Import of old SSLeay release: SSLeay 0.9.0b

16 files changed, 587 insertions, 90 deletions

diff --git a/crypto/pkcs7/Makefile.ssl b/crypto/pkcs7/Makefile.ssl
index 64a005a..a88359b 100644
--- a/crypto/pkcs7/Makefile.ssl
+++ b/crypto/pkcs7/Makefile.ssl
@@ -81,6 +81,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/pkcs7/enc.c b/crypto/pkcs7/enc.c
new file mode 100644
index 0000000..625a7c2
--- /dev/null
+++ b/crypto/pkcs7/enc.c
@@ -0,0 +1,144 @@
+/* crypto/pkcs7/enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bio.h"
+#include "x509.h"
+#include "pem.h"
+
+main(argc,argv)
+int argc;
+char *argv[];
+	{
+	X509 *x509;
+	EVP_PKEY *pkey;
+	PKCS7 *p7;
+	PKCS7 *p7_data;
+	PKCS7_SIGNER_INFO *si;
+	BIO *in;
+	BIO *data,*p7bio;
+	char buf[1024*4];
+	int i,j;
+	int nodetach=0;
+
+	EVP_add_digest(EVP_sha1());
+	EVP_add_cipher(EVP_des_cbc());
+
+	data=BIO_new(BIO_s_file());
+again:
+	if (argc > 1)
+		{
+		if (strcmp(argv[1],"-nd") == 0)
+			{
+			nodetach=1;
+			argv++; argc--;
+			goto again;
+			}
+		if (!BIO_read_filename(data,argv[1]))
+			goto err;
+		}
+	else
+		BIO_set_fp(data,stdin,BIO_NOCLOSE);
+
+	if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
+	if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+	BIO_reset(in);
+	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+	BIO_free(in);
+
+	p7=PKCS7_new();
+	PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);
+	 
+	if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
+
+	if (!PKCS7_set_cipher(p7,EVP_des_cbc())) goto err;
+	if (PKCS7_add_recipient(p7,x509) == NULL) goto err;
+
+	/* we may want to add more */
+	PKCS7_add_certificate(p7,x509);
+
+
+	/* Set the content of the signed to 'data' */
+	/* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */
+
+	/* could be used, but not in this version :-)
+	if (!nodetach) PKCS7_set_detached(p7,1);
+	*/
+
+	if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
+
+	for (;;)
+		{
+		i=BIO_read(data,buf,sizeof(buf));
+		if (i <= 0) break;
+		BIO_write(p7bio,buf,i);
+		}
+	BIO_flush(p7bio);
+
+	if (!PKCS7_dataSign(p7,p7bio)) goto err;
+	BIO_free(p7bio);
+
+	PEM_write_PKCS7(stdout,p7);
+	PKCS7_free(p7);
+
+	exit(0);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors_fp(stderr);
+	exit(1);
+	}
+
diff --git a/crypto/pkcs7/p7/a1 b/crypto/pkcs7/p7/a1
new file mode 100644
index 0000000..56ca943
--- /dev/null
+++ b/crypto/pkcs7/p7/a1
@@ -0,0 +1,2 @@
+j,H>_��_�D�zE�L�	VJ��觬���E3��Y�x%_�k
+3�)DLSc�8%�M
\ No newline at end of file
diff --git a/crypto/pkcs7/p7/a2 b/crypto/pkcs7/p7/a2
new file mode 100644
index 0000000..23d8fb5
--- /dev/null
+++ b/crypto/pkcs7/p7/a2
@@ -0,0 +1 @@
+k~@a�,N�M͹�	
<O( KP�騠�K�>��U�o_�
Bqrm�?٠t?t��ρ�Id2��
\ No newline at end of file
diff --git a/crypto/pkcs7/p7/cert.p7c b/crypto/pkcs7/p7/cert.p7c
new file mode 100644
index 0000000..2b75ec0
--- /dev/null
+++ b/crypto/pkcs7/p7/cert.p7c
diff --git a/crypto/pkcs7/p7/smime.p7m b/crypto/pkcs7/p7/smime.p7m
new file mode 100644
index 0000000..2b6e6f8
--- /dev/null
+++ b/crypto/pkcs7/p7/smime.p7m
diff --git a/crypto/pkcs7/p7/smime.p7s b/crypto/pkcs7/p7/smime.p7s
new file mode 100644
index 0000000..2b5d4fb
--- /dev/null
+++ b/crypto/pkcs7/p7/smime.p7s
diff --git a/crypto/pkcs7/pk7_dgst.c b/crypto/pkcs7/pk7_dgst.c
index fa562a4..7769abe 100644
--- a/crypto/pkcs7/pk7_dgst.c
+++ b/crypto/pkcs7/pk7_dgst.c
@@ -1,5 +1,5 @@
 /* crypto/pkcs7/pk7_dgst.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 32a2a45..b5689b3 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -1,5 +1,5 @@
 /* crypto/pkcs7/pk7_doit.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -58,6 +58,7 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
+#include "rand.h"
 #include "objects.h"
 #include "x509.h"
 
@@ -69,6 +70,11 @@ BIO *bio;
 	BIO *out=NULL,*btmp;
 	X509_ALGOR *xa;
 	EVP_MD *evp_md;
+	EVP_CIPHER *evp_cipher=NULL;
+	STACK *md_sk=NULL,*rsk=NULL;
+	X509_ALGOR *xalg=NULL;
+	PKCS7_RECIP_INFO *ri=NULL;
+	EVP_PKEY *pkey;
 
 	i=OBJ_obj2nid(p7->type);
 	p7->state=PKCS7_S_HEADER;
@@ -76,9 +82,29 @@ BIO *bio;
 	switch (i)
 		{
 	case NID_pkcs7_signed:
-		for (i=0; i<sk_num(p7->d.sign->md_algs); i++)
+		md_sk=p7->d.sign->md_algs;
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		rsk=p7->d.signed_and_enveloped->recipientinfo;
+		md_sk=p7->d.signed_and_enveloped->md_algs;
+		evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(p7->d.signed_and_enveloped->enc_data->algorithm->algorithm)));
+		if (evp_cipher == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+			goto err;
+			}
+		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+	        goto err;
+		}
+
+	if (md_sk != NULL)
+		{
+		for (i=0; i<sk_num(md_sk); i++)
 			{
-			xa=(X509_ALGOR *)sk_value(p7->d.sign->md_algs,i);
+			xa=(X509_ALGOR *)sk_value(md_sk,i);
 			if ((btmp=BIO_new(BIO_f_md())) == NULL) goto err;
 
 			j=OBJ_obj2nid(xa->algorithm);
@@ -95,12 +121,61 @@ BIO *bio;
 			else
 				BIO_push(out,btmp);
 			}
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-	        goto err;
 		}
-	if (bio == NULL)
+
+	if (evp_cipher != NULL)
+		{
+		unsigned char key[EVP_MAX_KEY_LENGTH];
+		unsigned char iv[EVP_MAX_IV_LENGTH];
+		int keylen,ivlen;
+		int jj,max;
+		unsigned char *tmp;
+
+		if ((btmp=BIO_new(BIO_f_cipher())) == NULL) goto err;
+		keylen=EVP_CIPHER_key_length(evp_cipher);
+		ivlen=EVP_CIPHER_iv_length(evp_cipher);
+
+		if (ivlen > 0)
+			{
+			ASN1_OCTET_STRING *os;
+
+			RAND_bytes(iv,ivlen);
+			os=ASN1_OCTET_STRING_new();
+			ASN1_OCTET_STRING_set(os,iv,ivlen);
+		/*	ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING,
+				(char *)os);
+		*/	}
+		RAND_bytes(key,keylen);
+
+		/* Lets do the pub key stuff :-) */
+		max=0;
+		for (i=0; i<sk_num(rsk); i++)
+			{
+			ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
+			if (ri->cert == NULL) abort();
+			pkey=X509_get_pubkey(ri->cert);
+			jj=EVP_PKEY_size(pkey);
+			if (max < jj) max=jj;
+			}
+		if ((tmp=(unsigned char *)Malloc(max)) == NULL) abort();
+		for (i=0; i<sk_num(rsk); i++)
+			{
+			ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
+			pkey=X509_get_pubkey(ri->cert);
+			jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
+			if (jj <= 0) abort();
+			ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+			}
+
+		BIO_set_cipher(btmp,evp_cipher,key,iv,1);
+
+		if (out == NULL)
+			out=btmp;
+		else
+			BIO_push(out,btmp);
+		}
+
+	if (bio == NULL) /* ??????????? */
 		{
 		if (p7->detached)
 			bio=BIO_new(BIO_s_null());
@@ -114,7 +189,8 @@ BIO *bio;
 
 				os=p7->d.sign->contents->d.data;
 				if (os->length > 0)
-					BIO_write(bio,os->data,os->length);
+					BIO_write(bio,(char *)os->data,
+						os->length);
 				}
 			}
 		}
@@ -135,22 +211,35 @@ BIO *bio;
 	BUF_MEM *buf=NULL;
 	PKCS7_SIGNER_INFO *si;
 	EVP_MD_CTX *mdc,ctx_tmp;
-	STACK *sk;
+	STACK *sk,*si_sk=NULL;
 	unsigned char *p,*pp=NULL;
 	int x;
+	ASN1_OCTET_STRING *os=NULL;
 
 	i=OBJ_obj2nid(p7->type);
 	p7->state=PKCS7_S_HEADER;
 
 	switch (i)
 		{
+	case NID_pkcs7_signedAndEnveloped:
+		/* XXXXXXXXXXXXXXXX */
+		si_sk=p7->d.signed_and_enveloped->signer_info;
+		os=ASN1_OCTET_STRING_new();
+		p7->d.signed_and_enveloped->enc_data->enc_data=os;
+		break;
 	case NID_pkcs7_signed:
+		si_sk=p7->d.sign->signer_info;
+		os=p7->d.sign->contents->d.data;
+		break;
+		}
 
+	if (si_sk != NULL)
+		{
 		if ((buf=BUF_MEM_new()) == NULL) goto err;
-		for (i=0; i<sk_num(p7->d.sign->signer_info); i++)
+		for (i=0; i<sk_num(si_sk); i++)
 			{
 			si=(PKCS7_SIGNER_INFO *)
-				sk_value(p7->d.sign->signer_info,i);
+				sk_value(si_sk,i);
 			if (si->pkey == NULL)
 				continue;
 			j=OBJ_obj2nid(si->digest_enc_alg->algorithm);
@@ -161,13 +250,13 @@ BIO *bio;
 				if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) 
 					== NULL)
 					{
-					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+					PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
 					goto err;
 					}
 				BIO_get_md_ctx(btmp,&mdc);
 				if (mdc == NULL)
 					{
-					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_INTERNAL_ERROR);
+					PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR);
 					goto err;
 					}
 				if (EVP_MD_pkey_type(EVP_MD_CTX_type(mdc)) == j)
@@ -195,40 +284,31 @@ BIO *bio;
 				Free(pp);
 				}
 
-			if (!EVP_SignFinal(&ctx_tmp,buf->data,
+			if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
 				(unsigned int *)&buf->length,si->pkey))
 				goto err;
 			if (!ASN1_STRING_set(si->enc_digest,
 				(unsigned char *)buf->data,buf->length))
 				goto err;
-
 			}
 		if (p7->detached)
-			PKCS7_content_free(p7->d.sign->contents);
+			ASN1_OCTET_STRING_set(os,(unsigned char *)"",0);
 		else
 			{
 			btmp=BIO_find_type(bio,BIO_TYPE_MEM);
 			if (btmp == NULL)
 				{
-				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+				PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
 				goto err;
 				}
 			BIO_get_mem_ptr(btmp,&buf_mem);
-			ASN1_OCTET_STRING_set(p7->d.sign->contents->d.data,
+			ASN1_OCTET_STRING_set(os,
 				(unsigned char *)buf_mem->data,buf_mem->length);
 			}
 		if (pp != NULL) Free(pp);
 		pp=NULL;
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-	        goto err;
 		}
 
-	if (p7->detached)
-		{
-
-		}
 	ret=1;
 err:
 	if (buf != NULL) BUF_MEM_free(buf);
@@ -253,6 +333,7 @@ PKCS7_SIGNER_INFO *si;
 	X509 *x509;
 
 	if (!PKCS7_type_is_signed(p7)) abort();
+	/* XXXXXXXXXXXXXXXXXXXXXXX */
 	ias=si->issuer_and_serial;
 	s=p7->d.sign;
 
diff --git a/crypto/pkcs7/pk7_enc.c b/crypto/pkcs7/pk7_enc.c
index 96a6dd9..a5b6dc4 100644
--- a/crypto/pkcs7/pk7_enc.c
+++ b/crypto/pkcs7/pk7_enc.c
@@ -1,5 +1,5 @@
 /* crypto/pkcs7/pk7_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index aac133e..7d14ad1 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -1,5 +1,5 @@
 /* crypto/pkcs7/pk7_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -169,9 +169,15 @@ int type;
 		if ((p7->d.data=ASN1_OCTET_STRING_new()) == NULL)
 			goto err;
 		break;
+	case NID_pkcs7_signedAndEnveloped:
+		p7->type=obj;
+		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
+			== NULL)
+			goto err;
+		ASN1_INTEGER_set(p7->d.sign->version,1);
+		break;
 	case NID_pkcs7_digest:
 	case NID_pkcs7_enveloped:
-	case NID_pkcs7_signedAndEnveloped:
 	case NID_pkcs7_encrypted:
 	default:
 		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
@@ -188,24 +194,32 @@ PKCS7_SIGNER_INFO *psi;
 	{
 	int i,j,nid;
 	X509_ALGOR *alg;
-	PKCS7_SIGNED *p7s;
+	STACK *signer_sk;
+	STACK *md_sk;
 
 	i=OBJ_obj2nid(p7->type);
-	if (i != NID_pkcs7_signed)
+	switch (i)
 		{
+	case NID_pkcs7_signed:
+		signer_sk=	p7->d.sign->signer_info;
+		md_sk=		p7->d.sign->md_algs;
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		signer_sk=	p7->d.signed_and_enveloped->signer_info;
+		md_sk=		p7->d.signed_and_enveloped->md_algs;
+		break;
+	default:
 		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
 		return(0);
 		}
 
-	p7s=p7->d.sign;
-
 	nid=OBJ_obj2nid(psi->digest_alg->algorithm);
 
 	/* If the digest is not currently listed, add it */
 	j=0;
-	for (i=0; i<sk_num(p7s->md_algs); i++)
+	for (i=0; i<sk_num(md_sk); i++)
 		{
-		alg=(X509_ALGOR *)sk_value(p7s->md_algs,i);
+		alg=(X509_ALGOR *)sk_value(md_sk,i);
 		if (OBJ_obj2nid(alg->algorithm) == nid)
 			{
 			j=1;
@@ -216,10 +230,10 @@ PKCS7_SIGNER_INFO *psi;
 		{
 		alg=X509_ALGOR_new();
 		alg->algorithm=OBJ_nid2obj(nid);
-		sk_push(p7s->md_algs,(char *)alg);
+		sk_push(md_sk,(char *)alg);
 		}
 
-	sk_push(p7s->signer_info,(char *)psi);
+	sk_push(signer_sk,(char *)psi);
 	return(1);
 	}
 
@@ -228,18 +242,26 @@ PKCS7 *p7;
 X509 *x509;
 	{
 	int i;
+	STACK **sk;
 
 	i=OBJ_obj2nid(p7->type);
-	if (i != NID_pkcs7_signed)
+	switch (i)
 		{
-		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
+	case NID_pkcs7_signed:
+		sk= &(p7->d.sign->cert);
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		sk= &(p7->d.signed_and_enveloped->cert);
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
 		return(0);
 		}
 
-	if (p7->d.sign->cert == NULL)
-		p7->d.sign->cert=sk_new_null();
+	if (*sk == NULL)
+		*sk=sk_new_null();
 	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-	sk_push(p7->d.sign->cert,(char *)x509);
+	sk_push(*sk,(char *)x509);
 	return(1);
 	}
 
@@ -248,18 +270,27 @@ PKCS7 *p7;
 X509_CRL *crl;
 	{
 	int i;
+	STACK **sk;
+
 	i=OBJ_obj2nid(p7->type);
-	if (i != NID_pkcs7_signed)
+	switch (i)
 		{
-		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
+	case NID_pkcs7_signed:
+		sk= &(p7->d.sign->crl);
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		sk= &(p7->d.signed_and_enveloped->crl);
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
 		return(0);
 		}
 
-	if (p7->d.sign->crl == NULL)
-		p7->d.sign->crl=sk_new_null();
+	if (*sk == NULL)
+		*sk=sk_new_null();
 
 	CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
-	sk_push(p7->d.sign->crl,(char *)crl);
+	sk_push(*sk,(char *)crl);
 	return(1);
 	}
 
@@ -296,7 +327,6 @@ EVP_MD *dgst;
 	p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
 #endif
 
-
 	return(1);
 err:
 	return(0);
@@ -329,6 +359,60 @@ PKCS7 *p7;
 		return(NULL);
 	}
 
+PKCS7_RECIP_INFO *PKCS7_add_recipient(p7,x509)
+PKCS7 *p7;
+X509 *x509;
+	{
+	PKCS7_RECIP_INFO *ri;
+
+	if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
+	if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
+	if (!PKCS7_add_recipient_info(p7,ri)) goto err;
+	return(ri);
+err:
+	return(NULL);
+	}
+
+int PKCS7_add_recipient_info(p7,ri)
+PKCS7 *p7;
+PKCS7_RECIP_INFO *ri;
+	{
+	int i;
+	STACK *sk;
+
+	i=OBJ_obj2nid(p7->type);
+	switch (i)
+		{
+	case NID_pkcs7_signedAndEnveloped:
+		sk=	p7->d.signed_and_enveloped->recipientinfo;
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
+		return(0);
+		}
+
+	sk_push(sk,(char *)ri);
+	return(1);
+	}
+
+int PKCS7_RECIP_INFO_set(p7i,x509)
+PKCS7_RECIP_INFO *p7i;
+X509 *x509;
+	{
+	ASN1_INTEGER_set(p7i->version,0);
+	X509_NAME_set(&p7i->issuer_and_serial->issuer,
+		X509_get_issuer_name(x509));
+
+	ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+	p7i->issuer_and_serial->serial=
+		ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+
+	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+	p7i->cert=x509;
+
+	return(1);
+	}
+
 X509 *PKCS7_cert_from_signer_info(p7,si)
 PKCS7 *p7;
 PKCS7_SIGNER_INFO *si;
@@ -341,3 +425,25 @@ PKCS7_SIGNER_INFO *si;
 		return(NULL);
 	}
 
+int PKCS7_set_cipher(p7,cipher)
+PKCS7 *p7;
+EVP_CIPHER *cipher;
+	{
+	int i;
+	PKCS7_ENC_CONTENT *ec;
+
+	i=OBJ_obj2nid(p7->type);
+	switch (i)
+		{
+	case NID_pkcs7_signedAndEnveloped:
+		ec=p7->d.signed_and_enveloped->enc_data;
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
+		return(0);
+		}
+
+	ec->algorithm->algorithm=OBJ_nid2obj(EVP_CIPHER_nid(cipher));
+	return(ec->algorithm->algorithm != NULL);
+	}
+
diff --git a/crypto/pkcs7/pkcs7.err b/crypto/pkcs7/pkcs7.err
index 500f9b3..91413aa 100644
--- a/crypto/pkcs7/pkcs7.err
+++ b/crypto/pkcs7/pkcs7.err
@@ -1,13 +1,17 @@
 /* Error codes for the PKCS7 functions. */
 
 /* Function codes. */
-#define PKCS7_F_PKCS7_ADD_SIGNER			 100
-#define PKCS7_F_PKCS7_CTRL				 101
-#define PKCS7_F_PKCS7_DATAFINAL				 102
-#define PKCS7_F_PKCS7_DATAINIT				 103
-#define PKCS7_F_PKCS7_DATAVERIFY			 104
-#define PKCS7_F_PKCS7_SET_CONTENT			 105
-#define PKCS7_F_PKCS7_SET_TYPE				 106
+#define PKCS7_F_PKCS7_ADD_CERTIFICATE			 100
+#define PKCS7_F_PKCS7_ADD_CRL				 101
+#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO		 102
+#define PKCS7_F_PKCS7_ADD_SIGNER			 103
+#define PKCS7_F_PKCS7_CTRL				 104
+#define PKCS7_F_PKCS7_DATAINIT				 105
+#define PKCS7_F_PKCS7_DATASIGN				 106
+#define PKCS7_F_PKCS7_DATAVERIFY			 107
+#define PKCS7_F_PKCS7_SET_CIPHER			 108
+#define PKCS7_F_PKCS7_SET_CONTENT			 109
+#define PKCS7_F_PKCS7_SET_TYPE				 110
 
 /* Reason codes. */
 #define PKCS7_R_INTERNAL_ERROR				 100
@@ -17,5 +21,6 @@
 #define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 104
 #define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 105
 #define PKCS7_R_UNKNOWN_DIGEST_TYPE			 106
-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 107
-#define PKCS7_R_WRONG_CONTENT_TYPE			 108
+#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE			 107
+#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 108
+#define PKCS7_R_WRONG_CONTENT_TYPE			 109
diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h
index 061f1f07..ee12f67 100644
--- a/crypto/pkcs7/pkcs7.h
+++ b/crypto/pkcs7/pkcs7.h
@@ -1,5 +1,5 @@
 /* crypto/pkcs7/pkcs7.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -99,16 +99,18 @@ typedef struct pkcs7_recip_info_st
 	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;
 	X509_ALGOR			*key_enc_algor;
 	ASN1_OCTET_STRING		*enc_key;
+	X509				*cert; /* get the pub-key from this */
 	} PKCS7_RECIP_INFO;
 
 typedef struct pkcs7_signed_st
 	{
 	ASN1_INTEGER			*version;	/* version 1 */
 	STACK /* X509_ALGOR's */	*md_algs;	/* md used */
-	struct pkcs7_st			*contents;
 	STACK /* X509 */		*cert;		/* [ 0 ] */
 	STACK /* X509_CRL */		*crl;		/* [ 1 ] */
 	STACK /* PKCS7_SIGNER_INFO */	*signer_info;
+
+	struct pkcs7_st			*contents;
 	} PKCS7_SIGNED;
 /* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.
  * How about merging the two */
@@ -130,12 +132,13 @@ typedef struct pkcs7_enveloped_st
 typedef struct pkcs7_signedandenveloped_st
 	{
 	ASN1_INTEGER			*version;	/* version 1 */
-	STACK /* PKCS7_RECIP_INFO */	*recipientinfo;
 	STACK /* X509_ALGOR's */	*md_algs;	/* md used */
-	PKCS7_ENC_CONTENT		*enc_data;
 	STACK /* X509 */		*cert;		/* [ 0 ] */
 	STACK /* X509_CRL */		*crl;		/* [ 1 ] */
 	STACK /* PKCS7_SIGNER_INFO */	*signer_info;
+
+	PKCS7_ENC_CONTENT		*enc_data;
+	STACK /* PKCS7_RECIP_INFO */	*recipientinfo;
 	} PKCS7_SIGN_ENVELOPE;
 
 typedef struct pkcs7_digest_st
@@ -204,6 +207,14 @@ typedef struct pkcs7_st
 #define PKCS7_get_detached(p) \
 		PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
 
+#ifdef SSLEAY_MACROS
+
+#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
+        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
+	                (char *)data,md,len)
+#endif
+
+
 #ifndef NOPROTO
 PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void );
 void			PKCS7_ISSUER_AND_SERIAL_free(
@@ -214,8 +225,17 @@ PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(
 				PKCS7_ISSUER_AND_SERIAL **a,
 				unsigned char **pp, long length);
 
+#ifndef SSLEAY_MACROS
 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,EVP_MD *type,
 	unsigned char *md,unsigned int *len);
+#ifndef NO_FP_API
+PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 *p7);
+int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
+#endif
+PKCS7 *PKCS7_dup(PKCS7 *p7);
+PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 *p7);
+int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
+#endif
 
 PKCS7_SIGNER_INFO	*PKCS7_SIGNER_INFO_new(void);
 void			PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a);
@@ -283,13 +303,6 @@ PKCS7			*d2i_PKCS7(PKCS7 **a,
 
 void ERR_load_PKCS7_strings(void);
 
-#ifndef WIN16
-PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 *p7);
-int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
-#endif
-PKCS7 *PKCS7_dup(PKCS7 *p7);
-PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 *p7);
-int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
 
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
 
@@ -313,6 +326,13 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 STACK *PKCS7_get_signer_info(PKCS7 *p7);
 
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
+int PKCS7_set_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
+
+
+
 #else
 
 PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new();
@@ -320,7 +340,17 @@ void			PKCS7_ISSUER_AND_SERIAL_free();
 int 			i2d_PKCS7_ISSUER_AND_SERIAL();
 PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL();
 
+#ifndef SSLEAY_MACROS
 int			PKCS7_ISSUER_AND_SERIAL_digest();
+#ifndef NO_FP_API
+PKCS7 *d2i_PKCS7_fp();
+int i2d_PKCS7_fp();
+#endif
+PKCS7 *PKCS7_dup();
+PKCS7 *d2i_PKCS7_bio();
+int i2d_PKCS7_bio();
+
+#endif
 
 PKCS7_SIGNER_INFO	*PKCS7_SIGNER_INFO_new();
 void			PKCS7_SIGNER_INFO_free();
@@ -362,13 +392,6 @@ PKCS7			*d2i_PKCS7();
 
 void ERR_load_PKCS7_strings();
 
-#ifndef WIN16
-PKCS7 *d2i_PKCS7_fp();
-int i2d_PKCS7_fp();
-#endif
-PKCS7 *PKCS7_dup();
-PKCS7 *d2i_PKCS7_bio();
-int i2d_PKCS7_bio();
 long PKCS7_ctrl();
 int PKCS7_set_type();
 int PKCS7_set_content();
@@ -384,19 +407,28 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature();
 X509 *PKCS7_cert_from_signer_info();
 STACK *PKCS7_get_signer_info();
 
+PKCS7_RECIP_INFO *PKCS7_add_recipient();
+int PKCS7_add_recipient_info();
+int PKCS7_RECIP_INFO_set();
+int PKCS7_set_cipher();
+
 #endif
 
 /* BEGIN ERROR CODES */
 /* Error codes for the PKCS7 functions. */
 
 /* Function codes. */
-#define PKCS7_F_PKCS7_ADD_SIGNER			 100
-#define PKCS7_F_PKCS7_CTRL				 101
-#define PKCS7_F_PKCS7_DATAFINAL				 102
-#define PKCS7_F_PKCS7_DATAINIT				 103
-#define PKCS7_F_PKCS7_DATAVERIFY			 104
-#define PKCS7_F_PKCS7_SET_CONTENT			 105
-#define PKCS7_F_PKCS7_SET_TYPE				 106
+#define PKCS7_F_PKCS7_ADD_CERTIFICATE			 100
+#define PKCS7_F_PKCS7_ADD_CRL				 101
+#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO		 102
+#define PKCS7_F_PKCS7_ADD_SIGNER			 103
+#define PKCS7_F_PKCS7_CTRL				 104
+#define PKCS7_F_PKCS7_DATAINIT				 105
+#define PKCS7_F_PKCS7_DATASIGN				 106
+#define PKCS7_F_PKCS7_DATAVERIFY			 107
+#define PKCS7_F_PKCS7_SET_CIPHER			 108
+#define PKCS7_F_PKCS7_SET_CONTENT			 109
+#define PKCS7_F_PKCS7_SET_TYPE				 110
 
 /* Reason codes. */
 #define PKCS7_R_INTERNAL_ERROR				 100
@@ -406,8 +438,9 @@ STACK *PKCS7_get_signer_info();
 #define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 104
 #define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 105
 #define PKCS7_R_UNKNOWN_DIGEST_TYPE			 106
-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 107
-#define PKCS7_R_WRONG_CONTENT_TYPE			 108
+#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE			 107
+#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 108
+#define PKCS7_R_WRONG_CONTENT_TYPE			 109
  
 #ifdef  __cplusplus
 }
diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c
index 851691d..f851057 100644
--- a/crypto/pkcs7/pkcs7err.c
+++ b/crypto/pkcs7/pkcs7err.c
@@ -60,13 +60,18 @@
 #include "pkcs7.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA PKCS7_str_functs[]=
 	{
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0),	"PKCS7_add_certificate"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0),	"PKCS7_add_crl"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0),	"PKCS7_add_recipient_info"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0),	"PKCS7_add_signer"},
 {ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0),	"PKCS7_ctrl"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DATAFINAL,0),	"PKCS7_DATAFINAL"},
 {ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0),	"PKCS7_dataInit"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0),	"PKCS7_dataSign"},
 {ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0),	"PKCS7_dataVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0),	"PKCS7_set_cipher"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0),	"PKCS7_set_content"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0),	"PKCS7_set_type"},
 {0,NULL},
@@ -81,19 +86,25 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {PKCS7_R_UNABLE_TO_FIND_MEM_BIO          ,"unable to find mem bio"},
 {PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST   ,"unable to find message digest"},
 {PKCS7_R_UNKNOWN_DIGEST_TYPE             ,"unknown digest type"},
+{PKCS7_R_UNSUPPORTED_CIPHER_TYPE         ,"unsupported cipher type"},
 {PKCS7_R_UNSUPPORTED_CONTENT_TYPE        ,"unsupported content type"},
 {PKCS7_R_WRONG_CONTENT_TYPE              ,"wrong content type"},
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_PKCS7_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs);
 		ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/pkcs7/sign.c b/crypto/pkcs7/sign.c
index 9400fe3..ead1cb6 100644
--- a/crypto/pkcs7/sign.c
+++ b/crypto/pkcs7/sign.c
@@ -1,3 +1,60 @@
+/* crypto/pkcs7/sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
 #include <stdio.h>
 #include "bio.h"
 #include "x509.h"
diff --git a/crypto/pkcs7/verify.c b/crypto/pkcs7/verify.c
index bce20ee..0e1c1b2 100644
--- a/crypto/pkcs7/verify.c
+++ b/crypto/pkcs7/verify.c
@@ -1,3 +1,60 @@
+/* crypto/pkcs7/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
 #include <stdio.h>
 #include "asn1.h"
 #include "bio.h"