This commit was generated by cvs2git to track changes on a CVS vendor

branch.

14 files changed, 1683 insertions, 0 deletions

diff --git a/src/lib/libcrypto/opensslconf.h b/src/lib/libcrypto/opensslconf.h
new file mode 100644
index 0000000000..c9756e47a3
--- /dev/null
+++ b/src/lib/libcrypto/opensslconf.h
@@ -0,0 +1,180 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/util/pod2mantest b/src/lib/libcrypto/util/pod2mantest
new file mode 100644
index 0000000000..79aefafac0
--- /dev/null
+++ b/src/lib/libcrypto/util/pod2mantest
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# This script is used by test/Makefile.ssl to check whether a sane 'pod2man'
+# is installed.
+# ('make install' should not try to run 'pod2man' if it does not exist or if
+# it is a broken 'pod2man' version that is known to cause trouble. if we find
+# the system 'pod2man' to be broken, we use our own copy instead)
+#
+# In any case, output an appropriate command line for running (or not
+# running) pod2man.
+
+
+IFS=:
+try_without_dir=true
+# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
+for dir in dummy:$PATH; do
+    if [ "$try_without_dir" = true ]; then
+      # first iteration
+      pod2man=pod2man
+      try_without_dir=false
+    else
+      # second and later iterations
+      pod2man="$dir/pod2man"
+      if [ ! -f "$pod2man" ]; then  # '-x' is not available on Ultrix
+        pod2man=''
+      fi
+    fi
+
+    if [ ! "$pod2man" = '' ]; then
+        failure=none
+
+
+        if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then
+            failure=MultilineTest
+        fi
+
+
+        if [ "$failure" = none ]; then
+            echo "$pod2man"
+            exit 0
+        fi
+
+        echo "$pod2man does not work properly ('$failure' failed).  Looking for another pod2man ..." >&2
+    fi
+done
+
+echo "No working pod2man found.  Consider installing a new version." >&2
+if [ "$1" = ignore ]; then
+  echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+  echo "util/pod2man.pl"
+  exit 0
+fi
+exit 1
diff --git a/src/lib/libcrypto/util/pod2mantest.pod b/src/lib/libcrypto/util/pod2mantest.pod
new file mode 100644
index 0000000000..5d2539a17f
--- /dev/null
+++ b/src/lib/libcrypto/util/pod2mantest.pod
@@ -0,0 +1,15 @@
+=pod
+
+=head1 NAME
+
+foo, bar,
+MARKER - test of multiline name section
+
+=head1 DESCRIPTION
+
+This is a test .pod file to see if we have a buggy pod2man or not.
+If we have a buggy implementation, we will get a line matching the
+regular expression "^ +MARKER - test of multiline name section *$"
+at the end of the resulting document.
+
+=cut
diff --git a/src/lib/libssl/src/VMS/tcpip_shr_decc.opt b/src/lib/libssl/src/VMS/tcpip_shr_decc.opt
new file mode 100644
index 0000000000..33b159e5f5
--- /dev/null
+++ b/src/lib/libssl/src/VMS/tcpip_shr_decc.opt
@@ -0,0 +1 @@
+sys$share:tcpip$ipc_shr.exe/share
diff --git a/src/lib/libssl/src/crypto/opensslconf.h b/src/lib/libssl/src/crypto/opensslconf.h
new file mode 100644
index 0000000000..c9756e47a3
--- /dev/null
+++ b/src/lib/libssl/src/crypto/opensslconf.h
@@ -0,0 +1,180 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libssl/src/demos/engines/rsaref/Makefile b/src/lib/libssl/src/demos/engines/rsaref/Makefile
new file mode 100644
index 0000000000..5fbcda3576
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/rsaref/Makefile
@@ -0,0 +1,119 @@
+LIBNAME=        librsaref
+SRC=            rsaref.c
+OBJ=            rsaref.o
+HEADER=         rsaref.h
+
+CC=             gcc
+PIC=            -fPIC
+CFLAGS=         -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT
+AR=             ar r
+RANLIB=         ranlib
+
+LIB=            $(LIBNAME).a
+SHLIB=          $(LIBNAME).so
+
+all:
+                @echo 'Please choose a system to build on:'
+                @echo ''
+                @echo 'tru64:    Tru64 Unix, Digital Unix, Digital OSF/1'
+                @echo 'solaris:  Solaris'
+                @echo 'irix:     IRIX'
+                @echo 'hpux32:   32-bit HP/UX'
+                @echo 'hpux64:   64-bit HP/UX'
+                @echo 'aix:      AIX'
+                @echo 'gnu:      Generic GNU-based system (gcc and GNU ld)'
+                @echo ''
+
+FORCE.install:
+install:        FORCE.install
+                cd install; \
+                        make -f unix/makefile CFLAGS='-I. -DPROTOTYPES=1 -O -c' RSAREFLIB=librsaref.a librsaref.a
+
+FORCE.update:
+update:         FORCE.update
+                perl ../../../util/mkerr.pl -conf rsaref.ec \
+                        -nostatic -staticloader -write rsaref.c
+
+gnu:            install $(SHLIB).gnu
+tru64:          install $(SHLIB).tru64
+solaris:        install $(SHLIB).solaris
+irix:           install $(SHLIB).irix
+hpux32:         install $(SHLIB).hpux32
+hpux64:         install $(SHLIB).hpux64
+aix:            install $(SHLIB).aix
+
+$(LIB):         $(OBJ)
+                $(AR) $(LIB) $(OBJ)
+                - $(RANLIB) $(LIB)
+
+LINK_SO=        \
+  ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) install/librsaref.a && \
+  (nm -Pg $(LIBNAME).o | grep ' [BD] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
+   $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
+
+$(SHLIB).gnu:   $(LIB) install/librsaref.a
+                ALLSYMSFLAGS='--whole-archive' \
+                SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
+                SHAREDCMD='$(CC)'; \
+                $(LINK_SO)
+                touch $(SHLIB).gnu
+$(SHLIB).tru64: $(LIB) install/librsaref.a
+                ALLSYMSFLAGS='-all' \
+                SHAREDFLAGS='-shared' \
+                SHAREDCMD='$(CC)'; \
+                $(LINK_SO)
+                touch $(SHLIB).tru64
+$(SHLIB).solaris:       $(LIB) install/librsaref.a
+                ALLSYMSFLAGS='-z allextract' \
+                SHAREDFLAGS='-G -h $(SHLIB)' \
+                SHAREDCMD='$(CC)'; \
+                $(LINK_SO)
+                touch $(SHLIB).solaris
+$(SHLIB).irix:  $(LIB) install/librsaref.a
+                ALLSYMSFLAGS='-all' \
+                SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
+                SHAREDCMD='$(CC)'; \
+                $(LINK_SO)
+                touch $(SHLIB).irix
+$(SHLIB).hpux32:        $(LIB) install/librsaref.a
+                ALLSYMSFLAGS='-Fl' \
+                SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
+                SHAREDCMD='/usr/ccs/bin/ld'; \
+                $(LINK_SO)
+                touch $(SHLIB).hpux32
+$(SHLIB).hpux64:        $(LIB) install/librsaref.a
+                ALLSYMSFLAGS='+forceload' \
+                SHAREDFLAGS='-b -z +h $(SHLIB)' \
+                SHAREDCMD='/usr/ccs/bin/ld'; \
+                $(LINK_SO)
+                touch $(SHLIB).hpux64
+$(SHLIB).aix:   $(LIB) install/librsaref.a
+                ALLSYMSFLAGS='-bnogc' \
+                SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
+                SHAREDCMD='$(CC)'; \
+                $(LINK_SO)
+                touch $(SHLIB).aix
+
+depend:
+                sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
+                echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
+                gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
+                perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
+                rm -f Makefile.tmp Makefile
+                mv Makefile.new Makefile
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
+rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
+rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
+rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
+rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
+rsaref.o: ../../../include/openssl/opensslconf.h
+rsaref.o: ../../../include/openssl/opensslv.h
+rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
+rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
+rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
+rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
+rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
+rsaref.o: source/rsaref.h
diff --git a/src/lib/libssl/src/demos/engines/rsaref/README b/src/lib/libssl/src/demos/engines/rsaref/README
new file mode 100644
index 0000000000..00b1f7473b
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/rsaref/README
@@ -0,0 +1,22 @@
+librsaref.so is a demonstration dynamic engine that does RSA
+operations using the old RSAref 2.0 implementation.
+
+To make proper use of this engine, you must download RSAref 2.0
+(search the web for rsaref.tar.Z for example) and unpack it in this
+directory, so you'll end up having the subdirectories "install" and
+"source" among others.
+
+To build, do the following:
+
+        make
+
+This will list a number of available targets to choose from.  Most of
+them are architecture-specific.  The exception is "gnu" which is to be
+used on systems where GNU ld and gcc have been installed in such a way
+that gcc uses GNU ld to link together programs and shared libraries.
+
+The make file assumes you use gcc.  To change that, just reassign CC:
+
+        make CC=cc
+
+The result is librsaref.so, which you can copy to any place you wish.
diff --git a/src/lib/libssl/src/demos/engines/rsaref/build.com b/src/lib/libssl/src/demos/engines/rsaref/build.com
new file mode 100644
index 0000000000..b956912916
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/rsaref/build.com
@@ -0,0 +1,85 @@
+$! BUILD.COM -- Building procedure for the RSAref engine
+$
+$       if f$search("source.dir") .eqs. "" -
+           .or. f$search("install.dir") .eqs. ""
+$       then
+$           write sys$error "RSAref 2.0 hasn't been properly extracted."
+$           exit
+$       endif
+$
+$       _save_default = f$environment("default")
+$       set default [.install]
+$       files := desc,digit,md2c,md5c,nn,prime,-
+                rsa,r_encode,r_dh,r_enhanc,r_keygen,r_random,-
+                r_stdlib
+$       delete rsaref.olb;*
+$       library/create/object rsaref.olb
+$       files_i = 0
+$ rsaref_loop:
+$       files_e = f$edit(f$element(files_i,",",files),"trim")
+$       files_i = files_i + 1
+$       if files_e .eqs. "," then goto rsaref_loop_end
+$       cc/include=([-.source],[])/define=PROTOTYPES=1/object=[]'files_e'.obj -
+                [-.source]'files_e'.c
+$       library/replace/object rsaref.olb 'files_e'.obj
+$       goto rsaref_loop
+$ rsaref_loop_end:
+$
+$       set default [-]
+$       define/user openssl [---.include.openssl]
+$       cc/define=ENGINE_DYNAMIC_SUPPORT rsaref.c
+$
+$       if f$getsyi("CPU") .ge. 128
+$       then
+$           link/share=librsaref.exe sys$input:/option
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.axp.exe.crypto]libcrypto.olb/lib
+symbol_vector=(bind_engine=procedure,v_check=procedure)
+$       else
+$           macro/object=rsaref_vec.obj sys$input:
+;
+; Transfer vector for VAX shareable image
+;
+        .TITLE librsaref
+;
+; Define macro to assist in building transfer vector entries.  Each entry
+; should take no more than 8 bytes.
+;
+        .MACRO FTRANSFER_ENTRY routine
+        .ALIGN QUAD
+        .TRANSFER routine
+        .MASK   routine
+        JMP     routine+2
+        .ENDM FTRANSFER_ENTRY
+;
+; Place entries in own program section.
+;
+        .PSECT $$LIBRSAREF,QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT
+
+LIBRSAREF_xfer:
+        FTRANSFER_ENTRY bind_engine
+        FTRANSFER_ENTRY v_check
+
+;
+; Allocate extra storage at end of vector to allow for expansion.
+;
+        .BLKB 512-<.-LIBRSAREF_xfer>    ; 1 page.
+        .END
+$           link/share=librsaref.exe sys$input:/option
+!
+! Ensure transfer vector is at beginning of image
+!
+CLUSTER=FIRST
+COLLECT=FIRST,$$LIBRSAREF
+!
+! make psects nonshareable so image can be installed.
+!
+PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
+[]rsaref_vec.obj
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.vax.exe.crypto]libcrypto.olb/lib
+$       endif
+$
+$       set default '_save_default'
diff --git a/src/lib/libssl/src/demos/engines/rsaref/rsaref.c b/src/lib/libssl/src/demos/engines/rsaref/rsaref.c
new file mode 100644
index 0000000000..e23f64c01e
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/rsaref/rsaref.c
@@ -0,0 +1,682 @@
+/* Demo of how to construct your own engine and using it.  The basis of this
+   engine is RSAref, an old reference of the RSA algorithm which can still
+   be found a little here and there. */
+
+#include <stdio.h>
+#include "./source/global.h"
+#include "./source/rsaref.h"
+#include "./source/rsa.h"
+#include "./source/des.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/engine.h>
+
+#define RSAREF_LIB_NAME "rsaref engine"
+#include "rsaref_err.c"
+
+/*****************************************************************************
+ *** Function declarations and global variable definitions                 ***
+ *****************************************************************************/
+
+/*****************************************************************************
+ * Constants used when creating the ENGINE
+ **/
+static const char *engine_rsaref_id = "rsaref";
+static const char *engine_rsaref_name = "RSAref engine support";
+
+/*****************************************************************************
+ * Functions to handle the engine
+ **/
+static int rsaref_destroy(ENGINE *e);
+static int rsaref_init(ENGINE *e);
+static int rsaref_finish(ENGINE *e);
+#if 0
+static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); 
+#endif
+
+/*****************************************************************************
+ * Engine commands
+ **/
+static const ENGINE_CMD_DEFN rsaref_cmd_defns[] = {
+        {0, NULL, NULL, 0}
+        };
+
+/*****************************************************************************
+ * RSA functions
+ **/
+static int rsaref_private_decrypt(int len, const unsigned char *from,
+        unsigned char *to, RSA *rsa, int padding);
+static int rsaref_private_encrypt(int len, const unsigned char *from,
+        unsigned char *to, RSA *rsa, int padding);
+static int rsaref_public_encrypt(int len, const unsigned char *from,
+        unsigned char *to, RSA *rsa, int padding);
+static int rsaref_public_decrypt(int len, const unsigned char *from,
+        unsigned char *to, RSA *rsa, int padding);
+static int bnref_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m,
+                          BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+
+/*****************************************************************************
+ * Our RSA method
+ **/
+static RSA_METHOD rsaref_rsa =
+{
+  "RSAref PKCS#1 RSA",
+  rsaref_public_encrypt,
+  rsaref_public_decrypt,
+  rsaref_private_encrypt,
+  rsaref_private_decrypt,
+  rsaref_mod_exp,
+  bnref_mod_exp,
+  NULL,
+  NULL,
+  0,
+  NULL,
+  NULL,
+  NULL
+};
+
+/*****************************************************************************
+ * Symetric cipher and digest function registrars
+ **/
+static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        const int **nids, int nid);
+static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
+        const int **nids, int nid);
+
+static int rsaref_cipher_nids[] =
+        { NID_des_cbc, NID_des_ede3_cbc, NID_desx_cbc, 0 };
+static int rsaref_digest_nids[] =
+        { NID_md2, NID_md5, 0 };
+
+/*****************************************************************************
+ * DES functions
+ **/
+int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        const unsigned char *iv, int enc);
+int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        const unsigned char *in, unsigned int inl);
+int cipher_des_cbc_clean(EVP_CIPHER_CTX *);
+int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        const unsigned char *iv, int enc);
+int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        const unsigned char *in, unsigned int inl);
+int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *);
+int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        const unsigned char *iv, int enc);
+int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        const unsigned char *in, unsigned int inl);
+int cipher_desx_cbc_clean(EVP_CIPHER_CTX *);
+
+/*****************************************************************************
+ * Our DES ciphers
+ **/
+static const EVP_CIPHER cipher_des_cbc =
+        {
+        NID_des_cbc,
+        8, 8, 8,
+        0,
+        cipher_des_cbc_init,
+        cipher_des_cbc_code,
+        cipher_des_cbc_clean,
+        sizeof(DES_CBC_CTX),
+        NULL,
+        NULL,
+        NULL,
+        NULL
+        };
+
+static const EVP_CIPHER cipher_des_ede3_cbc =
+        {
+        NID_des_ede3_cbc,
+        8, 24, 8,
+        0,
+        cipher_des_ede3_cbc_init,
+        cipher_des_ede3_cbc_code,
+        cipher_des_ede3_cbc_clean,
+        sizeof(DES3_CBC_CTX),
+        NULL,
+        NULL,
+        NULL,
+        NULL
+        };
+
+static const EVP_CIPHER cipher_desx_cbc =
+        {
+        NID_desx_cbc,
+        8, 24, 8,
+        0,
+        cipher_desx_cbc_init,
+        cipher_desx_cbc_code,
+        cipher_desx_cbc_clean,
+        sizeof(DESX_CBC_CTX),
+        NULL,
+        NULL,
+        NULL,
+        NULL
+        };
+
+/*****************************************************************************
+ * MD functions
+ **/
+static int digest_md2_init(EVP_MD_CTX *ctx);
+static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,
+        unsigned long count);
+static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md);
+static int digest_md5_init(EVP_MD_CTX *ctx);
+static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,
+        unsigned long count);
+static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md);
+
+/*****************************************************************************
+ * Our MD digests
+ **/
+static const EVP_MD digest_md2 =
+        {
+        NID_md2,
+        NID_md2WithRSAEncryption,
+        16,
+        0,
+        digest_md2_init,
+        digest_md2_update,
+        digest_md2_final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_method,
+        16,
+        sizeof(MD2_CTX)
+        };
+
+static const EVP_MD digest_md5 =
+        {
+        NID_md5,
+        NID_md5WithRSAEncryption,
+        16,
+        0,
+        digest_md5_init,
+        digest_md5_update,
+        digest_md5_final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_method,
+        64,
+        sizeof(MD5_CTX)
+        };
+
+/*****************************************************************************
+ *** Function definitions                                                  ***
+ *****************************************************************************/
+
+/*****************************************************************************
+ * Functions to handle the engine
+ **/
+
+static int bind_rsaref(ENGINE *e)
+        {
+        const RSA_METHOD *meth1;
+        if(!ENGINE_set_id(e, engine_rsaref_id)
+                || !ENGINE_set_name(e, engine_rsaref_name)
+                || !ENGINE_set_RSA(e, &rsaref_rsa)
+                || !ENGINE_set_ciphers(e, rsaref_ciphers)
+                || !ENGINE_set_digests(e, rsaref_digests)
+                || !ENGINE_set_destroy_function(e, rsaref_destroy)
+                || !ENGINE_set_init_function(e, rsaref_init)
+                || !ENGINE_set_finish_function(e, rsaref_finish)
+                /* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */
+                /* || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns) */)
+                return 0;
+
+        /* Ensure the rsaref error handling is set up */
+        ERR_load_RSAREF_strings();
+        return 1;
+        }
+
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_helper(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_rsaref_id) != 0))
+                return 0;
+        if(!bind_rsaref(e))
+                return 0;
+        return 1;
+        }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_rsaref(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_rsaref(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_rsaref(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_rsaref();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+
+/* Initiator which is only present to make sure this engine looks available */
+static int rsaref_init(ENGINE *e)
+        {
+        return 1;
+        }
+
+/* Finisher which is only present to make sure this engine looks available */
+static int rsaref_finish(ENGINE *e)
+        {
+        return 1;
+        }
+
+/* Destructor (complements the "ENGINE_ncipher()" constructor) */
+static int rsaref_destroy(ENGINE *e)
+        {
+        ERR_unload_RSAREF_strings();
+        return 1;
+        }
+
+/*****************************************************************************
+ * RSA functions
+ **/
+
+static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+        {
+        RSAREFerr(RSAREF_F_RSAREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return(0);
+        }
+
+static int bnref_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        RSAREFerr(RSAREF_F_BNREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return(0);
+        }
+
+/* unsigned char *to:  [max]    */
+static int RSAref_bn2bin(BIGNUM *from, unsigned char *to, int max)
+        {
+        int i;
+
+        i=BN_num_bytes(from);
+        if (i > max)
+                {
+                RSAREFerr(RSAREF_F_RSAREF_BN2BIN,RSAREF_R_LEN);
+                return(0);
+                }
+
+        memset(to,0,(unsigned int)max);
+        if (!BN_bn2bin(from,&(to[max-i])))
+                return(0);
+        return(1);
+        }
+
+#ifdef undef
+/* unsigned char *from:  [max]    */
+static BIGNUM *RSAref_bin2bn(unsigned char *from, BIGNUM *to, int max)
+        {
+        int i;
+        BIGNUM *ret;
+
+        for (i=0; i<max; i++)
+                if (from[i]) break;
+
+        ret=BN_bin2bn(&(from[i]),max-i,to);
+        return(ret);
+        }
+
+static int RSAref_Public_ref2eay(RSArefPublicKey *from, RSA *to)
+        {
+        to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN);
+        to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN);
+        if ((to->n == NULL) || (to->e == NULL)) return(0);
+        return(1);
+        }
+#endif
+
+static int RSAref_Public_eay2ref(RSA *from, R_RSA_PUBLIC_KEY *to)
+        {
+        to->bits=BN_num_bits(from->n);
+        if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);
+        if (!RSAref_bn2bin(from->e,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);
+        return(1);
+        }
+
+#ifdef undef
+static int RSAref_Private_ref2eay(RSArefPrivateKey *from, RSA *to)
+        {
+        if ((to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN)) == NULL)
+                return(0);
+        if ((to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN)) == NULL)
+                return(0);
+        if ((to->d=RSAref_bin2bn(from->d,NULL,RSAref_MAX_LEN)) == NULL)
+                return(0);
+        if ((to->p=RSAref_bin2bn(from->prime[0],NULL,RSAref_MAX_PLEN)) == NULL)
+                return(0);
+        if ((to->q=RSAref_bin2bn(from->prime[1],NULL,RSAref_MAX_PLEN)) == NULL)
+                return(0);
+        if ((to->dmp1=RSAref_bin2bn(from->pexp[0],NULL,RSAref_MAX_PLEN))
+                == NULL)
+                return(0);
+        if ((to->dmq1=RSAref_bin2bn(from->pexp[1],NULL,RSAref_MAX_PLEN))
+                == NULL)
+                return(0);
+        if ((to->iqmp=RSAref_bin2bn(from->coef,NULL,RSAref_MAX_PLEN)) == NULL)
+                return(0);
+        return(1);
+        }
+#endif
+
+static int RSAref_Private_eay2ref(RSA *from, R_RSA_PRIVATE_KEY *to)
+        {
+        to->bits=BN_num_bits(from->n);
+        if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);
+        if (!RSAref_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN)) return(0);
+        if (!RSAref_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);
+        if (!RSAref_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN)) return(0);
+        if (!RSAref_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN)) return(0);
+        if (!RSAref_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN)) return(0);
+        if (!RSAref_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN)) return(0);
+        if (!RSAref_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN)) return(0);
+        return(1);
+        }
+
+static int rsaref_private_decrypt(int len, const unsigned char *from, unsigned char *to,
+             RSA *rsa, int padding)
+        {
+        int i,outlen= -1;
+        R_RSA_PRIVATE_KEY RSAkey;
+
+        if (!RSAref_Private_eay2ref(rsa,&RSAkey))
+                goto err;
+        if ((i=RSAPrivateDecrypt(to,&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
+                {
+                RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT,i);
+                outlen= -1;
+                }
+err:
+        memset(&RSAkey,0,sizeof(RSAkey));
+        return(outlen);
+        }
+
+static int rsaref_private_encrypt(int len, const unsigned char *from, unsigned char *to,
+             RSA *rsa, int padding)
+        {
+        int i,outlen= -1;
+        R_RSA_PRIVATE_KEY RSAkey;
+
+        if (padding != RSA_PKCS1_PADDING)
+                {
+                RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+                goto err;
+        }
+        if (!RSAref_Private_eay2ref(rsa,&RSAkey))
+                goto err;
+        if ((i=RSAPrivateEncrypt(to,&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
+                {
+                RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,i);
+                outlen= -1;
+                }
+err:
+        memset(&RSAkey,0,sizeof(RSAkey));
+        return(outlen);
+        }
+
+static int rsaref_public_decrypt(int len, const unsigned char *from, unsigned char *to,
+             RSA *rsa, int padding)
+        {
+        int i,outlen= -1;
+        R_RSA_PUBLIC_KEY RSAkey;
+
+        if (!RSAref_Public_eay2ref(rsa,&RSAkey))
+                goto err;
+        if ((i=RSAPublicDecrypt(to,&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
+                {
+                RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT,i);
+                outlen= -1;
+                }
+err:
+        memset(&RSAkey,0,sizeof(RSAkey));
+        return(outlen);
+        }
+
+static int rsaref_public_encrypt(int len, const unsigned char *from, unsigned char *to,
+             RSA *rsa, int padding)
+        {
+        int outlen= -1;
+        int i;
+        R_RSA_PUBLIC_KEY RSAkey;
+        R_RANDOM_STRUCT rnd;
+        unsigned char buf[16];
+
+        if (padding != RSA_PKCS1_PADDING && padding != RSA_SSLV23_PADDING) 
+                {
+                RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+                goto err;
+                }
+        
+        R_RandomInit(&rnd);
+        R_GetRandomBytesNeeded((unsigned int *)&i,&rnd);
+        while (i > 0)
+                {
+                if (RAND_bytes(buf,16) <= 0)
+                        goto err;
+                R_RandomUpdate(&rnd,buf,(unsigned int)((i>16)?16:i));
+                i-=16;
+                }
+
+        if (!RSAref_Public_eay2ref(rsa,&RSAkey))
+                goto err;
+        if ((i=RSAPublicEncrypt(to,&outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0)
+                {
+                RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT,i);
+                outlen= -1;
+                goto err;
+                }
+err:
+        memset(&RSAkey,0,sizeof(RSAkey));
+        R_RandomFinal(&rnd);
+        memset(&rnd,0,sizeof(rnd));
+        return(outlen);
+        }
+
+/*****************************************************************************
+ * Symetric cipher and digest function registrars
+ **/
+static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        const int **nids, int nid)
+        {
+        int ok = 1;
+        if(!cipher)
+                {
+                /* We are returning a list of supported nids */
+                *nids = rsaref_cipher_nids;
+                return (sizeof(rsaref_cipher_nids)-1)/sizeof(rsaref_cipher_nids[0]);
+                }
+        /* We are being asked for a specific cipher */
+        switch (nid)
+                {
+        case NID_des_cbc:
+                *cipher = &cipher_des_cbc; break;
+        case NID_des_ede3_cbc:
+                *cipher = &cipher_des_ede3_cbc; break;
+        case NID_desx_cbc:
+                *cipher = &cipher_desx_cbc; break;
+        default:
+                ok = 0;
+                *cipher = NULL;
+                break;
+                }
+        return ok;
+        }
+static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
+        const int **nids, int nid)
+        {
+        int ok = 1;
+        if(!digest)
+                {
+                /* We are returning a list of supported nids */
+                *nids = rsaref_digest_nids;
+                return (sizeof(rsaref_digest_nids)-1)/sizeof(rsaref_digest_nids[0]);
+                }
+        /* We are being asked for a specific digest */
+        switch (nid)
+                {
+        case NID_md2:
+                *digest = &digest_md2; break;
+        case NID_md5:
+                *digest = &digest_md5; break;
+        default:
+                ok = 0;
+                *digest = NULL;
+                break;
+                }
+        return ok;
+        }
+
+/*****************************************************************************
+ * DES functions
+ **/
+#undef data
+#define data(ctx) ((DES_CBC_CTX *)(ctx)->cipher_data)
+int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        const unsigned char *iv, int enc)
+        {
+        DES_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
+        return 1;
+        }
+int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        const unsigned char *in, unsigned int inl)
+        {
+        int ret = DES_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
+        switch (ret)
+                {
+        case RE_LEN:
+                RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
+                break;
+        case 0:
+                break;
+        default:
+                RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
+                }
+        return !ret;
+        }
+int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx)
+        {
+        memset(data(ctx), 0, ctx->cipher->ctx_size);
+        return 1;
+        }
+
+#undef data
+#define data(ctx) ((DES3_CBC_CTX *)(ctx)->cipher_data)
+int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        const unsigned char *iv, int enc)
+        {
+        DES3_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
+                enc);
+        return 1;
+        }
+int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        const unsigned char *in, unsigned int inl)
+        {
+        int ret = DES3_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
+        switch (ret)
+                {
+        case RE_LEN:
+                RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
+                break;
+        case 0:
+                break;
+        default:
+                RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
+                }
+        return !ret;
+        }
+int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx)
+        {
+        memset(data(ctx), 0, ctx->cipher->ctx_size);
+        return 1;
+        }
+
+#undef data
+#define data(ctx) ((DESX_CBC_CTX *)(ctx)->cipher_data)
+int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        const unsigned char *iv, int enc)
+        {
+        DESX_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
+                enc);
+        return 1;
+        }
+int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        const unsigned char *in, unsigned int inl)
+        {
+        int ret = DESX_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
+        switch (ret)
+                {
+        case RE_LEN:
+                RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
+                break;
+        case 0:
+                break;
+        default:
+                RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
+                }
+        return !ret;
+        }
+int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx)
+        {
+        memset(data(ctx), 0, ctx->cipher->ctx_size);
+        return 1;
+        }
+
+/*****************************************************************************
+ * MD functions
+ **/
+#undef data
+#define data(ctx) ((MD2_CTX *)(ctx)->md_data)
+static int digest_md2_init(EVP_MD_CTX *ctx)
+        {
+        MD2Init(data(ctx));
+        return 1;
+        }
+static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,
+        unsigned long count)
+        {
+        MD2Update(data(ctx), (unsigned char *)data, (unsigned int)count);
+        return 1;
+        }
+static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md)
+        {
+        MD2Final(md, data(ctx));
+        return 1;
+        }
+
+#undef data
+#define data(ctx) ((MD5_CTX *)(ctx)->md_data)
+static int digest_md5_init(EVP_MD_CTX *ctx)
+        {
+        MD5Init(data(ctx));
+        return 1;
+        }
+static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,
+        unsigned long count)
+        {
+        MD5Update(data(ctx), (unsigned char *)data, (unsigned int)count);
+        return 1;
+        }
+static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
+        {
+        MD5Final(md, data(ctx));
+        return 1;
+        }
diff --git a/src/lib/libssl/src/demos/engines/rsaref/rsaref.ec b/src/lib/libssl/src/demos/engines/rsaref/rsaref.ec
new file mode 100644
index 0000000000..c690ae3883
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/rsaref/rsaref.ec
@@ -0,0 +1,8 @@
+# configuration file for util/mkerr.pl
+#
+# use like this:
+#
+#       perl ../../../util/mkerr.pl -conf rsaref.ec \
+#               -nostatic -staticloader -write *.c
+
+L RSAREF        rsaref_err.h                    rsaref_err.c
diff --git a/src/lib/libssl/src/demos/engines/rsaref/rsaref_err.c b/src/lib/libssl/src/demos/engines/rsaref/rsaref_err.c
new file mode 100644
index 0000000000..ceaf05706d
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/rsaref/rsaref_err.c
@@ -0,0 +1,161 @@
+/* rsaref_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "rsaref_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA RSAREF_str_functs[]=
+        {
+{ERR_PACK(0,RSAREF_F_BNREF_MOD_EXP,0),  "BNREF_MOD_EXP"},
+{ERR_PACK(0,RSAREF_F_CIPHER_DES_CBC_CODE,0),    "CIPHER_DES_CBC_CODE"},
+{ERR_PACK(0,RSAREF_F_RSAREF_BN2BIN,0),  "RSAREF_BN2BIN"},
+{ERR_PACK(0,RSAREF_F_RSAREF_MOD_EXP,0), "RSAREF_MOD_EXP"},
+{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_DECRYPT,0), "RSAREF_PRIVATE_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_ENCRYPT,0), "RSAREF_PRIVATE_ENCRYPT"},
+{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_DECRYPT,0),  "RSAREF_PUBLIC_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_ENCRYPT,0),  "RSAREF_PUBLIC_ENCRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_BN2BIN,0),     "RSA_BN2BIN"},
+{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_DECRYPT,0),    "RSA_PRIVATE_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_ENCRYPT,0),    "RSA_PRIVATE_ENCRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_DECRYPT,0),     "RSA_PUBLIC_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_ENCRYPT,0),     "RSA_PUBLIC_ENCRYPT"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA RSAREF_str_reasons[]=
+        {
+{RSAREF_R_CONTENT_ENCODING               ,"content encoding"},
+{RSAREF_R_DATA                           ,"data"},
+{RSAREF_R_DIGEST_ALGORITHM               ,"digest algorithm"},
+{RSAREF_R_ENCODING                       ,"encoding"},
+{RSAREF_R_ENCRYPTION_ALGORITHM           ,"encryption algorithm"},
+{RSAREF_R_KEY                            ,"key"},
+{RSAREF_R_KEY_ENCODING                   ,"key encoding"},
+{RSAREF_R_LEN                            ,"len"},
+{RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED       ,"length not block aligned"},
+{RSAREF_R_MODULUS_LEN                    ,"modulus len"},
+{RSAREF_R_NEED_RANDOM                    ,"need random"},
+{RSAREF_R_PRIVATE_KEY                    ,"private key"},
+{RSAREF_R_PUBLIC_KEY                     ,"public key"},
+{RSAREF_R_SIGNATURE                      ,"signature"},
+{RSAREF_R_SIGNATURE_ENCODING             ,"signature encoding"},
+{RSAREF_R_UNKNOWN_FAULT                  ,"unknown fault"},
+{0,NULL}
+        };
+
+#endif
+
+#ifdef RSAREF_LIB_NAME
+static ERR_STRING_DATA RSAREF_lib_name[]=
+        {
+{0      ,RSAREF_LIB_NAME},
+{0,NULL}
+        };
+#endif
+
+
+static int RSAREF_lib_error_code=0;
+static int RSAREF_error_init=1;
+
+static void ERR_load_RSAREF_strings(void)
+        {
+        if (RSAREF_lib_error_code == 0)
+                RSAREF_lib_error_code=ERR_get_next_error_library();
+
+        if (RSAREF_error_init)
+                {
+                RSAREF_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_functs);
+                ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_reasons);
+#endif
+
+#ifdef RSAREF_LIB_NAME
+                RSAREF_lib_name->error = ERR_PACK(RSAREF_lib_error_code,0,0);
+                ERR_load_strings(0,RSAREF_lib_name);
+#endif
+                }
+        }
+
+static void ERR_unload_RSAREF_strings(void)
+        {
+        if (RSAREF_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_functs);
+                ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_reasons);
+#endif
+
+#ifdef RSAREF_LIB_NAME
+                ERR_unload_strings(0,RSAREF_lib_name);
+#endif
+                RSAREF_error_init=1;
+                }
+        }
+
+static void ERR_RSAREF_error(int function, int reason, char *file, int line)
+        {
+        if (RSAREF_lib_error_code == 0)
+                RSAREF_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(RSAREF_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libssl/src/demos/engines/rsaref/rsaref_err.h b/src/lib/libssl/src/demos/engines/rsaref/rsaref_err.h
new file mode 100644
index 0000000000..19759709b7
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/rsaref/rsaref_err.h
@@ -0,0 +1,109 @@
+/* rsaref_err.h */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_RSAREF_ERR_H
+#define HEADER_RSAREF_ERR_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_RSAREF_strings(void);
+static void ERR_unload_RSAREF_strings(void);
+static void ERR_RSAREF_error(int function, int reason, char *file, int line);
+#define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
+/* Error codes for the RSAREF functions. */
+
+/* Function codes. */
+#define RSAREF_F_BNREF_MOD_EXP                           100
+#define RSAREF_F_CIPHER_DES_CBC_CODE                     112
+#define RSAREF_F_RSAREF_BN2BIN                           101
+#define RSAREF_F_RSAREF_MOD_EXP                          102
+#define RSAREF_F_RSAREF_PRIVATE_DECRYPT                  103
+#define RSAREF_F_RSAREF_PRIVATE_ENCRYPT                  104
+#define RSAREF_F_RSAREF_PUBLIC_DECRYPT                   105
+#define RSAREF_F_RSAREF_PUBLIC_ENCRYPT                   106
+#define RSAREF_F_RSA_BN2BIN                              107
+#define RSAREF_F_RSA_PRIVATE_DECRYPT                     108
+#define RSAREF_F_RSA_PRIVATE_ENCRYPT                     109
+#define RSAREF_F_RSA_PUBLIC_DECRYPT                      110
+#define RSAREF_F_RSA_PUBLIC_ENCRYPT                      111
+
+/* Reason codes. */
+#define RSAREF_R_CONTENT_ENCODING                        100
+#define RSAREF_R_DATA                                    101
+#define RSAREF_R_DIGEST_ALGORITHM                        102
+#define RSAREF_R_ENCODING                                103
+#define RSAREF_R_ENCRYPTION_ALGORITHM                    104
+#define RSAREF_R_KEY                                     105
+#define RSAREF_R_KEY_ENCODING                            106
+#define RSAREF_R_LEN                                     107
+#define RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED                114
+#define RSAREF_R_MODULUS_LEN                             108
+#define RSAREF_R_NEED_RANDOM                             109
+#define RSAREF_R_PRIVATE_KEY                             110
+#define RSAREF_R_PUBLIC_KEY                              111
+#define RSAREF_R_SIGNATURE                               112
+#define RSAREF_R_SIGNATURE_ENCODING                      113
+#define RSAREF_R_UNKNOWN_FAULT                           115
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/util/pod2mantest b/src/lib/libssl/src/util/pod2mantest
new file mode 100644
index 0000000000..79aefafac0
--- /dev/null
+++ b/src/lib/libssl/src/util/pod2mantest
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# This script is used by test/Makefile.ssl to check whether a sane 'pod2man'
+# is installed.
+# ('make install' should not try to run 'pod2man' if it does not exist or if
+# it is a broken 'pod2man' version that is known to cause trouble. if we find
+# the system 'pod2man' to be broken, we use our own copy instead)
+#
+# In any case, output an appropriate command line for running (or not
+# running) pod2man.
+
+
+IFS=:
+try_without_dir=true
+# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
+for dir in dummy:$PATH; do
+    if [ "$try_without_dir" = true ]; then
+      # first iteration
+      pod2man=pod2man
+      try_without_dir=false
+    else
+      # second and later iterations
+      pod2man="$dir/pod2man"
+      if [ ! -f "$pod2man" ]; then  # '-x' is not available on Ultrix
+        pod2man=''
+      fi
+    fi
+
+    if [ ! "$pod2man" = '' ]; then
+        failure=none
+
+
+        if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then
+            failure=MultilineTest
+        fi
+
+
+        if [ "$failure" = none ]; then
+            echo "$pod2man"
+            exit 0
+        fi
+
+        echo "$pod2man does not work properly ('$failure' failed).  Looking for another pod2man ..." >&2
+    fi
+done
+
+echo "No working pod2man found.  Consider installing a new version." >&2
+if [ "$1" = ignore ]; then
+  echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+  echo "util/pod2man.pl"
+  exit 0
+fi
+exit 1
diff --git a/src/lib/libssl/src/util/pod2mantest.pod b/src/lib/libssl/src/util/pod2mantest.pod
new file mode 100644
index 0000000000..5d2539a17f
--- /dev/null
+++ b/src/lib/libssl/src/util/pod2mantest.pod
@@ -0,0 +1,15 @@
+=pod
+
+=head1 NAME
+
+foo, bar,
+MARKER - test of multiline name section
+
+=head1 DESCRIPTION
+
+This is a test .pod file to see if we have a buggy pod2man or not.
+If we have a buggy implementation, we will get a line matching the
+regular expression "^ +MARKER - test of multiline name section *$"
+at the end of the resulting document.
+
+=cut