Import of old SSLeay release: SSLeay 0.9.0b

12 files changed, 1266 insertions, 65 deletions

diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl
index 5e04ec4..d52f2e6 100644
--- a/crypto/rsa/Makefile.ssl
+++ b/crypto/rsa/Makefile.ssl
@@ -22,8 +22,10 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c
-LIBOBJ= rsa_enc.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o
+LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c \
+	rsa_pk1.c rsa_ssl.c rsa_none.c
+LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o \
+	rsa_pk1.o rsa_ssl.o rsa_none.o
 
 SRC= $(LIBSRC)
 
@@ -79,6 +81,6 @@ clean:
 
 errors:
 	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/rsa/rsa.err b/crypto/rsa/rsa.err
index 29f1496..5ded1b5 100644
--- a/crypto/rsa/rsa.err
+++ b/crypto/rsa/rsa.err
@@ -7,12 +7,20 @@
 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 103
 #define RSA_F_RSA_GENERATE_KEY				 104
 #define RSA_F_RSA_NEW_METHOD				 105
-#define RSA_F_RSA_PRINT					 106
-#define RSA_F_RSA_PRINT_FP				 107
-#define RSA_F_RSA_SIGN					 108
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 109
-#define RSA_F_RSA_VERIFY				 110
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 111
+#define RSA_F_RSA_PADDING_ADD_NONE			 106
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 107
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 108
+#define RSA_F_RSA_PADDING_ADD_SSLV23			 109
+#define RSA_F_RSA_PADDING_CHECK_NONE			 110
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 111
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 112
+#define RSA_F_RSA_PADDING_CHECK_SSLV23			 113
+#define RSA_F_RSA_PRINT					 114
+#define RSA_F_RSA_PRINT_FP				 115
+#define RSA_F_RSA_SIGN					 116
+#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 117
+#define RSA_F_RSA_VERIFY				 118
+#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 119
 
 /* Reason codes. */
 #define RSA_R_ALGORITHM_MISMATCH			 100
@@ -20,14 +28,18 @@
 #define RSA_R_BAD_FIXED_HEADER_DECRYPT			 102
 #define RSA_R_BAD_PAD_BYTE_COUNT			 103
 #define RSA_R_BAD_SIGNATURE				 104
-#define RSA_R_BLOCK_TYPE_IS_NOT_01			 105
-#define RSA_R_BLOCK_TYPE_IS_NOT_02			 106
-#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 107
-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 108
-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 109
-#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 110
-#define RSA_R_SSLV3_ROLLBACK_ATTACK			 111
-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 112
-#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 113
-#define RSA_R_UNKNOWN_PADDING_TYPE			 114
-#define RSA_R_WRONG_SIGNATURE_LENGTH			 115
+#define RSA_R_BAD_ZERO_BYTE				 105
+#define RSA_R_BLOCK_TYPE_IS_NOT_01			 106
+#define RSA_R_BLOCK_TYPE_IS_NOT_02			 107
+#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108
+#define RSA_R_DATA_TOO_LARGE				 109
+#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
+#define RSA_R_DATA_TOO_SMALL				 111
+#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
+#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
+#define RSA_R_PADDING_CHECK_FAILED			 114
+#define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
+#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
+#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
+#define RSA_R_UNKNOWN_PADDING_TYPE			 118
+#define RSA_R_WRONG_SIGNATURE_LENGTH			 119
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index 821e928..aeb78ff 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -1,5 +1,5 @@
 /* crypto/rsa/rsa.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -64,6 +64,7 @@ extern "C" {
 #endif
 
 #include "bn.h"
+#include "crypto.h"
 
 typedef struct rsa_meth_st
 	{
@@ -72,10 +73,13 @@ typedef struct rsa_meth_st
 	int (*rsa_pub_dec)();
 	int (*rsa_priv_enc)();
 	int (*rsa_priv_dec)();
-	int (*rsa_mod_exp)();
-	int (*bn_mod_exp)();
+	int (*rsa_mod_exp)();		/* Can be null */
+	int (*bn_mod_exp)();		/* Can be null */
 	int (*init)(/* RSA * */);	/* called at new */
 	int (*finish)(/* RSA * */);	/* called at free */
+
+	int flags;			/* RSA_METHOD_FLAG_* things */
+	char *app_data;			/* may be needed! */
 	} RSA_METHOD;
 
 typedef struct rsa_st
@@ -94,22 +98,40 @@ typedef struct rsa_st
 	BIGNUM *dmq1;
 	BIGNUM *iqmp;
 	/* be carefull using this if the RSA structure is shared */
-	char *app_data;
+	CRYPTO_EX_DATA ex_data;
 	int references;
+	int flags;
+
+	/* Normally used to cached montgomery values */
+	char *method_mod_n;
+	char *method_mod_p;
+	char *method_mod_q;
+
+	BN_BLINDING *blinding;
 	} RSA;
 
 #define RSA_3	0x3L
 #define RSA_F4	0x10001L
 
-#define RSA_PKCS1_PADDING	11
-#define RSA_SSLV23_PADDING	12
+#define RSA_METHOD_FLAG_NO_CHECK	0x01 /* don't check pub/private match */
+#define RSA_FLAG_CACHE_PUBLIC		0x02
+#define RSA_FLAG_CACHE_PRIVATE		0x04
+#define RSA_FLAG_BLINDING		0x08
+#define RSA_FLAG_THREAD_SAFE		0x10
+
+#define RSA_PKCS1_PADDING	1
+#define RSA_SSLV23_PADDING	2
+#define RSA_NO_PADDING		3
+
+#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,(char *)arg)
+#define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
 
 #ifndef NOPROTO
 RSA *	RSA_new(void);
 RSA *	RSA_new_method(RSA_METHOD *method);
 int	RSA_size(RSA *);
 RSA *	RSA_generate_key(int bits, unsigned long e,void
-		(*callback)(int,int));
+		(*callback)(int,int,char *),char *cb_arg);
 	/* next 4 return -1 on error */
 int	RSA_public_encrypt(int flen, unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
@@ -121,10 +143,12 @@ int	RSA_private_decrypt(int flen, unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
 void	RSA_free (RSA *r);
 
+int	RSA_flags(RSA *r);
+
 void RSA_set_default_method(RSA_METHOD *meth);
 
 /* If you have RSAref compiled in. */
-/* RSA_METHOD *RSA_PKCS1_RSAref(void); */
+RSA_METHOD *RSA_PKCS1_RSAref(void);
 
 /* these are the actual SSLeay RSA functions */
 RSA_METHOD *RSA_PKCS1_SSLeay(void);
@@ -135,7 +159,7 @@ RSA *	d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
 int	i2d_RSAPublicKey(RSA *a, unsigned char **pp);
 RSA *	d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
 int 	i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
-#ifndef WIN16
+#ifndef NO_FP_API
 int	RSA_print_fp(FILE *fp, RSA *r,int offset);
 #endif
 
@@ -145,6 +169,9 @@ int	RSA_print(BIO *bp, RSA *r,int offset);
 
 int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
 RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+/* Naughty internal function required elsewhere, to handle a MS structure
+ * that is the same as the netscape one :-) */
+RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length, int (*cb)());
 
 /* The following 2 functions sign and verify a X509_SIG ASN1 object
  * inside PKCS#1 padded RSA encryption */
@@ -160,6 +187,31 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
 int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
 	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+void RSA_blinding_off(RSA *rsa);
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_add_none(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+int RSA_padding_check_none(unsigned char *to,int tlen,
+	unsigned char *f,int fl);
+
+int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	int (*dup_func)(), void (*free_func)());
+int RSA_set_ex_data(RSA *r,int idx,char *arg);
+char *RSA_get_ex_data(RSA *r, int idx);
+
 #else
 
 RSA *	RSA_new();
@@ -172,6 +224,8 @@ int	RSA_public_decrypt();
 int	RSA_private_decrypt();
 void	RSA_free ();
 
+int	RSA_flags();
+
 void RSA_set_default_method();
 
 /* RSA_METHOD *RSA_PKCS1_RSAref(); */
@@ -183,7 +237,7 @@ RSA *	d2i_RSAPublicKey();
 int	i2d_RSAPublicKey();
 RSA *	d2i_RSAPrivateKey();
 int 	i2d_RSAPrivateKey();
-#ifndef WIN16
+#ifndef NO_FP_API
 int	RSA_print_fp();
 #endif
 
@@ -191,13 +245,28 @@ int	RSA_print();
 
 int i2d_Netscape_RSA();
 RSA *d2i_Netscape_RSA();
+RSA *d2i_Netscape_RSA_2();
 
 int RSA_sign();
 int RSA_verify();
 
 int RSA_sign_ASN1_OCTET_STRING();
 int RSA_verify_ASN1_OCTET_STRING();
-
+int RSA_blinding_on();
+void RSA_blinding_off();
+
+int RSA_padding_add_PKCS1_type_1();
+int RSA_padding_check_PKCS1_type_1();
+int RSA_padding_add_PKCS1_type_2();
+int RSA_padding_check_PKCS1_type_2();
+int RSA_padding_add_SSLv23();
+int RSA_padding_check_SSLv23();
+int RSA_padding_add_none();
+int RSA_padding_check_none();
+
+int RSA_get_ex_new_index();
+int RSA_set_ex_data();
+char *RSA_get_ex_data();
 
 #endif
 
@@ -211,12 +280,20 @@ int RSA_verify_ASN1_OCTET_STRING();
 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 103
 #define RSA_F_RSA_GENERATE_KEY				 104
 #define RSA_F_RSA_NEW_METHOD				 105
-#define RSA_F_RSA_PRINT					 106
-#define RSA_F_RSA_PRINT_FP				 107
-#define RSA_F_RSA_SIGN					 108
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 109
-#define RSA_F_RSA_VERIFY				 110
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 111
+#define RSA_F_RSA_PADDING_ADD_NONE			 106
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 107
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 108
+#define RSA_F_RSA_PADDING_ADD_SSLV23			 109
+#define RSA_F_RSA_PADDING_CHECK_NONE			 110
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 111
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 112
+#define RSA_F_RSA_PADDING_CHECK_SSLV23			 113
+#define RSA_F_RSA_PRINT					 114
+#define RSA_F_RSA_PRINT_FP				 115
+#define RSA_F_RSA_SIGN					 116
+#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 117
+#define RSA_F_RSA_VERIFY				 118
+#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 119
 
 /* Reason codes. */
 #define RSA_R_ALGORITHM_MISMATCH			 100
@@ -224,17 +301,21 @@ int RSA_verify_ASN1_OCTET_STRING();
 #define RSA_R_BAD_FIXED_HEADER_DECRYPT			 102
 #define RSA_R_BAD_PAD_BYTE_COUNT			 103
 #define RSA_R_BAD_SIGNATURE				 104
-#define RSA_R_BLOCK_TYPE_IS_NOT_01			 105
-#define RSA_R_BLOCK_TYPE_IS_NOT_02			 106
-#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 107
-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 108
-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 109
-#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 110
-#define RSA_R_SSLV3_ROLLBACK_ATTACK			 111
-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 112
-#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 113
-#define RSA_R_UNKNOWN_PADDING_TYPE			 114
-#define RSA_R_WRONG_SIGNATURE_LENGTH			 115
+#define RSA_R_BAD_ZERO_BYTE				 105
+#define RSA_R_BLOCK_TYPE_IS_NOT_01			 106
+#define RSA_R_BLOCK_TYPE_IS_NOT_02			 107
+#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108
+#define RSA_R_DATA_TOO_LARGE				 109
+#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
+#define RSA_R_DATA_TOO_SMALL				 111
+#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
+#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
+#define RSA_R_PADDING_CHECK_FAILED			 114
+#define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
+#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
+#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
+#define RSA_R_UNKNOWN_PADDING_TYPE			 118
+#define RSA_R_WRONG_SIGNATURE_LENGTH			 119
  
 #ifdef  __cplusplus
 }
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
new file mode 100644
index 0000000..00f8ea9
--- /dev/null
+++ b/crypto/rsa/rsa_eay.c
@@ -0,0 +1,498 @@
+/* crypto/rsa/rsa_eay.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "rand.h"
+
+#ifndef NOPROTO
+static int RSA_eay_public_encrypt(int flen, unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_private_encrypt(int flen, unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_public_decrypt(int flen, unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_private_decrypt(int flen, unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
+static int RSA_eay_init(RSA *rsa);
+static int RSA_eay_finish(RSA *rsa);
+#else
+static int RSA_eay_public_encrypt();
+static int RSA_eay_private_encrypt();
+static int RSA_eay_public_decrypt();
+static int RSA_eay_private_decrypt();
+static int RSA_eay_mod_exp();
+static int RSA_eay_init();
+static int RSA_eay_finish();
+#endif
+
+static RSA_METHOD rsa_pkcs1_eay_meth={
+	"Eric Young's PKCS#1 RSA",
+	RSA_eay_public_encrypt,
+	RSA_eay_public_decrypt,
+	RSA_eay_private_encrypt,
+	RSA_eay_private_decrypt,
+	RSA_eay_mod_exp,
+	BN_mod_exp_mont,
+	RSA_eay_init,
+	RSA_eay_finish,
+	0,
+	NULL,
+	};
+
+RSA_METHOD *RSA_PKCS1_SSLeay()
+	{
+	return(&rsa_pkcs1_eay_meth);
+	}
+
+static int RSA_eay_public_encrypt(flen, from, to, rsa, padding)
+int flen;
+unsigned char *from;
+unsigned char *to;
+RSA *rsa;
+int padding;
+	{
+	BIGNUM *f=NULL,*ret=NULL;
+	int i,j,k,num=0,r= -1;
+	unsigned char *buf=NULL;
+	BN_CTX *ctx=NULL;
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	num=BN_num_bytes(rsa->n);
+	if ((buf=(unsigned char *)Malloc(num)) == NULL)
+		{
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	switch (padding)
+		{
+	case RSA_PKCS1_PADDING:
+		i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
+		break;
+	case RSA_SSLV23_PADDING:
+		i=RSA_padding_add_SSLv23(buf,num,from,flen);
+		break;
+	case RSA_NO_PADDING:
+		i=RSA_padding_add_none(buf,num,from,flen);
+		break;
+	default:
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+		}
+	if (i <= 0) goto err;
+
+	if (((f=BN_new()) == NULL) || ((ret=BN_new()) == NULL)) goto err;
+
+	if (BN_bin2bn(buf,num,f) == NULL) goto err;
+	
+	if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+		{
+		if ((rsa->method_mod_n=(char *)BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set((BN_MONT_CTX *)rsa->method_mod_n,
+				rsa->n,ctx)) goto err;
+		}
+
+	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
+		rsa->method_mod_n)) goto err;
+
+	/* put in leading 0 bytes if the number is less than the
+	 * length of the modulus */
+	j=BN_num_bytes(ret);
+	i=BN_bn2bin(ret,&(to[num-j]));
+	for (k=0; k<(num-i); k++)
+		to[k]=0;
+
+	r=num;
+err:
+	if (ctx != NULL) BN_CTX_free(ctx);
+	if (f != NULL) BN_free(f);
+	if (ret != NULL) BN_free(ret);
+	if (buf != NULL) 
+		{
+		memset(buf,0,num);
+		Free(buf);
+		}
+	return(r);
+	}
+
+static int RSA_eay_private_encrypt(flen, from, to, rsa, padding)
+int flen;
+unsigned char *from;
+unsigned char *to;
+RSA *rsa;
+int padding;
+	{
+	BIGNUM *f=NULL,*ret=NULL;
+	int i,j,k,num=0,r= -1;
+	unsigned char *buf=NULL;
+	BN_CTX *ctx=NULL;
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	num=BN_num_bytes(rsa->n);
+	if ((buf=(unsigned char *)Malloc(num)) == NULL)
+		{
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	switch (padding)
+		{
+	case RSA_PKCS1_PADDING:
+		i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
+		break;
+	case RSA_NO_PADDING:
+		i=RSA_padding_add_none(buf,num,from,flen);
+		break;
+	case RSA_SSLV23_PADDING:
+	default:
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+		}
+	if (i <= 0) goto err;
+
+	if (((f=BN_new()) == NULL) || ((ret=BN_new()) == NULL)) goto err;
+	if (BN_bin2bn(buf,num,f) == NULL) goto err;
+
+	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+		RSA_blinding_on(rsa,ctx);
+	if (rsa->flags & RSA_FLAG_BLINDING)
+		if (!BN_BLINDING_convert(f,rsa->blinding,ctx)) goto err;
+
+	if (	(rsa->p != NULL) &&
+		(rsa->q != NULL) &&
+		(rsa->dmp1 != NULL) &&
+		(rsa->dmq1 != NULL) &&
+		(rsa->iqmp != NULL))
+		{ if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; }
+	else
+		{
+		if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) goto err;
+		}
+
+	if (rsa->flags & RSA_FLAG_BLINDING)
+		if (!BN_BLINDING_invert(ret,rsa->blinding,ctx)) goto err;
+
+	/* put in leading 0 bytes if the number is less than the
+	 * length of the modulus */
+	j=BN_num_bytes(ret);
+	i=BN_bn2bin(ret,&(to[num-j]));
+	for (k=0; k<(num-i); k++)
+		to[k]=0;
+
+	r=num;
+err:
+	if (ctx != NULL) BN_CTX_free(ctx);
+	if (ret != NULL) BN_free(ret);
+	if (f != NULL) BN_free(f);
+	if (buf != NULL)
+		{
+		memset(buf,0,num);
+		Free(buf);
+		}
+	return(r);
+	}
+
+static int RSA_eay_private_decrypt(flen, from, to, rsa,padding)
+int flen;
+unsigned char *from;
+unsigned char *to;
+RSA *rsa;
+int padding;
+	{
+	BIGNUM *f=NULL,*ret=NULL;
+	int j,num=0,r= -1;
+	unsigned char *p;
+	unsigned char *buf=NULL;
+	BN_CTX *ctx=NULL;
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+
+	num=BN_num_bytes(rsa->n);
+
+	if ((buf=(unsigned char *)Malloc(num)) == NULL)
+		{
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	/* This check was for equallity but PGP does evil things
+	 * and chops off the top '0' bytes */
+	if (flen > num)
+		{
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
+		goto err;
+		}
+
+	/* make data into a big number */
+	if (((ret=BN_new()) == NULL) || ((f=BN_new()) == NULL)) goto err;
+	if (BN_bin2bn(from,(int)flen,f) == NULL) goto err;
+
+	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+		RSA_blinding_on(rsa,ctx);
+	if (rsa->flags & RSA_FLAG_BLINDING)
+		if (!BN_BLINDING_convert(f,rsa->blinding,ctx)) goto err;
+
+	/* do the decrypt */
+	if (	(rsa->p != NULL) &&
+		(rsa->q != NULL) &&
+		(rsa->dmp1 != NULL) &&
+		(rsa->dmq1 != NULL) &&
+		(rsa->iqmp != NULL))
+		{ if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; }
+	else
+		{
+		if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx))
+			goto err;
+		}
+
+	if (rsa->flags & RSA_FLAG_BLINDING)
+		if (!BN_BLINDING_invert(ret,rsa->blinding,ctx)) goto err;
+
+	p=buf;
+	j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */
+
+	switch (padding)
+		{
+	case RSA_PKCS1_PADDING:
+		r=RSA_padding_check_PKCS1_type_2(to,num,buf,j);
+		break;
+	case RSA_SSLV23_PADDING:
+		r=RSA_padding_check_SSLv23(to,num,buf,j);
+		break;
+	case RSA_NO_PADDING:
+		r=RSA_padding_check_none(to,num,buf,j);
+		break;
+	default:
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+		}
+	if (r < 0)
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
+
+err:
+	if (ctx != NULL) BN_CTX_free(ctx);
+	if (f != NULL) BN_free(f);
+	if (ret != NULL) BN_free(ret);
+	if (buf != NULL)
+		{
+		memset(buf,0,num);
+		Free(buf);
+		}
+	return(r);
+	}
+
+static int RSA_eay_public_decrypt(flen, from, to, rsa, padding)
+int flen;
+unsigned char *from;
+unsigned char *to;
+RSA *rsa;
+int padding;
+	{
+	BIGNUM *f=NULL,*ret=NULL;
+	int i,num=0,r= -1;
+	unsigned char *p;
+	unsigned char *buf=NULL;
+	BN_CTX *ctx=NULL;
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+
+	num=BN_num_bytes(rsa->n);
+	buf=(unsigned char *)Malloc(num);
+	if (buf == NULL)
+		{
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	/* This check was for equallity but PGP does evil things
+	 * and chops off the top '0' bytes */
+	if (flen > num)
+		{
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
+		goto err;
+		}
+
+	/* make data into a big number */
+	if (((ret=BN_new()) == NULL) || ((f=BN_new()) == NULL)) goto err;
+
+	if (BN_bin2bn(from,flen,f) == NULL) goto err;
+	/* do the decrypt */
+	if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+		{
+		if ((rsa->method_mod_n=(char *)BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set((BN_MONT_CTX *)rsa->method_mod_n,
+				rsa->n,ctx)) goto err;
+		}
+
+	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
+		rsa->method_mod_n)) goto err;
+
+	p=buf;
+	i=BN_bn2bin(ret,p);
+
+	switch (padding)
+		{
+	case RSA_PKCS1_PADDING:
+		r=RSA_padding_check_PKCS1_type_1(to,num,buf,i);
+		break;
+	case RSA_NO_PADDING:
+		r=RSA_padding_check_none(to,num,buf,i);
+		break;
+	default:
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+		}
+	if (r < 0)
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
+
+err:
+	if (ctx != NULL) BN_CTX_free(ctx);
+	if (f != NULL) BN_free(f);
+	if (ret != NULL) BN_free(ret);
+	if (buf != NULL)
+		{
+		memset(buf,0,num);
+		Free(buf);
+		}
+	return(r);
+	}
+
+static int RSA_eay_mod_exp(r0, I, rsa)
+BIGNUM *r0;
+BIGNUM *I;
+RSA *rsa;
+	{
+	BIGNUM *r1=NULL,*m1=NULL;
+	int ret=0;
+	BN_CTX *ctx;
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	m1=BN_new();
+	r1=BN_new();
+	if ((m1 == NULL) || (r1 == NULL)) goto err;
+
+	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
+		{
+		if (rsa->method_mod_p == NULL)
+			{
+			if ((rsa->method_mod_p=(char *)
+				BN_MONT_CTX_new()) != NULL)
+				if (!BN_MONT_CTX_set((BN_MONT_CTX *)
+					rsa->method_mod_p,rsa->p,ctx))
+					goto err;
+			}
+		if (rsa->method_mod_q == NULL)
+			{
+			if ((rsa->method_mod_q=(char *)
+				BN_MONT_CTX_new()) != NULL)
+				if (!BN_MONT_CTX_set((BN_MONT_CTX *)
+					rsa->method_mod_q,rsa->q,ctx))
+					goto err;
+			}
+		}
+
+	if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
+	if (!rsa->meth->bn_mod_exp(m1,r1,rsa->dmq1,rsa->q,ctx,
+		rsa->method_mod_q)) goto err;
+
+	if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
+	if (!rsa->meth->bn_mod_exp(r0,r1,rsa->dmp1,rsa->p,ctx,
+		rsa->method_mod_p)) goto err;
+
+	if (!BN_add(r1,r0,rsa->p)) goto err;
+	if (!BN_sub(r0,r1,m1)) goto err;
+
+	if (!BN_mul(r1,r0,rsa->iqmp)) goto err;
+	if (!BN_mod(r0,r1,rsa->p,ctx)) goto err;
+	if (!BN_mul(r1,r0,rsa->q)) goto err;
+	if (!BN_add(r0,r1,m1)) goto err;
+
+	ret=1;
+err:
+	if (m1 != NULL) BN_free(m1);
+	if (r1 != NULL) BN_free(r1);
+	BN_CTX_free(ctx);
+	return(ret);
+	}
+
+static int RSA_eay_init(rsa)
+RSA *rsa;
+	{
+	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
+	return(1);
+	}
+
+static int RSA_eay_finish(rsa)
+RSA *rsa;
+	{
+	if (rsa->method_mod_n != NULL)
+		BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_n);
+	if (rsa->method_mod_p != NULL)
+		BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_p);
+	if (rsa->method_mod_q != NULL)
+		BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_q);
+	return(1);
+	}
+
+
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 04a5ba2..796b3af 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -60,6 +60,7 @@
 #include "rsa.h"
 
 /* BEGIN ERROR CODES */
+#ifndef NO_ERR
 static ERR_STRING_DATA RSA_str_functs[]=
 	{
 {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0),	"RSA_EAY_PRIVATE_DECRYPT"},
@@ -68,6 +69,14 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0),	"RSA_EAY_PUBLIC_ENCRYPT"},
 {ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0),	"RSA_generate_key"},
 {ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0),	"RSA_new_method"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0),	"RSA_padding_add_none"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0),	"RSA_padding_add_PKCS1_type_1"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0),	"RSA_padding_add_PKCS1_type_2"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0),	"RSA_padding_add_SSLv23"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0),	"RSA_padding_check_none"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0),	"RSA_padding_check_PKCS1_type_1"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0),	"RSA_padding_check_PKCS1_type_2"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0),	"RSA_padding_check_SSLv23"},
 {ERR_PACK(0,RSA_F_RSA_PRINT,0),	"RSA_print"},
 {ERR_PACK(0,RSA_F_RSA_PRINT_FP,0),	"RSA_print_fp"},
 {ERR_PACK(0,RSA_F_RSA_SIGN,0),	"RSA_sign"},
@@ -84,12 +93,16 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {RSA_R_BAD_FIXED_HEADER_DECRYPT          ,"bad fixed header decrypt"},
 {RSA_R_BAD_PAD_BYTE_COUNT                ,"bad pad byte count"},
 {RSA_R_BAD_SIGNATURE                     ,"bad signature"},
+{RSA_R_BAD_ZERO_BYTE                     ,"bad zero byte"},
 {RSA_R_BLOCK_TYPE_IS_NOT_01              ,"block type is not 01"},
 {RSA_R_BLOCK_TYPE_IS_NOT_02              ,"block type is not 02"},
 {RSA_R_DATA_GREATER_THAN_MOD_LEN         ,"data greater than mod len"},
+{RSA_R_DATA_TOO_LARGE                    ,"data too large"},
 {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
+{RSA_R_DATA_TOO_SMALL                    ,"data too small"},
 {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY        ,"digest too big for rsa key"},
 {RSA_R_NULL_BEFORE_BLOCK_MISSING         ,"null before block missing"},
+{RSA_R_PADDING_CHECK_FAILED              ,"padding check failed"},
 {RSA_R_SSLV3_ROLLBACK_ATTACK             ,"sslv3 rollback attack"},
 {RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
 {RSA_R_UNKNOWN_ALGORITHM_TYPE            ,"unknown algorithm type"},
@@ -98,14 +111,19 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {0,NULL},
 	};
 
+#endif
+
 void ERR_load_RSA_strings()
 	{
 	static int init=1;
 
-	if (init)
-		{
+	if (init);
+		{;
 		init=0;
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_RSA,RSA_str_functs);
 		ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons);
+#endif
+
 		}
 	}
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 0cab3a5..aed2351 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -1,5 +1,5 @@
 /* crypto/rsa/rsa_gen.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -62,10 +62,11 @@
 #include "bn.h"
 #include "rsa.h"
 
-RSA *RSA_generate_key(bits, e_value, callback)
+RSA *RSA_generate_key(bits, e_value, callback,cb_arg)
 int bits;
 unsigned long e_value;
-void (*callback)(P_I_I);
+void (*callback)(P_I_I_P);
+char *cb_arg;
 	{
 	RSA *rsa=NULL;
 	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
@@ -95,27 +96,27 @@ void (*callback)(P_I_I);
 	/* generate p and q */
 	for (;;)
 		{
-		rsa->p=BN_generate_prime(bitsp,0,NULL,NULL,callback);
+		rsa->p=BN_generate_prime(bitsp,0,NULL,NULL,callback,cb_arg);
 		if (rsa->p == NULL) goto err;
 		if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
 		if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
 		if (BN_is_one(r1)) break;
-		if (callback != NULL) callback(2,n++);
+		if (callback != NULL) callback(2,n++,cb_arg);
 		BN_free(rsa->p);
 		}
-	if (callback != NULL) callback(3,0);
+	if (callback != NULL) callback(3,0,cb_arg);
 	for (;;)
 		{
-		rsa->q=BN_generate_prime(bitsq,0,NULL,NULL,callback);
+		rsa->q=BN_generate_prime(bitsq,0,NULL,NULL,callback,cb_arg);
 		if (rsa->q == NULL) goto err;
 		if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
 		if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
 		if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0))
 			break;
-		if (callback != NULL) callback(2,n++);
+		if (callback != NULL) callback(2,n++,cb_arg);
 		BN_free(rsa->q);
 		}
-	if (callback != NULL) callback(3,1);
+	if (callback != NULL) callback(3,1,cb_arg);
 	if (BN_cmp(rsa->p,rsa->q) < 0)
 		{
 		tmp=rsa->p;
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index c49d0ee..95a56f8 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -1,5 +1,5 @@
 /* crypto/rsa/rsa_lib.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -57,13 +57,17 @@
  */
 
 #include <stdio.h>
+#include "crypto.h"
 #include "cryptlib.h"
+#include "lhash.h"
 #include "bn.h"
 #include "rsa.h"
 
-char *RSA_version="RSA part of SSLeay 0.8.1b 29-Jun-1998";
+char *RSA_version="RSA part of SSLeay 0.9.0b 29-Jun-1998";
 
 static RSA_METHOD *default_RSA_meth=NULL;
+static int rsa_meth_num=0;
+static STACK *rsa_meth=NULL;
 
 RSA *RSA_new()
 	{
@@ -112,12 +116,17 @@ RSA_METHOD *meth;
 	ret->dmq1=NULL;
 	ret->iqmp=NULL;
 	ret->references=1;
-	ret->app_data=NULL;
+	ret->method_mod_n=NULL;
+	ret->method_mod_p=NULL;
+	ret->method_mod_q=NULL;
+	ret->blinding=NULL;
+	ret->flags=ret->meth->flags;
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
 		Free(ret);
 		ret=NULL;
 		}
+	CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
 	return(ret);
 	}
 
@@ -129,6 +138,9 @@ RSA *r;
 	if (r == NULL) return;
 
 	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+	REF_PRINT("RSA",r);
+#endif
 	if (i > 0) return;
 #ifdef REF_CHECK
 	if (i < 0)
@@ -138,6 +150,8 @@ RSA *r;
 		}
 #endif
 
+	CRYPTO_free_ex_data(rsa_meth,(char *)r,&r->ex_data);
+
 	if (r->meth->finish != NULL)
 		r->meth->finish(r);
 
@@ -149,9 +163,37 @@ RSA *r;
 	if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
 	if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
 	if (r->iqmp != NULL) BN_clear_free(r->iqmp);
+	if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
 	Free(r);
 	}
 
+int RSA_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
+long argl;
+char *argp;
+int (*new_func)();
+int (*dup_func)();
+void (*free_func)();
+        {
+	rsa_meth_num++;
+	return(CRYPTO_get_ex_new_index(rsa_meth_num-1,
+		&rsa_meth,argl,argp,new_func,dup_func,free_func));
+        }
+
+int RSA_set_ex_data(r,idx,arg)
+RSA *r;
+int idx;
+char *arg;
+	{
+	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+	}
+
+char *RSA_get_ex_data(r,idx)
+RSA *r;
+int idx;
+	{
+	return(CRYPTO_get_ex_data(&r->ex_data,idx));
+	}
+
 int RSA_size(r)
 RSA *r;
 	{
@@ -198,3 +240,55 @@ int padding;
 	return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
 	}
 
+int RSA_flags(r)
+RSA *r;
+	{
+	return((r == NULL)?0:r->meth->flags);
+	}
+
+void RSA_blinding_off(rsa)
+RSA *rsa;
+	{
+	if (rsa->blinding != NULL)
+		{
+		BN_BLINDING_free(rsa->blinding);
+		rsa->blinding=NULL;
+		}
+	rsa->flags&= ~RSA_FLAG_BLINDING;
+	}
+
+int RSA_blinding_on(rsa,p_ctx)
+RSA *rsa;
+BN_CTX *p_ctx;
+	{
+	BIGNUM *A,*Ai;
+	BN_CTX *ctx;
+	int ret=0;
+
+	if (p_ctx == NULL)
+		{
+		if ((ctx=BN_CTX_new()) == NULL) goto err;
+		}
+	else
+		ctx=p_ctx;
+
+	if (rsa->blinding != NULL)
+		BN_BLINDING_free(rsa->blinding);
+
+	A=ctx->bn[0];
+	ctx->tos++;
+	if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
+	if ((Ai=BN_mod_inverse(A,rsa->n,ctx)) == NULL) goto err;
+
+	if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,
+		(char *)rsa->method_mod_n)) goto err;
+	rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
+	ctx->tos--;
+	rsa->flags|=RSA_FLAG_BLINDING;
+	BN_free(Ai);
+	ret=1;
+err:
+	if (ctx != p_ctx) BN_CTX_free(ctx);
+	return(ret);
+	}
+
diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c
new file mode 100644
index 0000000..f0dd943
--- /dev/null
+++ b/crypto/rsa/rsa_none.c
@@ -0,0 +1,109 @@
+/* crypto/rsa/rsa_none.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "rand.h"
+
+int RSA_padding_add_none(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+	{
+	if (flen >= tlen)
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+		return(0);
+		}
+	
+	*(to++)=0;
+	memcpy(to,from,(unsigned int)flen);
+	return(1);
+	}
+
+int RSA_padding_check_none(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+	{
+	int j;
+
+	from++;
+	if (flen+1 > tlen)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE);
+		return(-1);
+		}
+	if (*(from++) != 0)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_BAD_ZERO_BYTE);
+		return(-1);
+		}
+
+	/* scan over padding data */
+	j=flen-1; /* one for type and one for the prepended 0. */
+	memset(to,0,tlen-j);
+	to+=(tlen-j);
+	memcpy(to,from,j);
+	return(j);
+	}
+
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
new file mode 100644
index 0000000..2791291
--- /dev/null
+++ b/crypto/rsa/rsa_pk1.c
@@ -0,0 +1,233 @@
+/* crypto/rsa/rsa_pk1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "rand.h"
+
+#ifndef NOPROTO
+int RSA_padding_add_PKCS1_type_1();
+int RSA_padding_check_PKCS1_type_1();
+int RSA_padding_add_PKCS1_type_2();
+int RSA_padding_check_PKCS1_type_2();
+int RSA_padding_add_SSLv23();
+int RSA_padding_check_SSLv23();
+int RSA_padding_add_none();
+int RSA_padding_check_none();
+
+#endif
+
+int RSA_padding_add_PKCS1_type_1(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+	{
+	int j;
+	unsigned char *p;
+
+	if (flen > (tlen-11))
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+		return(0);
+		}
+	
+	p=(unsigned char *)to;
+
+	*(p++)=0;
+	*(p++)=1; /* Private Key BT (Block Type) */
+
+	/* padd out with 0xff data */
+	j=tlen-3-flen;
+	memset(p,0xff,j);
+	p+=j;
+	*(p++)='\0';
+	memcpy(p,from,(unsigned int)flen);
+	return(1);
+	}
+
+int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+	{
+	int i,j;
+	unsigned char *p;
+
+	p=from;
+	if (*(p++) != 01)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
+		return(-1);
+		}
+
+	/* scan over padding data */
+	j=flen-1; /* one for type. */
+	for (i=0; i<j; i++)
+		{
+		if (*p != 0xff) /* should decrypt to 0xff */
+			{
+			if (*p == 0)
+				{ p++; break; }
+			else	{
+				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_FIXED_HEADER_DECRYPT);
+				return(-1);
+				}
+			}
+		p++;
+		}
+
+	if (i == j)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_NULL_BEFORE_BLOCK_MISSING);
+		return(-1);
+		}
+
+	if (i < 8)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_PAD_BYTE_COUNT);
+		return(-1);
+		}
+	i++; /* Skip over the '\0' */
+	j-=i;
+	memcpy(to,p,(unsigned int)j);
+
+	return(j);
+	}
+
+int RSA_padding_add_PKCS1_type_2(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+	{
+	int i,j;
+	unsigned char *p;
+	
+	if (flen > (tlen-11))
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+		return(0);
+		}
+	
+	p=(unsigned char *)to;
+
+	*(p++)=0;
+	*(p++)=2; /* Public Key BT (Block Type) */
+
+	/* pad out with non-zero random data */
+	j=tlen-3-flen;
+
+	RAND_bytes(p,j);
+	for (i=0; i<j; i++)
+		{
+		if (*p == '\0')
+			do	{
+				RAND_bytes(p,1);
+				} while (*p == '\0');
+		p++;
+		}
+
+	*(p++)='\0';
+
+	memcpy(p,from,(unsigned int)flen);
+	return(1);
+	}
+
+int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+	{
+	int i,j;
+	unsigned char *p;
+
+	p=from;
+	if (*(p++) != 02)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
+		return(-1);
+		}
+
+	/* scan over padding data */
+	j=flen-1; /* one for type. */
+	for (i=0; i<j; i++)
+		if (*(p++) == 0) break;
+
+	if (i == j)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING);
+		return(-1);
+		}
+
+	if (i < 8)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT);
+		return(-1);
+		}
+	i++; /* Skip over the '\0' */
+	j-=i;
+	memcpy(to,p,(unsigned int)j);
+
+	return(j);
+	}
+
diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
index 62c2112..fb0fae5 100644
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -1,5 +1,5 @@
 /* crypto/rsa/rsa_saos.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 7c815ed..28c5571 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -1,5 +1,5 @@
 /* crypto/rsa/rsa_sign.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -170,7 +170,7 @@ RSA *rsa;
 			(sigtype == NID_md2WithRSAEncryption)))
 			{
 			/* ok, we will let it through */
-#ifndef WIN16
+#if !defined(NO_STDIO) && !defined(WIN16)
 			fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
 #endif
 			}
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
new file mode 100644
index 0000000..9bcd4b2
--- /dev/null
+++ b/crypto/rsa/rsa_ssl.c
@@ -0,0 +1,153 @@
+/* crypto/rsa/rsa_ssl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "rand.h"
+
+int RSA_padding_add_SSLv23(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+	{
+	int i,j;
+	unsigned char *p;
+	
+	if (flen > (tlen-11))
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+		return(0);
+		}
+	
+	p=(unsigned char *)to;
+
+	*(p++)=0;
+	*(p++)=2; /* Public Key BT (Block Type) */
+
+	/* pad out with non-zero random data */
+	j=tlen-3-8-flen;
+
+	RAND_bytes(p,j);
+	for (i=0; i<j; i++)
+		{
+		if (*p == '\0')
+			do	{
+				RAND_bytes(p,1);
+				} while (*p == '\0');
+		p++;
+		}
+
+	memset(p,3,8);
+	p+=8;
+	*(p++)='\0';
+
+	memcpy(p,from,(unsigned int)flen);
+	return(1);
+	}
+
+int RSA_padding_check_SSLv23(to,tlen,from,flen)
+unsigned char *to;
+int tlen;
+unsigned char *from;
+int flen;
+	{
+	int i,j,k;
+	unsigned char *p;
+
+	p=from;
+	if (flen < 10)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL);
+		return(-1);
+		}
+	if (*(p++) != 02)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02);
+		return(-1);
+		}
+
+	/* scan over padding data */
+	j=flen-1; /* one for type */
+	for (i=0; i<j; i++)
+		if (*(p++) == 0) break;
+
+	if ((i == j) || (i < 8))
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);
+		return(-1);
+		}
+	for (k= -8; k<0; k++)
+		{
+		if (p[k] !=  0x03) break;
+		}
+	if (k == 0)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
+		return(-1);
+		}
+
+	i++; /* Skip over the '\0' */
+	j-=i;
+	memcpy(to,p,(unsigned int)j);
+
+	return(j);
+	}
+