
+MD5_ASM_SRC=$md5_asm_src
+SHA1_ASM_OBJ=$sha1_asm_obj
+SHA1_ASM_SRC=$sha1_asm_src
+RMD160_ASM_OBJ=$rmd160_asm_obj
+RMD160_ASM_SRC=$rmd160_asm_src
+# The output directory for everything intersting
+OUT_D=$out_dir
+# The output directory for all the temporary muck
+TMP_D=$tmp_dir
+# The output directory for the header files
+INC_D=$inc_dir
+CP=$cp
+RM=$rm
+RANLIB=$ranlib
+MKDIR=mkdir
+MKLIB=$bin_dir$mklib
+MLFLAGS=$mlflags
+ASM=$bin_dir$asm
+######################################################
+# You should not need to touch anything below this point
+######################################################
+E_EXE=ssleay
+SSL=$ssl
+CRYPTO=$crypto
+RSAGLUE=$RSAglue
+# BIN_D  - Binary output directory
+# TEST_D - Binary test file output directory
+# LIB_D  - library output directory
+BIN_D=\$(OUT_D)
+TEST_D=\$(OUT_D)
+LIB_D=\$(OUT_D)
+# INCL_D - local library directory
+# OBJ_D  - temp object file directory
+OBJ_D=\$(TMP_D)
+INCL_D=\$(TMP_D)
+O_SSL=     \$(LIB_D)$o$plib\$(SSL)$shlibp
+O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
+O_RSAGLUE= \$(LIB_D)$o$plib\$(RSAGLUE)$libp
+SO_SSL=    $plib\$(SSL)$so_shlibp
+SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
+L_SSL=     \$(LIB_D)$o\$(SSL)$libp
+L_CRYPTO=  \$(LIB_D)$o\$(CRYPTO)$libp
+L_LIBS= \$(L_SSL) \$(L_CRYPTO)
+#L_LIBS= \$(O_SSL) \$(O_RSAGLUE) -lrsaref \$(O_CRYPTO)
+######################################################
+# Don't touch anything below this point
+######################################################
+INC=-I\$(INC_D) -I\$(INCL_D)
+APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
+LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
+SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
+LIBS_DEP=\$(O_CRYPTO) \$(O_RSAGLUE) \$(O_SSL)
+#############################################
+EOF
+$rules=<<"EOF";
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INC_D) headers lib exe
+banner:
+$banner
+\$(TMP_D):
+        \$(MKDIR) \$(TMP_D)
+\$(BIN_D):
+        \$(MKDIR) \$(BIN_D)
+\$(TEST_D):
+        \$(MKDIR) \$(TEST_D)
+\$(LIB_D):
+        \$(MKDIR) \$(LIB_D)
+\$(INC_D):
+        \$(MKDIR) \$(INC_D)
+headers: \$(HEADER) \$(EXHEADER)
+lib: \$(LIBS_DEP)
+exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep
+install:
+        \$(MKDIR) \$(INSTALLTOP)
+        \$(MKDIR) \$(INSTALLTOP)${o}bin
+        \$(MKDIR) \$(INSTALLTOP)${o}include
+        \$(MKDIR) \$(INSTALLTOP)${o}lib
+        \$(CP) \$(INC_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include
+        \$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin
+        \$(CP) \$(O_SSL) \$(INSTALLTOP)${o}lib
+        \$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}lib
+clean:
+        \$(RM) \$(TMP_D)$o*.*
+vclean:
+        \$(RM) \$(TMP_D)$o*.*
+        \$(RM) \$(OUT_D)$o*.*
+EOF
+#############################################
+# We parse in input file and 'store' info for later printing.
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+        {
+        chop;
+        ($key,$val)=/^([^=]+)=(.*)/;
+        if ($key eq "RELATIVE_DIRECTORY")
+                {
+                if ($lib ne "")
+                        {
+                        $uc=$lib;
+                        $uc =~ s/^lib(.*)\.a/$1/;
+                        $uc =~ tr/a-z/A-Z/;
+                        $lib_nam{$uc}=$uc;
+                        $lib_obj{$uc}.=$libobj." ";
+                        }
+                last if ($val eq "FINISHED");
+                $lib="";
+                $libobj="";
+                $dir=$val;
+                }
+        if ($key eq "TEST")
+                { $test.=&var_add($dir,$val); }
+        if (($key eq "PROGS") || ($key eq "E_OBJ"))
+                { $e_exe.=&var_add($dir,$val); }
+        if ($key eq "LIB")
+                {
+                $lib=$val;
+                $lib =~ s/^.*\/([^\/]+)$/$1/;
+                }
+        if ($key eq "EXHEADER")
+                { $exheader.=&var_add($dir,$val); }
+        if ($key eq "HEADER")
+                { $header.=&var_add($dir,$val); }
+        if ($key eq "LIBOBJ")
+                { $libobj=&var_add($dir,$val); }
+        if (!($_=<IN>))
+                { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+        }
+close(IN);
+# Strip of trailing ' '
+foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
+$test=&clean_up_ws($test);
+$e_exe=&clean_up_ws($e_exe);
+$exheader=&clean_up_ws($exheader);
+$header=&clean_up_ws($header);
+# First we strip the exheaders from the headers list
+foreach (split(/\s+/,$exheader)){ $h{$_}=1; }
+foreach (split(/\s+/,$header))  { $h.=$_." " unless $h{$_}; }
+chop($h); $header=$h;
+$defs.=&do_defs("HEADER",$header,"\$(INCL_D)",".h");
+$rules.=&do_copy_rule("\$(INCL_D)",$header,".h");
+$defs.=&do_defs("EXHEADER",$exheader,"\$(INC_D)",".h");
+$rules.=&do_copy_rule("\$(INC_D)",$exheader,".h");
+$defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
+$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
+foreach (values %lib_nam)
+        {
+        $lib_obj=$lib_obj{$_};
+        local($slib)=$shlib;
+        $slib=0 if ($_ eq "RSAGLUE");
+        if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
+                {
+                $rules.="\$(O_SSL):\n\n"; 
+                next;
+                }
+        if (($_ eq "RSAGLUE") && $no_rsa)
+                {
+                $rules.="\$(O_RSAGLUE):\n\n"; 
+                next;
+                }
+        if (($bn_mulw_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*\/bn_mulw\S*/ \$(BN_MULW_OBJ)/;
+                $rules.=&do_asm_rule($bn_mulw_obj,$bn_mulw_src);
+                }
+        if (($des_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
+                $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
+                $rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
+                }
+        if (($bf_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*\/bf_enc\S*/ \$(BF_ENC_OBJ)/;
+                $rules.=&do_asm_rule($bf_enc_obj,$bf_enc_src);
+                }
+        if (($cast_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/(\s\S*\/c_enc\S*)/ \$(CAST_ENC_OBJ)/;
+                $rules.=&do_asm_rule($cast_enc_obj,$cast_enc_src);
+                }
+        if (($rc4_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*\/rc4_enc\S*/ \$(RC4_ENC_OBJ)/;
+                $rules.=&do_asm_rule($rc4_enc_obj,$rc4_enc_src);
+                }
+        if (($rc5_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*\/rc5_enc\S*/ \$(RC5_ENC_OBJ)/;
+                $rules.=&do_asm_rule($rc5_enc_obj,$rc5_enc_src);
+                }
+        if (($md5_asm_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/;
+                $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src);
+                }
+        if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
+                $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
+                }
+        if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/;
+                $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
+                }
+        $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
+        $lib=($slib)?" \$(SHLIB_CFLAGS)":" \$(LIB_CFLAGS)";
+        $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
+        }
+$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
+foreach (split(/\s+/,$test))
+        {
+        $t=&bname($_);
+        $tt="\$(OBJ_D)${o}$t${obj}";
+        $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+        }
+$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
+$rules.= &do_lib_rule("\$(RSAGLUEOBJ)","\$(O_RSAGLUE)",$RSAglue,0,"")
+        unless $no_rsa;
+$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
+$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+print $defs;
+print "###################################################################\n";
+print $rules;
+###############################################
+# strip off any trailing .[och] and append the relative directory
+# also remembering to do nothing if we are in one of the dropped
+# directories
+sub var_add
+        {
+        local($dir,$val)=@_;
+        local(@a,$_,$ret);
+        return("") if $no_idea && $dir =~ /\/idea/;
+        return("") if $no_rc2  && $dir =~ /\/rc2/;
+        return("") if $no_rc4  && $dir =~ /\/rc4/;
+        return("") if $no_rc5  && $dir =~ /\/rc5/;
+        return("") if $no_rsa  && $dir =~ /\/rsa/;
+        return("") if $no_rsa  && $dir =~ /^rsaref/;
+        return("") if $no_dsa  && $dir =~ /\/dsa/;
+        return("") if $no_dh   && $dir =~ /\/dh/;
+        if ($no_des && $dir =~ /\/des/)
+                {
+                if ($val =~ /read_pwd/)
+                        { return("$dir/read_pwd "); }
+                else
+                        { return(""); }
+                }
+        return("") if $no_mdc2 && $dir =~ /\/mdc2/;
+        return("") if $no_sock && $dir =~ /\/proxy/;
+        return("") if $no_bf   && $dir =~ /\/bf/;
+        return("") if $no_cast && $dir =~ /\/cast/;
+        $val =~ s/^\s*(.*)\s*$/$1/;
+        @a=split(/\s+/,$val);
+        grep(s/\.[och]$//,@a);
+        @a=grep(!/^e_.*_3d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_i$/,@a) if $no_idea;
+        @a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
+        @a=grep(!/^e_.*_r5$/,@a) if $no_rc5;
+        @a=grep(!/^e_.*_bf$/,@a) if $no_bf;
+        @a=grep(!/^e_.*_c$/,@a) if $no_cast;
+        @a=grep(!/^e_rc4$/,@a) if $no_rc4;
+        @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+        @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+        @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
+        @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+        @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+        @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+        @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(^pem_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa;
+        @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa;
+        @a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4;
+        @a=grep(!/_dhp$/,@a) if $no_dh;
+        @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha;
+        @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        @a=grep(!/_mdc2$/,@a) if $no_mdc2;
+        @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+        @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+        @a=grep(!/^gendsa$/,@a) if $no_sha1;
+        @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
+        @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        grep($_="$dir/$_",@a);
+        @a=grep(!/(^|\/)s_/,@a) if $no_sock;
+        @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
+        $ret=join(' ',@a)." ";
+        return($ret);
+        }
+# change things so that each 'token' is only separated by one space
+sub clean_up_ws
+        {
+        local($w)=@_;
+        $w =~ s/^\s*(.*)\s*$/$1/;
+        $w =~ s/\s+/ /g;
+        return($w);
+        }
+sub do_defs
+        {
+        local($var,$files,$location,$postfix)=@_;
+        local($_,$ret,$pf);
+        local(*OUT,$tmp,$t);
+        $files =~ s/\//$o/g if $o ne '/';
+        $ret="$var="; 
+        $n=1;
+        $Vars{$var}.="";
+        foreach (split(/ /,$files))
+                {
+                $orig=$_;
+                $_=&bname($_) unless /^\$/;
+                if ($n++ == 2)
+                        {
+                        $n=0;
+                        $ret.="\\\n\t";
+                        }
+                if (($_ =~ /bss_file/) && ($postfix eq ".h"))
+                        { $pf=".c"; }
+                else    { $pf=$postfix; }
+                if ($_ =~ /BN_MULW/)    { $t="$_ "; }
+                elsif ($_ =~ /DES_ENC/) { $t="$_ "; }
+                elsif ($_ =~ /BF_ENC/)  { $t="$_ "; }
+                elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
+                elsif ($_ =~ /RC4_ENC/) { $t="$_ "; }
+                elsif ($_ =~ /RC5_ENC/) { $t="$_ "; }
+                elsif ($_ =~ /MD5_ASM/) { $t="$_ "; }
+                elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
+                elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
+                else    { $t="$location${o}$_$pf "; }
+                $Vars{$var}.="$t ";
+                $ret.=$t;
+                }
+        chop($ret);
+        $ret.="\n\n";
+        return($ret);
+        }
+# return the name with the leading path removed
+sub bname
+        {
+        local($ret)=@_;
+        $ret =~ s/^.*[\\\/]([^\\\/]+)$/$1/;
+        return($ret);
+        }
+# do a rule for each file that says 'copy' to new direcory on change
+sub do_copy_rule
+        {
+        local($to,$files,$p)=@_;
+        local($ret,$_,$n,$pp);
+        
+        $files =~ s/\//$o/g if $o ne '/';
+        foreach (split(/\s+/,$files))
+                {
+                $n=&bname($_);
+                if ($n =~ /bss_file/)
+                        { $pp=".c"; }
+                else    { $pp=$p; }
+                $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \$(SRC_D)$o$_$pp $to${o}$n$pp\n\n";
+                }
+        return($ret);
+        }
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+# compile the files in '$files' into $to
+sub do_compile_rule
+        {
+        local($to,$files,$ex)=@_;
+        local($ret,$_,$n);
+        
+        $files =~ s/\//$o/g if $o ne '/';
+        foreach (split(/\s+/,$files))
+                {
+                $n=&bname($_);
+                $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
+                }
+        return($ret);
+        }
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+sub cc_compile_target
+        {
+        local($target,$source,$ex_flags)=@_;
+        local($ret);
+        
+        # EAY EAY
+        $ex_flags.=' -DCFLAGS="\"$(CC) $(CFLAG)\""' if ($source =~ /cversion/);
+        $target =~ s/\//$o/g if $o ne "/";
+        $source =~ s/\//$o/g if $o ne "/";
+        $ret ="$target: \$(SRC_D)$o$source\n\t";
+        $ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n";
+        return($ret);
+        }
+##############################################################
+sub do_asm_rule
+        {
+        local($target,$src)=@_;
+        local($ret,@s,@t,$i);
+        $target =~ s/\//$o/g if $o ne "/";
+        $src =~ s/\//$o/g if $o ne "/";
+        @s=split(/\s+/,$src);
+        @t=split(/\s+/,$target);
+        for ($i=0; $i<=$#s; $i++)
+                {
+                $ret.="$t[$i]: $s[$i]\n";
+                $ret.="\t\$(ASM) $afile$t[$i] \$(SRC_D)$o$s[$i]\n\n";
+                }
+        return($ret);
+        }
+sub do_shlib_rule
+        {
+        local($n,$def)=@_;
+        local($ret,$nn);
+        local($t);
+        ($nn=$n) =~ tr/a-z/A-Z/;
+        $ret.="$n.dll: \$(${nn}OBJ)\n";
+        if ($vc && $w32)
+                {
+                $ret.="\t\$(MKSHLIB) $efile$n.dll $def @<<\n  \$(${nn}OBJ_F)\n<<\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
diff --git a/src/lib/libssl/src/util/mkcerts.sh b/src/lib/libssl/src/util/mkcerts.sh
new file mode 100644
index 0000000000..5f8a1dae73
--- /dev/null
+++ b/src/lib/libssl/src/util/mkcerts.sh
@@ -0,0 +1,220 @@
+#!bin/sh
+# This script will re-make all the required certs.
+# cd apps
+# sh ../util/mkcerts.sh
+# mv ca-cert.pem pca-cert.pem ../certs
+# cd ..
+# cat certs/*.pem >>apps/server.pem
+# cat certs/*.pem >>apps/server2.pem
+# SSLEAY=`pwd`/apps/ssleay; export SSLEAY
+# sh tools/c_rehash certs
+#
+ 
+CAbits=1024
+SSLEAY="../apps/ssleay"
+CONF="-config ../apps/ssleay.cnf"
+# create pca request.
+echo creating $CAbits bit PCA cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey $CAbits \
+        -keyout pca-key.pem \
+        -out pca-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Test PCA (1024 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating PCA request
+        exit 1
+fi
+#sign it.
+echo
+echo self signing PCA
+$SSLEAY x509 -md5 -days 1461 \
+        -req -signkey pca-key.pem \
+        -CAcreateserial -CAserial pca-cert.srl \
+        -in pca-req.pem -out pca-cert.pem
+if [ $? != 0 ]; then
+        echo problems self signing PCA cert
+        exit 1
+fi
+echo
+# create ca request.
+echo creating $CAbits bit CA cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey $CAbits \
+        -keyout ca-key.pem \
+        -out ca-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Test CA (1024 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating CA request
+        exit 1
+fi
+#sign it.
+echo
+echo signing CA
+$SSLEAY x509 -md5 -days 1461 \
+        -req \
+        -CAcreateserial -CAserial pca-cert.srl \
+        -CA pca-cert.pem -CAkey pca-key.pem \
+        -in ca-req.pem -out ca-cert.pem
+if [ $? != 0 ]; then
+        echo problems signing CA cert
+        exit 1
+fi
+echo
+# create server request.
+echo creating 512 bit server cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey 512 \
+        -keyout s512-key.pem \
+        -out s512-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Server test cert (512 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating 512 bit server cert request
+        exit 1
+fi
+#sign it.
+echo
+echo signing 512 bit server cert
+$SSLEAY x509 -md5 -days 365 \
+        -req \
+        -CAcreateserial -CAserial ca-cert.srl \
+        -CA ca-cert.pem -CAkey ca-key.pem \
+        -in s512-req.pem -out server.pem
+if [ $? != 0 ]; then
+        echo problems signing 512 bit server cert
+        exit 1
+fi
+echo
+# create 1024 bit server request.
+echo creating 1024 bit server cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey 1024 \
+        -keyout s1024key.pem \
+        -out s1024req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Server test cert (1024 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating 1024 bit server cert request
+        exit 1
+fi
+#sign it.
+echo
+echo signing 1024 bit server cert
+$SSLEAY x509 -md5 -days 365 \
+        -req \
+        -CAcreateserial -CAserial ca-cert.srl \
+        -CA ca-cert.pem -CAkey ca-key.pem \
+        -in s1024req.pem -out server2.pem
+if [ $? != 0 ]; then
+        echo problems signing 1024 bit server cert
+        exit 1
+fi
+echo
+# create 512 bit client request.
+echo creating 512 bit client cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey 512 \
+        -keyout c512-key.pem \
+        -out c512-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Client test cert (512 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating 512 bit client cert request
+        exit 1
+fi
+#sign it.
+echo
+echo signing 512 bit client cert
+$SSLEAY x509 -md5 -days 365 \
+        -req \
+        -CAcreateserial -CAserial ca-cert.srl \
+        -CA ca-cert.pem -CAkey ca-key.pem \
+        -in c512-req.pem -out client.pem
+if [ $? != 0 ]; then
+        echo problems signing 512 bit client cert
+        exit 1
+fi
+echo cleanup
+cat pca-key.pem  >> pca-cert.pem
+cat ca-key.pem   >> ca-cert.pem
+cat s512-key.pem >> server.pem
+cat s1024key.pem >> server2.pem
+cat c512-key.pem >> client.pem
+for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
+do
+$SSLEAY x509 -issuer -subject -in $i -noout >$$
+cat $$
+/bin/cat $i >>$$
+/bin/mv $$ $i
+done
+#/bin/rm -f *key.pem *req.pem *.srl
+echo Finished
diff --git a/src/lib/libssl/src/util/mkdef.pl b/src/lib/libssl/src/util/mkdef.pl
new file mode 100644
index 0000000000..8124f11292
--- /dev/null
+++ b/src/lib/libssl/src/util/mkdef.pl
@@ -0,0 +1,292 @@
+#!/usr/bin/perl
+#
+# generate a .def file
+#
+# It does this by parsing the header files and looking for the
+# non-prototyped functions.
+#
+$crypto_num="util/libeay.num";
+$ssl_num=   "util/ssleay.num";
+$NT=1;
+foreach (@ARGV)
+        {
+        $NT=1 if $_ eq "32";
+        $NT=0 if $_ eq "16";
+        $do_ssl=1 if $_ eq "ssleay";
+        $do_crypto=1 if $_ eq "libeay";
+        }
+if (!$do_ssl && !$do_crypto)
+        {
+        print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 ]\n";
+        exit(1);
+        }
+%ssl_list=&load_numbers($ssl_num);
+%crypto_list=&load_numbers($crypto_num);
+$ssl="ssl/ssl.h";
+$crypto ="crypto/crypto.h";
+$crypto.=" crypto/des/des.h";
+$crypto.=" crypto/idea/idea.h";
+$crypto.=" crypto/rc4/rc4.h";
+$crypto.=" crypto/rc5/rc5.h";
+$crypto.=" crypto/rc2/rc2.h";
+$crypto.=" crypto/bf/blowfish.h";
+$crypto.=" crypto/cast/cast.h";
+$crypto.=" crypto/md2/md2.h";
+$crypto.=" crypto/md5/md5.h";
+$crypto.=" crypto/mdc2/mdc2.h";
+$crypto.=" crypto/sha/sha.h";
+$crypto.=" crypto/ripemd/ripemd.h";
+$crypto.=" crypto/bn/bn.h";
+$crypto.=" crypto/rsa/rsa.h";
+$crypto.=" crypto/dsa/dsa.h";
+$crypto.=" crypto/dh/dh.h";
+$crypto.=" crypto/stack/stack.h";
+$crypto.=" crypto/buffer/buffer.h";
+$crypto.=" crypto/bio/bio.h";
+$crypto.=" crypto/lhash/lhash.h";
+$crypto.=" crypto/conf/conf.h";
+$crypto.=" crypto/txt_db/txt_db.h";
+$crypto.=" crypto/evp/evp.h";
+$crypto.=" crypto/objects/objects.h";
+$crypto.=" crypto/pem/pem.h";
+#$crypto.=" crypto/meth/meth.h";
+$crypto.=" crypto/asn1/asn1.h";
+$crypto.=" crypto/asn1/asn1_mac.h";
+$crypto.=" crypto/err/err.h";
+$crypto.=" crypto/pkcs7/pkcs7.h";
+$crypto.=" crypto/x509/x509.h";
+$crypto.=" crypto/x509/x509_vfy.h";
+$crypto.=" crypto/rand/rand.h";
+$crypto.=" crypto/hmac/hmac.h";
+$match{'NOPROTO'}=1;
+$match2{'PERL5'}=1;
+&print_def_file(*STDOUT,"SSLEAY",*ssl_list,&do_defs("SSLEAY",$ssl))
+        if $do_ssl == 1;
+&print_def_file(*STDOUT,"LIBEAY",*crypto_list,&do_defs("LIBEAY",$crypto))
+        if $do_crypto == 1;
+sub do_defs
+        {
+        local($name,$files)=@_;
+        local(@ret);
+        $off=-1;
+        foreach $file (split(/\s+/,$files))
+                {
+#               print STDERR "reading $file\n";
+                open(IN,"<$file") || die "unable to open $file:$!\n";
+                $depth=0;
+                $pr=-1;
+                @np="";
+                $/=undef;
+                $a=<IN>;
+                while (($i=index($a,"/*")) >= 0)
+                        {
+                        $j=index($a,"*/");
+                        break unless ($j >= 0);
+                        $a=substr($a,0,$i).substr($a,$j+2);
+                #       print "$i $j\n";
+                        }
+                foreach (split("\n",$a))
+                        {
+                        if (/^\#\s*ifndef (.*)/)
+                                {
+                                push(@tag,$1);
+                                $tag{$1}=-1;
+                                next;
+                                }
+                        elsif (/^\#\s*if !defined\(([^\)]+)\)/)
+                                {
+                                push(@tag,$1);
+                                $tag{$1}=-1;
+                                next;
+                                }
+                        elsif (/^\#\s*ifdef (.*)/)
+                                {
+                                push(@tag,$1);
+                                $tag{$1}=1;
+                                next;
+                                }
+                        elsif (/^\#\s*if defined(.*)/)
+                                {
+                                push(@tag,$1);
+                                $tag{$1}=1;
+                                next;
+                                }
+                        elsif (/^\#\s*endif/)
+                                {
+                                $tag{$tag[$#tag]}=0;
+                                pop(@tag);
+                                next;
+                                }
+                        elsif (/^\#\s*else/)
+                                {
+                                $t=$tag[$#tag];
+                                $tag{$t}= -$tag{$t};
+                                next;
+                                }
+#printf STDERR "$_\n%2d %2d %2d %2d %2d $NT\n",
+#$tag{'NOPROTO'},$tag{'FreeBSD'},$tag{'WIN16'},$tag{'PERL5'},$tag{'NO_FP_API'};
+                        $t=undef;
+                        if (/^extern .*;$/)
+                                { $t=&do_extern($name,$_); }
+                        elsif ( ($tag{'NOPROTO'} == 1) &&
+                                ($tag{'FreeBSD'} != 1) &&
+                                (($NT && ($tag{'WIN16'} != 1)) ||
+                                 (!$NT && ($tag{'WIN16'} != -1))) &&
+                                ($tag{'PERL5'} != 1) &&
+#                               ($tag{'_WINDLL'} != -1) &&
+                                ((!$NT && $tag{'_WINDLL'} != -1) ||
+                                 ($NT && $tag{'_WINDLL'} != 1)) &&
+                                ((($tag{'NO_FP_API'} != 1) && $NT) ||
+                                 (($tag{'NO_FP_API'} != -1) && !$NT)))
+                                { $t=&do_line($name,$_); }
+                        else
+                                { $t=undef; }
+                        if (($t ne undef) && (!$done{$name,$t}))
+                                {
+                                $done{$name,$t}++;
+                                push(@ret,$t);
+#printf STDERR "one:$t\n" if $t =~ /BIO_/;
+                                }
+                        }
+                close(IN);
+                }
+        return(@ret);
+        }
+sub do_line
+        {
+        local($file,$_)=@_;
+        local($n);
+        return(undef) if /^$/;
+        return(undef) if /^\s/;
+#printf STDERR "two:$_\n" if $_ =~ /BIO_/;
+        if (/(CRYPTO_get_locking_callback)/)
+                { return($1); }
+        elsif (/(CRYPTO_get_id_callback)/)
+                { return($1); }
+        elsif (/(CRYPTO_get_add_lock_callback)/)
+                { return($1); }
+        elsif (/(SSL_CTX_get_verify_callback)/)
+                { return($1); }
+        elsif (/(SSL_get_info_callback)/)
+                { return($1); }
+        elsif ((!$NT) && /(ERR_load_CRYPTO_strings)/)
+                { return("ERR_load_CRYPTOlib_strings"); }
+        elsif (!$NT && /BIO_s_file/)
+                { return(undef); }
+        elsif (!$NT && /BIO_new_file/)
+                { return(undef); }
+        elsif (!$NT && /BIO_new_fp/)
+                { return(undef); }
+        elsif ($NT && /BIO_s_file_internal/)
+                { return(undef); }
+        elsif ($NT && /BIO_new_file_internal/)
+                { return(undef); }
+        elsif ($NT && /BIO_new_fp_internal/)
+                { return(undef); }
+        else
+                {
+                /\s\**(\S+)\s*\(/;
+                return($1);
+                }
+        }
+sub do_extern
+        {
+        local($file,$_)=@_;
+        local($n);
+        /\s\**(\S+);$/;
+        return($1);
+        }
+sub print_def_file
+        {
+        local(*OUT,$name,*nums,@functions)=@_;
+        local($n)=1;
+        if ($NT)
+                { $name.="32"; }
+        else
+                { $name.="16"; }
+        print OUT <<"EOF";
+;
+; Definition file for the DDL version of the $name library from SSLeay
+;
+LIBRARY         $name
+DESCRIPTION     'SSLeay $name - eay\@cryptsoft.com'
+EOF
+        if (!$NT)
+                {
+                print <<"EOF";
+CODE            PRELOAD MOVEABLE
+DATA            PRELOAD MOVEABLE SINGLE
+EXETYPE         WINDOWS
+HEAPSIZE        4096
+STACKSIZE       8192
+EOF
+                }
+        print "EXPORTS\n";
+        (@e)=grep(/^SSLeay/,@functions);
+        (@r)=grep(!/^SSLeay/,@functions);
+        @functions=((sort @e),(sort @r));
+        foreach $func (@functions)
+                {
+                if (!defined($nums{$func}))
+                        {
+                        printf STDERR "$func does not have a number assigned\n";
+                        }
+                else
+                        {
+                        $n=$nums{$func};
+                        printf OUT "    %s%-35s@%d\n",($NT)?"":"_",$func,$n;
+                        }
+                }
+        printf OUT "\n";
+        }
+sub load_numbers
+        {
+        local($name)=@_;
+        local($j,@a,%ret);
+        open(IN,"<$name") || die "unable to open $name:$!\n";
+        while (<IN>)
+                {
+                chop;
+                s/#.*$//;
+                next if /^\s*$/;
+                @a=split;
+                $ret{$a[0]}=$a[1];
+                }
+        close(IN);
+        return(%ret);
+        }
diff --git a/src/lib/libssl/src/util/perlpath.pl b/src/lib/libssl/src/util/perlpath.pl
new file mode 100644
index 0000000000..9e57e10ad4
--- /dev/null
+++ b/src/lib/libssl/src/util/perlpath.pl
@@ -0,0 +1,30 @@
+#!/usr/bin/perl
+#
+# modify the '#!/usr/local/bin/perl'
+# line in all scripts that rely on perl.
+#
+require "find.pl";
+$#ARGV == 0 || print STDERR "usage: perlpath newpath  (eg /usr/bin)\n";
+&find(".");
+sub wanted
+        {
+        return unless /\.pl$/ || /^[Cc]onfigur/;
+        open(IN,"<$_") || die "unable to open $dir/$_:$!\n";
+        @a=<IN>;
+        close(IN);
+        $a[0]="#!$ARGV[0]/perl\n";
+        # Playing it safe...
+        $new="$_.new";
+        open(OUT,">$new") || die "unable to open $dir/$new:$!\n";
+        print OUT @a;
+        close(OUT);
+        rename($new,$_) || die "unable to rename $dir/$new:$!\n";
+        chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n";
+        }
diff --git a/src/lib/libssl/src/util/pl/BC-16.pl b/src/lib/libssl/src/util/pl/BC-16.pl
new file mode 100644
index 0000000000..7c3fdb68f4
--- /dev/null
+++ b/src/lib/libssl/src/util/pl/BC-16.pl
@@ -0,0 +1,146 @@
+#!/usr/bin/perl
+# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
+#
+$o='\\';
+$cp='copy';
+$rm='del';
+# C compiler stuff
+$cc='bcc';
+if ($debug)
+        { $op="-v "; }
+else    { $op="-O "; }
+$cflags="-d -ml $op -DL_ENDIAN";
+# I add the stack opt
+$base_lflags="/c /C";
+$lflags="$base_lflags";
+if ($win16)
+        {
+        $shlib=1;
+        $cflags.=" -DWINDOWS -DWIN16";
+        $app_cflag="-W";
+        $lib_cflag="-WD";
+        $lflags.="/Twe";
+        }
+else
+        {
+        $cflags.=" -DMSDOS";
+        $lflags.=" /Tde";
+        }
+if ($shlib)
+        {
+        $mlflags=" /Twd $base_lflags"; # stack if defined in .def file
+        $libs="libw ldllcew";
+        $no_asm=1;
+        }
+else
+        { $mlflags=''; }
+$obj='.obj';
+$ofile="-o";
+# EXE linking stuff
+$link="tlink";
+$efile="";
+$exep='.exe';
+$ex_libs="CL";
+$ex_libs.=$no_sock?"":" winsock.lib";
+$app_ex_obj="C0L.obj ";
+$shlib_ex_obj="" if ($shlib);
+# static library stuff
+$mklib='tlib';
+$ranlib='echo no ranlib';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+$asm='bcc -c -B -Tml';
+$afile='/o';
+if ($no_asm)
+        {
+        $bn_mulw_obj='';
+        $bn_mulw_src='';
+        }
+elsif ($asmbits == 32)
+        {
+        $bn_mulw_obj='crypto\bn\asm\x86w32.obj';
+        $bn_mulw_src='crypto\bn\asm\x86w32.asm';
+        }
+else
+        {
+        $bn_mulw_obj='crypto\bn\asm\x86w16.obj';
+        $bn_mulw_src='crypto\bn\asm\x86w16.asm';
+        }
+sub do_lib_rule
+        {
+        local($target,$name,$shlib)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) \$(O_$Name)\n";
+        # Due to a pathetic line length limit, I unwrap the args.
+        local($lib_names)="";
+        local($dll_names)="";
+        foreach $_ (sort split(/\s+/,$Vars{"${Name}OBJ"}))
+                {
+                $lib_names.="  +$_ &\n";
+                $dll_names.="  $_\n";
+                }
+        if (!$shlib)
+                {
+                $ret.="\t\$(MKLIB) $target & <<|\n$lib_names\n,\n|\n";
+                }
+        else
+                {
+                local($ex)=($Name eq "SSL")?' $(L_CRYPTO) winsock':"";
+                $ret.="\t\$(LINK) \$(MLFLAGS) @&&|\n";
+                $ret.=$dll_names;
+                $ret.="\n  $target\n\n  $ex $libs\nms$o${name}16.def;\n|\n";
+                ($out_lib=$target) =~ s/O_/L_/;
+                $ret.="\timplib /nowep $out_lib $target\n\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$f,$_,@f);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="  \$(LINK) @&&|";
+        
+        # Due to a pathetic line length limit, I have to unwrap the args.
+        $ret.=" \$(LFLAGS) ";
+        if ($files =~ /\(([^)]*)\)$/)
+                {
+                $ret.=" \$(APP_EX_OBJ)";
+                foreach $_ (sort split(/\s+/,$Vars{$1}))
+                        { $ret.="\n  $r $_ +"; }
+                chop($ret);
+                $ret.="\n";
+                }
+        else
+                { $ret.="\n $r \$(APP_EX_OBJ) $files\n"; }
+        $ret.="  $target\n\n  $libs\n\n|\n\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libssl/src/util/pl/BC-32.pl b/src/lib/libssl/src/util/pl/BC-32.pl
new file mode 100644
index 0000000000..3898d16f61
--- /dev/null
+++ b/src/lib/libssl/src/util/pl/BC-32.pl
@@ -0,0 +1,135 @@
+#!/usr/bin/perl
+# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
+#
+$o='\\';
+$cp='copy';
+$rm='del';
+# C compiler stuff
+$cc='bcc32';
+if ($debug)
+        { $op="-v "; }
+else    { $op="-O "; }
+$cflags="-d $op -DL_ENDIAN ";
+# I add the stack opt
+$base_lflags="-c";
+$lflags="$base_lflags";
+$cflags.=" -DWINDOWS -DWIN32";
+$app_cflag="-WC";
+$lib_cflag="-WC";
+$lflags.=" -Tpe";
+if ($shlib)
+        {
+        $mlflags="$base_lflags -Tpe"; # stack if defined in .def file
+        $libs="libw ldllcew";
+        }
+else
+        { $mlflags=''; }
+$obj='.obj';
+$ofile="-o";
+# EXE linking stuff
+$link="tlink32";
+$efile="";
+$exep='.exe';
+$ex_libs="CW32.LIB IMPORT32.LIB";
+$ex_libs.=$no_sock?"":" wsock32.lib";
+$shlib_ex_obj="" if $shlib;
+$app_ex_obj="C0X32.OBJ";
+# static library stuff
+$mklib='tlib';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+$asm='ml /Cp /c /Cx';
+$afile='/Fo';
+if ($noasm)
+        {
+        $bn_mulw_obj='';
+        $bn_mulw_src='';
+        }
+else
+        {
+        $bn_mulw_obj='crypto\bn\asm\x86b32.obj';
+        $bn_mulw_src='crypto\bn\asm\x86m32.asm';
+        }
+sub do_lib_rule
+        {
+        local($target,$name,$shlib)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) \$(O_$Name)\n";
+        # Due to a pathetic line length limit, I unwrap the args.
+        local($lib_names)="";
+        local($dll_names)="";
+        foreach $_ (sort split(/\s+/,$Vars{"${Name}OBJ"}))
+                {
+                $lib_names.="  +$_ &\n";
+                $dll_names.="  $_\n";
+                }
+        if (!$shlib)
+                {
+                $ret.="\t\$(MKLIB) $target & <<|\n$lib_names\n,\n|\n";
+                }
+        else
+                {
+                # $(SHLIB_EX_OBJ)
+                local($ex)=($Name eq "SSL")?' $(L_CRYPTO) winsock':"";
+                $ret.="\t\$(LINK) \$(MLFLAGS) @&&|\n";
+                $ret.=$dll_names;
+                $ret.="\n  $target\n\n  $ex $libs\nms$o${name}16.def;\n|\n";
+                ($out_lib=$target) =~ s/O_/L_/;
+                $ret.="\timplib /nowep $out_lib $target\n\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$f,$_,@f);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="  \$(LINK) @&&|";
+        
+        # Due to a pathetic line length limit, I have to unwrap the args.
+        $r="  \$(LFLAGS) ";
+        if ($files =~ /\(([^)]*)\)$/)
+                {
+                @a=('$(APP_EX_OBJ)');
+                push(@a,sort split(/\s+/,$Vars{$1}));
+                foreach $_ (@a)
+                        {
+                        $ret.="\n  $r $_ +";
+                        $r="";
+                        }
+                chop($ret);
+                $ret.="\n";
+                }
+        else
+                { $ret.="\n $r \$(APP_EX_OBJ) $files\n"; }
+        $ret.="  $target\n\n  $libs\n\n|\n\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libssl/src/util/pl/VC-16.pl b/src/lib/libssl/src/util/pl/VC-16.pl
new file mode 100644
index 0000000000..a6e6c0241c
--- /dev/null
+++ b/src/lib/libssl/src/util/pl/VC-16.pl
@@ -0,0 +1,173 @@
+#!/usr/bin/perl
+# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
+#
+$ssl=   "ssleay16";
+$crypto="libeay16";
+$RSAref="RSAref16";
+$o='\\';
+$cp='copy';
+$rm='del';
+# C compiler stuff
+$cc='cl';
+$out_def="out16";
+$tmp_def="tmp16";
+$inc_def="inc16";
+if ($debug)
+        {
+        $op="/Od /Zi /Zd";
+        $base_lflags="/CO";
+        }
+else    {
+        $op="/G2 /f- /Ocgnotb2";
+        }
+$base_lflags.=" /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000";
+if ($win16) { $base_lflags.=" /PACKD:60000"; }
+$cflags="/ALw /Gx- /Gt256 /Gf $op /W3 /WX -DL_ENDIAN /nologo";
+# I add the stack opt
+$lflags="$base_lflags /STACK:20000";
+if ($win16)
+        {
+        $cflags.=" -DWINDOWS -DWIN16";
+        $app_cflag="/Gw /FPi87";
+        $lib_cflag="/Gw";
+        $lib_cflag.=" -D_WINDLL -D_DLL" if $shlib;
+        $lib_cflag.=" -DWIN16TTY" if !$shlib;
+        $lflags.=" /ALIGN:256";
+        $ex_libs.="oldnames llibcewq libw";
+        }
+else
+        {
+        $no_sock=1;
+        $cflags.=" -DMSDOS";
+        $lflags.=" /EXEPACK";
+        $ex_libs.="oldnames.lib llibce.lib";
+        }
+if ($shlib)
+        {
+        $mlflags="$base_lflags";
+        $libs="oldnames ldllcew libw";
+        $shlib_ex_obj="";
+#       $no_asm=1;
+        $out_def="out16dll";
+        $tmp_def="tmp16dll";
+        }
+else
+        { $mlflags=''; }
+$app_ex_obj="setargv.obj";
+$obj='.obj';
+$ofile="/Fo";
+# EXE linking stuff
+$link="link";
+$efile="";
+$exep='.exe';
+$ex_libs.=$no_sock?"":" winsock";
+# static library stuff
+$mklib='lib /PAGESIZE:1024';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+$asm='ml /Cp /c /Cx';
+$afile='/Fo';
+$bn_mulw_obj='';
+$bn_mulw_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+if (!$no_asm)
+        {
+        if ($asmbits == 32)
+                {
+                $bn_mulw_obj='crypto\bn\asm\x86w32.obj';
+                $bn_mulw_src='crypto\bn\asm\x86w32.asm';
+                }
+        else
+                {
+                $bn_mulw_obj='crypto\bn\asm\x86w16.obj';
+                $bn_mulw_src='crypto\bn\asm\x86w16.asm';
+                }
+        }
+sub do_lib_rule
+        {
+        local($objs,$target,$name,$shlib)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+#       $target="\$(LIB_D)$o$target";
+        $ret.="$target: $objs\n";
+#       $ret.="\t\$(RM) \$(O_$Name)\n";
+        # Due to a pathetic line length limit, I unwrap the args.
+        local($lib_names)="";
+        local($dll_names)="  \$(SHLIB_EX_OBJ) +\n";
+        ($obj)= ($objs =~ /\((.*)\)/);
+        foreach $_ (sort split(/\s+/,$Vars{$obj}))
+                {
+                $lib_names.="+$_ &\n";
+                $dll_names.="  $_ +\n";
+                }
+        if (!$shlib)
+                {
+                $ret.="\tdel $target\n";
+                $ret.="\t\$(MKLIB) @<<\n$target\ny\n$lib_names\n\n<<\n";
+                }
+        else
+                {
+                local($ex)=($target =~ /O_SSL/)?'$(L_CRYPTO)':"";
+                $ex.=' winsock';
+                $ret.="\t\$(LINK) \$(MLFLAGS) @<<\n";
+                $ret.=$dll_names;
+                $ret.="\n  $target\n\n  $ex $libs\nms$o${name}.def;\n<<\n";
+                ($out_lib=$target) =~ s/O_/L_/;
+                $ret.="\timplib /noignorecase /nowep $out_lib $target\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$f,$_,@f);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="  \$(LINK) \$(LFLAGS) @<<\n";
+        
+        # Due to a pathetic line length limit, I have to unwrap the args.
+        if ($files =~ /\(([^)]*)\)$/)
+                {
+                @a=('$(APP_EX_OBJ)');
+                push(@a,sort split(/\s+/,$Vars{$1}));
+                for $_ (@a)
+                        { $ret.="  $_ +\n"; }
+                }
+        else
+                { $ret.="  \$(APP_EX_OBJ) $files"; }
+        $ret.="\n  $target\n\n  $libs\n\n<<\n\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libssl/src/util/pl/VC-32.pl b/src/lib/libssl/src/util/pl/VC-32.pl
new file mode 100644
index 0000000000..701e282c33
--- /dev/null
+++ b/src/lib/libssl/src/util/pl/VC-32.pl
@@ -0,0 +1,133 @@
+#!/usr/bin/perl
+# VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries
+#
+$ssl=   "ssleay32";
+$crypto="libeay32";
+$RSAref="RSAref32";
+$o='\\';
+$cp='copy';
+$rm='del';
+# C compiler stuff
+$cc='cl';
+$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN';
+$lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
+$mlflags='';
+$out_def="out32";
+$tmp_def="tmp32";
+$inc_def="inc32";
+if ($debug)
+        {
+        $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWINDOWS -DWIN32 -D_DEBUG -DL_ENDIAN";
+        $lflags.=" /debug";
+        $mlflags.=' /debug';
+        }
+$obj='.obj';
+$ofile="/Fo";
+# EXE linking stuff
+$link="link";
+$efile="/out:";
+$exep='.exe';
+if ($no_sock)
+        { $ex_libs=""; }
+else    { $ex_libs="wsock32.lib user32.lib gdi32.lib"; }
+# static library stuff
+$mklib='lib';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='/out:';
+$shlib_ex_obj="";
+$app_ex_obj="setargv.obj";
+$asm='ml /Cp /coff /c /Cx';
+$asm.=" /Zi" if $debug;
+$afile='/Fo';
+$bn_mulw_obj='';
+$bn_mulw_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+if (!$no_asm)
+        {
+        $bn_mulw_obj='crypto\bn\asm\bn-win32.obj';
+        $bn_mulw_src='crypto\bn\asm\bn-win32.asm';
+        $des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
+        $des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
+        $bf_enc_obj='crypto\bf\asm\b-win32.obj';
+        $bf_enc_src='crypto\bf\asm\b-win32.asm';
+        $cast_enc_obj='crypto\cast\asm\c-win32.obj';
+        $cast_enc_src='crypto\cast\asm\c-win32.asm';
+        $rc4_enc_obj='crypto\rc4\asm\r4-win32.obj';
+        $rc4_enc_src='crypto\rc4\asm\r4-win32.asm';
+        $rc5_enc_obj='crypto\rc5\asm\r5-win32.obj';
+        $rc5_enc_src='crypto\rc5\asm\r5-win32.asm';
+        $md5_asm_obj='crypto\md5\asm\m5-win32.obj';
+        $md5_asm_src='crypto\md5\asm\m5-win32.asm';
+        $sha1_asm_obj='crypto\sha\asm\s1-win32.obj';
+        $sha1_asm_src='crypto\sha\asm\s1-win32.asm';
+        $rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj';
+        $rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm';
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+        }
+if ($shlib)
+        {
+        $mlflags.=" $lflags /dll";
+#       $cflags =~ s| /MD| /MT|;
+        $lib_cflag=" /GD -D_WINDLL -D_DLL";
+        $out_def="out32dll";
+        $tmp_def="tmp32dll";
+        }
+sub do_lib_rule
+        {
+        local($objs,$target,$name,$shlib)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+#       $target="\$(LIB_D)$o$target";
+        $ret.="$target: $objs\n";
+        if (!$shlib)
+                {
+#               $ret.="\t\$(RM) \$(O_$Name)\n";
+                $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs\n<<\n";
+                }
+        else
+                {
+                local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+                $ex.=' wsock32.lib gdi32.lib';
+                $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n";
+        $ret.="  \$(APP_EX_OBJ) $files $libs\n<<\n\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libssl/src/util/pl/linux.pl b/src/lib/libssl/src/util/pl/linux.pl
new file mode 100644
index 0000000000..2b13da1bfc
--- /dev/null
+++ b/src/lib/libssl/src/util/pl/linux.pl
@@ -0,0 +1,96 @@
+#!/usr/bin/perl
+#
+# linux.pl - the standard unix makefile stuff.
+#
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+# C compiler stuff
+$cc='gcc';
+if ($debug)
+        { $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; }
+else
+        { $cflags="-O3 -fomit-frame-pointer"; }
+if (!$no_asm)
+        {
+        $bn_mulw_obj='$(OBJ_D)/bn86-elf.o';
+        $bn_mulw_src='crypto/bn/asm/bn86unix.cpp';
+        $des_enc_obj='$(OBJ_D)/dx86-elf.o $(OBJ_D)/yx86-elf.o';
+        $des_enc_src='crypto/des/asm/dx86unix.cpp crypto/des/asm/yx86unix.cpp';
+        $bf_enc_obj='$(OBJ_D)/bx86-elf.o';
+        $bf_enc_src='crypto/bf/asm/bx86unix.cpp';
+        $cast_enc_obj='$(OBJ_D)/cx86-elf.o';
+        $cast_enc_src='crypto/cast/asm/cx86unix.cpp';
+        $rc4_enc_obj='$(OBJ_D)/rx86-elf.o';
+        $rc4_enc_src='crypto/rc4/asm/rx86unix.cpp';
+        $md5_asm_obj='$(OBJ_D)/mx86-elf.o';
+        $md5_asm_src='crypto/md5/asm/mx86unix.cpp';
+        $sha1_asm_obj='$(OBJ_D)/sx86-elf.o';
+        $sha1_asm_src='crypto/sha/asm/sx86unix.cpp';
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM";
+        }
+$cflags.=" -DTERMIO -DL_ENDIAN -m486 -Wall";
+if ($shlib)
+        {
+        $shl_cflag=" -DPIC -fpic";
+        $shlibp=".so.$ssl_version";
+        $so_shlibp=".so";
+        }
+sub do_shlib_rule
+        {
+        local($obj,$target,$name,$shlib,$so_name)=@_;
+        local($ret,$_,$Name);
+        $target =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        $ret.="\$(LIB_D)$o$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) \$(LIB_D)$o$target\n";
+        $ret.="\tgcc \${CFLAGS} -shared -Wl,-soname,$target -o \$(LIB_D)$o$target \$(${Name}OBJ)\n";
+        ($t=$target) =~ s/(^.*)\/[^\/]*$/$1/;
+        if ($so_name ne "")
+                {
+                $ret.="\t\$(RM) \$(LIB_D)$o$so_name\n";
+                $ret.="\tln -s $target \$(LIB_D)$o$so_name\n\n";
+                }
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+        return($ret);
+        }
+sub do_asm_rule
+        {
+        local($target,$src)=@_;
+        local($ret,@s,@t,$i);
+        $target =~ s/\//$o/g if $o ne "/";
+        $src =~ s/\//$o/g if $o ne "/";
+        @s=split(/\s+/,$src);
+        @t=split(/\s+/,$target);
+        for ($i=0; $i<=$#s; $i++)
+                {
+                $ret.="$t[$i]: $s[$i]\n";
+                $ret.="\tgcc -E -DELF \$(SRC_D)$o$s[$i]|\$(AS) $afile$t[$i]\n\n";
+                }
+        return($ret);
+        }
+1;
diff --git a/src/lib/libssl/src/util/pl/unix.pl b/src/lib/libssl/src/util/pl/unix.pl
new file mode 100644
index 0000000000..ab4978fd20
--- /dev/null
+++ b/src/lib/libssl/src/util/pl/unix.pl
@@ -0,0 +1,83 @@
+#!/usr/bin/perl
+#
+# unix.pl - the standard unix makefile stuff.
+#
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+# C compiler stuff
+if ($gcc)
+        {
+        $cc='gcc';
+        if ($debug)
+                { $cflags="-g2 -ggdb"; }
+        else
+                { $cflags="-O3 -fomit-frame-pointer"; }
+        }
+else
+        {
+        $cc='cc';
+        if ($debug)
+                { $cflags="-g"; }
+        else
+                { $cflags="-O"; }
+        }
+$obj='.o';
+$ofile='-o ';
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="";
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib='util/ranlib.sh';
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+$asm='as';
+$afile='-o ';
+$bn_mulw_obj="";
+$bn_mulw_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+sub do_lib_rule
+        {
+        local($obj,$target,$name,$shlib)=@_;
+        local($ret,$_,$Name);
+        $target =~ s/\//$o/g if $o ne '/';
+        $target="\$(LIB_D)$o$target";
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) $target\n";
+        $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+        $ret.="\t\$(RANLIB) $target\n\n";
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libssl/src/util/point.sh b/src/lib/libssl/src/util/point.sh
new file mode 100644
index 0000000000..92c12e8282
--- /dev/null
+++ b/src/lib/libssl/src/util/point.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f $2
+ln -s $1 $2
diff --git a/src/lib/libssl/src/util/sp-diff.pl b/src/lib/libssl/src/util/sp-diff.pl
new file mode 100644
index 0000000000..2c88336858
--- /dev/null
+++ b/src/lib/libssl/src/util/sp-diff.pl
@@ -0,0 +1,80 @@
+#!/usr/bin/perl
+#
+# This file takes as input, the files that have been output from
+# ssleay speed.
+# It prints a table of the relative differences with %100 being 'no difference'
+#
+($#ARGV == 1) || die "$0 speedout1 speedout2\n";
+%one=&loadfile($ARGV[0]);
+%two=&loadfile($ARGV[1]);
+$line=0;
+foreach $a ("md2","md5","sha","sha1","rc4","des cfb","des cbc","des ede3",
+        "idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc","cast cbc")
+        {
+        if (defined($one{$a,8}) && defined($two{$a,8}))
+                {
+                print "type              8 byte%    64 byte%   256 byte%  1024 byte%  8192 byte%\n"
+                        unless $line;
+                $line++;
+                printf "%-12s ",$a;
+                foreach $b (8,64,256,1024,8192)
+                        {
+                        $r=$two{$a,$b}/$one{$a,$b}*100;
+                        printf "%12.2f",$r;
+                        }
+                print "\n";
+                }
+        }
+foreach $a      (
+                "rsa  512","rsa 1024","rsa 2048","rsa 4096",
+                "dsa  512","dsa 1024","dsa 2048",
+                )
+        {
+        if (defined($one{$a,1}) && defined($two{$a,1}))
+                {
+                $r1=($one{$a,1}/$two{$a,1})*100;
+                $r2=($one{$a,2}/$two{$a,2})*100;
+                printf "$a bits %%    %6.2f %%    %6.2f\n",$r1,$r2;
+                }
+        }
+sub loadfile
+        {
+        local($file)=@_;
+        local($_,%ret);
+        open(IN,"<$file") || die "unable to open '$file' for input\n";
+        $header=1;
+        while (<IN>)
+                {
+                $header=0 if /^[dr]sa/;
+                if (/^type/) { $header=0; next; }
+                next if $header;
+                chop;
+                @a=split;
+                if ($a[0] =~ /^[dr]sa$/)
+                        {
+                        ($n,$t1,$t2)=($_ =~ /^([dr]sa\s+\d+)\s+bits\s+([.\d]+)s\s+([.\d]+)/);
+                        $ret{$n,1}=$t1;
+                        $ret{$n,2}=$t2;
+                        }
+                else
+                        {
+                        $n=join(' ',grep(/[^k]$/,@a));
+                        @k=grep(s/k$//,@a);
+                        
+                        $ret{$n,   8}=$k[0];
+                        $ret{$n,  64}=$k[1];
+                        $ret{$n, 256}=$k[2];
+                        $ret{$n,1024}=$k[3];
+                        $ret{$n,8192}=$k[4];
+                        }
+                }
+        close(IN);
+        return(%ret);
+        }
diff --git a/src/lib/libssl/src/util/speed.sh b/src/lib/libssl/src/util/speed.sh
new file mode 100644
index 0000000000..f489706197
--- /dev/null
+++ b/src/lib/libssl/src/util/speed.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+#
+# This is a ugly script use, in conjuction with editing the 'b'
+# configuration in the $(TOP)/Configure script which will
+# output when finished a file called speed.log which is the
+# timings of SSLeay with various options turned on or off.
+#
+# from the $(TOP) directory
+# Edit Configure, modifying things to do with the b/bl-4c-2c etc
+# configurations.
+#
+make clean
+perl Configure b
+make
+apps/ssleay version -v -b -f >speed.1
+apps/ssleay speed >speed.1l
+perl Configure bl-4c-2c
+/bin/rm -f crypto/rc4/*.o crypto/bn/bn*.o crypto/md2/md2_dgst.o
+make
+apps/ssleay speed rc4 rsa md2 >speed.2l
+perl Configure bl-4c-ri
+/bin/rm -f crypto/rc4/rc4*.o
+make
+apps/ssleay speed rc4 >speed.3l
+perl Configure b2-is-ri-dp
+/bin/rm -f crypto/idea/i_*.o crypto/rc4/*.o crypto/des/ecb_enc.o crypto/bn/bn*.o
+apps/ssleay speed rsa rc4 idea des >speed.4l
+cat speed.1 >speed.log
+cat speed.1l >>speed.log
+perl util/sp-diff.pl speed.1l speed.2l >>speed.log
+perl util/sp-diff.pl speed.1l speed.3l >>speed.log
+perl util/sp-diff.pl speed.1l speed.4l >>speed.log
diff --git a/src/lib/libssl/src/util/src-dep.pl b/src/lib/libssl/src/util/src-dep.pl
new file mode 100644
index 0000000000..91242f7bb6
--- /dev/null
+++ b/src/lib/libssl/src/util/src-dep.pl
@@ -0,0 +1,147 @@
+#!/usr/bin/perl
+# we make up an array of
+# $file{function_name}=filename;
+# $unres{filename}="func1 func2 ...."
+$debug=1;
+#$nm_func="parse_linux";
+$nm_func="parse_solaris";
+foreach (@ARGV)
+        {
+        &$nm_func($_);
+        }
+foreach $file (sort keys %unres)
+        {
+        @a=split(/\s+/,$unres{$file});
+        %ff=();
+        foreach $func (@a)
+                {
+                $f=$file{$func};
+                $ff{$f}=1 if $f ne "";
+                }
+        foreach $a (keys %ff)
+                { $we_need{$file}.="$a "; }
+        }
+foreach $file (sort keys %we_need)
+        {
+#       print " $file $we_need{$file}\n";
+        foreach $bit (split(/\s+/,$we_need{$file}))
+                { push(@final,&walk($bit)); }
+        foreach (@final) { $fin{$_}=1; }
+        @final="";
+        foreach (sort keys %fin)
+                { push(@final,$_); }
+        print "$file: @final\n";
+        }
+sub walk
+        {
+        local($f)=@_;
+        local(@a,%seen,@ret,$r);
+        @ret="";
+        $f =~ s/^\s+//;
+        $f =~ s/\s+$//;
+        return "" if ($f =~ "^\s*$");
+        return(split(/\s/,$done{$f})) if defined ($done{$f});
+        return if $in{$f} > 0;
+        $in{$f}++;
+        push(@ret,$f);
+        foreach $r (split(/\s+/,$we_need{$f}))
+                {
+                push(@ret,&walk($r));
+                }
+        $in{$f}--;
+        $done{$f}=join(" ",@ret);
+        return(@ret);
+        }
+sub parse_linux
+        {
+        local($name)=@_;
+        open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n";
+        while (<IN>)
+                {
+                chop;
+                next if /^\s*$/;
+                if (/^[^[](.*):$/)
+                        {
+                        $file=$1;
+                        $file="$1.c" if /\[(.*).o\]/;
+                        print STDERR "$file\n";
+                        $we_need{$file}=" ";
+                        next;
+                        }
+                @a=split(/\s*\|\s*/);
+                next unless $#a == 7;
+                next unless $a[4] eq "GLOB";
+                if ($a[6] eq "UNDEF")
+                        {
+                        $unres{$file}.=$a[7]." ";
+                        }
+                else
+                        {
+                        if ($file{$a[7]} ne "")
+                                {
+                                print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n";
+                                }
+                        else
+                                {
+                                $file{$a[7]}=$file;
+                                }
+                        }
+                }
+        close(IN);
+        }
+sub parse_solaris
+        {
+        local($name)=@_;
+        open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n";
+        while (<IN>)
+                {
+                chop;
+                next if /^\s*$/;
+                if (/^(\S+):$/)
+                        {
+                        $file=$1;
+                        #$file="$1.c" if $file =~ /^(.*).o$/;
+                        print STDERR "$file\n";
+                        $we_need{$file}=" ";
+                        next;
+                        }
+                @a=split(/\s*\|\s*/);
+                next unless $#a == 7;
+                next unless $a[4] eq "GLOB";
+                if ($a[6] eq "UNDEF")
+                        {
+                        $unres{$file}.=$a[7]." ";
+                        print STDERR "$file needs $a[7]\n" if $debug;
+                        }
+                else
+                        {
+                        if ($file{$a[7]} ne "")
+                                {
+                                print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n";
+                                }
+                        else
+                                {
+                                $file{$a[7]}=$file;
+                                print STDERR "$file has $a[7]\n" if $debug;
+                                }
+                        }
+                }
+        close(IN);
+        }
diff --git a/src/lib/libssl/src/util/ssleay.num b/src/lib/libssl/src/util/ssleay.num
new file mode 100644
index 0000000000..359fa15df1
--- /dev/null
+++ b/src/lib/libssl/src/util/ssleay.num
@@ -0,0 +1,156 @@
+ERR_load_SSL_strings                    1
+SSL_CIPHER_description                  2
+SSL_CTX_add_client_CA                   3
+SSL_CTX_add_session                     4
+SSL_CTX_check_private_key               5
+SSL_CTX_ctrl                            6
+SSL_CTX_flush_sessions                  7
+SSL_CTX_free                            8
+SSL_CTX_get_client_CA_list              9
+SSL_CTX_get_verify_callback             10
+SSL_CTX_get_verify_mode                 11
+SSL_CTX_new                             12
+SSL_CTX_remove_session                  13
+SSL_CTX_set_cert_verify_cb              14
+SSL_CTX_set_cipher_list                 15
+SSL_CTX_set_client_CA_list              16
+SSL_CTX_set_default_passwd_cb           17
+SSL_CTX_set_ssl_version                 19
+SSL_CTX_set_verify                      21
+SSL_CTX_use_PrivateKey                  22
+SSL_CTX_use_PrivateKey_ASN1             23
+SSL_CTX_use_PrivateKey_file             24
+SSL_CTX_use_RSAPrivateKey               25
+SSL_CTX_use_RSAPrivateKey_ASN1          26
+SSL_CTX_use_RSAPrivateKey_file          27
+SSL_CTX_use_certificate                 28
+SSL_CTX_use_certificate_ASN1            29
+SSL_CTX_use_certificate_file            30
+SSL_SESSION_free                        31
+SSL_SESSION_new                         32
+SSL_SESSION_print                       33
+SSL_SESSION_print_fp                    34
+SSL_accept                              35
+SSL_add_client_CA                       36
+SSL_alert_desc_string                   37
+SSL_alert_desc_string_long              38
+SSL_alert_type_string                   39
+SSL_alert_type_string_long              40
+SSL_check_private_key                   41
+SSL_clear                               42
+SSL_connect                             43
+SSL_copy_session_id                     44
+SSL_ctrl                                45
+SSL_dup                                 46
+SSL_dup_CA_list                         47
+SSL_free                                48
+SSL_get_certificate                     49
+SSL_get_cipher_list                     52
+SSL_get_ciphers                         55
+SSL_get_client_CA_list                  56
+SSL_get_default_timeout                 57
+SSL_get_error                           58
+SSL_get_fd                              59
+SSL_get_peer_cert_chain                 60
+SSL_get_peer_certificate                61
+SSL_get_rbio                            63
+SSL_get_read_ahead                      64
+SSL_get_shared_ciphers                  65
+SSL_get_ssl_method                      66
+SSL_get_verify_callback                 69
+SSL_get_verify_mode                     70
+SSL_get_version                         71
+SSL_get_wbio                            72
+SSL_load_client_CA_file                 73
+SSL_load_error_strings                  74
+SSL_new                                 75
+SSL_peek                                76
+SSL_pending                             77
+SSL_read                                78
+SSL_renegotiate                         79
+SSL_rstate_string                       80
+SSL_rstate_string_long                  81
+SSL_set_accept_state                    82
+SSL_set_bio                             83
+SSL_set_cipher_list                     84
+SSL_set_client_CA_list                  85
+SSL_set_connect_state                   86
+SSL_set_fd                              87
+SSL_set_read_ahead                      88
+SSL_set_rfd                             89
+SSL_set_session                         90
+SSL_set_ssl_method                      91
+SSL_set_verify                          94
+SSL_set_wfd                             95
+SSL_shutdown                            96
+SSL_state_string                        97
+SSL_state_string_long                   98
+SSL_use_PrivateKey                      99
+SSL_use_PrivateKey_ASN1                 100
+SSL_use_PrivateKey_file                 101
+SSL_use_RSAPrivateKey                   102
+SSL_use_RSAPrivateKey_ASN1              103
+SSL_use_RSAPrivateKey_file              104
+SSL_use_certificate                     105
+SSL_use_certificate_ASN1                106
+SSL_use_certificate_file                107
+SSL_write                               108
+SSLeay_add_ssl_algorithms               109
+SSLv23_client_method                    110
+SSLv23_method                           111
+SSLv23_server_method                    112
+SSLv2_client_method                     113
+SSLv2_method                            114
+SSLv2_server_method                     115
+SSLv3_client_method                     116
+SSLv3_method                            117
+SSLv3_server_method                     118
+d2i_SSL_SESSION                         119
+i2d_SSL_SESSION                         120
+BIO_f_ssl                               121
+BIO_new_ssl                             122
+BIO_proxy_ssl_copy_session_id           123
+BIO_ssl_copy_session_id                 124
+SSL_do_handshake                        125
+SSL_get_privatekey                      126
+SSL_get_current_cipher                  127
+SSL_CIPHER_get_bits                     128
+SSL_CIPHER_get_version                  129
+SSL_CIPHER_get_name                     130
+BIO_ssl_shutdown                        131
+SSL_SESSION_cmp                         132
+SSL_SESSION_hash                        133
+SSL_SESSION_get_time                    134
+SSL_SESSION_set_time                    135
+SSL_SESSION_get_timeout                 136
+SSL_SESSION_set_timeout                 137
+SSL_CTX_get_ex_data                     138
+SSL_CTX_get_quiet_shutdown              140
+SSL_CTX_load_verify_locations           141
+SSL_CTX_set_default_verify_paths        142
+SSL_CTX_set_ex_data                     143
+SSL_CTX_set_quiet_shutdown              145
+SSL_SESSION_get_ex_data                 146
+SSL_SESSION_set_ex_data                 148
+SSL_get_SSL_CTX                         150
+SSL_get_ex_data                         151
+SSL_get_quiet_shutdown                  153
+SSL_get_session                         154
+SSL_get_shutdown                        155
+SSL_get_verify_result                   157
+SSL_set_ex_data                         158
+SSL_set_info_callback                   160
+SSL_set_quiet_shutdown                  161
+SSL_set_shutdown                        162
+SSL_set_verify_result                   163
+SSL_version                             164
+SSL_get_info_callback                   165
+SSL_state                               166
+SSL_CTX_get_ex_new_index                167
+SSL_SESSION_get_ex_new_index            168
+SSL_get_ex_new_index                    169
+TLSv1_method                            170
+TLSv1_server_method                     171
+TLSv1_client_method                     172
+BIO_new_buffer_ssl_connect              173
+BIO_new_ssl_connect                     174
diff --git a/src/lib/libssl/src/util/tab_num.pl b/src/lib/libssl/src/util/tab_num.pl
new file mode 100644
index 0000000000..77b591d92f
--- /dev/null
+++ b/src/lib/libssl/src/util/tab_num.pl
@@ -0,0 +1,17 @@
+#!/usr/bin/perl
+$num=1;
+$width=40;
+while (<>)
+        {
+        chop;
+        $i=length($_);
+        $n=$width-$i;
+        $i=int(($n+7)/8);
+        print $_.("\t" x $i).$num."\n";
+        $num++;
+        }
diff --git a/src/lib/libssl/src/util/x86asm.sh b/src/lib/libssl/src/util/x86asm.sh
new file mode 100644
index 0000000000..81d3289860
--- /dev/null
+++ b/src/lib/libssl/src/util/x86asm.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+echo Generating x86 assember
+echo Bignum
+(cd crypto/bn/asm; perl bn-586.pl cpp > bn86unix.cpp)
+(cd crypto/bn/asm; perl bn-586.pl win32 > bn-win32.asm)
+echo DES
+(cd crypto/des/asm; perl des-586.pl cpp > dx86unix.cpp)
+(cd crypto/des/asm; perl des-586.pl win32 > d-win32.asm)
+echo "crypt(3)"
+(cd crypto/des/asm; perl crypt586.pl cpp > yx86unix.cpp)
+(cd crypto/des/asm; perl crypt586.pl win32 > y-win32.asm)
+echo Blowfish
+(cd crypto/bf/asm; perl bf-586.pl cpp > bx86unix.cpp)
+(cd crypto/bf/asm; perl bf-586.pl win32 > b-win32.asm)
+echo CAST5
+(cd crypto/cast/asm; perl cast-586.pl cpp > cx86unix.cpp)
+(cd crypto/cast/asm; perl cast-586.pl win32 > c-win32.asm)
+echo RC4
+(cd crypto/rc4/asm; perl rc4-586.pl cpp > rx86unix.cpp)
+(cd crypto/rc4/asm; perl rc4-586.pl win32 > r4-win32.asm)
+echo MD5
+(cd crypto/md5/asm; perl md5-586.pl cpp > mx86unix.cpp)
+(cd crypto/md5/asm; perl md5-586.pl win32 > m5-win32.asm)
+echo SHA1
+(cd crypto/sha/asm; perl sha1-586.pl cpp > sx86unix.cpp)
+(cd crypto/sha/asm; perl sha1-586.pl win32 > s1-win32.asm)
+echo RIPEMD160
+(cd crypto/ripemd/asm; perl rmd-586.pl cpp > rm86unix.cpp)
+(cd crypto/ripemd/asm; perl rmd-586.pl win32 > rm-win32.asm)
+echo RC5/32
+(cd crypto/rc5/asm; perl rc5-586.pl cpp > r586unix.cpp)
+(cd crypto/rc5/asm; perl rc5-586.pl win32 > r5-win32.asm)
author	ryker <>	1998-10-05 20:13:15 +0000
committer	ryker <>	1998-10-05 20:13:15 +0000
commit	9e77c62555877f9a64805c49d0dcd7dbfbb40f4e (patch)
tree	2a6396b738ecede1e1dd3ad84c90e47e21d0bcbd
parent	fe5d0717e2760d02faf23bf5a714f17b33ae4abb (diff)
parent	536c76cbb863bab152f19842ab88772c01e922c7 (diff)
download	openbsd-9e77c62555877f9a64805c49d0dcd7dbfbb40f4e.tar.gz openbsd-9e77c62555877f9a64805c49d0dcd7dbfbb40f4e.tar.bz2 openbsd-9e77c62555877f9a64805c49d0dcd7dbfbb40f4e.zip